{ "Event": { "published": true, "date": "2023-07-24", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-07-24", "timestamp": 1690243381, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "2f8e617a-4593-42b9-bf84-28ca4c122011", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f805b1f1-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1690191132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191132, "uuid": "2818c4ea-38b5-4fc3-b0bd-c79af1344d37", "comment": "Malware payload (StrelaStealer)", "value": "ca41966552933961d2a16edb49568f44", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191132, "uuid": "42ee4772-76d8-4895-b899-a8ea2b77c231", "comment": "Malware payload (StrelaStealer)", "value": "006113048affb077622e4d6e836c07ac0ac71ddfa3bb62052710986ad2c692c6", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191132, "uuid": "63e784fc-ca43-457d-825b-be5a5f509618", "comment": "Malware payload (StrelaStealer)", "value": "ff49697704a52c526d3b556a1bf692c43a9e4777", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191132, "uuid": "e0bca27c-63de-4fa5-8a10-f9eb093b7eba", "comment": "Malware payload (StrelaStealer)", "value": "2c1f46a3a542bf46247b39570b24a816a7ed2dca07fbff9af53118a3c0b1ec5c8c8c2c4d8ff7d2a9de01f9bcd22f2ece", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191132, "uuid": "49748c57-4498-4574-8b13-916c1d1506b0", "value": "T1AD36B8BE74A76549BE625C306FECB770CB97147ECA5BDAF045A2E0306925093FC82817", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191132, "uuid": "dede70ca-b4f3-4df9-8bc1-2e5903b50cd1", "value": "fcfbe5457e76d2ac347d7db113c0ca3b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191132, "uuid": "7ae725f5-c57e-4a4c-93db-83eeebeba0ce", "value": "24576:Ajy1+YrUkMtLa1yiDmlylfNEQYKKvtZ1dwKiJ2/48h3sdoh9TL:F0Cl1IZ1qZohzT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191132, "uuid": "204cb59f-0ac4-4563-901f-1ac81bdea5e2", "value": 5316843, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191132, "uuid": "ca559e56-e2a9-4207-b0da-92c9276317d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191132, "uuid": "fcd88005-b4b7-447e-9b53-c21062b43d13", "value": "awfsdppzipmslchkbnkvzevmlshisvxwpafpzjghebbvrdquen.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89b54d6f-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690188799, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188799, "uuid": "a5d293f8-a88e-4746-bf5a-1f0de34eb7bb", "comment": "Malware payload (Formbook)", "value": "3aa2633dd845952657ea79553fe2673a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188799, "uuid": "b2878b82-35dc-4af5-b8be-2777c30640ad", "comment": "Malware payload (Formbook)", "value": "0133bcdef5dd1550d677731bbd57a0c76bee19526cd4a5de22a3c83c506ee6ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188799, "uuid": "c94821c8-a857-496b-854f-6eb70548b007", "comment": "Malware payload (Formbook)", "value": "8b94b52bca486eb97290f8010d8055d87e258cf2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188799, "uuid": "99d67eba-f5d8-4488-a654-4f6c2216c5c5", "comment": "Malware payload (Formbook)", "value": "3b282d048c8d8f4c554b5d60b642d180e83c5b9abe11e66b50b315be6ea9f7917fabdd0032dd7ec1570dee0e78a2e577", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188799, "uuid": "5a221b4f-ff3c-425b-8db7-e87fd351da62", "value": "T182547C0673E900B9E0BBE27889A25642F77BB816573197CF1390467A1FB37D08E75362", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188799, "uuid": "5f6c2e02-1dfb-4010-9742-1bc3a49ba043", "value": "9222d372923baed7aa9dfa28449a94ea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188799, "uuid": "8039e7c6-ec67-4beb-8643-c10622f68419", "value": "6144:BSncRlXcJeZm7mJCt94ZBxlS7r5Hx/cbffv:w4tcJelCt91/U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188799, "uuid": "545f2252-8cfe-4309-b80d-a224786b2e6f", "value": 281088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188799, "uuid": "15260fc0-ce62-4b33-957d-314507890653", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188799, "uuid": "e457c566-eefb-45cd-afd2-e22818ab2d78", "value": "Celestial.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1593359-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690179014, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179014, "uuid": "0f8fb080-18c5-41c5-ac1b-ced7880375dc", "comment": "Malware payload (RedLineStealer)", "value": "819d04631e10b61b212231ee093d9dc5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179014, "uuid": "85f06016-3050-4f49-a6ed-33b78457fa97", "comment": "Malware payload (RedLineStealer)", "value": "01fff06ce60d4c145adad197c4de54435d775e15cefb00ad0329842dafd241ef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179014, "uuid": "7dc48fad-e919-448d-a399-b89457f60ab0", "comment": "Malware payload (RedLineStealer)", "value": "7283e9ff263b5753095ee6834394b1357d06c8c2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179014, "uuid": "31aeb452-1249-4c95-9a41-b9ca175e9360", "comment": "Malware payload (RedLineStealer)", "value": "b35df92cd487236bea10a5d41b13a038c519ec48c61ba0801a7c52d16c89f2f03447bc52bf9d8598e39f175d48dbb8e2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179014, "uuid": "efc64a81-f2ed-4456-ad21-00c6fd29d13e", "value": "T19374E06272E0C033E66796315430D2611ABBBC325B7491CB73681B7E5EB03D1AFB9356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179014, "uuid": "ce4c703b-665a-4198-8772-50cd3910a6de", "value": "795d5374158688612616ccbdb5ba25ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179014, "uuid": "2a64273e-87a2-4e26-a285-618315186c1b", "value": "6144:ZwKz/vQXh3fy3goug9FOwXBX7PtVqWttOn/tpRQXzr8:SKzHyh3fyQZoRXjWG4fQX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690179014, "uuid": "64b77db8-0e6a-4b94-b52d-3a267cd3a6b3", "value": 356864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690179014, "uuid": "c04ef2e8-0fb6-43a5-9311-f2b58c724fb4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179014, "uuid": "ffc92807-38d9-4350-90c1-be78b1c4f87f", "value": "819d04631e10b61b212231ee093d9dc5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d69d7735-2a76-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690240039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240039, "uuid": "294b3634-cb9b-47fe-8d2d-8c9fe2041421", "comment": "Malware payload", "value": "c7f0e5ba0c30b3fd0f2c90f6d3ec1b4c", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240039, "uuid": "ad5714cf-7c2b-4194-871e-c0d827134309", "comment": "Malware payload", "value": "021a4451034f66126ebe9d4a4c21c1653876c014ddc2935ffc2567c24b99083d", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240039, "uuid": "30a791fe-4f9d-40a1-ac34-f7c4440c5486", "comment": "Malware payload", "value": "62561ab0763739454c462d5faea498836784df1a", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240039, "uuid": "b9e53fc2-79b0-478d-b549-df595ae03e0f", "comment": "Malware payload", "value": "b7c54f833a6881a304a50bd5343278b4df8edbed2be80667fa3688357f3d9c1fc99fcecfeb781bb63cb941c7286125d2", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240039, "uuid": "c7513e8a-e823-47f6-afb3-c813f0950334", "value": "T1634633484A9E1B49DD013E92B791FCDC1A26727040BCA37DBCF822B74987E33E45E659", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240039, "uuid": "624c98b4-934f-450f-a853-1750e8183c14", "value": "98304:+Epr8Y+ASs9thIX+Ae1F1cP6JhH3h7msYMg8C4bjF9kp3CcAozO:l98LKt+pe1vUS3h7+8C4bqyEC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690240039, "uuid": "3185c9d7-fdd5-4f59-ab9e-2532d2b39fe7", "value": 5687394, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690240039, "uuid": "cc5b62b2-2c0a-4797-84c6-e2af98b1e813", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240039, "uuid": "bea086bf-bb91-4dc5-829e-80435ed49439", "value": "Install Aigoogle.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1d67a01-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690188867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188867, "uuid": "636597fb-394b-4f2e-9f1d-27b7e82ef5b5", "comment": "Malware payload (XWorm)", "value": "d23dd42e2fb0e0926f9b116cc4e5efca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188867, "uuid": "a1229300-b280-49da-b851-d72d61507741", "comment": "Malware payload (XWorm)", "value": "02249a1154a152d50bffabfbb2084d49238fc3e6392dc535ea93734dee4cbbde", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188867, "uuid": "6f69903f-a2d3-4648-a39a-9578ba98e8e1", "comment": "Malware payload (XWorm)", "value": "e285e83c348bb929acf3336486fed5a36f8d53b6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188867, "uuid": "3ffa34bf-b07c-4eb4-9839-d39942adf061", "comment": "Malware payload (XWorm)", "value": "b596faace0c958db5a752bc2963c35ef2a96f7079e143689e49f0e0aa896196b0a2a6d2b388ebe480721ed9922856a3d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188867, "uuid": "1e2105e2-167a-434e-ab3f-d183c173cda6", "value": "T102E25B487BE48332D5EE5FF53DB2E1051275E5078A23DB9F1CD889AA7B636C246013E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188867, "uuid": "c19da65a-7ac0-4b2b-884a-19e05bfa0dfe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188867, "uuid": "0c8ae472-d8d1-4e28-9898-52acf7882a6c", "value": "384:B4sYMqC1y0O9/89I3/qjk8LlfwDs2ETIi9FR+gtFqBLTiZw/WNCvK9IkVuGxOjh2:GC95/l4eP9FZFr9R/OjhX/3vm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188867, "uuid": "99af9a38-848f-4a36-85ab-2fa5b41a5205", "value": 32256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188867, "uuid": "413e557b-2755-4ac0-9098-a8a74eef83e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188867, "uuid": "aab270ee-c4c1-4135-a22f-0c81e1578731", "value": "Testing.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fef3e679-2a3a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690214336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214336, "uuid": "3d16d533-e573-47f3-9ab7-415ba6807758", "comment": "Malware payload (RedLineStealer)", "value": "df53bb96de4749ce780bf8b939dc2cd5", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214336, "uuid": "55ee35e3-bada-483b-9458-b932bf281dee", "comment": "Malware payload (RedLineStealer)", "value": "0279688cc1957dc9ebc67463be23871fae9efb158042e8fce79f4cc0e4085785", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214336, "uuid": "469ef2af-ed9c-419b-939e-9583ac4dab65", "comment": "Malware payload (RedLineStealer)", "value": "2f9cd3b41186c12a8cf94c2d4458f706384da81f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214336, "uuid": "143ea85d-a02b-4498-8646-c8cd9d2341fb", "comment": "Malware payload (RedLineStealer)", "value": "aa8c68059e1e6b2f2424bd13491f6eeb7cb94347365952be574ae53cf2b0e300f1301a821078ca49e32f1e9d2650c841", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214336, "uuid": "ce9dd640-d191-4d78-8275-a14a7e86bb8f", "value": "T13B857C603980B131DDE69379C3EFBD24196DA0E01B2642C716C47FEBD5E06E16B32A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214336, "uuid": "5a54e64b-6d6b-4c9a-8650-1a42f9cb27e6", "value": "99618c39aafbf01419fbcd53cea0e110", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214336, "uuid": "a273ba60-8c1c-4f15-baf4-ba1174be7083", "value": "24576:5X9hpIwG5PMZ6JgQuUAc3j6pJ/iFpjFl:25PMZ6ttz6pJ/iFNFl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214336, "uuid": "0c4a1ce6-8a22-4190-8d4c-659929059d0f", "value": 1710080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214336, "uuid": "21d16940-5091-44da-b667-7f1c870fa1c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214336, "uuid": "19b805e5-e428-4bc1-be24-a2e1c605167b", "value": "df53bb96de4749ce780bf8b939dc2cd5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "908231af-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690217158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217158, "uuid": "1cb02e67-2bbe-492f-af84-73d9e7ac8cb3", "comment": "Malware payload (Amadey)", "value": "69ed5c6fadbb0493f1c1699e278a183e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217158, "uuid": "b2527517-19c1-4572-bc60-6e70159ca795", "comment": "Malware payload (Amadey)", "value": "02a2c2bd329bb254a97807b9a18a3d1d4e1d315919348995995d8eee36bc85e3", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217158, "uuid": "517a7706-b35a-416a-987c-f93a8dc8a128", "comment": "Malware payload (Amadey)", "value": "b3fc46db0b74d900ff60dbf80c1b861835e11140", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217158, "uuid": "b8c01ba3-400e-4b77-8ae7-d05edb62852f", "comment": "Malware payload (Amadey)", "value": "4d0b0662ef008ac9a78e50b756cb93a6ccd2c0d60fdfbf82d4fdbed537e1f00edc8b0e7d5cdad0b02267903fa3ffcdec", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217158, "uuid": "7e5e56ef-8fb0-4e55-8c55-4b4b8b722516", "value": "T1C12408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217158, "uuid": "50c2a2b3-113b-461a-a625-5f1a4d2eb6d3", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217158, "uuid": "d4ef567e-7e14-4497-bbf1-851076555d56", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217158, "uuid": "782484a0-945b-4a67-8fc5-8fe535ae1964", "value": 228940, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217158, "uuid": "78c2075d-e971-40f1-a108-0cd4a446b2d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217158, "uuid": "0b751e84-a26e-4001-8320-6c1aa57af791", "value": "69ed5c6fadbb0493f1c1699e278a183e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "994f85a6-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211159, "uuid": "17388929-2082-4968-8c1d-39f7fa7a99bb", "comment": "Malware payload (RedLineStealer)", "value": "6044b57b1afb7e6d1532b8b1fb06eda5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211159, "uuid": "7a91d784-960c-4ea8-b01d-2499d3d63d2a", "comment": "Malware payload (RedLineStealer)", "value": "046fb543a210e0d1df8997f8ef7d845f2ac0278cadc16b6d10b29ef3d0d9fbc6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211159, "uuid": "ade62ca5-54c6-4962-be52-2f2e8c7c0002", "comment": "Malware payload (RedLineStealer)", "value": "72ef07b60ad0a1890eb84ba14a1a1a032c45f6a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211159, "uuid": "0cc06b2e-7dd7-4ffb-8cd9-2d74c518bc32", "comment": "Malware payload (RedLineStealer)", "value": "1633bf3ce390f04415866dfb1a8e8b3b3aec75dd63e0e0d11e5b28408eb6ab5a540d7e7b0b3130499c2f46f3c8ed6776", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211159, "uuid": "764ca910-5340-4900-9c45-ca06d24c9e47", "value": "T1AFA46C4796B1FC55E9278B728E1EC3EC723EF2D08F49776662199E2B04B11B2D1A3710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211159, "uuid": "d76426bd-887c-4dc3-af42-1a6bb3d3b677", "value": "643dfe69bb37214a28d08dd70c9d2c6e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211159, "uuid": "8c5686d1-fbf6-4902-89c5-65def0e463e6", "value": "6144:ZFkHLA9vjcH28hRRvF6mfNNXlgf8Ei+xsE4N1PZU/7ZvLrS1ETC:TkHslcH28hRRt6mfNof82sE4jZU/hmO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211159, "uuid": "c8971bf2-f37a-4077-88dc-e781eb9144b8", "value": 471040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211159, "uuid": "8aaeb6fc-01cc-416e-8876-cd1bcba45ff3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211159, "uuid": "8ee2f40f-59dc-4a19-8dc2-1e0051902a4d", "value": "6044b57b1afb7e6d1532b8b1fb06eda5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b09eaf27-2a1c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690201320, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201320, "uuid": "6ed96172-e3f7-4d9a-9816-bae9035bfad7", "comment": "Malware payload (AgentTesla)", "value": "44a7b69ed7f1425e79d26fd1f4b67626", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201320, "uuid": "2c1e7edb-da4b-4e5b-ad1f-042f23803935", "comment": "Malware payload (AgentTesla)", "value": "05220984bed944b5743d4a9b640a42788d53ef523a8f9dc81c983b9da74eb6da", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201320, "uuid": "51d37280-a5cb-4ba8-922c-237a9d79fd72", "comment": "Malware payload (AgentTesla)", "value": "e270c434ee8ac4fb8543f63b35ecb7fdff5d9acb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201320, "uuid": "5374d875-568b-4dfb-8f02-0a2cdcaaa66d", "comment": "Malware payload (AgentTesla)", "value": "683e3fc3024b36b3e723624435e51d1538f5d6e95d756b16b12d0729740bd4f82530c97978b46ecebe755066319d86f0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201320, "uuid": "56a58c74-d3c6-4c1a-891a-b399c3906160", "value": "T1EDF4122A3BB9AB52E2B8BBF5A52061110371E6451837D38C4EF120DB1E63F946F51BD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201320, "uuid": "c56a5e2f-ece4-40e7-b9bb-ba11ec3f792f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201320, "uuid": "917f6d92-8ed6-4242-ba79-9f4751d752d1", "value": "12288:LjvJRBusyviY4P4g0v534DVmLNV7LYqdjvRMQU8x4ea11L:/FuTT4P4JWV6P/xdjvDUL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690201320, "uuid": "c58c35c0-dcf3-484c-8b07-02606e04190c", "value": 757760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690201320, "uuid": "dae085af-b66a-4e87-8e2c-33b42bd8ccae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201320, "uuid": "70f50d79-edd5-422c-980e-5523e05c89a5", "value": "SHIPPING DOCUMENT_77OA2910T0007A42_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4df9bf2-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690188013, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188013, "uuid": "acf05a98-9fb9-44ea-b3d9-3738d056076d", "comment": "Malware payload (GuLoader)", "value": "7afe37fe46d394438f6f96bccf65d401", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188013, "uuid": "94e2fb12-60b2-442b-9bfd-65fea77c8929", "comment": "Malware payload (GuLoader)", "value": "05776da01e8c57b2413792b19d3b58383381c329d76b408d009a47a84f232548", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188013, "uuid": "7c089212-fdf4-40f8-8f14-cda355efcdb7", "comment": "Malware payload (GuLoader)", "value": "6e71c2879780bf21d756f6cd19d573fb718585cc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188013, "uuid": "cdf805f0-53dd-441c-a75f-6036c1fb67c4", "comment": "Malware payload (GuLoader)", "value": "febfa7d7667ceb86c5297de6ab8ae9d4c6f9c84dc7fd5f094646646ee0ce5f0c2025ec049f1da2085a2a7bcc7576312e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188013, "uuid": "c07d5584-09f4-4925-bd36-d09ded62afa0", "value": "T143840251F642F62FC6900B350E26CAFA7FA19F02AC644F0B2295374F783DB91684FA55", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188013, "uuid": "d9c8b9dc-ac3f-49b3-ba21-2c81ed72aa22", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188013, "uuid": "da7b8151-157c-4dbc-86f9-907d5eef603d", "value": "6144:zMm4CC4af998/TmZCJ2ROQmoK/qlX+SRbYN4Pc5NURBJW2ugJp3hggzR4d2:zMwxaVdf0QOqY1xNWBJW2Tlg+RY2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188013, "uuid": "99de3088-f9fa-4927-b82a-e413a2f220a5", "value": 401730, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188013, "uuid": "cfeec97f-6d1c-4308-a8f2-d67491df606f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188013, "uuid": "144017ee-3299-48aa-82ec-d376f0a20b62", "value": "Overbygningsuddannelsens.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e58f6418-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690210858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210858, "uuid": "674c2580-f420-4795-aa0f-e8a9825e2fc4", "comment": "Malware payload (Amadey)", "value": "311bcc98621f1612a7a0bae8b412dd21", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210858, "uuid": "3002b14f-57ca-499c-a938-4b3ade40d8ae", "comment": "Malware payload (Amadey)", "value": "05b48b2909386e117184a0bdde8c6718992cf21d07674042c9d076292b260729", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210858, "uuid": "4ce06c0f-5d82-4fd0-9d96-34f4602aabb3", "comment": "Malware payload (Amadey)", "value": "e6208f01069780dfb69fc831895e3b97cd900842", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210858, "uuid": "ac1e83e4-d5b0-49dd-80fb-68f7a2f82f16", "comment": "Malware payload (Amadey)", "value": "4647b30ad0acf156d9f8d7df8e100eb46b1fe2facc830719ceb7410efd683281a203a24a68d68b1f6d0b3cc7060d9f63", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210858, "uuid": "6b712c39-4c3c-417a-8d4d-f8eba9eb61c6", "value": "T1C5B41242ABE84037E8B6277098F607D3173EBCB18974839B2759695D1CB2384B135B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210858, "uuid": "739cb7dc-cf9a-4bb6-a8a4-9d947e39c6e7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210858, "uuid": "dc277fa8-5c4d-47ba-9ef2-b0c2ad81926c", "value": "12288:LMrhy90ADACn1dQ4Hr1nEb3crjgrngFOW:Syf1dQ4Hreb3crsr0OW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210858, "uuid": "108c6788-e598-476a-a1b1-059a5b49f24e", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210858, "uuid": "ca6a6985-6d9c-4bcd-99f1-56c77b2bc457", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210858, "uuid": "0035541c-5c08-46f7-be53-943f4e78076f", "value": "311bcc98621f1612a7a0bae8b412dd21.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6c5392e-2a1a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690200471, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200471, "uuid": "7313552c-bc34-48e2-adb6-c89142d5fa6c", "comment": "Malware payload (XWorm)", "value": "4850a3faca58304bd1ed1e6f257770a9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200471, "uuid": "739b94bb-3395-4b18-9466-a96fe3588d70", "comment": "Malware payload (XWorm)", "value": "05cd3a132abf900939da0da8053eca52743a0fed69b535ebdd4bbc6a76017697", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200471, "uuid": "49d899b3-87c2-4d4b-9293-d6b32c332215", "comment": "Malware payload (XWorm)", "value": "8d344bf330c120b972f279b691d2852d3d89c7d9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200471, "uuid": "ccc841da-13c6-4e9c-b846-ea3627593c61", "comment": "Malware payload (XWorm)", "value": "62a7d4e565dc500ede698e156dfae1ead790c8772314f6b3e3384a4e6b46b3bd3dd388565f4b57bdb7d35de899814b76", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200471, "uuid": "1c37cdd7-adbf-4180-988e-1a9e3d144cc4", "value": "T19574CF6F618DC8CCDECB6A7AC860314DF2679A8ACF67117C03146C854FB9E7549A0BE1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200471, "uuid": "e1c852b0-90a6-4c7a-991f-0c4c7d8d6d2e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200471, "uuid": "17e8fb0c-2912-4027-a647-ee69358715ab", "value": "1536:QbHWtAA1ChZAbExTJbNmJmuEIW0hUv8TPahU4fjfFJRlf3QT/ljmV1t6gVmN7:QbCAA1CwExTJbMkf50hsvDFcXz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690200471, "uuid": "ede6f80c-c6ef-42a5-8cd8-0da86c8cae52", "value": 337920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690200471, "uuid": "bc83cf99-445d-40af-8354-425904a2be47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200471, "uuid": "df05291f-217f-44af-9f86-aa84d0eb0ffa", "value": "Receipt.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6af7d60c-2a2d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690208505, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208505, "uuid": "bdb9abd8-db3f-4889-ac08-1d41857ca583", "comment": "Malware payload", "value": "94471e1226a414e8f8bcb95f72d9b3ab", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208505, "uuid": "27d9df5d-0b8d-4965-ba65-ef564ef17fd1", "comment": "Malware payload", "value": "062c0d715dc05181d021b130f7b31ced24577a4eba8c39a8d8cf9f89ce132f64", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208505, "uuid": "4fbcce48-72b4-49c2-87d8-9030c12ed498", "comment": "Malware payload", "value": "fd8d87611fa2d1b0f6e56fae15b24ce02d9d7fe2", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208505, "uuid": "33abe6c4-2d26-486c-b9ff-f6cc22ee84dc", "comment": "Malware payload", "value": "917711d9e5d6715d668769a5a42ee35137662d8c54509712c0663b81d21ce4fb36d68f05c0f903bc75407148086e6194", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208505, "uuid": "370f7321-0281-4418-b58d-b0277d859cab", "value": "T174D633ED96E27850F80D4C3CC8EA78123F7BD2C67792E15A936AD1A37D571206D8E4E0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208505, "uuid": "d54cf381-5caa-4136-9a3a-6cdf7de086d3", "value": "393216:Zgh9VoyDbmDAUXPUoxF5eu/AtCX62OLMLaAZhbqP8:MoCbmDAoPUmJiMuqhbqP8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208505, "uuid": "c36104c2-26a6-4fb0-b143-678235c08317", "value": 13172502, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208505, "uuid": "e3e3a75e-f899-4287-be41-c8a292b97fd3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208505, "uuid": "f53713b2-cb86-4976-8cd2-d34f36bbdd08", "value": "GG_AI_Setup.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67a02897-2a31-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1690210217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210217, "uuid": "d92ac5b6-6758-46fe-b8f6-eb8fe6e15126", "comment": "Malware payload (NetSupport)", "value": "2aa4741c22f4f7e9f7fb2318e974649c", "object_relation": "md5", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210217, "uuid": "4e06cba7-3a8d-4e04-9ba4-56eb1869c247", "comment": "Malware payload (NetSupport)", "value": "069ac184f80baa3ced862d6704254d57990699bda965a9bcc2a89b2d8b61c123", "object_relation": "sha256", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210217, "uuid": "f5cb1bfb-cb35-40a9-8bce-3fe7ea61a157", "comment": "Malware payload (NetSupport)", "value": "f65ab7270f297c572a30650c6941dea145cd83f1", "object_relation": "sha1", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210217, "uuid": "9b446f7c-81cf-4187-8be5-9aaa2803c1d7", "comment": "Malware payload (NetSupport)", "value": "f8b05ee20dae25b237f443ee2a389836d66db39af073b294ab977078d723eae381d08a18a0115e67a8a627743deb9d18", "object_relation": "sha3-384", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210217, "uuid": "a26f17c5-1aec-43b2-af4d-8ce11e37297e", "value": "T12745DB38397A7C2443DBDA1334F14B961CE9564FD1703A3B199AD8239A346C265B22FF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210217, "uuid": "946df92a-1353-4666-a298-ee3c910703be", "value": "3072:XMyG1hNUveUzpkVDbffRhyTcVWRda4Ynq/gQ:XMJvzU6xffrMckdabq/gQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210217, "uuid": "3f89af35-4287-429d-a3f6-4bc79e9d2654", "value": 1262682, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210217, "uuid": "8d4f6f5c-dcb0-4e8d-8bbe-dab535829a89", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210217, "uuid": "a664158e-d6c6-4b8f-8beb-a3ab128c9d3a", "value": "HHYGASDBBBX.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f037c04e-29fa-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1690186824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690186824, "uuid": "d77cbf26-4619-4f5f-ac02-9052957986fa", "comment": "Malware payload (AveMariaRAT)", "value": "670b0dc4af2afae583aa8a961a53b539", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690186824, "uuid": "03fd68c2-a92a-4aaf-8a6a-333db1af708f", "comment": "Malware payload (AveMariaRAT)", "value": "069af598ef0f129b4efbb3e86a4f86bcf23d9caac7d85155893302304c62f32b", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690186824, "uuid": "c5c299c3-6831-4359-8043-b2e47bfaac71", "comment": "Malware payload (AveMariaRAT)", "value": "433f50d315a0a3bad78b59df0523a9add090a7c1", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690186824, "uuid": "36ead34e-1887-4e1c-b315-d4caa2fdcc55", "comment": "Malware payload (AveMariaRAT)", "value": "c472a25a2770af591d84cef8707242ea3d912258e0e7edae3df1cb05832d9c3d0e0f7dfbb77b1e10c8a427cf13410327", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690186824, "uuid": "946a265f-f280-40ac-bce1-b672fd5a55a3", "value": "T1D5F412693BB5AB12E2B8BBF495A05420037265992833D74C4EF530DA1D61FC46FA2FD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690186824, "uuid": "a6ebe4b2-a755-4ffc-b1f6-d773d691a1a9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690186824, "uuid": "4f40cc74-f480-47df-98e7-bff835fbfe3f", "value": "12288:CsvJRBusyAeJ+QXYMl78jNRorDYUP3shXQ8X8UtDjqT/t/UG:7Fu0yGMlIZqrx8O8XDtDjqT/tc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690186824, "uuid": "c6d02a0e-de59-467c-81c9-f0341a6adaed", "value": 738816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690186824, "uuid": "5e91b999-8a7e-445a-a49f-455087fe5c71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690186824, "uuid": "8d369533-eea8-4ee0-9ecc-2da78aaf8c7f", "value": "INV1001372883.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44d5de0d-2a57-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690226480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690226480, "uuid": "7b3048a8-31a7-426f-ad35-56b7b7b023a1", "comment": "Malware payload (GuLoader)", "value": "257297a671a67c3153fd9fe32ee5406e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690226480, "uuid": "7379cb8f-7b3a-4e98-b38f-ed5f02e976f0", "comment": "Malware payload (GuLoader)", "value": "0725b0e4da8887a3285b0af626673e8d406c5badb9a1b8024563540dddd16ed4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690226480, "uuid": "66959bd5-0a77-4445-ba7f-ceb1e331468d", "comment": "Malware payload (GuLoader)", "value": "ff95223434a62fa753334f32e10ac29f8269301c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690226480, "uuid": "bc6a42ba-e513-4011-8308-074a5dbcd72a", "comment": "Malware payload (GuLoader)", "value": "204d0933533cd391d0a0e9a45343431f0f69bae5b1e453ee06a16c902bd444065bcd5c21e6740204faffb12f88f14a31", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690226480, "uuid": "cee702fb-d976-47e3-918d-5745708d097e", "value": "T1D51412573790C4F3C46942324A362B726BFDEB590454A3036B91AE5B7A03D93833F6A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690226480, "uuid": "8d3989dd-a0bd-4c39-99ad-8e0f8dfd1d67", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690226480, "uuid": "71dbc218-c80f-49d1-9691-4ae1677d6251", "value": "3072:nwDijpS4DbYcr8bjZ6i3P43Ihy8JaZiVBvvA1J0vbGBE77U/IJ3yY7DxemkY8:nFPed6i3P4SyuzlGBsb3y0DxeT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690226480, "uuid": "c749ab62-a6d2-42aa-b932-e09b4b15921a", "value": 202821, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690226480, "uuid": "d85fce54-ecb4-4c29-b68e-ab0c8dff227a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690226480, "uuid": "1f96c7ef-c9ac-4a5d-8fdb-1909ab630384", "value": "RFQ4100147.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9de1454b-29c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690165640, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165640, "uuid": "a42156cf-7d83-4bdb-b302-3cb8567c337d", "comment": "Malware payload (RedLineStealer)", "value": "8fa8bfb9b75a7c33d9d8cc65a7172a7c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165640, "uuid": "6dbd59f4-655f-4cb9-bbcc-55c711582e43", "comment": "Malware payload (RedLineStealer)", "value": "07ad5d7c0500cbdeb837ad3e40946a6bcfca31f2e68ef316106513f40e8b55cd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165640, "uuid": "bf022ca0-eaf2-4dff-8736-e9a9d4b258c0", "comment": "Malware payload (RedLineStealer)", "value": "0766beb4e4dec3196f95e10044e792862ca83c3b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165640, "uuid": "4fbe6930-4ad8-4898-898a-8fc8ce1a1667", "comment": "Malware payload (RedLineStealer)", "value": "f2a837fbf5e76f7c388e771facb22226ad7cb5f18f65985e7dffdef57195491984d5069120da438fdecfbb2d63192d3d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165640, "uuid": "05ee4bc1-3270-4d14-bbac-58a06c2c5ae8", "value": "T1BC74E02236E1C072D4A746304934D2A61E7FBC626B7585CF37A82B3EAF712C09E75356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165640, "uuid": "73bde266-30da-443a-b374-b695b8e06c1a", "value": "795d5374158688612616ccbdb5ba25ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165640, "uuid": "692e563e-ad41-4453-b034-2065c5bf679c", "value": "6144:96Hvnlv6gvTGZEcf0WZbns5RTMxZKbZOivUK894s/P:knZ6OTGZvNZbns5R+sgaU/9r/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690165640, "uuid": "f4d2300b-ddc8-4a0b-b199-50c2d2c3adc2", "value": 356864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690165640, "uuid": "37663ddb-7696-4482-ac84-4574d3f52fab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165640, "uuid": "0aa3dd4e-3ecc-4e4c-a790-fd583fbea2aa", "value": "SecuriteInfo.com.Win32.CrypterX-gen.22852.32393", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f255d5b3-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1690178667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178667, "uuid": "ef827354-ee85-4f76-872a-e79a2fe6a29b", "comment": "Malware payload (DarkCloud)", "value": "cb042c7e4846ae4285bbd1d700bd2c11", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178667, "uuid": "0a8cb7d1-e555-4a27-941f-e9dc29e7de28", "comment": "Malware payload (DarkCloud)", "value": "0802c13f11828457c8cd914c34d00517fc2ddccfb9060f34d90d01c01db4e47e", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178667, "uuid": "89cf7567-286f-46fe-8146-7d4e6f34a2e7", "comment": "Malware payload (DarkCloud)", "value": "6059f7265731d3d797397804889beb5bfb7a48ff", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178667, "uuid": "6705d174-efb4-4487-9f86-c27338521ce8", "comment": "Malware payload (DarkCloud)", "value": "5a398b8a1839a749b884f40ed4cdc406f34e32a9814cc1bf87b6857f851d68f105464323531d35fb0a9050b15188d23c", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178667, "uuid": "9f51319f-fd0d-4fa1-b4f6-2746ccd723cc", "value": "T1BA2522A43BAD5E53D26CBDB809A591014BB532592863D3DCCCF634C85EA4BD0BF212E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178667, "uuid": "300a01bf-1dfb-40b0-a00a-0fa9b3bddab9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178667, "uuid": "6328052a-2f61-4bd8-bb6a-8a2608a9cdd1", "value": "24576:HFuHpEdNi+i4VsKrezc/e7VeySOQOGmM9M:H2CdNiHMVH/eBDy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178667, "uuid": "96145cd1-4832-407c-8f02-78af6076460d", "value": 1029120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178667, "uuid": "ba000837-1655-4b0c-906e-2b28e9fdd7e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178667, "uuid": "8bdd9b30-04d4-4f58-ac6a-6e90565ff37e", "value": "DHL invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3805cbc9-2a03-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690190380, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190380, "uuid": "b3f168c5-d294-4046-aeab-6413d0118770", "comment": "Malware payload (RemcosRAT)", "value": "31f2ddb222ce3eeb11ef580ed1cbf8f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190380, "uuid": "378a430e-e06a-4029-8c6f-3fc0321542e8", "comment": "Malware payload (RemcosRAT)", "value": "0971a341d1f5c7c928463ee19acb6b226c9dda7c1682b8bee42f4394921e67f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190380, "uuid": "1fec6640-77b6-43c1-8290-469ea07130bf", "comment": "Malware payload (RemcosRAT)", "value": "e1bcacd23844b5e8635e88971c3c61e6cedf0f2d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190380, "uuid": "5165ea54-5460-4917-9a2e-1b694278c18c", "comment": "Malware payload (RemcosRAT)", "value": "d99806bf947d6cc42494df00f6fb05b2f800b3f1743edacaa0c2f2d60a724f9651ff66bc080cef918e6d1dd73e9609bd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190380, "uuid": "7499f947-fe08-4d39-a05d-3aae13e3b32c", "value": "T1723412986B2AD859D194C6FC8524D9F222D95C3E0D2765CE1BDCFE2FFD27200ED910A1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190380, "uuid": "e7e7d352-6b5a-4e2b-9a0e-675f304cd34f", "value": "bc4f8e98d1041d53dd63bfb91ed10d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190380, "uuid": "26e8ea6f-4034-479c-84b1-1ecde86fe2ee", "value": "6144:0vGSN9gWuLpcBKnVBYAsmrzpyDfOXXVxB:0vbGWulcBKV3uOX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690190380, "uuid": "9432af0a-c27a-4306-af79-4f4bafe43237", "value": 238080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690190380, "uuid": "87ef4348-3be2-48f5-b679-96deedd175fe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190380, "uuid": "5c65053e-160e-4eaa-b717-7455653224ea", "value": "xqGqlVXkyPJD.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "977e792b-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217169, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217169, "uuid": "e9e4332c-3c37-488d-85d6-d5d0b9f5f1f8", "comment": "Malware payload (RedLineStealer)", "value": "2b277cdb588cc9fb0f2256f45147e890", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217169, "uuid": "181cbcba-d021-4a99-95c9-b84a827359ca", "comment": "Malware payload (RedLineStealer)", "value": "0a70b4612b5a8fdde3e7cb75dcc0caca23c46bd980d396bb52f7efc9d122c8f6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217169, "uuid": "ae721567-2a9e-4808-874b-df9ff429b1fb", "comment": "Malware payload (RedLineStealer)", "value": "ce9bba3d9d6d9ebeaab7419a9fd6706e2368725e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217169, "uuid": "e6f9c6f1-178b-4a63-99d5-6796c66fc41f", "comment": "Malware payload (RedLineStealer)", "value": "91d1849d3116f816de57b469dcb712d38cdeca22ee52b69b4eee223a79b80f0c64aa01fdd70bc13504dce5bf6b29e9fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217169, "uuid": "d21f9bdc-35a8-4dc9-aaab-a02e808f5435", "value": "T193840252E7D98433D9B65BB05DFB02C30B3A7CA59DB4433B2749985E0CB2684987273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217169, "uuid": "2af16fbe-be6f-4cd5-a1fd-fc24dc8fb5a7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217169, "uuid": "52b3d0b2-720e-4e64-88bd-9298a52cc5af", "value": "12288:FMrYy90N5WijQtbLnsq7zKtM6zMJB4RyAJ:FyC5VwHsq7zCe34RyAJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217169, "uuid": "812614b7-f81a-4725-8fdc-7dddaf14fe1c", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217169, "uuid": "d70202b7-1448-49aa-a743-f6a741eb3bdc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217169, "uuid": "6a5d1830-59aa-4bcf-bad7-0f8a9f885ad1", "value": "0a70b4612b5a8fdde3e7cb75dcc0caca23c46bd980d39.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5dd3e4f-2a37-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690212979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212979, "uuid": "92ad5975-c420-4ee7-9419-9ce62caf8a59", "comment": "Malware payload", "value": "58a270921831af00df225f887bfb2f89", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212979, "uuid": "8a94ed51-2b25-48b6-b354-0690e4afce8f", "comment": "Malware payload", "value": "0b5fee2fdcc82f062b412a22a3fc3e5e52257da160cc83de0b569b41da5513f7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212979, "uuid": "5462c3dc-d07f-47ac-8da0-78a11b558521", "comment": "Malware payload", "value": "01d1e96706ce8d56cb0af2202398f2f5463e6986", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212979, "uuid": "edcec19f-da54-40f4-9f1d-4ecd5478e671", "comment": "Malware payload", "value": "968f53cbe8706b8f0d44b6af8dff540fd529b9e140bcc080df9013d07987e6eba949e48e11756cd94e9682eb807b3d39", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212979, "uuid": "2055bdcc-fc12-48c9-9b30-a124bb635ae8", "value": "T17F661216B9608C74D593D0331015D6A39205D68EBA18DBCF23B11D0AFEF59EB8B12BED", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212979, "uuid": "2649be54-afff-422c-b4bd-b9f542746305", "value": "c6e51dda1622035b42b177c9afe67c30", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212979, "uuid": "ff70c469-679a-49bd-aec5-8b7cc916d605", "value": "196608:e1DNr558bhV8dkwDsb6M31fyU3Gt2UlWt9G5SkKuB/ab:e1DNFabhV8d9+d1fj3k2woJuQb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212979, "uuid": "a2f98db4-d376-4d5f-936f-8be71c653d43", "value": 7047111, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212979, "uuid": "29e54a6d-84cf-47b2-aa55-8870dd6bb779", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212979, "uuid": "f3894db7-512d-43d7-a3d6-dcc802c53636", "value": "58a270921831af00df225f887bfb2f89.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdd364c9-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203060, "uuid": "d2eb52e2-0d77-4d03-a063-18fcf0b092ae", "comment": "Malware payload (Mirai)", "value": "a64dea05573cb0ecaca669c6f0b3fa89", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203060, "uuid": "3b3a0b36-1ae3-47b7-84f4-04880cf26b5f", "comment": "Malware payload (Mirai)", "value": "0b9aff1721c3761b75065a3e701be7b45b9300c5ef73ee2077f0bcab4d1a7cec", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203060, "uuid": "76e9c664-5db5-4f9a-be74-0d63b4cb8084", "comment": "Malware payload (Mirai)", "value": "18bb868561400b1950eb36f567da9ff5a3618ba4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203060, "uuid": "ae1c1492-96d7-4918-9957-b230509b9018", "comment": "Malware payload (Mirai)", "value": "6d5790b657a309fb4143d7a9c4056370efec6b941ce161394802c5a21d56c4e95863938543e00eea0d787bffcaefb553", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203060, "uuid": "08f14426-57c8-4f21-a7c5-5ba83bb12b19", "value": "T1AE230271840A9DB565703C73EBD59393B5F12AB1C6673023DA2C0A3C2FB96131E5BE4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203060, "uuid": "10689c02-6087-4e8a-8531-bf656993d173", "value": "768:D/TYCoIxdEk+AxoTZAZHFeq8b3g9q3UELbUXfi6nVMQHI4vcGpvI:DECFd+A6YHAxpLRQZI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203060, "uuid": "f34f2487-de72-4931-a86d-1e811a8b89c6", "value": 46624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203060, "uuid": "b586dbab-5203-49ea-87a9-3b94cc6c3183", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203060, "uuid": "1da86acd-d200-43a5-a111-8bbabb1b3dcd", "value": "a64dea05573cb0ecaca669c6f0b3fa89", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e93a1c4b-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690210864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210864, "uuid": "b2c43ae4-a48c-4004-9a42-29300f3a6e13", "comment": "Malware payload (Amadey)", "value": "48b79bec4613af57497b9578a1d64be7", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210864, "uuid": "9716d250-3e3d-40e9-9a21-9740beeab500", "comment": "Malware payload (Amadey)", "value": "0d75276dc7d17e60cd623a2cfe0f3b1ea42d0d45b09f68d34af5113d6446d086", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210864, "uuid": "bcedcd7d-b9f2-4275-8fd8-fcce847f4236", "comment": "Malware payload (Amadey)", "value": "f696ce655f5f3b1c356086418780b32e6c6445c1", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210864, "uuid": "811ffdb9-3b77-4053-a539-fe6c5f882f34", "comment": "Malware payload (Amadey)", "value": "b689d587d60a70c6de909f44f3322bcad6147a6a78a582a18637e1f016f7c155836f16351bbfa25aa0c7a0e7fb2c6a82", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210864, "uuid": "a3971e20-a47d-4916-9661-2ec49bda7884", "value": "T13D840253E3E55132D57667B058FB43D30F36BDA18E7483A62252681A2DF32D0A87273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210864, "uuid": "00dcf6ce-9072-4b83-8578-66c6882bff1a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210864, "uuid": "5c029f83-1610-4484-8b60-da14b42b5b89", "value": "6144:KSy+bnr+2p0yN90QEozgkYLDWZcAnTtAcRjWPpFmhpZ3oddui:eMray90dLeflyp03odT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210864, "uuid": "6e351086-03a2-47d9-b619-f7d8dc19a76e", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210864, "uuid": "867447be-af69-44a5-8f46-26664c36b782", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210864, "uuid": "ea6b6049-e3c4-4018-9c38-f7fc3b51f73f", "value": "48b79bec4613af57497b9578a1d64be7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd160087-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690210844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210844, "uuid": "01b635e6-2be8-4d0c-9802-4c74e3db6633", "comment": "Malware payload (RedLineStealer)", "value": "0b8c5676ab6c54ab01d4ab57259a4cd5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210844, "uuid": "b62999d9-8550-45ad-8ddf-ac69dc40ee75", "comment": "Malware payload (RedLineStealer)", "value": "0d79c696f653eea63e6d16be935fb90d8057e1cae1cadbbbc48bf48f59f61113", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210844, "uuid": "a918d421-dd32-4b58-bc6a-7227cf000379", "comment": "Malware payload (RedLineStealer)", "value": "e1c4412b62f12532e36554addab43e4955e4e5f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210844, "uuid": "31182d41-b6f9-4aa0-b10f-a28b8cf041d3", "comment": "Malware payload (RedLineStealer)", "value": "cc7b84c0ca696251bafc292bf3fac4ff37bec61e57484442314fc9b7f77210907cf47bc177a22767c1fa621b0e12cfb8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210844, "uuid": "4802137e-27ff-4fc5-94c0-9bdcd0e5aa0a", "value": "T13A840117A7E94076D8B627B05CF612930B367CA18D74832F3746A91A1CB36D5E83173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210844, "uuid": "0d82ddb2-d7da-410d-b4fa-fdc60baf0a66", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210844, "uuid": "63910f76-8b4f-4758-bb85-3dee096077b4", "value": "6144:Kvy+bnr+gp0yN90QEjmIYIpTlHY6rdCazP7YxYMn31S16gBZ+t4nD1yrzAV/sN:9Mrcy901mtI/wa/YzU6gBYCnCL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210844, "uuid": "aca47b48-dc72-41d9-b16a-17aa7d0a3217", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210844, "uuid": "0bde805a-059d-4991-8e0a-e8ead48cf253", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210844, "uuid": "98978d27-a885-48f9-bd0b-127cc0b2639b", "value": "0b8c5676ab6c54ab01d4ab57259a4cd5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b94bea2b-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690211643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211643, "uuid": "e4b4672b-526f-487d-a2b1-88011a7cf1d8", "comment": "Malware payload (AgentTesla)", "value": "453faf88b999e203d53ed667db3389e6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211643, "uuid": "b2894ec4-28ce-4d59-a74c-01eccadf52e3", "comment": "Malware payload (AgentTesla)", "value": "0de129849e28a7281cd7d6e6ca69f950a27efca7d1b121b1635e6c34b76ad167", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211643, "uuid": "9f321457-707b-4aa7-9210-ea374603c1b2", "comment": "Malware payload (AgentTesla)", "value": "f7f502722121c2c1f02fc4f408385164a0374699", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211643, "uuid": "6af2268d-fa1f-4da4-ad71-b6de122b339d", "comment": "Malware payload (AgentTesla)", "value": "72383ab27da36ea99f330989dac2c90c83d08933f72e2cb78b33ea0b9c2b085856bbf80eadb0ebaeea352a0f06b0a583", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211643, "uuid": "c0af71db-d6cd-49ea-856b-258a90b26ad5", "value": "T1EBF412253BB5AB42E2B8BBF49164552903B264562C37D34C4EF220CB1E63FC4AF51AD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211643, "uuid": "a169dbe4-9b5e-4c30-a908-494aa4611aca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211643, "uuid": "3be73d75-2077-416c-a5e0-0e20b3d029e1", "value": "12288:ynvJRBusyn5za33+gruV0/5tuR55K9L1rXPpQfbreKN28PYWVE:uFuD5u3OgrueM+9dXxQjre18PR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211643, "uuid": "cadd3df1-c0f8-4994-93e2-473471d9f36b", "value": 757248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211643, "uuid": "d56e2386-f348-4ee4-951b-b02b6af667af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211643, "uuid": "dc5db359-1f3b-402f-b608-b8d65c036e7e", "value": "e-dekont_html.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d192216-29f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1690183222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183222, "uuid": "77a836c9-baf0-4c73-8137-8f0c355a14c7", "comment": "Malware payload (njrat)", "value": "11f6aa9548d114dba03dc3bab61bab19", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183222, "uuid": "a5500c0a-87d6-4a10-afa1-15cac60b4b04", "comment": "Malware payload (njrat)", "value": "0e9ca3219b103d4ad5f737e53d51812d95fa5765ece94ca46d3cd3be1071ff49", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183222, "uuid": "6fa1cf62-8a20-45e4-ab66-bdeea35be5cb", "comment": "Malware payload (njrat)", "value": "1e51b5d41c750bd44b28ca6107d8984ad17c363c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183222, "uuid": "2b41ed3e-f01d-4910-a1b9-29142e2ee167", "comment": "Malware payload (njrat)", "value": "845c7b384c241359213d30393cee05243d9876f83599ad7521fd3ad36551cca865f186e698e1cc2167603210d8e386d9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183222, "uuid": "3cb211f0-69ab-48ad-9e31-438401ce25ab", "value": "T126F31F9D762072EFC857D472DEA82C68EA6074BB931B4213A02715EDDE4D89BDF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183222, "uuid": "5b79da01-461b-40b0-9d8b-1ece1a3c6323", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183222, "uuid": "0c90352d-b6a4-459d-a0d6-f01de30041e2", "value": "3072:uKN9FT9QAXlR3j4oHG5JE60i+iBnKbZaNSvEyVjlXMomIm250Ln:uKN9jTXlhFuEX6KbZaNSvEyVjlXMomIc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183222, "uuid": "bd0a5a94-9e31-459e-9fb6-38924f23490d", "value": 162304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183222, "uuid": "ec498018-11a4-4329-939d-874de8e64fb8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183222, "uuid": "ddd9d032-af72-46fe-be3e-2330006a653d", "value": "11f6aa9548d114dba03dc3bab61bab19.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3abe494-2a3f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690216438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216438, "uuid": "56878398-e096-4fae-a137-39de125959bb", "comment": "Malware payload (Formbook)", "value": "ad078588c17f3551e244ad4787197bfa", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216438, "uuid": "b3bd8fe5-83d8-4259-af4a-de66dcccf89f", "comment": "Malware payload (Formbook)", "value": "0f1146daaa40325d2b307bc66e223c6df2ba208f8f0bd3170b1c41b917b4b54b", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216438, "uuid": "aeb7c0e9-234e-4dca-a81b-d89f91fdf75a", "comment": "Malware payload (Formbook)", "value": "3cf731a9c99290c8e86c6563856d6f42a47b288d", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216438, "uuid": "0fbf140c-531f-426c-9f45-6c250d619076", "comment": "Malware payload (Formbook)", "value": "06d271a4e1526173e5f1e513da2eafdb9b0ddae3294303dd71678e39cd90ae4cf48154b087680f3f6e1e6c22ae7abd32", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216438, "uuid": "5a33f03d-6608-4d0a-ae88-e59ade4a488b", "value": "T1204423F01086EE468F6F4ED285C5B3E8E5403B2A0A6987C7A413EC8D5F64ADB2D507E5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216438, "uuid": "9fc7bc10-4734-4951-92ca-9b971c49ed9c", "value": "6144:IJZPdyMnzM/wtGoRGylcmws+WuGDf96UrYiB2vwc:IzUQaeACPwBGDf5YiBywc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690216438, "uuid": "8853970c-9614-4622-9720-9d5fceac9a77", "value": 263118, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690216438, "uuid": "397272d6-5e05-4030-a2ce-60a42d9fd8f9", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216438, "uuid": "65a91d86-a5b9-4776-b14e-a82243f4ce3a", "value": "our OFFICIAL P.O. # 11009810 - Revised.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71790f80-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690212381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212381, "uuid": "36202027-c06b-4140-b6fa-a165a7bb911b", "comment": "Malware payload", "value": "5d1cd0318a37195f728eab6535d5b6f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212381, "uuid": "b6ebc6b1-c6f5-4248-b15d-309fe167566c", "comment": "Malware payload", "value": "0f48381d0d3824f6c0e25407c8db22dc5f8e62636c795b78cb11b2b7a6f61a60", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212381, "uuid": "dac2823d-f49c-4a2e-b317-be1b5e0a2848", "comment": "Malware payload", "value": "4baec54bbb63942b99bdac144825673b75d7514c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212381, "uuid": "90862c8f-47cd-44fb-b2ce-083a804d54d7", "comment": "Malware payload", "value": "3bb6ae08957af713abec1ed73a3625a3369ad5e70005efa953fd8fefbfad582b4909f9b3de1c64e01c8ef82fe8815990", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212381, "uuid": "0311adbf-514c-44a3-b95b-d9e66e519b5b", "value": "T1A1652321B7C0C871E6660D3519E5A332BB7D7D601F364ECB63886A2E9B309D1D938793", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212381, "uuid": "d2bd74b3-6e63-45ec-87d2-b850cc2fc5be", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212381, "uuid": "f703d599-7de0-4354-9b6d-4e0c8a8299e7", "value": "24576:WBqaS/LEMDU+iM5ZuR5bgqbbiLrnNq6KdGoTqGjOLx7/KJYKuU7g5X:WBqaag+iqZU5b5Hi33B+O9irqX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212381, "uuid": "dbaa2cc3-61ef-46da-8e4c-2b0c368e4b3a", "value": 1531553, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212381, "uuid": "84439c1c-2ba9-47e0-91b8-fb6eb44db2cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212381, "uuid": "e9e4b843-3002-48aa-8679-5a62d81a9f04", "value": "5d1cd0318a37195f728eab6535d5b6f7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47e98dac-2a4c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690221760, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221760, "uuid": "c4d9efdb-8603-41a9-b12b-ec3e69c8dd57", "comment": "Malware payload (AgentTesla)", "value": "6464fec6d8c7c8fb36a6dc0734ca2a3e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221760, "uuid": "5d7f0c79-3236-4e03-be08-dbcdcaca060d", "comment": "Malware payload (AgentTesla)", "value": "0f5bc0b8bdc29c9e2d39e454e401a9c4763b13261b38564281ad13c69cbea07a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221760, "uuid": "e59e91cc-2798-442e-9bc7-cd5295a025fe", "comment": "Malware payload (AgentTesla)", "value": "ca4273a004fa40e04663c451b3863322882db468", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221760, "uuid": "426d7277-26c0-438d-9d0b-9932967dc46e", "comment": "Malware payload (AgentTesla)", "value": "04d4a4947b71a2889c8c38d38a48527aafc0824b728d33039885bfce8a6b4392e16446b540c09973905d3bb97a9946ed", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221760, "uuid": "bc080a37-ed89-4763-a082-048a02b485df", "value": "T1C6052240A2EAC623D4E867F51220A392A3F9DFC13986D21C9FD7DDC9F46BF144520A67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221760, "uuid": "a5ba7105-8566-4a37-9eb7-c0a2df0717d2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221760, "uuid": "9692ebbf-1b2b-4879-877f-d5e48aad4812", "value": "12288:tTTsgIkPt46c7ujzCWSD6IYk/fzKsKthCPkCw+7+Qg94z0MqVEdm/nBnpSIk:tTogIwwQCmkDTWo9w0z0uM/fSI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690221760, "uuid": "dbca77a3-bcae-45a1-a1a1-31a8d0861d85", "value": 824832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690221760, "uuid": "beeab342-9987-450f-9416-d5a723d4e1ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221760, "uuid": "9a828a28-5a0f-41bb-8390-63cfd2722518", "value": "bank detail.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d62e3c1f-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690212550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212550, "uuid": "3df30bb5-d039-4d23-950b-2a4efc233eb3", "comment": "Malware payload", "value": "09bf0949d98e56e1acf3fac1a3ae0658", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212550, "uuid": "213e55b7-a25d-4c78-afd7-c5764cc0aedd", "comment": "Malware payload", "value": "0f63d1156652f30615a436884507012458d0e73991e079049dc52695ee54f3c4", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212550, "uuid": "1e8c6589-4ce8-42e8-9a24-bbe6d5a8ed07", "comment": "Malware payload", "value": "e9fc923d698bc0f6959d7df6b6bf9d5173b00448", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212550, "uuid": "659c5420-35bb-42b8-a935-1061605a651d", "comment": "Malware payload", "value": "06e1d27cb5eb7df0622013f1bb2978ff3f6988f298b197da8564768ea0397eed26781ed9c0a85dc0dc59406fe691993b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212550, "uuid": "ae490044-59f3-4cc9-b2a3-0e663e2a62aa", "value": "T12BC5A7E711C53FDEC05ADE3A4242FE6E9B8FB476452594A3A0EAA5325C37C447E20F18", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212550, "uuid": "61d77346-8914-4dc2-b23e-5af0e5f105c5", "value": "7e60c38086d25d57354ecdf04c4b17ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212550, "uuid": "cf51f92f-50e1-4681-a1e8-36e7e57928b3", "value": "24576:T+y61lMqvsZ1mLrYOHJXzdJegqu8BQoHTjGaD:T+y6I9edJ9qu8moH+M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212550, "uuid": "09a0f71c-5125-47a0-bc52-bf44df3bb625", "value": 2737854, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212550, "uuid": "c68fd07c-4842-4285-be0d-8252a43d27ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212550, "uuid": "9e2fc4d9-284e-41a7-9795-943ceccc1388", "value": "09bf0949d98e56e1acf3fac1a3ae0658.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b979a07e-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203053, "uuid": "d27935e6-1e1c-4c2a-b728-9209120362b6", "comment": "Malware payload (Mirai)", "value": "88b455a2a883124b901a643e3cad8b7b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203053, "uuid": "bf397230-b53b-49c4-a116-c046c693b3d7", "comment": "Malware payload (Mirai)", "value": "0f8feeb373b61c5d8d649ee195e5285a80f69de79096ecdfa7832ddc92145262", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203053, "uuid": "6366f3ce-879e-4947-8132-8d434a93bf4d", "comment": "Malware payload (Mirai)", "value": "2040fe0c2b9e06f78bc6804000bd25786e261043", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203053, "uuid": "2631c9b8-2070-48ee-9ceb-215c1eaa5a34", "comment": "Malware payload (Mirai)", "value": "dee94071e4102444d306f038b50b0756744e0c4067d9ba7e78860e5ea21c2eec30a37e2566c139bbdd1c64e9049e4192", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203053, "uuid": "b112082c-067c-49f2-a45f-be8455e3c3d1", "value": "T16FA2E019BF1C858BC8363A7955D9EAD22253FD61F2DCCC0D2940C15FB1A33A96870F86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203053, "uuid": "87f89b54-1e4a-4af8-915c-4b2e5ab5f08b", "value": "384:Mg4Lpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXadmTb+502F2vwA9dWuMW21bAK1oTH:M98o08kxofBE+ZkXaITbp2F2TWul0c5b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203053, "uuid": "dcdbb310-cf20-4662-9bb3-011f38809fd2", "value": 21500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203053, "uuid": "3a519486-3d0f-4cc9-896b-6d25a33b4a1c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203053, "uuid": "4c36a01f-a062-4424-a371-80815e461f72", "value": "88b455a2a883124b901a643e3cad8b7b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "951e9eb6-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690217165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217165, "uuid": "947b5c2d-cb99-4061-9048-528e4eb70158", "comment": "Malware payload (Amadey)", "value": "680e9f4d4e55778e059d88bf1e384d3e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217165, "uuid": "9aaf40bf-b3c9-41b4-a180-435e0d28a672", "comment": "Malware payload (Amadey)", "value": "0fc2f0e5ce9fa677070a9076e1da2fb4021828904f464256bed54e954b64741b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217165, "uuid": "d6a5e3b9-36a5-4592-8058-f907626cefb4", "comment": "Malware payload (Amadey)", "value": "9c4986d972bc7c5e1f8bc0054f37b9a30f3cf8bf", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217165, "uuid": "3cf133a2-dedf-40e5-a0d7-c99ec97d9bdc", "comment": "Malware payload (Amadey)", "value": "e4fa62b34a16e9a58e00b52c04f3a0f7970c1cc65090f2e28354102cfe0748fd6a3c041a6e99eda65c5d7bcee4d75b10", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217165, "uuid": "6f52410b-b546-4450-81b1-71b9477a402d", "value": "T15E2408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217165, "uuid": "c0ec9a22-844f-47ed-b95c-631125ac65f9", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217165, "uuid": "906f450c-f0f7-4fff-932c-f33dc4c9ed74", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217165, "uuid": "03da5cf2-5b82-4e0c-af78-77576f1ee2fa", "value": 228922, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217165, "uuid": "85cd6f83-4683-41e9-bb63-bd4c03cebc1e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217165, "uuid": "b0db3217-edfc-4827-b408-69519f1088bc", "value": "680e9f4d4e55778e059d88bf1e384d3e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "095ee990-2a22-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690203616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203616, "uuid": "a96e3d09-a69b-4a9e-b839-ff50539bd427", "comment": "Malware payload (RedLineStealer)", "value": "e590f4b4bbaf6c9802e8092b03cc963a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203616, "uuid": "3e2ae1ed-bf80-4de8-9f29-fb80e6855556", "comment": "Malware payload (RedLineStealer)", "value": "112a95a4d71a4f671838dfaee7c6e8d92ff16cd17cf5a772d5826cfb36989f55", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203616, "uuid": "52c646a1-8ba7-4d1d-828e-ecf1097f26e0", "comment": "Malware payload (RedLineStealer)", "value": "6902d752407d23effad722ed7bf9433e479881dc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203616, "uuid": "95a5b452-900b-49e5-ae74-2409cb666309", "comment": "Malware payload (RedLineStealer)", "value": "34a399e20937e9f9f1065281cf56f2ec27aa2941ac760e6b01e26df9f6cbda900e5024c78ce2daffca644a25014023ad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203616, "uuid": "0a46baa9-6d2f-43bb-b94e-d75cadc3c3df", "value": "T15C54E81782F1FD59E927DB729F1EC3E8F60EF2508F497B7622199A2B04B11B2C163650", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203616, "uuid": "4f2f38b6-9804-4738-9637-f3e20d7f9f2d", "value": "266fc9b95dac31574046704a6db5e3eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203616, "uuid": "11f1dd1c-0890-40f8-bfb8-32127e386bfa", "value": "3072:LafImpOeULs4uCOryCXDWABkEgO11sUri99qN5gZ1hibzF1:CIjeULNuCB4BkEP/qAgZLi11", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203616, "uuid": "255cc196-2bac-4c23-aad4-f392bab127e2", "value": 300544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203616, "uuid": "51277bf0-8b1c-4658-aa11-d8092192df19", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203616, "uuid": "2f72c579-d52a-45b7-902f-5948a98b4c34", "value": "e590f4b4bbaf6c9802e8092b03cc963a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c612405b-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203074, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203074, "uuid": "6b5b8835-88e2-4b24-8345-013be6e2e874", "comment": "Malware payload (Mirai)", "value": "77c82c6bb48a6c5581ed340b5bac0df2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203074, "uuid": "592aa106-4f6f-4956-b62c-76e3566b5478", "comment": "Malware payload (Mirai)", "value": "1247a61d1b86bc537d630522b97d5b64154b13b3e7aa5edd80ca7ab24f1b056d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203074, "uuid": "733de409-37cf-4711-8a26-a7329bcb9625", "comment": "Malware payload (Mirai)", "value": "5da2105c8ac4a9f14493d3dd38ee268b06bd06d2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203074, "uuid": "12e4fca4-8e4b-4700-bbb0-7666420e21dc", "comment": "Malware payload (Mirai)", "value": "f83fb18cbbede0c2942ec388b442872ac8246dc052fae2c6c5afdbd083cd3eb4df485f6e7b2aeef66606a6b4dcf773c8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203074, "uuid": "9ace5ccb-51b4-4fd3-b874-e6e9e3ab036d", "value": "T1F033FA8EB8029D3CF91BE6BE54164E0DB93177C152830B2767BBFDA36C721945E02E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203074, "uuid": "0b68fc91-50a1-4da1-8624-44b4ae089c8c", "value": "768:gduPBFnHooqR8qOCKq2cH4Kg9e+TK806MMUVjzkfQXObHud2oGz:r/hqaJMDg9eqK806MHdkfQX6HuCz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203074, "uuid": "e3af8fad-73b7-41b8-8164-ed33f2382623", "value": 54932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203074, "uuid": "2ef8f1c5-785c-4737-b1ea-8f12771c8e56", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203074, "uuid": "e7422bcc-43d5-4f4b-8872-a28336f6bfb2", "value": "77c82c6bb48a6c5581ed340b5bac0df2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ab041d2-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1690184077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184077, "uuid": "7ab6322f-356c-4d8d-b47c-314cb5604e25", "comment": "Malware payload (Loki)", "value": "1055733c44f177c60c096ea6e33625f8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184077, "uuid": "b4c536c6-a8ee-45ce-b36e-b19d04b10328", "comment": "Malware payload (Loki)", "value": "127c29b65ebf2143b66e5c60fcdbae43c4789c836e273e4f996efd0e56040e8f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184077, "uuid": "e882d2b6-774d-429e-ae56-0cdd823586b5", "comment": "Malware payload (Loki)", "value": "206be99be02eab7436fd2d0a33c7cdaa4f7e9733", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184077, "uuid": "7e1dc478-9bbd-403a-9984-35f8442e2be0", "comment": "Malware payload (Loki)", "value": "1b2171da08414f27573407ba1c7a299fb925e1b817327ce2952f7b6486cb5b2113bbef30ed18f80f239e1fabfecc7fe8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184077, "uuid": "11260eae-dac1-4d86-bfbf-da7378cea19f", "value": "T13DE4126433EA5E03E7A9BEF48BB095A8033165612423D3EDDDB2204D5D92781FF126E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184077, "uuid": "4631fbca-bcc4-4d10-acc0-be2a1ee8c57a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184077, "uuid": "2239b907-9c61-4ba7-8594-98a0839db4eb", "value": "12288:kKvJRBusyAys67PuduyoTghiXjAwAS5Oz2q4VpiIufCrNP2qmtDGw:rFuUys6vgs29in2fwED", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690184077, "uuid": "057b1c1d-7253-4bf4-9848-cc8ec8c70adc", "value": 672256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690184077, "uuid": "d948d2ca-6e58-4c42-8adf-73bcbf129958", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184077, "uuid": "b5d15a8a-0dd1-4487-9acd-fcc2d98682d3", "value": "SecuriteInfo.com.Win32.PWSX-gen.31599.8509", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b06d867c-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203038, "uuid": "15742f37-90a4-4dc5-831d-a307a1564b65", "comment": "Malware payload (Mirai)", "value": "7836d24ae9bc73516f6573ebe71e23df", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203038, "uuid": "26b5007b-d664-48ca-9e3f-ade3c12c0844", "comment": "Malware payload (Mirai)", "value": "12c2f51457a642f8bd01fb444591fb77972819dd72580874984c744b6dfe54ca", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203038, "uuid": "dfce8594-ad4c-418f-a503-cc153c12b1f1", "comment": "Malware payload (Mirai)", "value": "f1fe408c7126245b709aa40ea20c01b84fe2bb70", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203038, "uuid": "71ffc4af-765f-4e60-88ef-375b0aea2c5e", "comment": "Malware payload (Mirai)", "value": "c827bf109cccb6a5970b39c409c2f0f51aec9189c70ab8b000ad660f8442a40c77f81889e524c2c6b0ef972b39b70ac7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203038, "uuid": "50eec023-3d87-4743-a2d7-2f99fcf950cc", "value": "T19CB39CDBF24701A0C8624AF007CB4BED3E2723815F27C5E76C6A657968791CF8905F96", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203038, "uuid": "c530370e-98a6-4f81-bfcd-87790dabaafe", "value": "1536:Fu27gBY9FSSpj3z5Qxw6YaWWgg1O/LWy:c9sSyzz36YaWWgg1Oq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203038, "uuid": "50d8810c-39f3-43fe-8a0a-ab16d6dc2816", "value": 107800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203038, "uuid": "b51f8858-24ae-4d50-8002-c965bdae2643", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203038, "uuid": "87d5629d-81f6-4f14-ae74-1d15603c9773", "value": "7836d24ae9bc73516f6573ebe71e23df", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a56a1e8-2a3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690214463, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214463, "uuid": "ca925e1f-fef4-4548-a8d0-b703d9d486fe", "comment": "Malware payload (Amadey)", "value": "2ad41d644161496d089d17fdd8d829ed", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214463, "uuid": "84b8a954-c2ef-4c0d-8957-c671e9e7a16a", "comment": "Malware payload (Amadey)", "value": "136b546d35913e21d69572f169ae203809c1521256619595aa6b15d763436c01", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214463, "uuid": "10b6b815-9ccd-4926-95fb-6cb56263f5cd", "comment": "Malware payload (Amadey)", "value": "5353f2219c0942b87a463658c7c57e4eb717e14c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214463, "uuid": "8851437f-ebdf-442b-ae7a-1ea7e11c3d02", "comment": "Malware payload (Amadey)", "value": "9229089c7e6ec0e7493c5f44aadb31a9ab506b24d1b72adc5be920b6e84125a5b27d796ddf830ff5645c87c0b2f0ea4d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214463, "uuid": "47c4a42e-65c8-4023-b72f-5ea6a9e90253", "value": "T1BDB41211DBD84936D9B627B09CF607830F32BD625D7883571B896E9F0CB2680A97137B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214463, "uuid": "2b67ce66-70fe-4657-a636-0d6ce4e8ee52", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214463, "uuid": "561a0043-7b22-45d6-8de8-95dbdc6e45d1", "value": "6144:KMy+bnr+pp0yN90QE3F0y6b9bDenEqXctZ2x1vdHsTdkuzy6lZOTbp84K/F+Gvln:8Mrxy905F0DBb8MsiqRu418yG6BGj0S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214463, "uuid": "8045bb94-524c-423a-b086-ea507b44bb92", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214463, "uuid": "fef5b0c2-a2ae-4cec-ac94-00bb0fbcb988", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214463, "uuid": "cdc0bdaf-dccb-473d-8838-ed60db3b2874", "value": "2ad41d644161496d089d17fdd8d829ed.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e6907de-2a4e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690222576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222576, "uuid": "4f02dd17-e822-47df-89fb-4475f1c5a8b1", "comment": "Malware payload (RedLineStealer)", "value": "461a41b00e56b7edc7c954b28a7ab0f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222576, "uuid": "b15846f7-f5fa-4283-8661-f6f57c2d442f", "comment": "Malware payload (RedLineStealer)", "value": "1437361c67b59d113cebaa24a142650e8b8b3172ab6a6714c71515ad86d9fa55", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222576, "uuid": "905fd3d0-d27f-4479-9699-6649e22bc1e0", "comment": "Malware payload (RedLineStealer)", "value": "4b60bd82ddaf0916bda391168caafa6813c8d184", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222576, "uuid": "9a1d954d-4189-4dad-80d1-bbeda6a3fd67", "comment": "Malware payload (RedLineStealer)", "value": "de5b5f49c5d2922df43e933a29dfd9cdcee4c9ca36e84475f9c1848c015db3ffd554a8c6e14f21e2825c7b78d499e58c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222576, "uuid": "6a12ac34-e33f-489f-be54-ba14c78e44ef", "value": "T1D5840212E7D88173D9B1177068F603830A397DB249B853AB37866D5E4CB32D0E876767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222576, "uuid": "515a6b6f-156f-4c4b-a586-69a81ef06003", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222576, "uuid": "46c0b458-5035-4be8-a6ea-fcf452732775", "value": "6144:KXy+bnr+1p0yN90QE+susNp+TPHNPdk1deU/4KlvZimAKtvqoDbcG4hJQURF0:hMrly908MHuPHzGeUPR5AiTbQHR+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690222576, "uuid": "4baeb9da-753e-48da-8f08-4960acd827be", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690222576, "uuid": "9c08e94f-9f20-4392-847f-3ce19a6f0c16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222576, "uuid": "7e7b9332-c6f2-4e72-99aa-5a7d25ef45ab", "value": "461a41b00e56b7edc7c954b28a7ab0f3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de4982d2-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690210846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210846, "uuid": "c29e1355-0c79-4cb4-a79f-30905d95feb6", "comment": "Malware payload (Amadey)", "value": "62f14baf2fcce514f609b53e2c79b52e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210846, "uuid": "0fe70432-d8bf-47d8-afaf-da3fa4373eff", "comment": "Malware payload (Amadey)", "value": "150efe040daf5b2059f8ac7b00d97d784f87aab373690e8896efdfafae259e04", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210846, "uuid": "2e937fcc-be8c-4a73-b49e-081cf4dfc51a", "comment": "Malware payload (Amadey)", "value": "6504bf67431c1c6ebe352ef6998f04c8fac4e083", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210846, "uuid": "a6803d16-b41f-4e54-8cbf-913d94409618", "comment": "Malware payload (Amadey)", "value": "1e781ea9afd985b144926a8e564ad19c48c84fbd5b70d10cf1a38996c8e7b84f048691c0aebb0e6dfb7385f2bdd79d46", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210846, "uuid": "affad9a4-6ea9-40f6-a871-b847ed13cf14", "value": "T1D32408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210846, "uuid": "2af16270-dec8-423d-b815-0f00db31bba4", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210846, "uuid": "3faa986d-1149-480c-ac8e-e94a7ea05884", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210846, "uuid": "8cd36d64-4648-47c6-9b92-ffd7a9715345", "value": 228869, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210846, "uuid": "8abd74ea-3242-4520-a022-cee14b7f62a9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210846, "uuid": "50b8b86d-ba49-41e1-bc59-23b7655c4e70", "value": "62f14baf2fcce514f609b53e2c79b52e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abcd2181-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690211620, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211620, "uuid": "8b133207-3a83-47a4-8362-d1760da3022d", "comment": "Malware payload (AgentTesla)", "value": "96f1b6416e83dd1f48e73716e7a2c6a7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211620, "uuid": "53034b5d-9a33-4617-b4e1-89c5541d4bd2", "comment": "Malware payload (AgentTesla)", "value": "153c3fbb73c454e077ba248871f1159f8d6c9df46d5f42d35ac6d99713ab09b0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211620, "uuid": "bff47889-5365-4e13-b48c-9c0b215928d4", "comment": "Malware payload (AgentTesla)", "value": "1508131ce5e989e154be0fe999008577eb300629", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211620, "uuid": "69ec8a07-8367-4301-a171-0fdd5486341e", "comment": "Malware payload (AgentTesla)", "value": "293128e18a576a61697e5bfa8d88af6daddd78dafd802b91980330073fc40a9a4edc505d1296c8312985b4f082b31c23", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211620, "uuid": "0e811107-50ad-426c-9b70-725e5f750b53", "value": "T18EB4B3517EEF600475B2BE9B1BE529A54B3B75311D75D46E304E060A0BEBD80ACA0F3E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211620, "uuid": "4fff7a0d-e9af-4844-a2cc-6fda2cead6ff", "value": "6144:Zn+UMxzakHMKM7h3XztZvLtSv3aL3YTDCkFxFps8aht:jMxzaka7hlSUYXCkFxFps8aht", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211620, "uuid": "202b757c-39ec-4991-abad-3a2fc2a171b9", "value": 514148, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211620, "uuid": "5f9091df-bfe3-4483-a03c-f9074c92cb6e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211620, "uuid": "407706d1-a8a8-43ba-8941-1b5e542d23c2", "value": "PO-679979585774.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63c34a21-2a11-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690196467, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196467, "uuid": "2c2d4afa-ef08-44af-a407-eb9ea5587369", "comment": "Malware payload (RedLineStealer)", "value": "d511269e9a84cfd7b7eacf52f6d7ed13", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196467, "uuid": "1b7884c8-8ba0-4170-99ad-34c5577cb3aa", "comment": "Malware payload (RedLineStealer)", "value": "15651544e991249d23640c8599655e4eb2bb29eadda767b2eac1b54460c64d5d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196467, "uuid": "47043cbe-71f1-49ea-a63a-4e67d9e15c68", "comment": "Malware payload (RedLineStealer)", "value": "36cb7d423eb317d736d22f4053bb86c581042c66", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196467, "uuid": "abaa54c1-f6dc-403b-95ed-f6686f30a223", "comment": "Malware payload (RedLineStealer)", "value": "c3480d67f62aad6ebefe9bc065218ee68b32ab328ba925d83130a4bde88f4893a985b482ada903cdf880a5728b9f08a3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196467, "uuid": "e85f2a36-4941-48c3-8582-988dcc77e527", "value": "T10354C0207190C0B3C873053085EACB369E7A34B5176A95DBB7CD67BA5E613E1A3362CD", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196467, "uuid": "40d29082-3996-4f7a-9eb8-5bdb59885a3e", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196467, "uuid": "14974fe8-7e35-4f94-8a3c-9f29e38b1603", "value": "6144:LDKW1Lgbdl0TBBvjc//QYWB0DfCncVPBGEoLRZ:/h1Lk70Tnvjc3QTSzCooHP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690196467, "uuid": "610897e3-c1b9-474a-97dd-d474f5fae814", "value": 280072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690196467, "uuid": "faf70860-199f-4209-bccc-021dbdca3542", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196467, "uuid": "2aaed045-6ce5-4821-b5aa-521cb93bd977", "value": "r6833295033_AWB.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c3eae5f-2a4f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690223163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223163, "uuid": "e1513a2a-66f5-4e03-b389-8625903d041d", "comment": "Malware payload (Amadey)", "value": "d02c7231c73ede54b49b3f1228c26b89", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223163, "uuid": "ce6e80d5-0ac6-4f3f-b4fe-d54a787188ae", "comment": "Malware payload (Amadey)", "value": "15b5e85db3255b5984baeefc6baea2fbe1bacb772b3002bbd69df33fdb57833a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223163, "uuid": "9733f97f-031c-4637-ba7f-ba36eb38602a", "comment": "Malware payload (Amadey)", "value": "1d20823e35c1b110469a2c8dd37c86da4c62b1cc", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223163, "uuid": "e5f8d1e3-123f-4969-b37d-52bb2abde1db", "comment": "Malware payload (Amadey)", "value": "8145819b0798532bf89537d0482e218729fe1478936c2df9d7d97d61557617dbfcbbeed32b823aa8b707be144005ac28", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223163, "uuid": "e5fdd38a-f177-4603-bfec-4bca168f428e", "value": "T1C5B41241A7E88473E8F627705CF602E31A39BC519D38476B2749AC5A2CB36D4E53237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223163, "uuid": "a38b887b-c473-4d98-a072-a7ab369769fd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223163, "uuid": "400e8b9d-beef-46e3-90e1-2e7beecf69d5", "value": "12288:gMr+y90biNtHyBheUkCNdAoSZFw96o86BhZcEbrVV:uyHSXkm3996T6Vt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690223163, "uuid": "cd4721f9-289e-48a3-899d-b2e11779ca9d", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690223163, "uuid": "2d33955d-ba80-4ad7-abc9-be7d43a256de", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223163, "uuid": "4701972d-9a91-44c6-8d1f-0ba130eb3366", "value": "d02c7231c73ede54b49b3f1228c26b89.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b57ea004-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203046, "uuid": "96d3d305-f6bd-4d9a-b459-cb2e90ebfb6e", "comment": "Malware payload (Mirai)", "value": "5f647078ea839ba5a39af457e3932a75", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203046, "uuid": "be52854e-635e-4284-aa2c-a735987abc67", "comment": "Malware payload (Mirai)", "value": "15e3131a419dacceda3d1e9b1888753567b8cf88b0ac7b2172a4d65b1a509502", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203046, "uuid": "17670f43-1c04-4a23-8e97-e3aa1212c49b", "comment": "Malware payload (Mirai)", "value": "9681ea82076ad2cc1bd7dfc068894a85e18bdb6b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203046, "uuid": "918b4eb5-095d-499e-9c2d-161c0bb1cbc4", "comment": "Malware payload (Mirai)", "value": "e3031bacc01f2a46d3ccc14358c0527bd81e7c85b6ec1a7b2683ce34a8d7d7efe7e5e015eff2f1a597404c58010fc17d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203046, "uuid": "e1bca52e-b619-4d75-8138-9b4ab3eab345", "value": "T1AAC2D0E07726FA31C4206C3DE62B4D893A51067C91FF393664159D359EC168A63F88F9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203046, "uuid": "4ea32018-46f3-4509-86b1-8fa496cefadb", "value": "768:4MKyhegCCMqfizjoNpd2vJdX6vwrWo9q3UELu7:PKy4qfqoeJdXWgELe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203046, "uuid": "8c2bd46c-73ce-4cec-9ce4-455a9992852b", "value": 27300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203046, "uuid": "e1e7cdb9-0a0f-4de5-b2c6-4eb00d2a0047", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203046, "uuid": "8bac44ec-80de-4619-b87f-cdc94ad7f13a", "value": "5f647078ea839ba5a39af457e3932a75", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a50b53d6-2a16-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690198724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198724, "uuid": "bc1f9dac-9b8f-4484-8147-ddddfeb4d9d6", "comment": "Malware payload", "value": "39be1e514275c927d27bc00bf520f8f3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198724, "uuid": "23d3f4bc-22a1-4f04-8c24-a14811a2ec06", "comment": "Malware payload", "value": "174f7b02bab7fd2ccf3cb8018c1b03e851bea9f91b013098330d18105892c450", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198724, "uuid": "a2353c51-831a-47f2-8221-b50efa8150a7", "comment": "Malware payload", "value": "0150c263af5879339746aed427360da01f7ffb4e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198724, "uuid": "958048bd-8e51-4312-b779-78f64f67444b", "comment": "Malware payload", "value": "e2ab325b5b1e29431f969a57922f69a33f4327dc0f3d2f03e33d67430595391c0c96e3d003693d641ca232ff262c72c2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198724, "uuid": "80d66202-9c74-4040-a6bf-a787558d4fb7", "value": "T1D6337C057561C0B3EAAA123935ACCA22067F7C525BF084937FEA164D4EB11D1BB3D397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198724, "uuid": "94e997aa-633f-43c3-9fae-9c909a926437", "value": "b75316755c341c81f20ea9365d85eda8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198724, "uuid": "fae3051c-bb87-4334-99c8-e6bc77303c86", "value": "768:mkJvh5T+EKFW2J9A6UbYqrE7KWANK+IsQymdjHTtB077wSoSK:3JvGNjMUQkHTtBPSZK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690198724, "uuid": "11d56bd8-535e-4e81-9d11-8cc293f4c0ca", "value": 50688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690198724, "uuid": "c18e76e4-d819-4c9c-9141-d8d3e5f13b81", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198724, "uuid": "202cd89a-0a8b-47db-ab83-a9c4dbb6361f", "value": "SecuriteInfo.com.Trojan.Win32.Lokibot.DECC.MTB.3873.4739", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12a8e611-2a0d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gafgyt)", "timestamp": 1690194613, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194613, "uuid": "233db6e2-6c78-475a-a822-2eabed3dd3f4", "comment": "Malware payload (Gafgyt)", "value": "726bfe0d9f0b037f16181386bf46628c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194613, "uuid": "ad5f19d3-ed01-48ee-add0-58c7730dbeb1", "comment": "Malware payload (Gafgyt)", "value": "17f6f2aca14200fd6b3a523cb27f95a9eb22cfce77b25f09ad5b0f309ed28815", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194613, "uuid": "51e323b2-cea4-4662-b95e-89eefb1c5ad3", "comment": "Malware payload (Gafgyt)", "value": "6d32312d8c26f3f35dfd14c4f9f40ce92f6bb387", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194613, "uuid": "9ffc8898-10f0-4efb-8b2e-f7e5b403e995", "comment": "Malware payload (Gafgyt)", "value": "e14f95dd16099f509cf41bec9b00557c6f0fc500f0c68be5ef6513f1bc28c7f7f81eecbcfb9b4655174b9d766557da90", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194613, "uuid": "fd21e10e-142a-433f-9f13-1cc9ebf16758", "value": "T126B35C73CC256F68D665E1B4B0B08F796BA3A950818B1FBE1567C3758043D8DF60A3B8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194613, "uuid": "a09607a0-3668-4b94-840d-a082c62b5c64", "value": "1536:Ea0UAv6DAaAiKeCrKuRVdO0al/qq1WyHSqZntZb:E92AZiKePudalh1W+SqTZb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690194613, "uuid": "70adf442-e18e-4d3a-9f39-585d5fd97482", "value": 109376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690194613, "uuid": "8f53701a-06fd-4e4b-b44d-edfc632f5a6c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194613, "uuid": "4f1907f1-7d5d-4379-8b2e-1cb55313fb4f", "value": "726bfe0d9f0b037f16181386bf46628c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18c1d300-2a26-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690205360, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205360, "uuid": "93c7e66f-f146-469f-8e26-85b9786428d8", "comment": "Malware payload (AgentTesla)", "value": "d115273857d7f9d8a09fbdaed9d599e3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205360, "uuid": "0072a171-712b-4711-aa84-c9882d7ab0f7", "comment": "Malware payload (AgentTesla)", "value": "1889f19be49b1284a5bc88703ffcaf212baf6aedb5702e7a4ab2fde0546fcf90", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205360, "uuid": "9fac3326-5963-4858-bde5-e4b4e787bd9c", "comment": "Malware payload (AgentTesla)", "value": "5ea779e00d3b47793c5bbc3ce4e0f3c9fbc97557", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205360, "uuid": "3067d192-e8b7-4d6e-9d4c-c44acbb6a695", "comment": "Malware payload (AgentTesla)", "value": "269390e41358042137c026049fc81310268e51c5133adec8377f6d00917cdb1443903bc540097f73104d191af5def2d4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205360, "uuid": "e99bc7eb-29a3-4672-a28f-793235664921", "value": "T106357A10A1640B21D2FA3FF61F40D6740BA46D5E656AC22D8DE27CEB76FCB730A4161B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205360, "uuid": "7945580a-0fdd-47f7-b6c5-84675bf0f5f5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205360, "uuid": "a39b91c2-64ef-4fa3-a5ca-8310ecc82bfe", "value": "24576:knmmSAe7uhBNWVJSWqmeVX1dm8usN4JX:kveaHNO8AQX/5usN4J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690205360, "uuid": "22d5b4d9-3424-4b84-a8b1-77788492915c", "value": 1089536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690205360, "uuid": "56998f92-1b70-46fb-a988-8ed573c9878e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205360, "uuid": "6341468b-9450-41e0-9b66-f7b266c70c09", "value": "Bank Form For Customer Payment Info.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "385c8474-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690183938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183938, "uuid": "160bdd59-d8eb-4cc2-b2ee-ede527394069", "comment": "Malware payload", "value": "20dd9d39079743bcd9bc54f34c5dc616", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183938, "uuid": "ee9a2fe8-7868-4dd3-bc04-e755cf8fb13d", "comment": "Malware payload", "value": "189a7f53f1d04763721b0be45871f4149d190c81c1a9b10da9babd7822ae567b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183938, "uuid": "9f1d4f9b-a6c0-424f-b01c-3e3b39e5d34c", "comment": "Malware payload", "value": "7ee9a34de45fdb4c786ce7e5d0b14c192912cff1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183938, "uuid": "65f9bb4f-44ea-44bb-af06-d33949f4b0f4", "comment": "Malware payload", "value": "c4be6480f5335ab8a7415a1e9b4b6f14fe0988d5ce771cd239438a4c1b5f8ac6de11db83b9b90750fa47df120740e624", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183938, "uuid": "877f96d1-15a4-4d6a-93aa-c06d48fdbc89", "value": "T18AA65C05AD886FBAC07C4F7584F6CA9523746D0446F25A2A2264FEDDB8762787F43C8C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183938, "uuid": "d264bdb3-0c30-46d0-a367-47385c878086", "value": "49152:zXPM3xXI1J2FYb/X15XZ1WKgiINBLotS+7gdtUzyo8GR+/F1h9mFIwzKmCx0maUN:zKP+/51WKIG6mXKimaGaF8nUXdAB4fmh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183938, "uuid": "ded76e84-0626-41e8-814e-03977ce33ff4", "value": 9761492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183938, "uuid": "61b057e2-acb0-45e1-a718-f918ae670416", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183938, "uuid": "be7072b7-7023-48a1-b7b6-891161a29174", "value": "20dd9d39079743bcd9bc54f34c5dc616", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b31a3672-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690188010, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188010, "uuid": "9ef885ab-a604-4b73-829f-07bd2bf3ba96", "comment": "Malware payload (SnakeKeylogger)", "value": "ac9bad525fdb063e797ed8946a275603", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188010, "uuid": "b8a44632-7b83-4ec1-858c-28cf7321ab68", "comment": "Malware payload (SnakeKeylogger)", "value": "1c774d7c406de74b00df040e426203d9b63aae438f46c846e25861cf2e1ed6bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188010, "uuid": "0d7f3e32-a72b-4163-bad9-7409e88d0a07", "comment": "Malware payload (SnakeKeylogger)", "value": "69713bdd822fa2f209d0263b4e79557bb8d99313", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188010, "uuid": "6cd2fad4-8159-44bd-94ce-527b7d25e5cc", "comment": "Malware payload (SnakeKeylogger)", "value": "6847267f0fae2bcf4b8738a07025d57ccf83ca917db16003d30f857034a05a49ec149eaf77bd5632d06d41df123871f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188010, "uuid": "a6ec73ef-de26-4826-acbe-4a0b59b3b9b0", "value": "T13EE4127537B5AB52E2BCBBF492A091200371A5142833D38C4EF670DA4E66F856E81FD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188010, "uuid": "86ac6f8e-d3d9-4750-bf2f-27660481c358", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188010, "uuid": "ed85923c-cffc-4c05-941e-949a30d27b32", "value": "12288:p+vJRBusyXRH24gf5yyed/jsNL8pk1dc4t8JyyLbI:SFujRtIemYkk5yK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188010, "uuid": "b39ada38-885f-465c-b56a-f8d9e3b13d32", "value": 716800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188010, "uuid": "4d435e63-fba5-4143-bf89-c81443a0d8b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188010, "uuid": "8ec9c5ce-8b0d-4457-9516-5da8116fdf8b", "value": "Revised offer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16525055-29e1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690175721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175721, "uuid": "215188c5-56a0-4b74-8d9f-b5aa2b3fae6d", "comment": "Malware payload (AgentTesla)", "value": "678cd006393b1a390a640fc4e63e36c4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175721, "uuid": "d7487ef9-5bc6-4c1c-b870-48a3f36574ac", "comment": "Malware payload (AgentTesla)", "value": "1cfddfa75f6311804b05d73c04d1d21fd870d0b69185d3af201c74bac40f4151", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175721, "uuid": "71404a06-34ef-4346-8ffe-07a35ae30213", "comment": "Malware payload (AgentTesla)", "value": "ae9af96176605fa4a279b3e7c6b16524117bd569", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175721, "uuid": "4bb832e0-e06e-403d-b632-1ca5c4ffbd4b", "comment": "Malware payload (AgentTesla)", "value": "eb2fbfa9e92d118dcd82d374ddd6696059c9e25a1b768810d3e8c7607278f9fe462ff3c0eb0395f31a0f011cc31933d4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175721, "uuid": "1052405f-201b-4413-a0e0-866342a012c2", "value": "T1CCA42367A5BB12B1A5D3BBF6521751CB63A7A2F0957836CB002878EED41321DF8F3814", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175721, "uuid": "67657877-5a9a-4c6b-8aab-8700bf792f35", "value": "6144:dmDh3SH1wrWmsFtHiWmq4mGel9re1aTE6ZjvE370MppnF7JqUurW4EFP1vvEchoN:dGhCHFHR7e1aTEAfMTRvTJ1Ucx+Jj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690175721, "uuid": "c8a68ce6-ad1d-4d1a-ab22-ab349960b4d2", "value": 461228, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690175721, "uuid": "3147b1a8-8a79-4394-9526-f2b1f6ec6902", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175721, "uuid": "58014bb5-05aa-4aef-bb3f-71a4047877cf", "value": "Invoice for shipping.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9566fb11-2a3e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690215877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215877, "uuid": "1ee2ed7f-8711-4ce9-95f2-a721caa512e1", "comment": "Malware payload (AgentTesla)", "value": "45c24a5fe38007c911751ad024aa314b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215877, "uuid": "8509b9c8-3a18-4597-a2e0-60e083c461ce", "comment": "Malware payload (AgentTesla)", "value": "1e9fb0a98fd454d2cdad25813dd6726976a0f182758df0abcfdaa888a944e36d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215877, "uuid": "352fa57b-a7bc-455c-95c6-8bae45bb9b43", "comment": "Malware payload (AgentTesla)", "value": "d61d15030ae00c611e9457626178c8c7299a0ef1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215877, "uuid": "08b9b87a-9894-4887-8095-499620d6110a", "comment": "Malware payload (AgentTesla)", "value": "57ed3ec32009b086c7f04ea203279e0906bc36f742b52f6801ac82685c1d127b37e13cc636e6d5a46e6d15b008d03d1a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215877, "uuid": "c1109925-2057-43b4-98a4-bb23da07c3cc", "value": "T1B3541205A3D0C0E7F9A229304DB50F365FEEA83218BD464B2BC45F9B3D79696D60E712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215877, "uuid": "ae55882b-ffa2-444a-9cd8-f88d4577744d", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215877, "uuid": "2359c335-262c-4c07-aaea-313c0e8ca8f8", "value": "6144:/Ya6kcwQka2FB9pHGPe7AlsP4hmubttYWLfp5L79Etozn/QbZrpSCkh:/Yacnkpb9pHNA8RmZLfpJ7Gezn/1th", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690215877, "uuid": "848a8d48-7ff7-4036-8c44-200ca987e5fe", "value": 290663, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690215877, "uuid": "ce690d9f-824e-4722-91e1-50a9a0f027d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215877, "uuid": "03fddeb2-e821-4c7e-a74b-a6e9dadcb542", "value": "check.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96ee0bd1-2a7c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690242509, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242509, "uuid": "db2e9da7-ef88-4d9b-b8af-5fc0043bc28a", "comment": "Malware payload (RemcosRAT)", "value": "4ba71f4cb36bc4c5be62b5e18e87dafa", "object_relation": "md5", "Tag": [ { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242509, "uuid": "782a4fb9-3e29-4685-bcd5-fa55cf2768c4", "comment": "Malware payload (RemcosRAT)", "value": "20dfa318d7b2226809ab2799085cc1452f4761eeea87ae6b3ea01554f88cbee1", "object_relation": "sha256", "Tag": [ { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242509, "uuid": "3712e86a-aed7-4956-8cd2-3b64038d9587", "comment": "Malware payload (RemcosRAT)", "value": "82402862203d14f9d162d11c080aaafc94436711", "object_relation": "sha1", "Tag": [ { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242509, "uuid": "5b4503e8-0394-4b53-bf36-7bb982d7c859", "comment": "Malware payload (RemcosRAT)", "value": "b3189de65b093ee59cf53797e96420092a3ce2bcf400b410c5a65965a0b14f6e927fe04fa8ded224880ce984c6582ef5", "object_relation": "sha3-384", "Tag": [ { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690242509, "uuid": "22439f06-1257-4649-b87f-78eff21bf965", "value": "T164F4CF823245DCDAD44329F248AFD56051B8BD9F8164C70E3B87BF2B94E7352246B78E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690242509, "uuid": "89e76ec6-1e63-4974-86c8-60a42eef8f5e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690242509, "uuid": "c0eb620a-3e1b-400b-a773-9e3c109d6ab5", "value": "12288:SYlqdnpu4NoT7m2mmk22pTdHMqRovr8nFqyAAqSi99oK:xlqnpLX2Bk2cyn2+dv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690242509, "uuid": "4a914d17-b1a9-4012-82ed-c9ebe98a6516", "value": 732672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690242509, "uuid": "09f486d1-4ef6-4220-822d-7f21cead3fbc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690242509, "uuid": "084febbd-8a94-4225-9462-79b75db36d95", "value": "20dfa318d7b2226809ab2799085cc1452f4761eeea87ae6b3ea01554f88cbee1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0abc49c-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690212568, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212568, "uuid": "c5ad7cfb-8c09-47d6-bd82-58b9357da723", "comment": "Malware payload (AgentTesla)", "value": "8a3b5e57c7f93d5c0cd40f0d4d44d1fd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212568, "uuid": "2a553298-18c2-453a-9c4c-f6601ff2881b", "comment": "Malware payload (AgentTesla)", "value": "21275ed11f8b1b1b08d98607acd7c5ae3e1ad733782f91daf53be5b84feb0bd5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212568, "uuid": "d4d736d3-1858-4479-8a7c-23edaf70260c", "comment": "Malware payload (AgentTesla)", "value": "779b8f1f466f0f8bc02574acd80bd6aecade3411", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212568, "uuid": "d4889e97-af95-4736-88b1-11968dc31191", "comment": "Malware payload (AgentTesla)", "value": "bce2db2246d7f15e8a5786f9e21de99419c6a490511f6f7d71efeff238ca36cfb9932b0bc377da2d475bba84dcaf5fc8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212568, "uuid": "1381a655-5ada-4f68-993f-d487f208be73", "value": "T1E3F4125137BAAB52E2B8BBF496E0652403B1A5916833D30C5DF520DB2D33F91AF11AD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212568, "uuid": "a1cb63e4-ea7e-4b0b-84d4-ecdf1ed1f2cd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212568, "uuid": "f1e13e4a-b286-4744-b385-04a35cceaaa1", "value": "12288:wUvJRBusyJYiCsiWYlqSuFhrgtnaZZsHO7GWefgm6coKcfurz01Z:5Fu9YFsAINhcgs3WcoKeAzo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212568, "uuid": "a218a459-799d-4a29-9a79-ce3d6e1d82e1", "value": 759296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212568, "uuid": "4b301171-bfa3-4285-bb46-30d982b37409", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212568, "uuid": "94f91890-39d6-4e47-add5-cc18c67a4bec", "value": "8a3b5e57c7f93d5c0cd40f0d4d44d1fd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0448e991-2a40-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690216493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216493, "uuid": "f1e32aef-7e74-4174-81a7-fec33d013348", "comment": "Malware payload", "value": "1ed1749edd5fc4b0a4a286fb99e5c1e2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216493, "uuid": "e0c7a97b-0085-4f20-a84e-513eb51743f2", "comment": "Malware payload", "value": "2149d0f52e3c5f9f63c5802ee0d930b32110211b00d67e64ec5c03c95c864552", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216493, "uuid": "e0a05076-c1a7-444b-b329-a56cc3144bec", "comment": "Malware payload", "value": "b6d5cdfcb596099de425bcbb26fe61350d2cbc2a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216493, "uuid": "da8f0fc0-a7b5-4cba-8823-b81343258c46", "comment": "Malware payload", "value": "6f71bde5d466fc149a4248ed78bc465f37b1fcb817b2a9fa984cf361ceb7062430587505f3d2c5af7d8366165f6e7e77", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216493, "uuid": "c135a0bd-755d-4c98-8701-8d197b8d7ad2", "value": "T178337C0175A1C0B3D5AB023819AC8612067F7C529BF494973FEE174D8EB15E17B39793", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216493, "uuid": "f59ba524-8f62-4e65-9c3d-e0ccb6b2cfe4", "value": "b75316755c341c81f20ea9365d85eda8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216493, "uuid": "3efda6ee-4b3e-4919-aa4d-18c69846cb57", "value": "768:94P5JjOcyWWBtQ6UbYijEzqWANKmIsQymdjtTtVQ98lGWOrM7DguSK:WPO9rUsQktTtehUMK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690216493, "uuid": "eee9354d-8f05-4c4a-b9d0-ce53b1a4f1e2", "value": 52736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690216493, "uuid": "20dec7a3-350f-4a3b-b56e-f438b427775b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216493, "uuid": "7ef8a9b2-d2c9-429b-9cb0-1a76aa106732", "value": "SecuriteInfo.com.Win32.PWSX-gen.6584.13450", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e732d28-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211141, "uuid": "1fc97733-5606-4683-94de-bf9ef3374f0f", "comment": "Malware payload (RedLineStealer)", "value": "308a54c951e714820346f88877ea827a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211141, "uuid": "4e0c4700-6a7e-4056-be68-cf8a4b64b4b6", "comment": "Malware payload (RedLineStealer)", "value": "2151ad9c3dfd5ba991eb4300cf58b3c627efa307a90912a57b350ece422e261c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211141, "uuid": "3bab0e78-41ba-46d6-97bd-0f11c5e14018", "comment": "Malware payload (RedLineStealer)", "value": "fccb0c58daaefd5896fb8ff8353607330f69bfc5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211141, "uuid": "6a0bca77-24aa-4b8e-a9d4-f3a186207486", "comment": "Malware payload (RedLineStealer)", "value": "6a7d7111a8fee6f4bfa454e41e10cc352c1a9c428eaa10b70d1aded50a3373fa795864f24658af1ac1ff6b74632bbc29", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211141, "uuid": "51ec1d44-259b-49f7-9891-ae5a7701cd07", "value": "T11B84F123F6E88572D8B217B0ACF613C70B3ABC629D74926B3651994E0CB36C4653177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211141, "uuid": "24f4347b-783b-4abc-9c9c-0d6d07203e7d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211141, "uuid": "6877df4d-370a-4253-9ca7-a6f2c9116af3", "value": "6144:KBy+bnr+kp0yN90QEtqJnjVh+qyX/ZYrxGpCx3xjfOpz8+lyUlma1AkZSoPvW:/Mr0y90XwjV8irxGpCZUpzoU/Aky", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211141, "uuid": "22a34dc4-e609-4bcf-8ed7-e3eb48372c31", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211141, "uuid": "840a39ef-4f15-4722-bfe7-1321b846998b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211141, "uuid": "e8349b79-521b-4a59-bf0f-2b8257ba6687", "value": "2151ad9c3dfd5ba991eb4300cf58b3c627efa307a9091.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0348264d-29e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690177836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690177836, "uuid": "27a1f64e-9c76-4ea5-afd1-fc43588ca8c1", "comment": "Malware payload", "value": "ab205a09798d80420924fd25e764cf47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690177836, "uuid": "88cfe68e-68d3-41ec-a404-2930917bbb06", "comment": "Malware payload", "value": "21568f345ed406fe103d5f111d05c40bdeb0de8777dc45b3ce8f0687685dce60", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690177836, "uuid": "4f349c1c-70d1-4b7e-9e79-2939b96b1be3", "comment": "Malware payload", "value": "4f4e2ce5506dbd39436fd543eeb425906e0da588", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690177836, "uuid": "c319900f-ae7b-42a2-99a8-82199afba9c0", "comment": "Malware payload", "value": "2e5858244076745feb15fe9b5e191199580f24803a67c28ea5089a3d426aa29fac4089b2f3a125e0c622a4bb83edeca4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690177836, "uuid": "67d7979d-fd0b-4e9c-beca-71ee548e61b5", "value": "T1C455EB4196C4527944274195AAAD3396E63FF2CC2B184BD3BFBED89F43CAAC422F5710", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690177836, "uuid": "c92fe6d6-68fe-4df6-967b-36f5be04f59c", "value": "12288:8VFL5pLl1HIskHWpWy6qaFI7V/P/K7mweqotR6Pb1BcS:8dZllIsj7xPweqotRsMS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690177836, "uuid": "566128fd-33a4-46f5-b33a-b1ef89822a54", "value": 1303127, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690177836, "uuid": "560682f0-aee8-4a65-bb32-e809b3f63e24", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690177836, "uuid": "74ea5b2d-5bda-465b-bbfb-36caf68e4f00", "value": "ab205a09798d80420924fd25e764cf47.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d75a1374-29f8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690185923, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185923, "uuid": "e4d6ab6d-ebff-4854-8fdd-70a073e94913", "comment": "Malware payload (Formbook)", "value": "06638b761b88d467c983304fc015c96a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185923, "uuid": "17831f6b-4759-4c99-b0c9-f6642d520ccf", "comment": "Malware payload (Formbook)", "value": "216237da181e0a4fe72486534f4fb7694641a34508dce78b3d36acbd53bd9dba", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185923, "uuid": "941881f0-9642-4742-bea9-cef7ce7241d9", "comment": "Malware payload (Formbook)", "value": "c922351ac535e19a094d5a893b8a3d19a61a0e52", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185923, "uuid": "20f8450d-0154-4765-9366-7ecbda3fa427", "comment": "Malware payload (Formbook)", "value": "f9aa350dd235798c48a066283b4921fbbee7f0e1df42f456195814ff940395a9d6e3238f44a6778c8200349c12fb9459", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185923, "uuid": "c27cb0cc-46fa-4865-9797-5347be0360cc", "value": "T19AF4236133692E03E39CBCBD0A6491506375AB542D27D3CE9EB224C51E95FC0BF60AE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185923, "uuid": "8b665651-6714-4e83-acf3-e66b6a075f3b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185923, "uuid": "1576679e-7209-494a-b48c-35fb5608b229", "value": "12288:ixvJRBusycL8siYh53/qEe9wsAJf/aaKb+RvDvLByNtwUFVet7GqS:8FuA8siY/fe9wscKbCvTLktwU2/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690185923, "uuid": "39eacbca-19b1-480d-9ed4-87c8dd618d49", "value": 779264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690185923, "uuid": "49fd50c4-54e5-44e2-8969-bf6a4a07532d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185923, "uuid": "fbd49f16-34bf-4fad-86b8-9254be277261", "value": "06638b761b88d467c983304fc015c96a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dad7448-29b8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690158151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690158151, "uuid": "b1f20b01-34b3-4331-85a0-c91758ee2946", "comment": "Malware payload (RedLineStealer)", "value": "11c22c7a24b8f0576c3470af1561a6e9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690158151, "uuid": "8f0feeec-753b-46a0-a542-43be60ad17d9", "comment": "Malware payload (RedLineStealer)", "value": "2176dd177933f7067296700761e340f0aada8c29c352796e3aeb0be5db5e1368", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690158151, "uuid": "b6f6f60e-1f75-4ac8-8f3a-aa47b3885b61", "comment": "Malware payload (RedLineStealer)", "value": "47ba63be9cdf137c5356465791cca7e8d26048f9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690158151, "uuid": "c188bcd9-a43f-4a9a-b96e-08346452ee03", "comment": "Malware payload (RedLineStealer)", "value": "5f62d15dddb03975b401b82a6c56dc441ddb8f40dfd52ffe50afeb319c0332b1d53b77a266d1eb5d594c51ccf7e429b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690158151, "uuid": "ca3cd64c-d4a0-49e7-a3f6-0c71af43ccee", "value": "T133B40206BBF85432DCB41FB819F203931E36BCA168B4936B2385595E0C73689E97176F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690158151, "uuid": "e35aeb4b-117e-4404-b07a-3d7c324bb55e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690158151, "uuid": "f8b744e8-774a-41b5-843d-ed334a4c8108", "value": "12288:AMrpy90pbhdTlggxZzkUrC7pfy4NHWisj53QEEXOsM0:ZyGzlgrUGPWjhQR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690158151, "uuid": "19c60b26-9fae-4fc1-99bf-fc5a3367c9b6", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690158151, "uuid": "9aa45ae3-276b-4849-80d6-ae132afa33e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690158151, "uuid": "21630401-b786-4a26-a9d7-cb642d70f9bf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b286bb6-2a38-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690213256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213256, "uuid": "50fe2aae-e5f2-4beb-9c3d-45687ecb3952", "comment": "Malware payload (RedLineStealer)", "value": "0bbc102a98e96eee864911cabbd9a40d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213256, "uuid": "61560a9a-cf75-4264-b4f0-0db5b97de22d", "comment": "Malware payload (RedLineStealer)", "value": "21b439a9302a2c8aa519455d177c84b92b623e229a840d1f733987778a7ec445", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213256, "uuid": "be81c6f0-7669-4ca6-a524-adfe6d7089a5", "comment": "Malware payload (RedLineStealer)", "value": "a6117727ec461d364cd43c2072a9c34cd3cf2d75", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213256, "uuid": "c2d1936e-541a-497f-928a-fa14baa6f162", "comment": "Malware payload (RedLineStealer)", "value": "ec003e1386e488a74dcb153b622107ca0dea8c1ed0ba0d31e882a527f9bb0044b9576fccc589a23d35fbf2ded6d780e9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213256, "uuid": "033c3cf0-bcd8-461b-995a-fddb91b4aed3", "value": "T1EF840156F7D89072DDF51B7058F607D30E32BCA15DB8832B2B466A5E1DB3684A43232B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213256, "uuid": "cb8b34ff-2f2e-4ff8-8a1a-be76ecb0aaf2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213256, "uuid": "a18ebb0c-05e2-427e-9a5a-034097f0e1ae", "value": "6144:Kry+bnr+Fp0yN90QE5wrPUJMrgNXiMDI1dyEJRjQd986Qbt3KhyjvOZpM9:FMrpy90LwQmrglTILJRjQ34bVgzjM9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690213256, "uuid": "02a3f495-e5c6-48a6-9758-0a3adc8a18fe", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690213256, "uuid": "751e465d-047c-4cff-868c-c14ef5406577", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213256, "uuid": "015d6c21-7f2b-4ee7-8320-2e4f568e45ab", "value": "0bbc102a98e96eee864911cabbd9a40d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "898eac7f-2a31-11ee-a6f9-42010a9c0055", "comment": "Malware payload (PrivateLoader)", "timestamp": 1690210274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210274, "uuid": "b49dab7d-e323-4138-9cc5-d24b851d7c1e", "comment": "Malware payload (PrivateLoader)", "value": "a1a5276cb3df433f18fa3f68e86091f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210274, "uuid": "14eb25e3-4bab-41ae-ac15-c32cc91b5e2b", "comment": "Malware payload (PrivateLoader)", "value": "22078145ef0e8e8aaa37eef40f170716f2c0ef13d989024c4a78d0434bddbf70", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210274, "uuid": "2f0af7aa-e6c9-4950-9eb5-ff35fae22764", "comment": "Malware payload (PrivateLoader)", "value": "468a17d981a8ac7042355ff278d6f72ce64d70a1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210274, "uuid": "556c7e5d-611c-46e2-a9d7-d01068a6c57a", "comment": "Malware payload (PrivateLoader)", "value": "62009ac222dc3f29f291381a792a5ac1c083f4a57508defeeea1cf657b8487e7391de9250cf210ada3bf55f43082594d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210274, "uuid": "e9c6590a-c646-4121-a031-16f49f4209ec", "value": "T1B1D5330ABB8EF857D4648A327DA3D1F6983D1C5059850F33390F9E4F2A78593F70A496", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210274, "uuid": "646dd5dc-a91d-4318-802b-9e55e12eaa76", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210274, "uuid": "12c21240-065c-40de-ba9d-5a421541f859", "value": "49152:rD3ODudpRzfHsid6xlBYrqKcMfJBq4RrATYhk4b3H+v/c3jovmZ9ioFz0:/3dzfMidMSJcMxBXR0Ak8+83jo+Z9v50", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210274, "uuid": "63ad927c-4297-4aab-8aa8-a7673447001d", "value": 2773688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210274, "uuid": "f7f4c25b-743e-42ea-9bce-f04eb6e766ae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210274, "uuid": "b2c5d7ca-ed31-4cdb-a840-cb4f43fe1363", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b69c660f-2a2d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690208632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208632, "uuid": "4118225f-7e12-4203-96d5-e2ce3c00324d", "comment": "Malware payload (Amadey)", "value": "2392b231cf4a80739b5cb09bf808127d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208632, "uuid": "f35d3b21-f9fb-4243-9fc8-be0e2e1a9a3c", "comment": "Malware payload (Amadey)", "value": "2244b4dc9afc6cfab7ef1dea92420e2acd275bac7349b929a69f3c1ae25f5e2f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208632, "uuid": "3625beac-05f7-46ab-a8f6-71eb4dddead5", "comment": "Malware payload (Amadey)", "value": "41b5cf81c50884954911d96444fe83cfd0da465b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208632, "uuid": "f845ddc1-8d3b-43dc-92c1-d0112176b202", "comment": "Malware payload (Amadey)", "value": "6e0b1bc6437809ff4d831de6794f03a261d9cfcdff294ac2e918eaca8fdd56d95b4b536d89e972e61bb5df0a3b78a961", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208632, "uuid": "1ff9807e-127c-45db-bcc4-d50ba7e861cf", "value": "T1F2936B1030D2C471D57E55351878EAB68B7CB914CFE08EEF27551A7A8E702D1AE32E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208632, "uuid": "cc0632af-3dcc-4a45-915d-5351a21fe4d4", "value": "52982bbab8b9d5eafbb4ec438626f86a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208632, "uuid": "100ce939-ee76-4760-8a83-515df60068e9", "value": "1536:Oo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUabaB89p:OoUCWbBNpplToUs1uNhj25LJUQaB89p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208632, "uuid": "cb34e95f-7cee-4468-b22f-473a9dc7a305", "value": 91136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208632, "uuid": "a95cafc6-ea6c-4516-a4f5-0edb2c418e96", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208632, "uuid": "8b9fe696-fb34-4cce-a6f0-5e6b90e8ea0d", "value": "2392b231cf4a80739b5cb09bf808127d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a75531c4-2a51-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690224068, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224068, "uuid": "6e270cae-7a70-4cff-a359-2251ea8717be", "comment": "Malware payload (RedLineStealer)", "value": "c108d3cf7a9982e76d7bd59ada7b9811", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224068, "uuid": "45b57c12-efb6-4809-8c7d-0ebd38598204", "comment": "Malware payload (RedLineStealer)", "value": "22eff66374bd58fad9652066623d95292f5e731ec0132ec5b3b30c11d2cb866d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224068, "uuid": "0a7e3e8d-2970-447c-b22a-c1d0591b6ebe", "comment": "Malware payload (RedLineStealer)", "value": "a21422795d87747b7cf27c9eda3a26445daf6fa0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224068, "uuid": "804475a6-98df-491e-bb9f-02f250b94c6b", "comment": "Malware payload (RedLineStealer)", "value": "0f13b7b78a861dab5dcff074fc41795041c85b10a21a17a62a7af3278fd192e3524880566845373927058e8e1dfc7aa3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224068, "uuid": "6e06f37b-84a3-4cf2-9883-96393efb0bb2", "value": "T14D84F102A3D89072DCB517B04CFA15870A36BDA29D74833B2389E95A1CB37C4E57677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224068, "uuid": "6c835469-8c07-44c6-b5e5-9788497445c2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224068, "uuid": "23c22ea0-ee31-4df1-99c4-aafbb30a1521", "value": "12288:WMrgy90Xb1cxAvCFinwvGAT2NtgBYCCpg3+ecz:6yg1lvCFinux2IzQhZz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690224068, "uuid": "d4e5eb2e-a125-42b3-b3f6-044c567b5314", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690224068, "uuid": "471732f5-f407-4acb-ba25-dea000ddf56e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224068, "uuid": "75c6e26c-400b-4928-ba81-da9924232149", "value": "c108d3cf7a9982e76d7bd59ada7b9811.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df1f87ed-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1690178635, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178635, "uuid": "5417af55-5fcd-4fc5-8e4f-5c07fe8ee3b8", "comment": "Malware payload (AsyncRAT)", "value": "9df8cf4752f62d10082e651199dbe5f8", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178635, "uuid": "c241e41e-5c70-4b1a-b896-71a412ac717c", "comment": "Malware payload (AsyncRAT)", "value": "230734d7ad3c5f63b1febfbcce6e643ecdcc1026ee3091193478af9e811102e0", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178635, "uuid": "8d1e8899-a00a-4655-96d4-1820c97da38f", "comment": "Malware payload (AsyncRAT)", "value": "35c79ce8b613eb5896de03869376a74ca0446c2f", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178635, "uuid": "b298fe07-0e95-49f1-a520-39d89a2813fe", "comment": "Malware payload (AsyncRAT)", "value": "e53f07067bfe6d0c9f34b2b4b436cdb950e9b1b60cee85b6373487edd048996a4c0ad2eb2cca5d988af0f3f4b5d79771", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178635, "uuid": "159cc462-c65d-4e34-9787-1e506c9e59dc", "value": "T1FE750217F6D7BAA5F2BFD2B9C6B1DD2C21B334964370A2CE734125492962352493CB0E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178635, "uuid": "d2d4b709-15a5-4de9-a8fd-25cd58d92ffb", "value": "d4c9759f791ea559bbad095fb49820d9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178635, "uuid": "16c15483-aafb-4d69-bd6d-c1dec7a7331e", "value": "24576:9oOOMX1k+QHT+dHG0WHuuZKDK216fgfLxsSB4AB28aQWfshqOXFIE:9oOO9+QHsHG0WO6O6foLxsg4V9wXFI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178635, "uuid": "8ec5aedc-0cc3-4a1f-aac1-a134763a347b", "value": 1625600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178635, "uuid": "731dbcfc-a597-454c-ba36-e5dd15de9054", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178635, "uuid": "12ace02b-7d9b-4970-8e2c-7a622767f03c", "value": "Odeme_Plani.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3ae4632-2a45-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690218961, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218961, "uuid": "8af87742-c7bd-42ed-9ff0-bebd50123a32", "comment": "Malware payload (Amadey)", "value": "96532f08f697cf55f10114171a05405f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218961, "uuid": "36cc8d89-0b9a-4595-b574-8562566b14cd", "comment": "Malware payload (Amadey)", "value": "230ec3f2c3ef81a9a14c2fc686c0aa21d93d3cca8dca04a8ecb90dd3c54c0f5e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218961, "uuid": "ae46521f-d132-4432-8019-ae044ee1c205", "comment": "Malware payload (Amadey)", "value": "2841772e1b992e2378716806216f64d07d78f7f5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218961, "uuid": "1d3dbc56-6209-40e3-9608-4fabca0e472d", "comment": "Malware payload (Amadey)", "value": "7314c0f84f636ce212407edb8a4ce20ca09419c3335ba65e8a89cb8e036d3322cbdc0725f5eda93a1306fcf7333ea6a8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218961, "uuid": "f46f0f86-a61d-4f81-94fc-0154a30ce2a2", "value": "T1CA8401477BD84073D8B6177068F607930B3ABD62A874836B2745991B4CB3AC5B871B2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218961, "uuid": "db946615-e0a4-422c-aecb-55b3b431da43", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218961, "uuid": "4c811945-a2d4-4136-aa19-d4ecf1f296bf", "value": "6144:KIy+bnr+op0yN90QEHcP9sv04cnFOpG3YhWK55P1qhF++gBZ+t4NDHdl8WDHIuV/:kMrsy90w9bnFQG3YwhF5gBYCN7dfTR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690218961, "uuid": "ab141731-37e2-483a-b6cd-25a3e7fcd49e", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690218961, "uuid": "b7d500c6-8647-4687-8b72-451509fa5708", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218961, "uuid": "4cc3c058-a661-4c61-8d1f-e3da4b420c4c", "value": "96532f08f697cf55f10114171a05405f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9ae9221-2a4e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690222864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222864, "uuid": "942f8db5-0a06-4090-91e5-a49c5535fb8a", "comment": "Malware payload (Amadey)", "value": "a46965bca82785e18d39ee19a07abc76", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222864, "uuid": "3de63dcb-b543-41f5-8d27-8c78fa4596cd", "comment": "Malware payload (Amadey)", "value": "23774dbb2c4be8e348bcd22a396bdd4567ad47acc24fbc65860a8112cadb0ab9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222864, "uuid": "3e33c09d-8165-4a1f-800d-d0e063a34f96", "comment": "Malware payload (Amadey)", "value": "1398feb40000226a312d5b43f5b7c40f62723e2b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222864, "uuid": "68c9a794-01fa-4f62-8d77-564cbf07c19f", "comment": "Malware payload (Amadey)", "value": "f836771376b6cd184726cf3d668f80d1049a56731d1bc7b35d328574873fe0ded1da0151bdab84329b4a02269678be32", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222864, "uuid": "1f5630e9-4fda-44fd-aa63-dfdc442fc7bf", "value": "T1B884F113A6E84132DDB917B058F703C70B3ABDA4993893673785995E4EB3B90A432727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222864, "uuid": "e472884c-bd0f-42e4-94df-920947f2b951", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222864, "uuid": "031323a3-f656-4172-abb5-eda776d994ce", "value": "6144:KFy+bnr+Qp0yN90QE+r6aQMNuI9wNaGiWy4dsmZqBZvB3wyFzf:HMroy90W9cpb0Z5g4zf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690222864, "uuid": "d31cb9c7-e0c1-45a6-ad65-7a03fa2413bb", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690222864, "uuid": "c810dae8-e282-429d-8ffb-c1041713cf76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222864, "uuid": "1dc89569-05ae-4bf2-a9e5-6b1bbf91706e", "value": "a46965bca82785e18d39ee19a07abc76.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f285698c-29e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690176520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176520, "uuid": "640a6766-8540-48a7-9aed-39dae0756e29", "comment": "Malware payload (AgentTesla)", "value": "51a89b647e8d65a2bd0ad708f6243a85", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176520, "uuid": "5b994c9c-5935-48d3-b09a-bf277ebb5b64", "comment": "Malware payload (AgentTesla)", "value": "245ae7e9aa212853d61dcb445f5e1e1f11ca9a5f9d1d12f5bb54559768a39539", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176520, "uuid": "d3646f08-cb49-4ab1-ab9c-7f0da3a49f28", "comment": "Malware payload (AgentTesla)", "value": "90ece93b26db5aa0a2b27b12fec9f91c8e8a3da1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176520, "uuid": "64aa01f2-54db-460d-b68d-834703fcef8b", "comment": "Malware payload (AgentTesla)", "value": "e575c0528e55c5591b265f3edd179e8432d8389bbb8d33389e79fa5255032f9a59715e038216a5df0f23ce211dcb359b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176520, "uuid": "54dd5fda-1571-4651-a24b-b71b81bb8cbd", "value": "T13F255A7239DAF886E28DD37D202EED045B6AF4119213A1DF84056EC9974BA49F487C3F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176520, "uuid": "ba46ff6f-dcbd-4906-af82-ba97c1c64030", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176520, "uuid": "13ad15c0-9a42-420f-8cd9-c86d9f8d27d4", "value": "12288:36zq9OSHUuHcjp5ELM7SjrKBJBod3PMueVpkB0JMFeGyhHxlrqztptDcgkUtpLIc:GqBOjzK3PMumpkB0J0QnyXtDcgkUh/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690176520, "uuid": "61d49aca-f7a0-4bc8-b415-d13db657b939", "value": 1043456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690176520, "uuid": "18a98d39-a28a-48e3-85b2-04df2a007de2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176520, "uuid": "51a04dd1-1801-4123-b8b5-17c58ac6c921", "value": "Documents.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5681ce84-2a07-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690192149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690192149, "uuid": "c895b1ec-2c25-43d1-aad2-58cfd8dd4a72", "comment": "Malware payload", "value": "69844000d71ed4bcc55975200e2e792c", "object_relation": "md5", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690192149, "uuid": "36a082e1-dce1-46b6-a606-6287ed654c82", "comment": "Malware payload", "value": "24673dce345f5ae76ff64fd72150cf5aeeb1848e8fc8b859f6eb767ed9c90781", "object_relation": "sha256", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690192149, "uuid": "5b9cc90d-4338-4f1e-ae6b-eeb0006212c3", "comment": "Malware payload", "value": "e6c4c0bef2cccc00532b3b6a120ffc72fa2cd070", "object_relation": "sha1", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690192149, "uuid": "ddd3f2a0-77eb-4b71-aa89-2d450deea918", "comment": "Malware payload", "value": "ce1faf1793aa4fdf4f2ebd371d96406d0809922a1865b2764e5db5e5023e8ab896abba2399dd94a437c7a8e3214be5d8", "object_relation": "sha3-384", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690192149, "uuid": "c5777bfc-43ec-4154-8634-d3c2acac5b24", "value": "T18E375C0261F51533E65362B64E8F4042FB24901B1B1899D778DCC3987F86FF892B6EE9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690192149, "uuid": "58d4037c-a120-4a1d-a40f-64401315efc5", "value": "98304:FUUa44ucUAZhCTOi8sQrZwwpxTbG9tIagImnkiold7GfbJLljZF+3J0gWuXYRM83:FUj44ucUAIB91gImMMxlY3Cg511e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690192149, "uuid": "9498bbc0-3772-4638-97d4-3c4cc8833929", "value": 22652886, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690192149, "uuid": "b6172114-50e6-489b-a067-8c7da09f1d69", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690192149, "uuid": "250f3f3b-d603-4325-aaf9-ddc367a7a56d", "value": "app.asar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6facf0c0-29b9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LgoogLoader)", "timestamp": 1690158691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690158691, "uuid": "ad7fcced-d795-4efb-bb21-b572be3650b8", "comment": "Malware payload (LgoogLoader)", "value": "0555a32409b8fd438e4eb003c44647d7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690158691, "uuid": "c77627fa-2245-47ff-af6a-91163cf82a6e", "comment": "Malware payload (LgoogLoader)", "value": "2471e14de265a1cc39ea6030cec91bc81960aebcb02d50e0e59cb31fc55552e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690158691, "uuid": "f4a4551e-2df5-42c8-9b3f-5b0873412eae", "comment": "Malware payload (LgoogLoader)", "value": "f6c8a8b801cf9043177cbc954ec67777b0d27408", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690158691, "uuid": "d30b5ec5-16a5-4d07-8feb-c4e798e1cdcb", "comment": "Malware payload (LgoogLoader)", "value": "e08f9a319a10ba75562e4ddc26d56dc8c3ea46f94804e99eab8a90914c045d9ce3376a07b22c95ce4ff95d29a249282b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690158691, "uuid": "e478f873-8044-484a-995d-356a7ae3d033", "value": "T194C41250121CFBC8DD1BA6BB4D3803168B693AFD60C3AF3789C7FD29BED29115A24195", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690158691, "uuid": "e73fab71-150c-4edf-83d8-7443894bf32d", "value": "12288:kpUr8iKsDZHHgePx2WWlYLtqnxk5pdR4JoFbQPhLpkgfhRm7PHa:ya8iDBgox/WaLtekj74SF8PhOgffg/a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690158691, "uuid": "a6a31569-46af-4fba-8d21-b9abe906f4ed", "value": 576512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690158691, "uuid": "96ec6094-45b9-465b-9a43-1795088c75d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690158691, "uuid": "dea866d6-96c4-413a-a0e3-690c38c5b7dd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0b4c589-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690212541, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212541, "uuid": "06ff0ab2-cc67-4083-bd00-09892ff57b99", "comment": "Malware payload", "value": "f174cd7f2f582e96cb1e91789f1db1c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212541, "uuid": "5f746bf6-5f88-49db-a665-8611341e7ea7", "comment": "Malware payload", "value": "24e365e6ec99a774571ec4d93960c3896bbb987f43badd26406de8faa79b7211", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212541, "uuid": "d82fa969-2981-4560-9223-688b43dbfb4e", "comment": "Malware payload", "value": "38bd934f7ca8868e7b0eaf9c6894a5b603b59e25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212541, "uuid": "db9d4056-c11f-4d8e-9f2d-e78bf77bf409", "comment": "Malware payload", "value": "6259bc014143c1e3314912f8bf82fc98ef3f2fdab17e58d90170158b0348a4d4c88ff8a57964ee9a7164ded3e4247094", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212541, "uuid": "1b0bc9b8-54e7-4da0-8151-e07feba5f9b9", "value": "T17DC4DE28FA349036D851DBB8CECF16076A63E9320571DF053246034CAEFB6A591BDD9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212541, "uuid": "59965a06-08e9-4cf7-af21-c6ca64e2876a", "value": "12288:tNErpr3kBF18PKDlgtiuNmxcjEbULtseerlk/yTmOF2m7PH+:t8t3a188gtypo6GqTfF2g/+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212541, "uuid": "255f421a-c40e-47f1-9b4e-f6fc766627d3", "value": 551936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212541, "uuid": "f312289d-d743-4384-aa45-303e2e63c033", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212541, "uuid": "17266669-a917-4aeb-8ced-b5a518b8ec41", "value": "f174cd7f2f582e96cb1e91789f1db1c6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f49ad0f9-29d1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1690169222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169222, "uuid": "fd90cede-c1be-48d4-95fe-204c6baef015", "comment": "Malware payload (Loki)", "value": "f9de36baa061ceee43eff5aaca530517", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169222, "uuid": "f217f5d3-a13d-4190-8772-9d1ecf102d66", "comment": "Malware payload (Loki)", "value": "24e91c3b0d477625a70c71ea05ad7e6ce3dd9582567bb7c33ed6ff537915490c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169222, "uuid": "a59033f8-6745-4f93-9178-79155ee5a13a", "comment": "Malware payload (Loki)", "value": "800306ac4eca329ad72ac4fb0ef319306d09dd01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169222, "uuid": "f592fb86-d6ba-497d-aa72-a942e08c576d", "comment": "Malware payload (Loki)", "value": "724a37562fef5e9787391a263a9956972e95059e040a4681b069f66746174d151a86620fd492b79f2845047ebaf548e1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169222, "uuid": "216067f0-b057-4813-a379-8aab7879d151", "value": "T1A1E4122237B69D57D1E9BDB04FA9911113B192611433E3DECCBA30865FA1BC0BE119DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169222, "uuid": "9c806d6c-7dfd-48b9-b0f7-41741ed8235d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169222, "uuid": "ac6b4bcd-b518-4735-a654-40f5993e4562", "value": "12288:APvJRBusyrKFhst9XjFxAUx9hUvO6lE9Bpyb2H0Gae:YFutNF+ihUG6mBdH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690169222, "uuid": "39b2d97e-c49a-49cc-be57-2204708fa247", "value": 670208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690169222, "uuid": "8f3a8c60-5a18-4658-90c7-3b95c2ae4ec7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169222, "uuid": "5fc954b4-d684-4d25-bf0f-e7cbcc51832a", "value": "SecuriteInfo.com.Win32.PWSX-gen.20150.17616", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac6eb486-29f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690183704, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183704, "uuid": "07d4f127-db72-48f0-b4f8-afe5787e2b83", "comment": "Malware payload (RemcosRAT)", "value": "c0408f338c553ff7a7cf4a79ac933e03", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183704, "uuid": "0957b20a-ccaf-417a-95f7-b532b36ef301", "comment": "Malware payload (RemcosRAT)", "value": "251b8eecc957d32f67f2433f24b995ae2b0c5753348a1ceaded0accb3d25b052", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183704, "uuid": "f670461e-f59a-47b6-b650-570cde2d5aca", "comment": "Malware payload (RemcosRAT)", "value": "f2e2c36c8a11f14d63ee7141d50cfd9f314e1549", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183704, "uuid": "4d9c5060-2b6e-469d-aadd-6108d5d5bc67", "comment": "Malware payload (RemcosRAT)", "value": "89c62d86010fb5f23334352eac28192e07b04929c69754c0f1afe3b78e28059f508907cdb2fcf5aba1f50f5b26534f95", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183704, "uuid": "9a44d3d0-12b4-4ec9-906a-7c4290e8e026", "value": "T1A705F10179669B12E7B572B484F2E02CD7E9301F0727C12ADE687CC5B6667A04AF1F4B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183704, "uuid": "6e978315-71db-49f6-b0fe-ae3008ed3040", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183704, "uuid": "d0ab84b1-a786-48c9-99c3-1509d84faac1", "value": "24576:vcZAXdCTeixyPrsNZbsx31sunYTuFFTTjZs8hhhhhBo5:vcVCJPrsNZ+SIWuFRje8hhhhhBo5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183704, "uuid": "3a5f2a8b-d920-4971-8c6b-ff016d3fe2c4", "value": 855552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183704, "uuid": "127261d5-28aa-4b60-a314-4d9ee85792d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183704, "uuid": "4d4d4a48-b2ae-4327-a762-73f78298dd65", "value": "OTP Bank_ Fizet\u00e9si tan\u00e1csad\u00e1s_Pdf.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98cc1fae-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690188825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188825, "uuid": "3701d8b5-9841-413e-b2be-6c71fdc4ffc3", "comment": "Malware payload (XWorm)", "value": "689365a54ae8e5aa54349340a1a93f3a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188825, "uuid": "2a81dd53-621d-434f-91d2-acd1ab7ed9b4", "comment": "Malware payload (XWorm)", "value": "251ea4a148b947d67575a547d06cbd5fb88a2a26b66943ac4478fe1009c4592f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188825, "uuid": "0b4b4bf9-dbe7-42e0-901c-a7aa3e158306", "comment": "Malware payload (XWorm)", "value": "3ced34bcfc97f288c73450770a19d0d8c83d63d9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188825, "uuid": "a7b35cd4-5c03-4653-b9b5-f3c44fd64700", "comment": "Malware payload (XWorm)", "value": "bcc9984909f8135aaa748ae9fdd47866be381cc14625fb77a2792acb47af398212eba644b2538b43d4e231599a7792ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188825, "uuid": "f42d0fe9-058c-4141-958d-400274c0b5c0", "value": "T108E5333A97760D51FA3747B480552F82C4DAEC2DCAEF625408CA772F9810B8FAD0ADD5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188825, "uuid": "e01f5b39-99ba-4669-8dd7-d8c2a5126c80", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188825, "uuid": "91be0da9-2b61-4325-b36e-b394de731c59", "value": "49152:RYCAQujkWYpP0pvvtnYAWyqsIKVngJW5vr0p7J9SFITZl7GYHK414bmfU+:H7uPYpsWsV3rSJ9qIP7GYHNqmfU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188825, "uuid": "fe80a536-51e6-4d75-9470-438c94d7c0e9", "value": 3065264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188825, "uuid": "713e268a-8401-4a3b-b763-39e08354fecc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188825, "uuid": "c5e9c463-ee89-4877-b472-2bb8c4235b14", "value": "RunLegacyCPLElevated.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e2f1b2d-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690217019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217019, "uuid": "c532693e-3c75-4e12-b25c-58fee1552801", "comment": "Malware payload (Formbook)", "value": "ccbe68fc2c887a327c07d97a94da8b47", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217019, "uuid": "c06fc87c-d420-4d02-b1c2-16eb01c17d55", "comment": "Malware payload (Formbook)", "value": "25fd481399665ae96fd1c9285644cb3c27f6c239bc9ca0527380ea75c6eaab18", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217019, "uuid": "0ac374da-37f3-4e84-8086-623d59205b00", "comment": "Malware payload (Formbook)", "value": "d7c087e665cf3db46ddc8b7330209349ca68fb81", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217019, "uuid": "7bd93f80-b57a-4979-810f-cfd12747f8d1", "comment": "Malware payload (Formbook)", "value": "abb91436c348cfc894a25af7b6584c58166f86d63a6789f00ca5f00c5d0f3883f9afe837c1ecc433de642ac3b081577b", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217019, "uuid": "a3a095ae-7d50-402b-85e4-6f66cb806774", "value": "T19BE423A4E88B6A6149D1207BFDCCB81DAFC143C1D93591DADF4B9976AB018C11FB428F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217019, "uuid": "514e2d5c-3575-40aa-ad1b-cbd85624e468", "value": "12288:bJu3sNYh8Q2KyAEzSI9VeGyYfzDzskUORJ22Febn3fOiMlpI5x:1JNYT9E+I9MGyAzDzIr2FezCfI5x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217019, "uuid": "0cbc00b0-f1a8-49f1-b20d-f18dca9739c5", "value": 688309, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217019, "uuid": "0c40b42a-93a1-4cee-bce6-8291b883fcda", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217019, "uuid": "6197315d-55ea-48e2-b20d-789e49dfa7a0", "value": "PO From Hortech Trading s.r.l PDF.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d319819-2a11-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1690196456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196456, "uuid": "d2b5be7c-8c38-4470-9eda-02861f1d992e", "comment": "Malware payload (DarkCloud)", "value": "9df0f9a6c33e8fae591a26bab2783c33", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196456, "uuid": "0d27d22e-82c3-4c66-9042-c5f84e2f9263", "comment": "Malware payload (DarkCloud)", "value": "262531be1dc4d521469be8ff7591f9d40861bcf7de7ff4f8a0ee1ba542713c0d", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196456, "uuid": "9f3158d6-66b3-40bb-94ac-6ead8f402430", "comment": "Malware payload (DarkCloud)", "value": "674f91753f7196278190e49ec9e36312259fc283", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196456, "uuid": "e5ba7971-077d-4287-8e30-c8209600a89a", "comment": "Malware payload (DarkCloud)", "value": "f1894179b5b6f225266bec420c93adc28e4bb2b4b7c4e83ad05742bdc08cb5fea999ef221492108d837b3fe2b4a96cc2", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196456, "uuid": "c7cfa411-ffaf-4014-8865-a681c5d4bbac", "value": "T19C25132133A4AF12F6687BF592705125037195A90867C78C4EF264DB2E32F81AF92FD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196456, "uuid": "13d1878a-7526-4108-a56f-6fb35a938aa4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196456, "uuid": "26e1d438-89fa-49b7-8cfe-7c9d86bc2734", "value": "24576:vFujX5NCaEaKZjF2VQUyj+iBve3HdXSrJN:vwej+eeNXSrJN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690196456, "uuid": "3075157d-3c62-4d91-a059-abc43cb8eabb", "value": 1043968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690196456, "uuid": "b71e6d2d-030b-45e2-bf63-2769d82a3f52", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196456, "uuid": "fccccf36-2372-4f89-b216-1835c923c3e4", "value": "rDHLinvoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "212dce6f-29d7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690171444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690171444, "uuid": "d8de5860-39d1-45ec-9150-821082c4e4d5", "comment": "Malware payload", "value": "8e15d18fa5029e2adcd71d3158fc54f8", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690171444, "uuid": "ab7710fa-5edd-4657-9835-6a574c9e8bb8", "comment": "Malware payload", "value": "2682e89fc2f78ad8db5252f5fd30ed6a64044a38c052f61bb57d97ee836570d5", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690171444, "uuid": "c0f15ddb-1998-4034-aa0c-e2df5a0f6ae9", "comment": "Malware payload", "value": "83ca8d0dd74fc7b04860953a5b2799a523634718", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690171444, "uuid": "855f6e7f-1b9e-4e4c-bf75-11c0219a8124", "comment": "Malware payload", "value": "9d7700272e2c9ce2d45cc9ae652c9646ba275c9afe98c6d070dd2d2f93890a640b8cb2f78cb9baf48fcd9f2492245840", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690171444, "uuid": "785dbf21-df65-4059-8697-71554ee434fc", "value": "T14E728E31C9259837D20363F2525C0A9AE67BE173B057EF5B5D80A3D88C93DBD4A42D4E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690171444, "uuid": "05706f3f-4860-400e-88f0-bf935bdc149f", "value": "192:6YDYsbIMovDSXFwQ9xjERIuGDb3pVDJoBJxpolotQTVphtMVt8qCaKfzhUP305us:DYGFwQ9xl7b3PDuBJxsoiRqVEO302/y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690171444, "uuid": "57bff941-56e4-4156-9004-60fa0222f714", "value": 17485, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690171444, "uuid": "35792c47-ae03-4af8-89e8-024eb75423c4", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690171444, "uuid": "2c503ca5-00db-4014-ad21-b5b6b7dc44a5", "value": "Coinbase -7NTPF.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d45c1cb-2a2f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690209421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209421, "uuid": "2050a9dc-0624-4a78-be89-7cddd4c1dad2", "comment": "Malware payload (GuLoader)", "value": "1f658fd09c37d65db9c4535516f81ebe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209421, "uuid": "8f7f4e1d-ed8b-4520-b088-bfb454639947", "comment": "Malware payload (GuLoader)", "value": "26c05a01e64bfd4d0bd1d62aa448ad3309c999aca2d87fcbef41ea45cd142633", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209421, "uuid": "aab07ae5-7522-404b-a6f4-278d058b8b4a", "comment": "Malware payload (GuLoader)", "value": "55d19865094d8c37b7aad5d736584f4220f1ff22", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209421, "uuid": "ca772b00-7df9-46e2-b5c1-ef73f577c62f", "comment": "Malware payload (GuLoader)", "value": "5f4aae6cbefffe35a9e771d6e491c1480589c706d0a9077d0af147678460bb0a145ee4b84497954d30764965baf396b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209421, "uuid": "aa15a8de-b1f7-4796-801a-6efda7d1b533", "value": "T11E841282FE50D16FC59287B5182288FABFE2AF12AD245F0B73503B4F353E6919C4E651", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209421, "uuid": "03587a1c-0c9d-4a56-b774-131932f37b62", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209421, "uuid": "5613c0fd-f63c-442d-915f-8949b8a36a14", "value": "6144:zMm4CC4k0viBqKNZMfJRoMDwHF8dRmwuen6XZDK23xFPaIR4dc:zMwxvvGBZeLwHFwpSO23xZaIRYc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690209421, "uuid": "063205bb-07c1-4acd-9e1a-660bec5fd264", "value": 388975, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690209421, "uuid": "95d639fe-96b2-4890-8b02-ba86981798d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209421, "uuid": "12bc659e-e6b0-4cb7-b552-4b8c98d616c9", "value": "Bankswitching.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4395b833-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690178803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178803, "uuid": "c7183b62-ee50-4114-966b-f7fbf45ea264", "comment": "Malware payload (Formbook)", "value": "ce33fcde9a61bc30676b616be4aa37b7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178803, "uuid": "79bfbc93-3e14-4466-8dca-2c685e1efa00", "comment": "Malware payload (Formbook)", "value": "27248f79eaa74db336b298f99edbcf84ba2f938cb9056253eeb4f0f8b31a4e48", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178803, "uuid": "7b3808d2-332d-4485-9b30-9af0bd2b1460", "comment": "Malware payload (Formbook)", "value": "47e1066bd6f173c5e5556d9b8ec25cbdd21b811f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178803, "uuid": "a232e356-49d4-4127-a1d4-435d3f5eae31", "comment": "Malware payload (Formbook)", "value": "6917122198225b1a4062c46bb8e9b8438833da4d16aa5abc57a9eaf2d5d7be4eb03bf4f8fc954c1677f5460461348279", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178803, "uuid": "5ce68813-d967-4fcf-afe4-5a5d23b5b7d3", "value": "T16BF423653F6A2E03F1D8BDB54A74E0452332A1126533E2DDDEF630854D92B80BF52AE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178803, "uuid": "4a6699a4-9d2d-42dc-95e8-dd48e1e1ebd4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178803, "uuid": "e808e342-cdf1-4934-a857-a857fea5a95a", "value": "12288:bFvJRBusyAqRBtYAGQQ6qEczLOURkKW9ZJUTtLgi7sGx2WG6x:RFuTHjGQVkEvzg9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178803, "uuid": "8aefb426-52bd-4656-bb8e-567a032f938a", "value": 776192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178803, "uuid": "48d49633-98d8-46f0-8755-d7f3b7b252f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178803, "uuid": "86cd3e1b-e0f6-469d-8a8e-6ab03a029ca2", "value": "chekwazx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41f992d6-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690217026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217026, "uuid": "e08075b5-f267-4746-a56d-21a3d47449d6", "comment": "Malware payload (Formbook)", "value": "98160323e59fb01eaa322585a96832f8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217026, "uuid": "8d0e919a-6902-485a-b9d2-c591e724124d", "comment": "Malware payload (Formbook)", "value": "276026d460a163a82f31f1d1b1283b13f37170ab543357585952c311606d6a7f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217026, "uuid": "d321aa41-2cb5-47d4-a631-7598a3bc8b86", "comment": "Malware payload (Formbook)", "value": "4ca33bced74f7c8eb3bf61b560e6b6486f537b1c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217026, "uuid": "e035db69-0875-4102-8979-b733d3894560", "comment": "Malware payload (Formbook)", "value": "66d88083f4c750c0dd4a479926296cac64b12c3b6d1bf30a7e11da1c10fb2efce1a2fbcc75615a03b61159108d5e6303", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217026, "uuid": "e491e46f-f9a5-40ab-904a-a24192c3df63", "value": "T1C3F4126037B5AB56E5B87BF585A010340372A58A6833D38C4EF120EA1EA7FC56E11FD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217026, "uuid": "87d1950d-c93c-4ad1-8af1-ce54fae09cff", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217026, "uuid": "6fa01cb2-a4c3-4821-a444-ecd2cf67934d", "value": "12288:fPvJRBusy1ezfNeUJMm4AIWXueaLnMLP4j3Jn2IINbp8982UXf:/FuhezIEMAXuNkP4j3ATV8S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217026, "uuid": "c19ea30c-f79a-4661-acd7-3e58da588fc3", "value": 779776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217026, "uuid": "bfd085f6-601f-4a15-bfb2-21c337d2f739", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217026, "uuid": "37334616-71a4-4295-9102-7e4fd4f0f905", "value": "PO From Hortech Trading s.r.l PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3070d90-29fc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690187580, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187580, "uuid": "687f86b0-d7ae-489d-9b2b-5a55ceb39cba", "comment": "Malware payload (SnakeKeylogger)", "value": "11d547643a1164f959f418b426df3132", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187580, "uuid": "586f4cfe-6fec-4858-80d3-7589bb589220", "comment": "Malware payload (SnakeKeylogger)", "value": "276e6029f5d6ae811a632d6737b6759682d3329ee84f7c636794d77a7609e4fe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187580, "uuid": "d78f5418-b090-4b2f-8c48-0f030d2a16b5", "comment": "Malware payload (SnakeKeylogger)", "value": "2b31310b5621f71b2fe0a9e58a3269a14080e683", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187580, "uuid": "292d1bb5-555a-4095-8864-6a6ea811138b", "comment": "Malware payload (SnakeKeylogger)", "value": "5e0bd3940c720b2f331037050e0ca7f0a2ac22e4b63704f50d52be9eef183a59771880869f4aecf812ee809b88933ccc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187580, "uuid": "9bde679d-fa84-4959-a76c-422bcb5bc012", "value": "T15EF412613BAAAB12D2B8BFF492E056140371A4553473E39C4DF120DB1E26FD4AE50BE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187580, "uuid": "e1b0e768-6f2e-47c2-a933-33a2973c48b6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187580, "uuid": "40e043ed-1660-4692-b874-0735c67f011a", "value": "12288:7VvJRBusyyBbuqeWi9TQHeEcwLYhqgcDtIbV0qLw08QHZNL2E:RFuibubc+zcYUgbVLb3fyE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690187580, "uuid": "7562ea10-ff7a-479a-b238-5bbd560bb768", "value": 725504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690187580, "uuid": "922698a9-b273-45db-af3f-fccdced782a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187580, "uuid": "f2c2405b-1984-4c6b-b753-aadc1ec996cd", "value": "SecuriteInfo.com.Win32.PWSX-gen.3805.31530", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbcb393b-2a3a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690214331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214331, "uuid": "0fac31b1-a1af-4f04-bf7e-8dd80c404afa", "comment": "Malware payload (RedLineStealer)", "value": "c88684792ace21a20a82333f91a39251", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214331, "uuid": "1886d053-ff69-4dc7-9b34-f2060159db3f", "comment": "Malware payload (RedLineStealer)", "value": "28a2cb032410d19178b1635a246f1306644ac10838f445495b9e57fdf3718e3a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214331, "uuid": "a4d0db1f-ad4e-4809-b6c5-4a3e3d254824", "comment": "Malware payload (RedLineStealer)", "value": "d34d9f5e8269a7535e8d461213b1cc10bf91ded9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214331, "uuid": "1e5c385c-f2ae-495c-b378-3f7b4d8af9ac", "comment": "Malware payload (RedLineStealer)", "value": "3c48cc6e0c55ab0bd9277587598016bf92338c4520fa84318ec566722e29f55b3286f7a3c505cd50d32c3fc65ba0e7cf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214331, "uuid": "6b79520d-2a24-45e8-b438-2740f986115b", "value": "T172F5F26038D18331DDF230BDC6DDBA15427EA0E00B22A6CB56CB86FD8F255D9AB35593", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214331, "uuid": "3cce3665-8920-4ae4-9dba-1e5b19325e31", "value": "99618c39aafbf01419fbcd53cea0e110", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214331, "uuid": "18273b27-8883-4c8a-838d-ae323668b791", "value": "49152:25PMZ6GWmN4S8Fv0cHuB0F/kOyMNrInH5TVHPNj+:OmNH8xb00FEHbPNj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214331, "uuid": "bda817ac-b920-4cb1-8b1c-33af205a6a7d", "value": 3451904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214331, "uuid": "e178f45f-3b5b-46a0-9a1f-38842e08d36f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214331, "uuid": "d1cb4b38-3040-4c75-91b5-ab08fae62a58", "value": "c88684792ace21a20a82333f91a39251", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "569d8feb-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1690211477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211477, "uuid": "800fb0e3-9cbf-42f9-98c4-00db1fcebae1", "comment": "Malware payload (AsyncRAT)", "value": "a8402b7f328d11e83ee1de94d4676d07", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211477, "uuid": "fb20fe68-86a3-4f13-8975-8ad71b894521", "comment": "Malware payload (AsyncRAT)", "value": "28ed3e9666fb281333a9f29b5667c69406ec2985fbaa888ed3bd72b8775d6772", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211477, "uuid": "787b2286-4763-45ec-aefc-2e446b0f4658", "comment": "Malware payload (AsyncRAT)", "value": "ed02ec5e3eea4bcd8dd1b18af5ed46e7fbda2c99", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211477, "uuid": "dfc162db-e0aa-4db4-923f-7e71209c5450", "comment": "Malware payload (AsyncRAT)", "value": "7620ef82764f614277e0736cdbb5ecf0dc13ecca3d2d02e26650dc0d030d05226d35aadbe57446d6534ebb535e33ab84", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211477, "uuid": "b807105d-e0ce-415f-bdae-53671f87633e", "value": "T197350213BF854772D8B2CB315929F694F53DBC342E3A9A0E739CF2085736050927EA66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211477, "uuid": "a452eff6-62ed-41b3-9bb6-d0a7325b8a0b", "value": "00be6e6c4f9e287672c8301b72bdabf3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211477, "uuid": "9a3c9809-b6e4-4715-ad23-351b15dfc85a", "value": "24576:wNA3R5drXGD3QvIS650Uf2Jgk6cUYdwHocOssaL:p50A2tHk6cwIuL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211477, "uuid": "54056cd4-9bc9-4d53-beec-825c84b7ab25", "value": 1099108, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211477, "uuid": "bf3d1723-8ba1-44e7-b044-a23a3071ab89", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211477, "uuid": "4bde83c7-d546-4449-b27d-45c320f5ddbd", "value": "Odeme_Plani.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a131db6-2a77-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690240313, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240313, "uuid": "eb152404-33b7-44b0-a52d-bb0cca99196c", "comment": "Malware payload", "value": "0377dc9c7cfcd1e64598c619821ca114", "object_relation": "md5", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "Citrix", "colour": "#1EAF11", "exportable": true, "hide_tag": false }, { "name": "Citrix Gateway VPN", "colour": "#6C3270", "exportable": true, "hide_tag": false }, { "name": "CVE-2023-3519", "colour": "#57FC03", "exportable": true, "hide_tag": false }, { "name": "php", "colour": "#5D0626", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240313, "uuid": "d2ff52e6-8e1d-4683-a894-6c5eb2f77d19", "comment": "Malware payload", "value": "293fe23849cffb460e8d28691c640a5292fd4649b0f94a019b45cc586be83fd9", "object_relation": "sha256", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "Citrix", "colour": "#1EAF11", "exportable": true, "hide_tag": false }, { "name": "Citrix Gateway VPN", "colour": "#6C3270", "exportable": true, "hide_tag": false }, { "name": "CVE-2023-3519", "colour": "#57FC03", "exportable": true, "hide_tag": false }, { "name": "php", "colour": "#5D0626", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240313, "uuid": "fdb27121-f2b3-466f-adc9-8ce5211a928f", "comment": "Malware payload", "value": "2a8908699d91a2a567bd70e40bb90f8ede0f5d4f", "object_relation": "sha1", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "Citrix", "colour": "#1EAF11", "exportable": true, "hide_tag": false }, { "name": "Citrix Gateway VPN", "colour": "#6C3270", "exportable": true, "hide_tag": false }, { "name": "CVE-2023-3519", "colour": "#57FC03", "exportable": true, "hide_tag": false }, { "name": "php", "colour": "#5D0626", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240313, "uuid": "e675dd49-360b-44ba-b763-473d49e67e95", "comment": "Malware payload", "value": "0911ec24b0bf2fedb102be0d5a4d7e720c5123e1dd415c5a6b41b8832dac2da2ee6b688c0ed3e88309f26ebefe3526a4", "object_relation": "sha3-384", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "Citrix", "colour": "#1EAF11", "exportable": true, "hide_tag": false }, { "name": "Citrix Gateway VPN", "colour": "#6C3270", "exportable": true, "hide_tag": false }, { "name": "CVE-2023-3519", "colour": "#57FC03", "exportable": true, "hide_tag": false }, { "name": "php", "colour": "#5D0626", "exportable": true, "hide_tag": false }, { "name": "webshell", "colour": "#DEA34F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240313, "uuid": "e9125f5d-3c3c-4416-9d0f-d46a4133b950", "value": "T11A212388BE4B5DE19633BD24EB07D5CAD6A72023011E43457D8C13AA8F70518E258DB9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240313, "uuid": "34b3077a-d379-442a-b209-3ae66a736421", "value": "12:SJGjihY1tOhGjOYdjyXv8bud3xuLgarJHB3GJdn2sVEuqrQhH1wwjb93UU/xdE1T:9ihY1tLFdjdu3XG0JV22bBjlxO1hqsn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690240313, "uuid": "dff65c18-2609-44cf-a129-9116d0767f6a", "value": 1248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690240313, "uuid": "1d00d573-6c52-405f-b073-8084f829f062", "value": "text/x-php", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240313, "uuid": "05434e83-5fe8-49f5-89f2-c620061eb28b", "value": "logout.php", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a58e7672-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1690188846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188846, "uuid": "b8ca4f5a-5e17-422a-a495-5882d55aac8b", "comment": "Malware payload (QuasarRAT)", "value": "866aeb690762190e7f633f2756caf855", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188846, "uuid": "2ddc3719-f0b1-4e41-894c-fd33da2b7727", "comment": "Malware payload (QuasarRAT)", "value": "29a2665bf184e5e522774aa9c1b49c9a9e6d91d81e48e24c27f5ff50c206303d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188846, "uuid": "e6057af4-4267-4fb7-8aa3-8845eadb287f", "comment": "Malware payload (QuasarRAT)", "value": "503de210548f1378fcf211f5ad3c8b64b19b7378", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188846, "uuid": "a91db3f9-eab2-407a-8f7d-619769e5ba4c", "comment": "Malware payload (QuasarRAT)", "value": "69a7272f3b96692ea873ed1626bb478f95f0451c4c8ebbc4668d5b722ffc9922f2c4ba96c371c011cb1ab8193d3034f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188846, "uuid": "26aa6e05-d2f2-4d36-b363-6860b79ac3b7", "value": "T145747C1377A8E53BD1BD173AF43606141BF1D846B716E38B6A6865BC6C223868D807F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188846, "uuid": "c8208bba-1f7d-4cfd-b2d1-16ea5d550fe7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188846, "uuid": "d525e456-d133-4e55-8fd9-9c9081fa1928", "value": "6144:GLwb/c2L0tQIzjnbOCbx9IsqjX6CUfLdhdfBt:4H2L+/C+9HqjqCUfLdhdfBt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188846, "uuid": "fc213ff1-b658-4d1b-9dd0-fa9fa0ed8eb5", "value": 360960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188846, "uuid": "28a937be-fee2-40ae-a3db-4129b5c56227", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188846, "uuid": "472a8085-64d9-4926-94ef-d704463b9838", "value": "Test.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffdda43e-29dc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690173965, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690173965, "uuid": "4c8ede8d-f57a-4485-a414-b303f4d277a2", "comment": "Malware payload", "value": "00b703e2dd4b6080d4dcec7cab4373d6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690173965, "uuid": "fcdc93fb-1cbb-42ec-bb04-b0916dd973df", "comment": "Malware payload", "value": "2a673052ee30c8193ff3e03be32f980452e63695211080ab0513d84106db443c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690173965, "uuid": "7bf93e4e-b335-4c2a-979e-62e3334cbcee", "comment": "Malware payload", "value": "78a9621f44be60150f784b68c2e4367af07a3d1a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690173965, "uuid": "af119198-b9b6-4fde-a351-5e6183776a1f", "comment": "Malware payload", "value": "6689f1d38f8715487f0a03ef9e263148226461aab67f8b9d616e3e016aa0dec15d610e75eb4babee5c9278e8c0f8e16a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690173965, "uuid": "84e30ef5-5ef7-4dfc-8dbf-767fcb5f10fa", "value": "T199F522172318EA05D072A475EAC6F5F8DF40EC7AE757214325BAFF087A3F6C9861A442", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690173965, "uuid": "c49e31dc-7ac7-4e3b-8a66-7472012509b7", "value": "c4044fdface36315b6c5a94cea10da2b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690173965, "uuid": "9647dafd-602a-4666-90d9-cedfc55ce481", "value": "98304:Jt4igwu/cqS8jQ+zRwLjwqzMznCYG0U78p:JicqS4Q+Vw3VGG0a8p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690173965, "uuid": "09185884-db11-4141-be12-93fb49e6fe45", "value": 3528720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690173965, "uuid": "0aa5cf26-1d75-44da-93f2-dd3ab9ea824a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690173965, "uuid": "816657c1-736a-46f1-9d1f-b60724add640", "value": "injector_imgui.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a61c0e49-2a51-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690224066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224066, "uuid": "84ac5e64-57e2-4700-8ae2-3b7f92af1088", "comment": "Malware payload (Amadey)", "value": "f5164ec3ede0c14f9062dc9004e62c01", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224066, "uuid": "c6ce218b-0c2e-4de4-bf56-e295cb5b5908", "comment": "Malware payload (Amadey)", "value": "2b593a0585e42eccbb265e5021458332ab7281ed5b96025d51c8c677c8b85795", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224066, "uuid": "b2534b3e-f3c4-483c-9684-886108917680", "comment": "Malware payload (Amadey)", "value": "cbfe4476c23176eca057263d6b743f6389141c39", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224066, "uuid": "33339477-6c91-4180-81ad-d946f6750a9f", "comment": "Malware payload (Amadey)", "value": "3cf349e41c26624a4d5241e6bfa5a15687258a43e2a95a020779ef5ed695d342f87b76633f1d9989f297b9dd9e34bd69", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224066, "uuid": "10d3a326-c223-4907-865e-171298e075bb", "value": "T1CB2408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224066, "uuid": "89b9cfe9-4ceb-4c32-b7b3-8623ffce31a0", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224066, "uuid": "579ba77b-5a3f-4e43-8b0b-32536ce44262", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690224066, "uuid": "a651ee75-3d7a-4980-9f20-2678e6b7b340", "value": 229029, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690224066, "uuid": "0630b565-556a-4fdb-8a1e-f45085ef9fe7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224066, "uuid": "295073ce-34fa-4cd8-94d2-2ea8029dbe73", "value": "f5164ec3ede0c14f9062dc9004e62c01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5ee71dc-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1690212469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212469, "uuid": "bd96b791-c92a-483f-95b6-799ebaec95e6", "comment": "Malware payload (Smoke Loader)", "value": "468b8fb8fee779e9bb718ae1d50c891d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212469, "uuid": "97ac62ec-3083-4429-a76d-507e45705d14", "comment": "Malware payload (Smoke Loader)", "value": "2b700615cbaa89c4d3e0272582a4db8e51bcfe6c3333a5be92e93784b2855ac1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212469, "uuid": "7c7411ce-a83c-42cd-9464-3e9e9e06a082", "comment": "Malware payload (Smoke Loader)", "value": "e829e9c23aced9a9b956ae9a3f58ad6c5b014ab3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212469, "uuid": "a0006bbf-253e-4ed5-b526-4eee124bfa04", "comment": "Malware payload (Smoke Loader)", "value": "229d41884506149204f6c830aaaa3468c2a4a184f2879e2ccc8ea7675c8a68c7a22fa78b9275ac61c00214669a9e941c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212469, "uuid": "85b6aaf6-d21e-44b5-a431-31f8cb6bdab0", "value": "T14AB41252B7D88032F9B1577058FA07931B36BCE1ADB9876B2389798F18736D06870727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212469, "uuid": "c5d2f3b7-333f-43ea-9236-a9c1113ac547", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212469, "uuid": "648ef262-0755-48e3-bf34-84db41f19b35", "value": "12288:hMrTy900gkEayaYWCJZ80zpbB5akxvA5TcR2tXPs:aygkUWwZ80zpbB8k6E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212469, "uuid": "c3dbe997-1c26-41b5-93ca-5eea8a1fe861", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212469, "uuid": "92009b1f-1cea-42c6-864f-34eb67c28ab8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212469, "uuid": "ea029d9e-7d85-4dbb-82b9-eb9e0eaa6343", "value": "468b8fb8fee779e9bb718ae1d50c891d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e48b39f-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1690178714, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178714, "uuid": "e686b430-1792-4559-b7b0-850d5b5354fc", "comment": "Malware payload (Smoke Loader)", "value": "7177e02677573ab74e7c959017897110", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178714, "uuid": "670ef1d5-0a94-4587-a1de-0c24f6b3afc7", "comment": "Malware payload (Smoke Loader)", "value": "2bb01f0cf83b7a1e05098773cf519471afaf5f6f2ccfb60e99c16d7347dbdaab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178714, "uuid": "0ba89a54-dd68-4ff9-827f-0c0da7789273", "comment": "Malware payload (Smoke Loader)", "value": "750a3bff78752acbc5b01b7b05b46fd72bb278fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178714, "uuid": "4af49e23-b751-424f-8e9d-3d421f3e94a5", "comment": "Malware payload (Smoke Loader)", "value": "586d42316ae70f5868fec5715d3f4a05b6b84ff982f02e908b88b7685a63e55bc31d11d41f93452cc26ae295bef5ae2f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178714, "uuid": "a75673d0-8610-4edc-9687-2392b08bd154", "value": "T1E244BF2173E0C032D5A796305530C6B16B7BBC725BB595CF33A81A3A6E703C19EB9366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178714, "uuid": "8399c822-792d-48a5-baaf-2c2c3f9eab7b", "value": "2fdc4e3b60ae08a8b656e75cc56c9b87", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178714, "uuid": "24b67cd3-5aa3-4e2d-b823-1bc3ec27c1ce", "value": "3072:KN0FYpcLQqvv5blIOK2ZcyDnqUhZ+4uSucFcR/bKz34AFMDVmwNv:L2ydvxbOOK2/Dn11uS1+ROzdM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178714, "uuid": "90ce9050-0b71-43ab-95a5-22e77ac42246", "value": 265216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178714, "uuid": "060f2bd6-c6c8-408f-9505-815af3c14bdc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178714, "uuid": "f3f0cc60-20d5-4366-a050-da7daecf9d1d", "value": "7177e02677573ab74e7c959017897110.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d5dac22-2a05-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690191221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191221, "uuid": "e39a88b3-197b-4483-8248-6d78acbb8091", "comment": "Malware payload", "value": "fed53f0fbd7aef62aa7aa6d8c9571585", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191221, "uuid": "63f5b26b-68cb-4177-8fc2-37383ef06267", "comment": "Malware payload", "value": "2bd82a89a6f759196ba61c657644d294cdf9a0bc9edafe7d14c05aca859edc40", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191221, "uuid": "76f95d80-774d-41b9-ab71-31f6fe71a233", "comment": "Malware payload", "value": "8f723e4cd966b2a3721bb2c84c3937c9bea1c534", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191221, "uuid": "6a9c7039-afd1-4660-bdc3-73d62d9d4952", "comment": "Malware payload", "value": "74d230ff940186b30db443ad2efb8df71b4899ad3ca9ff3236f9d8584f22a42d519df1cf14a93daf14f1e68a179b4b57", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191221, "uuid": "e132fc33-d3d9-4755-b9d6-78493496d59d", "value": "T176969D81BB08C13DEB9A063188A38B207371BD42D1D1965BB709F75F16B06DA7A4FED4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191221, "uuid": "6748f7c1-5993-49bf-ae99-b10e5b955a88", "value": "196608:BW2+REZsbRb6oLKba1wF3ya86mE5mBC+0Gb:Y2+REZsbRb6oLKO1wF398k6C+0Gb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191221, "uuid": "27b24afc-8f15-4f2f-89e8-28a501d474a2", "value": 9326441, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191221, "uuid": "d9e2c31c-6684-47b7-86de-5b532da229d5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191221, "uuid": "a7cd69af-4cd4-4d5f-b17f-04d2e7b178b9", "value": "SecuriteInfo.com.ELF.DDOSAgent-AM.24350.879", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4197b195-2a14-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690197698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197698, "uuid": "4c144dca-55c4-4ce6-aa49-ab07f731c307", "comment": "Malware payload (Formbook)", "value": "5baf4014a31286def130a78ad8367c39", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197698, "uuid": "b3c0d7a6-560c-4409-bfb4-22e99897c5f4", "comment": "Malware payload (Formbook)", "value": "2bdb8144f6f7d0946fe050c507ea0ac96f0e39c863a9f5fcff16dd069a2d4e99", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197698, "uuid": "2e737184-893d-4c55-a5e8-6d57e5cfa47b", "comment": "Malware payload (Formbook)", "value": "500ffbd58fed13e4580c0e55e2866112c1a11fbf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197698, "uuid": "c607260c-968c-454f-9634-41804c2aea82", "comment": "Malware payload (Formbook)", "value": "90061448913aeddb365e0ae256ffc7d7cd4d370d5dfdd68359c4abbe3dcad32b255b7ee17d0b8956564f6016dd94b54c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197698, "uuid": "db2f20e4-dd74-48cc-8cca-33b1c8152aa3", "value": "T18F15173814B81B27D1B5DFE68BD08117B7E0AA6F7119E9389DD257D64212F01E8C3A2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197698, "uuid": "49bf2ba8-cc78-4bc0-8277-4db8c324480e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197698, "uuid": "356c8754-0ae0-4cf0-b103-983be4f8285f", "value": "12288:mD2B5rSDss84Y1iEhFMYM/8UhQwja+cVSo6BukMZQG:nDSDoLyawmlSF0ROG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690197698, "uuid": "81fc9765-2ed3-4244-a71f-df891d6d3dd5", "value": 879104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690197698, "uuid": "79a3a607-9325-4505-836c-4f74f1a9feb8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197698, "uuid": "d46123a2-f37a-4c2f-bfcc-583ab9bfbebb", "value": "rNewPO_4036041664.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b58c2f3-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690183943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183943, "uuid": "009248b9-7394-4398-9927-a24f31464f5b", "comment": "Malware payload", "value": "ddc26b9a54db12e1d99ab26fb9e2248e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183943, "uuid": "1f37474a-93a2-48d1-8dbd-6f2949c8c1f2", "comment": "Malware payload", "value": "2bed12eff77cd19eb403cebe858658b9d27f5fa2703d29c0e3d9158b5e918765", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183943, "uuid": "afee286f-57c9-4239-a831-8f001407d576", "comment": "Malware payload", "value": "f3e5ed454ec62fba6c4b38ac716c61202fb4e657", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183943, "uuid": "9724ef06-5e0a-42f3-b94c-16f1b08e9032", "comment": "Malware payload", "value": "a7e99c83d6cdb69cea15da6ee8abb144a2c76d371a3b10c8db77ec354c88360f4a9e857f2344f457f4602faa960679a3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183943, "uuid": "51a988d5-256c-4a8f-9a0a-5d539c0cdae5", "value": "T1E5967D8BB8918A57C5E42637A8BE80C433675EB9978762576D00FE3C3BBE19D1E35304", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183943, "uuid": "f11f6e65-d8c0-44ea-89bd-ec8de5b547b4", "value": "98304:xMpWZ32RZlsIje11sBUJKlCuYlpd7l62CZuxhePNZs75BH/Dr1tfy:qpWJ0sFDKlCuypd7l62CZsheq5pDZtfy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183943, "uuid": "2ec4d5bc-bc39-4856-8671-ca2f6a3a5ecd", "value": 9104655, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183943, "uuid": "053d83a1-742e-4a31-bb40-b22386333acd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183943, "uuid": "31500a0d-e348-4020-a496-95f80cd5bc29", "value": "ddc26b9a54db12e1d99ab26fb9e2248e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92b5b292-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690188814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188814, "uuid": "17f09905-cdfa-497c-ba89-c8ecc517ee9d", "comment": "Malware payload (XWorm)", "value": "b1496c0c2c68fc4dd2ed3158c29c19d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188814, "uuid": "321f0b0f-d2cb-42c1-83c6-5f744e006c44", "comment": "Malware payload (XWorm)", "value": "2cde38be541649884f274fe3d3067228037ce84f58bc6ce0d39b99a91b8e8a32", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188814, "uuid": "09bf7dbb-a76b-48f6-b338-02baf50a9086", "comment": "Malware payload (XWorm)", "value": "c5a8ce40ad6b6c7667c4a32a5442ab56150c2eb3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188814, "uuid": "576fb797-41e4-4c2b-a9e2-b6d6eecfdcdb", "comment": "Malware payload (XWorm)", "value": "997be16a0f14199a7b97e180ae29a0a23f95bf215c4f8201fdda03a84de4aaa61b018bfc0caeaf2feff075ad246fdafd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188814, "uuid": "81c335ae-5871-4d17-aa7c-2dee1c954fb4", "value": "T1C0538D1877E98215E1FFAFB12DF17652DA3AF3535902971F14C6028A1623AD8CE503FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188814, "uuid": "938fd0b9-0cdc-4d6c-8be7-66b39b85df26", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188814, "uuid": "d602a5b2-93ed-4047-860c-f7d4cd2a62c2", "value": "1536:lijqT1RXx6WYfFEJgZbrO/barOTKk1yrckbOZhM2m41:lxT1RkzZbizhTTyrckbOfM2me", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188814, "uuid": "dc95b421-a35c-4224-afae-b1f146fa7931", "value": 63488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188814, "uuid": "e33b0a4c-b90e-49a9-ae67-bd169130ba83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188814, "uuid": "b7827909-f8d1-43b8-974e-51f967fada93", "value": "moretest.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "515cf8b9-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1690178397, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178397, "uuid": "372148ec-0f18-4fdc-8e77-1d5276e39d9c", "comment": "Malware payload (Smoke Loader)", "value": "383d883be15a9b3f35ce3efe475bef39", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178397, "uuid": "31e242e7-6580-4170-b160-288405d2fb5d", "comment": "Malware payload (Smoke Loader)", "value": "2e059934c1f6786fa0108c8cad6e7a7aff078f99c2787aa1d2cfc16ff691d45d", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178397, "uuid": "199e995b-7fad-46c8-b8ef-3605eb683151", "comment": "Malware payload (Smoke Loader)", "value": "0052a54d7b51e281b7aa61ab32621d05cb922166", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178397, "uuid": "55dd2b78-98f6-4b4c-851d-d09b597bdf7d", "comment": "Malware payload (Smoke Loader)", "value": "7ab7416d078468eb16e5293c6d197b63efa8cbf105c99941299c2a6a9ae24135d1d6aaa5b87abc0bce57eb65e4e8e9e2", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178397, "uuid": "c1144a4d-24af-4fc6-b624-8c6e0a4c64a5", "value": "T1E865F003D804CB83C41D83F87E531EE90F1A7F19E89ABDDB14527F8B3A31A62495A55E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178397, "uuid": "bdfee6f9-4fb6-4d4d-a47c-0f441576cb23", "value": "24576:EMu9VNZylw6VQOZynw6VqViNhuuvvtw3oqVUbXQwNgZffsLMy5wXx:EMuPR6VQYP6VCiNhv3tcMXXNhLr5s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178397, "uuid": "dc3a0eea-1bac-4247-9e50-df38e28d5c58", "value": 1500672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178397, "uuid": "c68bcfb9-83fc-4ad7-934c-e316cc929bf3", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178397, "uuid": "a6727a44-639b-48a6-9e15-e42b90f099a2", "value": "purchase order 3937464494.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9aee9497-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217175, "uuid": "2314fb38-3d4d-48b0-b6e3-3441f68c9544", "comment": "Malware payload (RedLineStealer)", "value": "19a8679869349ec978f0ca3f1b3f1321", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217175, "uuid": "31e4cde4-8538-4787-a58c-1870fe408d76", "comment": "Malware payload (RedLineStealer)", "value": "2f2e38d9ee2f4f4fb2b03c5b9e423aca728461476853a2c02d5279bfa01ce94c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217175, "uuid": "1b2643a1-a2b1-4897-b754-7d03c061571f", "comment": "Malware payload (RedLineStealer)", "value": "bf73c7bf83c12380d6cd61de0486dec61ee4e7a4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217175, "uuid": "76f43cb7-fc07-4d77-9fb6-ebf452fdf410", "comment": "Malware payload (RedLineStealer)", "value": "65aadadc49dcef697945b01ceaca1c82738880a05a335e69e4d836d04ccfe36d955aa7bedfbe6c1b0c996fd5ffafc8c4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217175, "uuid": "0a674383-2555-496f-8da7-76da9651f6e8", "value": "T16164F80782B17D51E917DB728E1EC3E8761EF6508F497BA6225BBE2F04B11B2E173610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217175, "uuid": "1f5f19f8-ff7d-489c-8440-863d264d328b", "value": "288497572d529233d7fe65807fe0c26b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217175, "uuid": "c5f6c078-403d-43f7-bf86-1c8466278982", "value": "3072:Ea5XoHO5L0N6EfzIBJougglIo1OxP7oklot9iLm2/sX5gp1hrzvbzFETj:3qO5LIbrIBJoPosx7ot9I7pLrT1ETj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217175, "uuid": "47c9018b-c5c7-4a44-9daf-81f3f136138b", "value": 316416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217175, "uuid": "f0a0ae0b-c000-493a-ad0b-2cd16f968cbc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217175, "uuid": "bc76c834-2b3f-4647-bb39-215063745976", "value": "19a8679869349ec978f0ca3f1b3f1321.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90b15602-2a48-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690220164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220164, "uuid": "b4ac268c-9d6d-4164-882c-7ae86d5ac2b0", "comment": "Malware payload (RedLineStealer)", "value": "092573a97f466f8bbb88f1fe0f5b300f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220164, "uuid": "62e8719b-3806-4fde-9563-26f8585f3514", "comment": "Malware payload (RedLineStealer)", "value": "2f41fffbb221f58e30e8f9695723111fc454ca5751472f0b51614f8fba9f677c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220164, "uuid": "c6af2709-f3a3-47ac-997e-11c39712799b", "comment": "Malware payload (RedLineStealer)", "value": "11dc20dffc741aaef55af041405ac8befeee1c71", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220164, "uuid": "6baa0ebc-a8f2-4ea2-99db-1dea06f8e92c", "comment": "Malware payload (RedLineStealer)", "value": "9a11bd9f3160430df72556e9c42c093ce152f469b7ebe45242054364f2336f9e914d1049a60d30ba1b2b55e5ddd4217f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220164, "uuid": "f0308374-535a-47ee-8fae-6bc163463bad", "value": "T18D840143ABD89072E8F9277018F602831B357C526D78937F2786A55A0DB37C4A97273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220164, "uuid": "43a733b8-ab36-4b69-b172-35347eb43d4b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220164, "uuid": "9542fc78-b169-4daf-a3f0-81068848c0a4", "value": "12288:HMrwy90aKxqyLhb9dddpgBYCUphjRzVa:ryQNNHd4zShjfa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690220164, "uuid": "854cc63e-d108-4c21-9c79-10276e96562e", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690220164, "uuid": "158a3d6c-a73d-4781-9d3e-eaff002f4cbd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220164, "uuid": "66eefe81-a2e4-45f4-ac0f-a93be580d063", "value": "2f41fffbb221f58e30e8f9695723111fc454ca5751472.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df89ba98-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690210848, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210848, "uuid": "41a598eb-9749-47ca-833d-feea0b00a290", "comment": "Malware payload (RedLineStealer)", "value": "0399dd4faee602a5fab7d713bae13da3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210848, "uuid": "5ae4e4c2-b64e-4e3a-8bfd-968a84109a12", "comment": "Malware payload (RedLineStealer)", "value": "2fc7ab848b85cdb5ed9aabd09eb0d65ec6e8213be1137308cc798fc88570b021", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210848, "uuid": "1ceeb161-768c-48dd-8e70-f91487067831", "comment": "Malware payload (RedLineStealer)", "value": "cb6960af001b9c4b9b0242a6bb93d3fa439f447b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210848, "uuid": "2fabf766-1b3b-4a3e-8ed6-32435c3465d0", "comment": "Malware payload (RedLineStealer)", "value": "d5ed5495a00072db546c8559f14ac7b3467cfc969f3cd03e32ff4bbc0bd50dd29ae3261ef3e5a7d88445f5d9e123e91d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210848, "uuid": "9d3234b8-3908-461e-9aea-4b904e5c6b52", "value": "T18EB41213BAD95077E8F52BB05CFA17930935BC915C38836B2385A90E1DB36A0A93177F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210848, "uuid": "dcc9948c-53ac-4fd2-8d03-394c0715b58c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210848, "uuid": "d8067702-71fa-474f-91cf-f682ee138ebd", "value": "12288:lMrYy90MR6rJGRYNQ3EOI8q77d166AkkPAX:1yL/AnOry7d1z3k4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210848, "uuid": "793f163b-6efc-432f-b308-32a6d9a6c86b", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210848, "uuid": "c8b2cc89-157c-42ff-a284-b6a8cd7026fc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210848, "uuid": "b448cabf-6f2b-4cb6-8848-71140c91e23c", "value": "0399dd4faee602a5fab7d713bae13da3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98a2ddea-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690217171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217171, "uuid": "f549a9aa-4d6f-411a-95cd-431f5e00e7dc", "comment": "Malware payload (Amadey)", "value": "c47dca071feb52a20322e76e865dcab4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217171, "uuid": "f0171fea-38ed-4f27-90c7-65350084d0a9", "comment": "Malware payload (Amadey)", "value": "308000983b7e4f25e5acb1038672f733d71b2796dc2cbc98121147d12bfd85b7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217171, "uuid": "e4798927-97bd-4c07-8ebd-081130e6c405", "comment": "Malware payload (Amadey)", "value": "3af8d8756333edcb3f0101369693cdb2d95ed95d", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217171, "uuid": "3f0ee90e-c0e1-4ce2-9c5b-5250e696e002", "comment": "Malware payload (Amadey)", "value": "c30712cc690a6a8afaebed793b15aedea24ed8b85ffb1252b6141ad3a338ff7c6b139c5505a344ddd63493eec630d7a6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217171, "uuid": "93e394f4-a4ca-4f87-8ab8-95454c89ce31", "value": "T103B41257A7E88033E9F9177088F702A31B3A7DA1AD38036B374159991CB26C8E57177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217171, "uuid": "d68289a4-99a7-4957-be6f-4496fca803dc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217171, "uuid": "c5300e8a-7243-49d9-9819-cb2068a0561a", "value": "12288:ZMrEy90NRjXgHkp77TOhpLLCZfbhZjtr/+c01gsn:9y2j5XTRZf91tF0Ln", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217171, "uuid": "b643b729-1cc7-4b58-9342-26d175e1745b", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217171, "uuid": "2d2e63c7-d6eb-429a-aa37-99f7d0f6a9ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217171, "uuid": "8f5e6408-53e9-4dd9-93b5-60ac6e278207", "value": "c47dca071feb52a20322e76e865dcab4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d0b9ea2-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217179, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217179, "uuid": "0c0e5663-1514-4fa2-91d0-5c2c5486c155", "comment": "Malware payload (RedLineStealer)", "value": "b50e18e54dd7ad6fafa02ec218e32a8b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217179, "uuid": "bbd6e8de-611e-408f-ade1-9468a6401ef9", "comment": "Malware payload (RedLineStealer)", "value": "30d0736317151c49f47b63ab22d43daa5cbe604086afbc0176294b62cfebccdd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217179, "uuid": "2a72a30b-93a7-4b4c-ab9e-918bc9bac079", "comment": "Malware payload (RedLineStealer)", "value": "31dbd301e346a6d94bc4962767cf90cb9621290a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217179, "uuid": "a5eedc29-43c3-4ad5-b563-406bfe9b4545", "comment": "Malware payload (RedLineStealer)", "value": "42ab60a4c89f9658e8ae03f6afeaf7ca15735112ed8ec0a35be00ab7ee244cd81c1658bca31fc77eaf8cd62cb7b26781", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217179, "uuid": "ae372ea7-2320-4e7d-a91a-6d7667a58468", "value": "T10AA45B0752A17C54E917AB728E1EC3E8760EF250EF4977B6321B9E2B90B11B2D273710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217179, "uuid": "72c19d0b-acd0-4025-a89e-6983da8b0a0f", "value": "288497572d529233d7fe65807fe0c26b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217179, "uuid": "f7c7ab4e-f4aa-4a42-b513-3da651466b6a", "value": "6144:CJkHLI4F8Q1SzhZtpNYb7jq1s8CX5AeqD1QiYPzcDruhvLIL1ETj:QkHEnmSLtLYb7+o55SQBQD4ILO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217179, "uuid": "b5130695-c1fe-4d42-b6cc-17578589d88b", "value": 471040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217179, "uuid": "ef5e1b5a-a03f-4533-b086-b40bad6126ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217179, "uuid": "c52d9af3-8419-4fa8-9dc7-8e7dec320649", "value": "b50e18e54dd7ad6fafa02ec218e32a8b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5910aa8b-2a29-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690206757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690206757, "uuid": "6a6e8c19-e195-4090-9fc5-9372dc19914d", "comment": "Malware payload (AgentTesla)", "value": "7db45894339c88944aa98f217800f39b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690206757, "uuid": "9251ee8f-a23d-4916-a8a4-82036102dfd6", "comment": "Malware payload (AgentTesla)", "value": "30d4e10628f52ed2bdc6bbfba3825fc778898303dabb1f3262b9dadbc0797a70", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690206757, "uuid": "9b438741-c34d-4e79-9e22-85994b783781", "comment": "Malware payload (AgentTesla)", "value": "87e2c4cf1466bfd3f621088d0bbe1ad59c281525", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690206757, "uuid": "f3eed2bc-bef1-4e8f-bb92-e3fb4d8879d7", "comment": "Malware payload (AgentTesla)", "value": "5b9dbdf4188c39c5bac4432bceefebe0761af3bc17c33e6906d54bb862598a835f438f2fc9927131abe17c6ae85801d7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690206757, "uuid": "5a878158-f3aa-479c-bce8-d41516acf142", "value": "T17205CF14B5B80B31D17E5FF6245546480BF4BE97B17ED22D8EC2B0E95AB8F700A8271B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690206757, "uuid": "086c0732-4f6a-4488-a22a-4971910496cc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690206757, "uuid": "2a343cdb-9250-4c28-a323-3bdfc96aba68", "value": "12288:fJ0Xmm7ywT8LvSCVvcT1d7qic3iaLys32jjJ0328k2g2p/0U7jikE:xummcvmT7SynsWj+28k32+U7jRE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690206757, "uuid": "0773e54b-2879-4f25-8c5f-11a185ee1825", "value": 848896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690206757, "uuid": "a838b409-a183-4f3a-8351-4570d20c3e64", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690206757, "uuid": "3774cb42-f79c-4d11-953a-4aeda0419189", "value": "YATAGAN TERMIK TEKLIF NS21-42471.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9208ffe3-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211147, "uuid": "488f2977-f4f8-48ab-9117-2e4c674ebe93", "comment": "Malware payload (RedLineStealer)", "value": "e4bfc08d8e53b60db31123cb2e564983", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211147, "uuid": "6192f45d-d7bf-4097-9af4-a451a51b8930", "comment": "Malware payload (RedLineStealer)", "value": "33e29b010f073379d7f5bcc1ab9d93ab4d3c5b7be015d55b507023d99e11ba29", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211147, "uuid": "9b27eef4-a2e0-4239-ad3c-27657f3b8266", "comment": "Malware payload (RedLineStealer)", "value": "f20009f6c65f30e8bdbd43d4184241ec55d236fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211147, "uuid": "52c1669b-dbf2-42fe-b9c0-8b14382a2b86", "comment": "Malware payload (RedLineStealer)", "value": "032a08f2907087c1b33458ba466000d82456bc5fc0619257774d3efc3ddc8d5438887a6c55f1bade032e4739cf8611c5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211147, "uuid": "a4c3fed6-f3c0-4659-91cf-b68014633d58", "value": "T192840212B6D51032E9F527709CFB03D30B36BCA09978D25B3382A95A1C73694A93677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211147, "uuid": "5536e9eb-2145-42db-a1a5-0eac535b5e91", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211147, "uuid": "2fdc9c70-f413-46ab-9b8b-7e1e7ba7b176", "value": "6144:Kjy+bnr+Ep0yN90QEwmztcM7X6XgTVRuj462PuH/F+OBrr4LMBt0s3J:ZMrgy90S0X6GssuH/F794Y0s5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211147, "uuid": "ec91d5c7-bfd9-423a-9907-892108a42c2e", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211147, "uuid": "2b7d625b-076d-4c6f-a4e6-636ed773c684", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211147, "uuid": "01fd4783-29cd-4601-8369-940085358ef0", "value": "e4bfc08d8e53b60db31123cb2e564983.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7be21063-2a0b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1690193930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690193930, "uuid": "8e11d3e1-2475-462c-a1c5-8a638582c189", "comment": "Malware payload (QuasarRAT)", "value": "dae2c52b1ecd13a7bb98aa3651167a7c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690193930, "uuid": "cf1d2990-3e41-4e5b-a8f6-3294a7a054d3", "comment": "Malware payload (QuasarRAT)", "value": "36332d397a9c6303da243d4e155d5277dd148e5226389bd07543bc73b126c89b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690193930, "uuid": "731154b0-49ce-4b7c-91d2-8f9faa0b74f5", "comment": "Malware payload (QuasarRAT)", "value": "4cdc76a9561a32c6c6656897fd87aa5fc194c128", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690193930, "uuid": "a6263f8c-6193-4e5d-b339-6698139c3558", "comment": "Malware payload (QuasarRAT)", "value": "c4213c5c77bc382519747fe1f8019ab65f094e34e0db631aed2921acf4bc9ba7d63f2bb9c0a93feaf7ce136b538a1ef2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Quasar", "colour": "#D17794", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690193930, "uuid": "ee6d775b-6afb-44ac-ae0c-961ddbadc253", "value": "T15AE56B143BF85E27E1BBE277A5B0041267F0FC1AF363EB0B6581677A1C53B5098426A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690193930, "uuid": "af9ce921-02d4-4752-86b6-70f9618d42cc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690193930, "uuid": "4c76c0e7-2ca1-47b4-a648-d406a2275a13", "value": "98304:Mvt22SsaNYfdPBldt6+dBcjH66dR16g7G:qW7jb57G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690193930, "uuid": "cc109d00-fb28-4299-9248-60b0d20d387c", "value": 3266048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690193930, "uuid": "d6fe1a6c-5350-454c-a756-d9dc4403cc92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690193930, "uuid": "59a61ea7-ae35-49f8-90fc-1829b63b4db5", "value": "4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab36bfb6-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178548, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178548, "uuid": "3080fff3-b36d-432a-a2d8-fdc28c21ea16", "comment": "Malware payload (AgentTesla)", "value": "b5f861561bead84de0fd8d4aaca465c1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178548, "uuid": "0684025c-5876-458a-af30-49eb223a90b1", "comment": "Malware payload (AgentTesla)", "value": "363b5b951382bb7c9af26fadf9a61541d5a2d4e733adcb40fbc87e18579fd69f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178548, "uuid": "910287da-a70f-4df9-bd9d-ef9ac831dcaf", "comment": "Malware payload (AgentTesla)", "value": "7be91f39a985d1ccbf16e35dca319cc94cb29039", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178548, "uuid": "c83e14c7-b67c-4910-a6ef-4d8b7929d89d", "comment": "Malware payload (AgentTesla)", "value": "d39adf6e6791365cc0d3d7ee0d765d4546f753c856451ef48b65484981775336884c575362bbb7df6438f280d79b4c3c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178548, "uuid": "5a824aed-cdc0-42dc-bed5-6a0fd3a4331e", "value": "T1D505226037AA5D17E495BDF505E4A10853B2B51A282BC3EDEDF320894EA2BC1BF11DD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178548, "uuid": "d0145363-d87d-4746-9bb6-6e55510c617d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178548, "uuid": "f5f7da37-6f61-41b1-98cd-f7e082d578d0", "value": "12288:ZHvJRBusyPAuo0XtFY7JerY/vvY49Ogl4MNy4OYBwSZWIIv7EJ:hFuOze6vf44TZy7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178548, "uuid": "49562497-a520-4e00-b7db-d38d130e0326", "value": 843264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178548, "uuid": "2fd4cdd4-a98c-4cc9-bd11-329f292aa250", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178548, "uuid": "fb640122-56ed-49a4-9acc-d151886db344", "value": "Sipari\u015f 24.07.023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d0943d0-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178739, "uuid": "87360432-e72a-4455-86ac-27456185b445", "comment": "Malware payload (AgentTesla)", "value": "379d45dd46b5cee977d0a7fcd38e0f9c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178739, "uuid": "0376dd7a-1a76-46ec-a373-b92d7b375852", "comment": "Malware payload (AgentTesla)", "value": "3643035d381e44f0facf01f5463aa05fee4315b2c72fea1a96ef28d0185f7369", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178739, "uuid": "ad65f125-a8ec-4656-bc67-06f3ed955b2d", "comment": "Malware payload (AgentTesla)", "value": "db426438285f481cef9afa261fa5d780e763fa5e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178739, "uuid": "5df3c0b6-86a6-40fa-b065-2bd3a6774a1a", "comment": "Malware payload (AgentTesla)", "value": "798fa08b1f91496b0a32d6541704789a512ead3776e2c81ea4224d459429941c4b1617dd1cc7fe423b167039603678b8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178739, "uuid": "ad04d45e-1d9e-46d7-af02-a3a8e2583d12", "value": "T16EF423A93BAA8F13E5E9BCBA05B4C450037AA164951BD3CCED7720D51CE17D0BE11AE3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178739, "uuid": "21c9541a-70d6-48bd-b841-47600eae91bd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178739, "uuid": "5d9e5fa8-600d-4b73-85ef-550d427bcae5", "value": "12288:udovJRBusyAHXgpCMZvC81OQiweGzPyc:1FuiQp3vC807mPyc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178739, "uuid": "2b686d9e-7caf-4472-a2d4-6832a2d63f63", "value": 742912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178739, "uuid": "7debf380-827f-44ca-a385-a30fcc670123", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178739, "uuid": "f48e2dc0-b61a-4c9a-8e2d-9497ff0735e0", "value": "Order No. P0004028 - order registration.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f907c1e-2a48-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690220162, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220162, "uuid": "e85faa94-cde4-45cd-9a48-85b7077e0f77", "comment": "Malware payload (RedLineStealer)", "value": "d96c450b8ed37f93733b920ddc2aa74e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220162, "uuid": "8f4f431d-3e70-44a5-a2ac-d65bd6d9c6d7", "comment": "Malware payload (RedLineStealer)", "value": "379baa9a440232aaa950dcda22b79acf399c5b7dd24fbbac4dab90e5495ddc63", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220162, "uuid": "8b106995-4ada-423d-8104-e2ca4e6cec0b", "comment": "Malware payload (RedLineStealer)", "value": "8f43a48bdbece4498cca34d9656bdbe4f8abad01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220162, "uuid": "d2b88f82-38ed-4b12-8853-2c7627868a1f", "comment": "Malware payload (RedLineStealer)", "value": "f529f23eef0d93ec0110aa6512179903dbf89cb36a55480a1ad3ecc711584c934a0486c834472e40d51cc745eb33cfe5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220162, "uuid": "94bb7dbe-15e0-4adb-94a7-df581e5cb76b", "value": "T189840102EAE94133D9B45BB148F602D30B3ABCB59D7883273755A91E1DB2AC4A53173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220162, "uuid": "b41e35dd-3147-445c-9289-61f860b65c99", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220162, "uuid": "48e68bb8-90dc-4f3b-92d5-7012952ea768", "value": "6144:Kty+bnr+Op0yN90QELq3ZbdXlMbD0B8SsXf1v4RpFmQ2/ZB2eYHyEpzn4:HMrCy90IYi8SsXEpmWyUE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690220162, "uuid": "a1832118-0146-4df9-98b1-65883ed183f9", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690220162, "uuid": "a7f2f197-1b48-4b55-b99b-afb6479fa875", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220162, "uuid": "98dad9e7-0493-4694-8315-2c7a8ad0de67", "value": "379baa9a440232aaa950dcda22b79acf399c5b7dd24fb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55b6c6c9-2a2f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690209328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209328, "uuid": "a9525444-e437-47d6-8213-9891b55df8fe", "comment": "Malware payload", "value": "4f3b4d49943ed924bcdd8a305bad8276", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209328, "uuid": "95dbd9ff-b1ae-4b73-b150-a554bc86a270", "comment": "Malware payload", "value": "3816322b64082ce310b7ee33f6bff41934e685be00b31fd7a14d5e9ff948e684", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209328, "uuid": "ee743745-6051-475f-bb4b-0d04f482786a", "comment": "Malware payload", "value": "7334478d1261f09345e097a1a2dccf72117e263e", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209328, "uuid": "21cd2935-039a-4aa5-bb27-cdf36212d5fb", "comment": "Malware payload", "value": "e6fd79d1e8e0114908dff8c3dd98c9de0ed5bb3871fb9c46c4f4634eab5dde9aebc33336e9423dccffa5d5d9b131bf27", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209328, "uuid": "7a1cf0b1-74c9-4057-8786-6b0e958a9e79", "value": "T1B446334BB8CB1F32D12A47B5609F53CA9E684E040B47163763FB728538F37147AB859A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209328, "uuid": "2dee08e7-0a18-49a2-8098-842692dd2e50", "value": "98304:LIWMy2eOSmUNQiveS0nGRehMc6zEmktLFt7s365qqXxHw+v+y3hfHDdu7gQDB:LIWMyLOiv4GRemc6zEVtBt7Q65qqXxQP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690209328, "uuid": "bca1eb54-bfc1-437b-8fb6-67d52d2b8bff", "value": 5881344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690209328, "uuid": "3065fd34-b975-4578-9b17-cf7931a4f6a9", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209328, "uuid": "5410dbeb-1020-4d28-9771-cb5ca015c849", "value": "Aigoogle 1.0.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6d32520-2a3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690214618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214618, "uuid": "82de08bd-9905-4d39-a61d-ad90964055ce", "comment": "Malware payload (RedLineStealer)", "value": "bee727ee292549d639c9ab58d438d7fa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214618, "uuid": "b413824b-27c6-40da-b412-fa5d0f564b95", "comment": "Malware payload (RedLineStealer)", "value": "38a4243f13bd1da64a5439304d0411d7c213a177f0706ca4a5e92802d1d45b38", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214618, "uuid": "f3b69de6-7f3a-4a19-b6b9-ff80db1dbdfb", "comment": "Malware payload (RedLineStealer)", "value": "b4688dcdaa7a6bd0b7e2cadb8781a5df770348fa", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214618, "uuid": "005a6089-bf04-4f57-be9b-6ad792af6ada", "comment": "Malware payload (RedLineStealer)", "value": "16043f8f1353745a01d924b89d5a76e9f24ff87adea1983fbf1c5e10489825f3bf4613ef5052ab0c0a77c3127856bed6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214618, "uuid": "4c336d1d-2a39-4f61-9da7-f5f63fcdf8b1", "value": "T1D0840202E7D58072D9B41BB01CFA02D30F3ABCB68D3493776794A95A4CB2A91E572737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214618, "uuid": "6c5e46ba-526c-4939-9d48-1bc1eb35d1cd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214618, "uuid": "0885350d-ffbd-44e7-98a6-0cbe12271f2b", "value": "12288:UMr1y90YxqADxVPwrKCVPmbme9ExoBwQ0T:hyhxfxVPwr9VMExPQS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214618, "uuid": "48006c32-698b-4065-ae50-82d6c7bd88e8", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214618, "uuid": "246afe10-400c-41ae-acc3-326d7f93a8f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214618, "uuid": "99c78e47-d451-4a5c-9a14-923363af486c", "value": "bee727ee292549d639c9ab58d438d7fa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11a5871f-29eb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1690180008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180008, "uuid": "fa9bb1a0-d7b2-41be-9a4e-21d094c419fa", "comment": "Malware payload (StrelaStealer)", "value": "357b82b6b2aa0667849eae7e2a52da2c", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180008, "uuid": "cc02b2c3-4cf0-47e4-8528-cc515b3b2666", "comment": "Malware payload (StrelaStealer)", "value": "38ddc4d65627e47038d7b6b2573b6d58d9d29ad98a8dc64a97f905da4d0d52b3", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180008, "uuid": "ea906a33-8085-44e0-8439-80c5c3b00f45", "comment": "Malware payload (StrelaStealer)", "value": "23a04c13c60587847ca7b432bacdd1cb0b27ed95", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180008, "uuid": "f3fd5c49-d371-4f5e-bb29-e74aad63497f", "comment": "Malware payload (StrelaStealer)", "value": "41d03d1e1bfa1673c7ad6bba7657444cdcde4d28e754d4757135e4d4b3749fbdab6c5b2293c6f359060a546da03980ad", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180008, "uuid": "f5bb0753-3149-4113-84e8-efda30d9faab", "value": "T10CE4FBBD65EB654AFE618C303FFCBBA1D77764A9C65BC6F044E9A03024204A7DC12927", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180008, "uuid": "a3ee6f9b-f06a-4866-876f-a4add4734236", "value": "fcfbe5457e76d2ac347d7db113c0ca3b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180008, "uuid": "494dae8c-d86a-46cc-8a8a-0baa5854cec7", "value": "6144:R765xevZXREv1EpVv/J3ET9A0kRoonafFNvwy/xVg2EEU/ZATKRE:GovNfppB3WA0kRoona3Iy/x+h/ZEKW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180008, "uuid": "2f3d2554-e805-42b2-af27-daec9354cbfc", "value": 710891, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180008, "uuid": "bdc33352-7bef-4694-90ec-0ecbdf4d5144", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180008, "uuid": "2c380169-e69b-448a-b243-1f75f915feb5", "value": "mtprdnzdbevobmyfjaxqzmsmapyreuqomksekqawbaekpojweg.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4c2df69-2a43-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690218077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218077, "uuid": "f89151c5-371b-4c3c-bc53-d11690acbadf", "comment": "Malware payload (RedLineStealer)", "value": "6d8e0fbc6e667d4a05c576fc3e11b79f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218077, "uuid": "aac1b017-d80a-42b3-961b-6f251d2d8a4d", "comment": "Malware payload (RedLineStealer)", "value": "3945e3c11e73344fb88b98ea055bca6431d5fc54315520f664443c2dca0475fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218077, "uuid": "835abc2b-5461-4442-93cd-1c16585cf1e6", "comment": "Malware payload (RedLineStealer)", "value": "d98bb16e5b6dce28f074cd453ad6149b3ebaea4b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218077, "uuid": "f20d6937-2017-4cfe-b3da-9e13fa278e63", "comment": "Malware payload (RedLineStealer)", "value": "1f6c3f4497b6d629e087ff5da4612ee24f75aef203fceb4692dd4e9a33bfd88e969abcbb51aecf2ef5835fa6f7ad1475", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218077, "uuid": "35fef698-fccb-467d-bbff-9f68fb842fd8", "value": "T139840143A7E84032D8F527B068F613930A36FDB09D38576A27919C5E1DB36D4BA3136E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218077, "uuid": "105ec841-8c41-4f5e-a492-3bd148a089a7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218077, "uuid": "b38b047b-546f-46d3-8059-02a3faa51cb0", "value": "6144:KLy+bnr+dp0yN90QEMLJ2DeQqnbGcfAYAX8qM6SaXBmLmK2dd+Y0if/VkY4/MU2F:ZMrNy90GLJS13UGxmmx4Y0Y/ByB4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690218077, "uuid": "1c3c8b9e-01d9-4efa-86cd-d25c88b65320", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690218077, "uuid": "59b015b8-d566-4835-9a33-844ced390a02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218077, "uuid": "8e2a9dd4-2ca5-4c1b-894b-734a16162009", "value": "6d8e0fbc6e667d4a05c576fc3e11b79f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "857460ef-2a16-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690198671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198671, "uuid": "1c654689-b599-4d7a-9451-e045cf52e6c6", "comment": "Malware payload (AgentTesla)", "value": "d285eb9dfc66a4900d7d1a23a2434575", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198671, "uuid": "bdf95f7b-9fe2-4869-bc8b-ee0fb431387e", "comment": "Malware payload (AgentTesla)", "value": "395c0eed15d4b5605921f94d489c4dad2edc8fdc816d278e3065d2baa8db3607", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198671, "uuid": "707a212b-8ada-4479-b6e9-ed43038ff6d9", "comment": "Malware payload (AgentTesla)", "value": "6697eb4870579bde658b404efae28cf6aea76ece", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198671, "uuid": "69feeb0b-7b8a-4f31-bc10-38480526ced9", "comment": "Malware payload (AgentTesla)", "value": "98509103a35ab30c77b6d4658bcfd4a0d0ee0e99d1da4b1d835944d389dd4ef1de20f6bad60487660e32826b75c2fbb7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198671, "uuid": "2880b1c4-4a97-4b99-8041-7babe06e2b62", "value": "T1E205125037B87B12D2F8BBF553A0652543B192491837E38C8DF520EA2D26BC5AF52ED3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198671, "uuid": "b47956fb-972c-4085-b7ab-0cda859f54e8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198671, "uuid": "e2b7b630-eda6-481e-b71a-4dfad6716aa0", "value": "12288:XZvJRBusyl2iEtHKXYivQaUekipYjFaklTwcCSsboRbCnY7L4qQrjT5IfG:pFuchCYUkiOFvVwVSsrYFQrH5IfG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690198671, "uuid": "c50bc5e9-b0f5-450d-b8a4-02a2f09f433e", "value": 835584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690198671, "uuid": "823afd4e-6061-4f93-824d-82c5c53224f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198671, "uuid": "91bde8a7-2b81-4683-a35e-e451dbb3833b", "value": "OP230724002889807766443,PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f678c1e8-2a2a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690207450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690207450, "uuid": "2a2b176c-626b-4b76-b4c0-94304694bd4c", "comment": "Malware payload (AgentTesla)", "value": "326d6633230d335b4718d265313a1e2f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690207450, "uuid": "64664436-72b4-4fbe-8a0a-9c54454517e1", "comment": "Malware payload (AgentTesla)", "value": "3cbee8541701e9f374b952159f4650e7db1cc37865edf714506cb677da8906d5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690207450, "uuid": "ae0bbfaa-7fc8-48b7-b11c-a53b5dcecdf9", "comment": "Malware payload (AgentTesla)", "value": "ba3ce8d82fa7954f791b641ab841a097320c9e81", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690207450, "uuid": "87f515d1-7c9f-4c4d-9fe7-0ab86908c028", "comment": "Malware payload (AgentTesla)", "value": "c53469dafec838151ae94c8e7a98e15c77d6ccde05975c2d51a6ff28a8d0319d86ef20cee34261f299187d38cf14db2e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690207450, "uuid": "62e49a59-ffa1-407c-b1b3-ce2f7a8e4601", "value": "T198E45A3C48BD223B82B4EFA58FD48467F0D0A96F7211AD35A1E75B554702A16F8C723E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690207450, "uuid": "17cb6b56-ffda-4034-b446-0572987d846d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690207450, "uuid": "365f230f-c58b-44a1-bec1-e18fa227b605", "value": "12288:NVMdtsjgX/7OBP4xcqgy5Oo+HCbjjL3YVHVfaeuux4jGkDSDG:NVWagP7c46qgyU+jMV1ya0DSi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690207450, "uuid": "e98467d1-a58e-442c-94ce-82e575c811ba", "value": 713216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690207450, "uuid": "def88962-5152-4510-8712-94866ac1d052", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690207450, "uuid": "8bbd892c-fb71-4937-98fe-bb613f50f547", "value": "SHIPPING DOCUMENTS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "780fd8b5-2a2e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690208956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208956, "uuid": "39e39704-710c-4c7b-ab64-9a5025528287", "comment": "Malware payload", "value": "65ee4617cf7daffa229dc0c6b291ace6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208956, "uuid": "a6adc6de-07ed-4dc6-a032-c15d10378079", "comment": "Malware payload", "value": "3dbd2675a09741f0a10aa06c49487c4544dc19d3a4080ce6dec6ade68700f110", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208956, "uuid": "66071e57-5dbd-4b13-9e96-4a66caa3201e", "comment": "Malware payload", "value": "35ae6cbcb1b5c95ef673773987fcda542fa3cdea", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208956, "uuid": "cdbe0e1e-f382-4fcf-8534-8c2245602f19", "comment": "Malware payload", "value": "b37f39b9fcfee87fee325a7e4845ab79c7f18f343f683c1a73184c13f2ecd928e1edbc7de27afed35f26ddd69a9bf0b9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208956, "uuid": "1c1eeb2d-8d2d-41b9-9fb4-d1a2e45845e5", "value": "T107337C017651C0B3E9AB123868B8CA22067F7C535BF484973FEA164D8DB25D1BB39753", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208956, "uuid": "93fa91ac-5282-41ce-97b8-fd26d75e5727", "value": "b75316755c341c81f20ea9365d85eda8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208956, "uuid": "53486ff3-ec10-436b-a58b-c79437dfbc90", "value": "768:rXQIr1Ju/vcMWLxbk6ulB7bYY9EBtMWANK4IsQymdjuTtBdoZe3sZSK:rQIEcndKBZWQkuTtBd6qs8K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208956, "uuid": "211b1487-e444-46a2-90ac-8ace8078627c", "value": 50176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208956, "uuid": "09709495-0cc4-40ff-839e-f4c6d7264671", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208956, "uuid": "3467a2a5-828a-41b8-92d2-a9f6df5d1b04", "value": "SecuriteInfo.com.Win32.PWSX-gen.30582.16603", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ca0f482-2a7c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690242491, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242491, "uuid": "d6f25913-5129-4375-a7bb-c72a032dd01f", "comment": "Malware payload", "value": "03fc3736b669c3642c6e174d14cab905", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242491, "uuid": "683ee409-1c63-4233-92cc-282078e35b8a", "comment": "Malware payload", "value": "3e322b58c66bc3c1d61def23947f96139a266b5e37492db179662a3bfcae2883", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242491, "uuid": "f2f13f2b-fd01-46c9-8507-ad0977c0b457", "comment": "Malware payload", "value": "98ced254a1d5922a0a4bd5aecf507ffdf70db5cf", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242491, "uuid": "e6f675a6-96a9-459e-bfea-8560c4e2df0e", "comment": "Malware payload", "value": "632fca00708d33b5e2c524dda2cc4c1c4cd3b4b95201308b33cf4c92f238ebea601f7f03383b800ca2ad7000fb8d1de0", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690242491, "uuid": "434d4ca0-2aac-466c-b6cf-eeecb788d80e", "value": "T1E7C4F03CB5D1B493C67CB3A8B226E07A7F95BAB8433405C5B3B4F467CC490989E65A34", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690242491, "uuid": "432ea5c7-7e59-4394-a2db-b93ccd2a29d0", "value": "12288:lGLZWh7UgSEwbY/5uRrjPnWaIVtU5KEmyU0NVghtWzuk0e:MWFzwbEgZjPnWaXKpfEVghtZe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690242491, "uuid": "f6394bbc-e0f1-44c7-8917-70a7371683a1", "value": 551406, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690242491, "uuid": "d38488a8-e895-4f25-a5b4-6e0e0a9abf2b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690242491, "uuid": "1147dc0c-03b9-4df9-9831-7753ffe00e8f", "value": "Booking Vouchers.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e540e06b-29f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690183370, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183370, "uuid": "08276982-d632-479b-90ac-4723c8dd1666", "comment": "Malware payload", "value": "03789601c1fcc9b1b53d5b2b9fef53b6", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183370, "uuid": "ed09c2f6-f45f-4b42-9496-d992513f0fc9", "comment": "Malware payload", "value": "3e7d7ed3fb8c7a1803bb20cc238e32fc802d5988b58940b0f85582c59f9a0412", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183370, "uuid": "64535f9e-2928-41a6-ab32-52bd2ec82e40", "comment": "Malware payload", "value": "2773bceada46363b255d99d92df790b1cb3012db", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183370, "uuid": "e3fba340-fddf-47a6-bc96-10a6448c8c53", "comment": "Malware payload", "value": "4885665ad2a6d306e152b7639684d137caf8ba055a5d52ef9949c2e053ae87ffca22b76676bbcbe0a61ddc044042f7e2", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183370, "uuid": "f01e9716-95a3-49f5-973c-d9c8a2d553cf", "value": "T1C5969C56BC1EA963E3D863707B7A4294323EBC44EF82D2232610FB6D69F536C9F52111", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183370, "uuid": "e87c7a8a-ff18-4b89-854c-322db16158c0", "value": "98304:zKFAt6dk6ZHKSGtLj6nOLkT3EYFjSMFZ3Ez9PfZMnIT17zemSSU0fS+Pf:rt6W6lKl6x0YF+MFpEBXZr1eXpySs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183370, "uuid": "91757d30-3be5-4b9b-9202-b1f072ebe4f5", "value": 9196982, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183370, "uuid": "a5a52032-29d0-45d0-8271-cee64c8b1091", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183370, "uuid": "44c26a38-5771-499e-8d1f-fdea4baaee53", "value": "03789601c1fcc9b1b53d5b2b9fef53b6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1db1498-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690191041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191041, "uuid": "5ab9efc1-fde6-4262-9bd3-91fe22b6e636", "comment": "Malware payload (Mirai)", "value": "8136676869c537802ab80ca1ed1b4994", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191041, "uuid": "d883e404-1fc4-4c1a-ab74-2fd36fe055d6", "comment": "Malware payload (Mirai)", "value": "404c674e4a3354b86254982d492fe6474b2650bac9d6df473713855c61ac9908", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191041, "uuid": "f3ff10e0-f371-4a7e-aa7d-99ae8eb37d29", "comment": "Malware payload (Mirai)", "value": "b4492666e027f9800ccaa40d5695e5db98b021c0", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191041, "uuid": "4dcbbb88-0780-499d-ac79-53737e227b4e", "comment": "Malware payload (Mirai)", "value": "23dac6d8d309fdb316a595f7ba0b3f71a8965b56e198c3f0b11c0c9345ef39a50e3d5463738d65abd8548148eec37f24", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191041, "uuid": "490b7d4d-5a4c-44e9-b974-0b9c3535538d", "value": "T1A7D3291775D1D4FDC8E9D5B44F9AA13ADA72B02C1238B16B27C4AE272E8EE305F1D610", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191041, "uuid": "67b04f46-61ae-43f4-9417-185597092eb9", "value": "3072:PntXfNE6wQ4sjiuaogvXpmQXx5pMV9FFE:PntXkWCXZW+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191041, "uuid": "7383f425-83c9-41bd-992b-889d953e6ac8", "value": 131384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191041, "uuid": "765caed5-be46-42d6-b5ac-f421a16fcbfc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191041, "uuid": "8fde50a4-8111-406e-806e-9a289d804e71", "value": "cundi.x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97ca0331-2a1f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690202567, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202567, "uuid": "ec06f9c2-a692-46ca-a58e-6de36adaa6f7", "comment": "Malware payload (GuLoader)", "value": "b4a2ff0625ad1b361e2027df865e3239", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202567, "uuid": "7dbfcaee-bff2-4393-9de7-0942a9cef7b7", "comment": "Malware payload (GuLoader)", "value": "419e101b36b9417c3c065b2aab94221a0bfad01f458140c7dc0fcba42a259625", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202567, "uuid": "0bf8d3bb-f4ba-429b-9db9-0ee7fc048b5a", "comment": "Malware payload (GuLoader)", "value": "4268dbbfdb40766b9b81c1003075aa5581bdc93f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202567, "uuid": "1378e747-aa25-42cb-a8dd-213250b0634a", "comment": "Malware payload (GuLoader)", "value": "d6e8e9605150d2b736a276d5597dc94f460f29527adc1551b210d0972757533ab44f2f6b8c4c41c58b59a02fb2427fb5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202567, "uuid": "1f9d3275-abe9-4ce8-bb6b-5d4c3222669c", "value": "T157847C4CF763ECE9FA660239257558163F419C5EA0D928AC228DFB253C36213509BDFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202567, "uuid": "b1d05193-d114-4e56-af96-e4be632e49c3", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202567, "uuid": "843c3d9d-094e-466d-a534-67b28d23f1d6", "value": "6144:ywq3NpoucMLzQe89JWzQf5dlyfHPBQOFtuT42AWSgpBZJ8rW:yzkpMj8XcQRdMf5QOJSjZj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690202567, "uuid": "64b918fd-9f16-410c-8515-b3c994a5e7c3", "value": 390751, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690202567, "uuid": "57799b47-0fd8-4dc9-a5f0-74943cdc6964", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202567, "uuid": "058dac10-f132-4c71-952b-e1f88949af44", "value": "ASCD0001 INQ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b0a8224-29e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1690176588, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176588, "uuid": "c71b9efa-dc75-46bd-af0f-84c3c67556bb", "comment": "Malware payload (Loki)", "value": "ae838c9160f5c2e94ecf0439e9c35bdd", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176588, "uuid": "81e630a4-318b-4513-9571-1358fb3a8ba1", "comment": "Malware payload (Loki)", "value": "42ed620528c450c61185a065b7e73c5d8207c731acb7bf965df2a49c030de497", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176588, "uuid": "17ae5692-d1d7-445c-965a-15f7359a9765", "comment": "Malware payload (Loki)", "value": "ba9426bcf6386e510b2e69dd7ff1dc382787c350", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176588, "uuid": "1458f849-7e18-4f7b-996b-ae2d6767a3ed", "comment": "Malware payload (Loki)", "value": "0a94a47298b1d6286e77dae831d3d34bc2b94d91f7f8ff19fedda57d61df3345d8697cc2777a4ec485f0aae6ffbae404", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176588, "uuid": "f7f730f7-79ee-43ad-8254-e430e1eba91b", "value": "T11AD4236672E217F08089BA78E23DDF932E049C6B785B86CF785C601A47721CD2265F3D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176588, "uuid": "d81f4796-53cb-4746-bbbb-9e6545e1e1d2", "value": "12288:OdGGPIWdSiyfOgMd0AMarwh2Hgej02FyC:9GgWsVfUPwhogQP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690176588, "uuid": "3811eec1-9c5b-4c27-a25f-3303cf4a7916", "value": 601795, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690176588, "uuid": "90dfbd78-a925-4d07-a482-9dcf24224191", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176588, "uuid": "43cbf60a-4a5a-49f3-af7c-c7928b3fb3e6", "value": "Wire Advice.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6692896-2a3a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1690214322, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214322, "uuid": "0cb9a923-36b4-4720-a197-ef6cea992748", "comment": "Malware payload (AveMariaRAT)", "value": "39bd04b9ae7385809776dc4bad0eb9ff", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214322, "uuid": "73f31418-43eb-47ab-89ce-867da486aa3e", "comment": "Malware payload (AveMariaRAT)", "value": "4375effcba6110d4f5c6d3d7839ef0d1c33b024f802a589af532b969ae679fd4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214322, "uuid": "6126de8b-a6fa-49cb-9cf3-0371daafcf71", "comment": "Malware payload (AveMariaRAT)", "value": "50d4091b028c2d49997722682dc3583a9bd0d8b0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214322, "uuid": "cf66f3b7-f31e-4888-9df0-6354b250ae2f", "comment": "Malware payload (AveMariaRAT)", "value": "104d72dd95e3d1f9068740f8842baabcb33dd2066f94079e0140a5b2946ff29f75f51bd4306cfe127255347290685a5f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214322, "uuid": "7a369b91-1417-45ba-afc7-65468b049a12", "value": "T132F3020497F4C5A7D9A70B316B393B47BEB1E91265B9A30F1B605F04BE72281EA0D353", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214322, "uuid": "2ba1dc5a-aa0d-42ac-b31b-5a2cc2941b71", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214322, "uuid": "4321069d-b250-43dc-a526-4b6edebe8b8a", "value": "3072:XfY/TU9fE9PEtu64bZmCsNs4bqVflVc/nABPTosmBLymfAkyZPqRRG:PYa6/ZmC0qJlVc/ABrosmBzmkXG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214322, "uuid": "65d9a5e4-dd0b-4ee0-8d13-88a73bcb6b0e", "value": 172650, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214322, "uuid": "29cb7c8f-be89-4e9b-bda3-de2200ddae5f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214322, "uuid": "02566c2c-528b-4e5e-b072-3c185f085c7a", "value": "39bd04b9ae7385809776dc4bad0eb9ff", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9361bf91-2a4f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690223175, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223175, "uuid": "6a7e3c61-bad3-4fd5-b2d6-c9b84d861667", "comment": "Malware payload (RedLineStealer)", "value": "62f429c5c6e2ab113a26d87e7d2f16e4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223175, "uuid": "40cd417b-c26d-414e-8cce-9d8b8162b171", "comment": "Malware payload (RedLineStealer)", "value": "4590646dc86de08c227e10ecb3a0504d9c0abf060e54eec6a608fcac2fc5600a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223175, "uuid": "9264b73a-ca83-4daa-9c96-44c0f97b2b29", "comment": "Malware payload (RedLineStealer)", "value": "0c7115f003b6a49315c0acd0aad4cc89d0e092b2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223175, "uuid": "94a956d8-5892-4810-bd34-525a1369cab2", "comment": "Malware payload (RedLineStealer)", "value": "1d5644e391728b727183703222a5f40eb4d4e151d4f1412f9c7597769758d2ca420bcaf21196b9effd68622f5d51e406", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223175, "uuid": "945332cb-d44a-4521-a9fe-451e0c02bb14", "value": "T106840217BAE88032DD7517F09CF603C30E357CA29DB8526F1786A96A1CB2654A570B3F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223175, "uuid": "98e61a6f-6b80-42e1-aa3a-9e55f428741c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223175, "uuid": "30b9d92e-270d-4497-80f8-ef0d8aef795c", "value": "12288:lMrPy90O3jrML3QBy8vv11djXANDu/XC8:2yPzr1yGNHTANDu/S8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690223175, "uuid": "561e4a4b-5930-481f-999f-204969d99b56", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690223175, "uuid": "8d277aa5-2c75-4116-b29a-dbf0c24137a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223175, "uuid": "0f98507c-ad49-4a3c-a828-066385e436a1", "value": "62f429c5c6e2ab113a26d87e7d2f16e4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64303dc4-2a55-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1690225673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690225673, "uuid": "074e177c-331f-41ae-a061-1e59cd52d6fb", "comment": "Malware payload (ArkeiStealer)", "value": "108d02f1be013a326af3975ed37bb623", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690225673, "uuid": "42ff8a5b-2693-4f9c-be00-65fc98653847", "comment": "Malware payload (ArkeiStealer)", "value": "45ad5f55b0a34bc634015430dc080cdc2052636df0ab4cc6d0ab539c533c2c90", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690225673, "uuid": "3847d543-507e-4c79-a572-8bb968cfd217", "comment": "Malware payload (ArkeiStealer)", "value": "bca68ee54ba6be03a0a8bf1de6f7f3aa7e0f90a6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690225673, "uuid": "aa36575f-d981-4508-b402-a158b669ceab", "comment": "Malware payload (ArkeiStealer)", "value": "27b420b2a6b7d334c41785d23333c374814f9312c30dbb3c817ee37eec209d5f4e5b9365e6e745c86bd6c384449a0dfb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690225673, "uuid": "6bf3448d-4a50-4021-913a-0db530adb09b", "value": "T173F4821892306E2AC0C31FB07DBA936E41D42568E31DCEE65A7DDCB5F6EC8436D025DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690225673, "uuid": "07cd6ae4-6154-4753-9101-e663ade87927", "value": "7d594973434539b63f110ff65422442a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690225673, "uuid": "8de7a7da-ac72-4568-bd60-cebda30f1f23", "value": "24576:IRu16WYdRNDl0Et8uEXE6dl5H92r5HAMNY:oVNDl0Et8uEXE6ds1HAM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690225673, "uuid": "179d4c70-5122-455f-b0b9-761e48b98e0b", "value": 791040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690225673, "uuid": "e4eac1ed-9c2d-46a6-9ab2-20e0e12f9b0a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690225673, "uuid": "332bbd84-163a-4a1b-99af-8f8a4826f3e5", "value": "108d02f1be013a326af3975ed37bb623", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de03a382-2a47-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690219865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219865, "uuid": "1f2b9266-0bf3-4a87-9952-53892fba6288", "comment": "Malware payload (RedLineStealer)", "value": "ec31549cc95808f9316604de38717904", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219865, "uuid": "225e93bd-f84e-4d80-9db7-0ab077b85e91", "comment": "Malware payload (RedLineStealer)", "value": "465abb5cd5597f11e441ca709044a3ea328887f2c0424f1e19743f44d8883f85", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219865, "uuid": "4a03b087-cf98-4f27-8481-e31c5cf3609a", "comment": "Malware payload (RedLineStealer)", "value": "417aec02540b3a9b30dbbd7392409a62bd215604", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219865, "uuid": "51a81c3e-4841-443f-8729-5164890347dc", "comment": "Malware payload (RedLineStealer)", "value": "78ed2ed3c46e40197c3aed6aa5323e390f1dbbca65766618856aaafa409223394db1a226959c10e0e06d6a5baca5d2d8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219865, "uuid": "187a430f-4d23-40c1-ac7d-f9da7f91ee49", "value": "T127B40216F6D894B3E8B5177468FB07931B367CB15A7483AB2B85584E0CB3681D83633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219865, "uuid": "68aad6bf-8b39-4386-bdbc-323dbc3a8bdb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219865, "uuid": "9996dcb2-e4f6-4e0e-9e68-8b7fd03915a9", "value": "12288:MMr5y90uzXrvPQgtWnLmyRYrQNhPCmUpMfYuhZmrlP6:dy5LjqnLzNhP8ephZmrs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690219865, "uuid": "6eaf36d2-b171-4368-a608-7e21117d2784", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690219865, "uuid": "22e9ba56-0911-4546-813c-7b45662723f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219865, "uuid": "2648c07c-4355-4f6a-a241-6f53d2b27ecf", "value": "ec31549cc95808f9316604de38717904.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6ccc614-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690178621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178621, "uuid": "6a200bb5-5248-4705-9fba-1c1d165a2c4d", "comment": "Malware payload", "value": "a9f6943168b3c62ebf7ab69077d6f997", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178621, "uuid": "c0538e67-c789-4626-a664-ee061b020df2", "comment": "Malware payload", "value": "46690b117b06c478face8d22bc9ee62e2c3098b012de429469af486445eb36fc", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178621, "uuid": "02458e1c-3604-45ae-87ae-4d05d1020468", "comment": "Malware payload", "value": "c5fee30ddb49c72a73901ee092cd8e9e513dc9aa", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178621, "uuid": "929b5e9c-81f1-4fca-9b3a-a72a219df972", "comment": "Malware payload", "value": "625e3f9f60ef1da6a79b376ce9e20a6fcd3fefd3b897786dc171871db5d8838dace3770e3f537481abb530b58302a210", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178621, "uuid": "6510e201-81ae-40c9-962a-8e4ab39a6f3c", "value": "T19C72A3F29CDBAD8251F88C8476E69C9CD400F84625017D5E7B9F58282B79E86B02C7ED", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178621, "uuid": "d880a394-539c-47ed-a080-8ce94086ea32", "value": "192:PBwvZFADEkYub9b7WkGLTxHOhhLzhcnCuGI8ZLfhXB6qV4Fy50DBtYVWb72v9/Gw:PBwvudqHObIESFy50DwZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178621, "uuid": "e4e69a8a-92ec-4a80-95fe-b34884ef91d3", "value": 17272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178621, "uuid": "9d61bdf8-eebd-4372-9cf2-36bd5db8d7d5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178621, "uuid": "c0244a16-6340-45ce-b237-3d934d3c78e4", "value": "tmp1734.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e76005d-2a48-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690220161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220161, "uuid": "20ac0d85-0e47-479d-b165-83b491ba7580", "comment": "Malware payload (Amadey)", "value": "cad3b54a56dafe52a7535373a0cfde75", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220161, "uuid": "0337a0b0-e91b-430e-9474-3262ed5d71c9", "comment": "Malware payload (Amadey)", "value": "46fd2c5e184c52df4fe96b0e718d60e48cc5a7d70590235b51b666809dd46fe6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220161, "uuid": "08acc7b4-6308-41e3-9499-8d1393bd3ae2", "comment": "Malware payload (Amadey)", "value": "608b713c1af8b98ae0b7ea83480f74ed05ba7dc7", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220161, "uuid": "c05131db-7cce-4ee4-995d-4c8b2796827b", "comment": "Malware payload (Amadey)", "value": "d406c29fc31c9f5dfee32ac4732f445db2431d023550d3a0fb78f46f26a438475582d042ca192636cd42ecac4c0baed7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220161, "uuid": "6afb5e4a-5712-48ef-a6c1-ca6b97a4b906", "value": "T167B41253B7D89433E8752B748DF506C70E397C624AB9836B2A85981F0D72990AD3633F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220161, "uuid": "4a54e1c6-6400-4b46-ab52-e1b048064c30", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220161, "uuid": "ed68a481-8248-4636-a17e-74e7d3ab48fa", "value": "12288:IMrSy90CEkTXZCR5kov5OZYdt9mRUr8JXs6O2tEk:6yNXTpCrk96twJS0tEk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690220161, "uuid": "2d588e6d-9051-4ed8-8c6b-cec359419faf", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690220161, "uuid": "0fea903c-b221-4c1d-8f89-844c9cac62c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220161, "uuid": "62680347-7a80-43e6-ab24-f632505fe69c", "value": "cad3b54a56dafe52a7535373a0cfde75.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1f585da-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690188894, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188894, "uuid": "2c47d9d4-f7ac-4be9-836c-1e828568baff", "comment": "Malware payload (XWorm)", "value": "4de576e8fdae37c3a9dc05375d000f95", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188894, "uuid": "14affe39-a17a-496f-93a7-5dcc47fa855f", "comment": "Malware payload (XWorm)", "value": "47e6a8a74ff05cfdc79dd853f12540ff0c7435cb74c56f407610a99ff279b93f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188894, "uuid": "f9cf20ae-5194-4066-8144-6b6ed6fd3408", "comment": "Malware payload (XWorm)", "value": "85a63580df4642d5a2fd9061df1184d9d888b687", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188894, "uuid": "cb9d2c0e-1ebe-4ce6-8e7f-4e33de2f4ea3", "comment": "Malware payload (XWorm)", "value": "477e3a4ed1875b06100036efc308a246d309451f2f927a25c41847cc2917a0e3b73c6d7465eb2f9da44813f9659cc46c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188894, "uuid": "72bf4eee-15bc-4cdc-9327-903404f8047e", "value": "T1BBE23B483BE48326C5EE5FF02DB2A1060275F5079913EB5F5CD88A9A7F67AC385007E6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188894, "uuid": "d69a526f-018a-4bfd-b42b-7608a4e60bf6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188894, "uuid": "3d294f2c-df5f-48d7-84c7-c13f74b23674", "value": "768:6YZCbocfBfA84IcZHO7N0ZFR9yo2OjhW/RO:6YZCbvfBfARHZuaFR9ydOjkJO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188894, "uuid": "4a777f7e-979f-4f4a-94ec-1e424463e318", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188894, "uuid": "ae32d545-349c-4520-b9df-4f8463997aa7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188894, "uuid": "d8da21b7-f8b4-4a87-b9e3-ab7f087d19b6", "value": "XClientTester.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f94d593b-2a3f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690216474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216474, "uuid": "c16be815-c2b8-4b17-b0f6-bb82016d00ab", "comment": "Malware payload (AgentTesla)", "value": "9f7c9f472081cd347ec3fe06a30712bd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216474, "uuid": "9b9ca702-4299-47ff-9c69-d2dfc0f11da2", "comment": "Malware payload (AgentTesla)", "value": "4863fdf6f26c7ed50d8ec21890efeb7c382035085b5f5b080b22e0cfaaf44071", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216474, "uuid": "6f310e51-6e85-41df-ba8b-27d11e8895be", "comment": "Malware payload (AgentTesla)", "value": "b202723346f861a37a4a4b8b1010e558b0b18356", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216474, "uuid": "00ae5085-5420-4649-85e2-415b4c30eb9f", "comment": "Malware payload (AgentTesla)", "value": "80973f07c6504ecc8cea340f546ac3567f7e0d13157dcd70b38c979abc32b19d7a45c06f848a7ae0386f026ec8c5e879", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216474, "uuid": "639c3a42-d1d8-404e-9219-c4f622f84bee", "value": "T112C423CAF13F9F1C101F99B9904436CF68F3F3E6BAB22C766666D1918C4AD48D514A0B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216474, "uuid": "35c98085-0cb8-4f94-9191-da3d909bde76", "value": "12288:uoVJQNUEqJiZ+g2jlqLFZuCCEveCMydqwhcNZGqNJtpoIOgrAIE77:oNU3JiZHAlqLFSEvDMySLbJfA/X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690216474, "uuid": "1187ec0e-80c4-4a24-a16f-0ddbdf781549", "value": 556986, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690216474, "uuid": "c10a6b17-e646-4e73-bb9c-d3e147f1dd7a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216474, "uuid": "ae34e0b6-4ce3-4d37-ba5e-a96343f767fb", "value": "NEW ORDER 0001.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13f444f1-29f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690183448, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183448, "uuid": "cb449fe2-64ba-4818-830f-f5b39dd2b622", "comment": "Malware payload (RedLineStealer)", "value": "eaec92233a22aeacbd96a73140b96f6f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183448, "uuid": "1b4eaa71-0916-48dc-a511-bb212259ee2a", "comment": "Malware payload (RedLineStealer)", "value": "49282ea0b84cb7562cd75b03c8243101318b4990d6d346c948c74a1629e4f09c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183448, "uuid": "79ff82a5-a9d0-4e20-8dce-c3c5c5d04401", "comment": "Malware payload (RedLineStealer)", "value": "6a7bb33caf9cbf69380b3b87856902791b94e684", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183448, "uuid": "247a0d1e-48a9-4fee-8742-e4287b90e69e", "comment": "Malware payload (RedLineStealer)", "value": "9fb5793d67731d945f8d8c4a8b3b2c564476d9107574f1a682caefc89d1f5b049a3865caf199bcc4cd3836fcf6ac5663", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183448, "uuid": "84ebbab1-2f14-4f5c-92ea-ec42fe31738d", "value": "T1D09533F51261BAA0D09880B35C162D553F63EF4551A48EF7302CB749AFBEB05C72A73A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183448, "uuid": "30a7d9e9-d06c-4deb-a063-ae6f69a0836d", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183448, "uuid": "621d8899-9c79-4215-8b96-0a20e54ef239", "value": "49152:IYiMiukl1E0M/hPZ2EGdgnxJl1J2+H85dbd:7ni5F0lIgxLvW5dB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183448, "uuid": "ef23f0a7-3894-497a-8457-df790b2f0bb9", "value": 1979520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183448, "uuid": "c8254f43-f799-4ede-966e-9fb4ec2f118a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183448, "uuid": "293e5deb-cd44-4b3c-abb7-6ea616cc0cb9", "value": "eaec92233a22aeacbd96a73140b96f6f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "972b2323-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690211585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211585, "uuid": "da4f2ded-969c-43b8-8492-d9fddc97c95b", "comment": "Malware payload (GuLoader)", "value": "f7770284f700d474444e374273949c9d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211585, "uuid": "10bfad72-d0c7-4b0d-b0c7-155d41847f41", "comment": "Malware payload (GuLoader)", "value": "4941ad790a9a53a5c8ea43ef512ee9d56dd7dc797904c7a4fe6dad9d7a36adb1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211585, "uuid": "083d89f2-725a-444a-8803-c424e2f9920b", "comment": "Malware payload (GuLoader)", "value": "c8e244649210caebf68b237a98d4f1b097c6e59a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211585, "uuid": "5afa896c-97b9-4143-88af-35152f12cbab", "comment": "Malware payload (GuLoader)", "value": "ba288a00602dce88f2eaf54aef2b12f69d68c9da5af9a9e81cf4f71b59e53e789204048ca02fb6f0cf0beb5a2ff9b5a2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211585, "uuid": "965aef47-c0fe-494a-a300-d2aefa5e16d1", "value": "T1AC0412836794D877C56803304A77BFA7BBF08B5A15A42E4B47C0AF173A43645CB2E94A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211585, "uuid": "8ef78721-4ba8-480c-92ee-196205b7a70f", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211585, "uuid": "d853a00e-2ed6-45dc-a699-481c0faff19e", "value": "3072:nwDijpS4DbYcr8b4US6WwowLgftTBhBxqa1PabIJ3yY7xbemkYJ:nFPe4Hwos+dDvPam3y0xbeu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211585, "uuid": "b0581a5b-2f6f-4966-b324-a18afd20a920", "value": 185316, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211585, "uuid": "22df48ed-b90f-4c1f-951d-d042f622992f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211585, "uuid": "57ceadaa-6809-4afe-8115-6f4aabffb9a4", "value": "Purchase Order #199000.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac3a7f3b-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690212480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212480, "uuid": "546d9c90-d2b6-442e-ab5b-cd4829c76e0a", "comment": "Malware payload", "value": "516462d0690868091d2bb91873a3fb17", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212480, "uuid": "90eafcff-0788-46a8-80b4-6ea0481e9a3a", "comment": "Malware payload", "value": "4977092255012b7f607600c46e90b6cd48a5cea85a6325146c5ed2f3a25293a8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212480, "uuid": "1bd3ac59-2c10-4f46-b34b-0b781f0f1fd9", "comment": "Malware payload", "value": "4d1aa27c52af4aa95e91150cd39187dcfe181620", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212480, "uuid": "c684bc9c-29d4-4b1c-bafc-b91483b68dda", "comment": "Malware payload", "value": "4b0f0fc82ef59b9a4f58d9476f5baaf981f0da7babd1e365ec5684ad0d26236263d88976b7060460f8e6edaace809bc8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212480, "uuid": "292b2c00-87b1-4693-9077-e855d52e18c0", "value": "T1A376121AB9648C34D593D0331015D6A39205D68EBA18DBCF23B11D0AFEF55EB8B12BED", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212480, "uuid": "e6204b63-2265-402e-90bf-85763c53b977", "value": "c6e51dda1622035b42b177c9afe67c30", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212480, "uuid": "76978cfe-5aef-4d99-bc81-0f11f0586283", "value": "196608:e1DNr558bhV8dkwDsb6M31fyU3Gt2UlWt9G5SkKuB/ah3kM:e1DNFabhV8d9+d1fj3k2woJuQFkM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212480, "uuid": "7561646d-e852-4533-9ed4-ea796851c9f1", "value": 7266640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212480, "uuid": "be22d104-3678-49cd-a882-c109cc86146c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212480, "uuid": "e93781be-2de7-4789-949e-06c429340b8b", "value": "516462d0690868091d2bb91873a3fb17.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2388c3cb-2a10-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690195929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690195929, "uuid": "7911c420-474b-4cfd-a29b-1fb040533333", "comment": "Malware payload (Formbook)", "value": "cffc61990d88e56b5e48721a6f187714", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.MSOffice.CVE-2018-0802", "colour": "#4BF664", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Noon", "colour": "#9CB9C7", "exportable": true, "hide_tag": false }, { "name": "Shelma", "colour": "#7BB583", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690195929, "uuid": "910dc5bc-b926-40fc-9ecf-d8c64707f159", "comment": "Malware payload (Formbook)", "value": "49b9c15adfd52643c9e980a92af5ea642e3d21efaa0022632cbafca87daeb0b0", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.MSOffice.CVE-2018-0802", "colour": "#4BF664", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Noon", "colour": "#9CB9C7", "exportable": true, "hide_tag": false }, { "name": "Shelma", "colour": "#7BB583", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690195929, "uuid": "30eaed18-0a17-4c7b-9d6c-042fe0701577", "comment": "Malware payload (Formbook)", "value": "c395bce7b95d0d9236be554221cc4b00a29a9876", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.MSOffice.CVE-2018-0802", "colour": "#4BF664", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Noon", "colour": "#9CB9C7", "exportable": true, "hide_tag": false }, { "name": "Shelma", "colour": "#7BB583", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690195929, "uuid": "208adb51-fe76-4787-af85-7001df57bdb8", "comment": "Malware payload (Formbook)", "value": "3dd6d4020854dabbdf237b4aa65c408297192a0349ba942a0408c8ce06b8da42cc6ef125a4e6fdc4d20a32b58d90b2d0", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.MSOffice.CVE-2018-0802", "colour": "#4BF664", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Noon", "colour": "#9CB9C7", "exportable": true, "hide_tag": false }, { "name": "Shelma", "colour": "#7BB583", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690195929, "uuid": "e66931c8-f8ac-43ab-9c12-5c082b291e57", "value": "T1F265F103D8048B83C41D83F87E531EE90F1A6F19E89ABDDB04527F8B3A71B62495E55E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690195929, "uuid": "6313afa9-edc3-40e0-aa0b-cba3e4a73553", "value": "24576:nAu9V1ZyFw6VMBZytw6VZViNhuuvvtPQohGdbXQw6gZff9Lv95wEx:nAu396VMr96V7iNhv3tozXX6QLl5D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690195929, "uuid": "eb9bbe77-606c-4b5c-b80a-7707cf1ca500", "value": 1490430, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690195929, "uuid": "6b618190-ad1a-4f6d-aa8c-f153d3848a3a", "value": "application/CDFV2", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690195929, "uuid": "ec7651e1-69f8-4d2a-a3c3-8dc0c4daddad", "value": "especificaci\u00f3n.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e746ea11-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690178648, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178648, "uuid": "4d87d6cc-9f76-4efb-9950-74cd348b7d52", "comment": "Malware payload (GuLoader)", "value": "c59ecc6455aa4b8133f82d737fc9e8ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178648, "uuid": "4704f40c-4f15-4100-8fc4-8a11e70f4df1", "comment": "Malware payload (GuLoader)", "value": "4ae9a3bb0ce86b451dbac20d17d39958f2d9ee386d5f1fe63aea27a88355eb7c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178648, "uuid": "070e7a51-1c08-448a-b53f-4e4ee2cc062c", "comment": "Malware payload (GuLoader)", "value": "18522a7e003ad0a2d40e3ede3a883e8592578ea0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178648, "uuid": "ad1a3b36-1635-4029-be2c-9c649c51dde0", "comment": "Malware payload (GuLoader)", "value": "15d7a95ee85983b228749c6a367eee4b43e42548fe563bfcd220648bdc99da9d289d594b1f9255a4ff76ac5f138cf31e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "ZiraatBank", "colour": "#99749B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178648, "uuid": "12c0aa5f-ab26-41dd-ae11-151c716bdf83", "value": "T15454188462A2F64BD7410B70D9D0E7B9267B2DF59902422E6D9E36F84C3FF690DB0172", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178648, "uuid": "e0bbf94d-aeb2-43fc-836e-402478623beb", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178648, "uuid": "5b00b69a-1f84-4a87-b430-c2b4ab074a1e", "value": "6144:ajC8w75wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww5w5wwwwwwQ:z8w75wwwwwwwwwwwwwwwwwwwwwwwwww4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178648, "uuid": "a1977518-b20b-4a9e-9319-ea51ad2b0113", "value": 294458, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178648, "uuid": "c8662bdc-8eb6-481c-88a7-ef0b68bea19e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178648, "uuid": "b17436dd-ca67-4b8d-85d3-4f28608e8286", "value": "Ziraat Bankasi Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8de18a2e-2a19-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690199973, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199973, "uuid": "05ede5c4-1f45-42f3-b4c0-d709597d204e", "comment": "Malware payload (Formbook)", "value": "092a9c604129484de0ce5f2fb3c450d1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199973, "uuid": "d3b3afe4-dd58-4a7b-aa6e-0fb1a649b850", "comment": "Malware payload (Formbook)", "value": "4b38e3c4f1f6ef163426fe9b806a426b8afff5bfba414a3109d609a859dacf3b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199973, "uuid": "97051040-e2b1-4715-b503-4bbf3eadabac", "comment": "Malware payload (Formbook)", "value": "5f04c39ceef5e86d1867092d8c08c983f4d787ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199973, "uuid": "9c2ea369-e67f-4c4e-bd4d-2f2b3ac27370", "comment": "Malware payload (Formbook)", "value": "266d12102c97afbd0e5da54a3f3ecbc07cc10f7f964723c3e3c3566e40efdabaade303adf8029431d462804b5ac7857b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199973, "uuid": "c3b2065d-716f-4a76-a8db-d1f2b18a1b82", "value": "T1E0C4B0697B56CD11C2C80F7BC0CB695987F04D496467FB0DB9C423C249077AAEA4EB8B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199973, "uuid": "c483f113-a111-4db5-9c32-d77a072e4d34", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199973, "uuid": "de7d2163-1510-43e8-a97b-1cc213978318", "value": "12288:mQIHcPTI6djx8bmtfrA3+As/I9/3MCjf:A8rIOabwTkoAUo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690199973, "uuid": "3ae01e17-1da7-40b6-8f0a-6712956d794b", "value": 551936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690199973, "uuid": "43d75fbc-fbc1-4654-a562-e9cee07e0be2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199973, "uuid": "8fcf5f0c-59da-4ed4-9ef9-484d446a02ae", "value": "ServiceHub.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a88b832-2a19-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1690199914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199914, "uuid": "0244fa9d-f553-4a22-b689-e4a58a45ce65", "comment": "Malware payload (GCleaner)", "value": "3edd0c6f1439e03110249c5bfef9d904", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199914, "uuid": "c5215009-02a4-4254-bda8-84f1d7504bf5", "comment": "Malware payload (GCleaner)", "value": "4b52e3c2adf9de8a328b9554d05428bd46b1e62c8ea9e0ebb05016c140395da4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199914, "uuid": "990c0300-f3f1-493a-b68e-a672547c30f7", "comment": "Malware payload (GCleaner)", "value": "7598e76a3f659042ccaf81325870efd6467281ac", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199914, "uuid": "edc835d2-accb-4e2c-860f-c3458c0ac6cb", "comment": "Malware payload (GCleaner)", "value": "22b2de407e907e2bcf7c26bd4443a0dd788b5a1d82040ca291d03dc0b1859eb721199279065f61b1230bb27e515f30e9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199914, "uuid": "29b44a44-d094-4da0-a737-f40d0f1ad0a1", "value": "T1B1452393F79589B5F2645B317E745509AA7BBC5054382C1CB2CCAB6D0F2B9C2ECCA321", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199914, "uuid": "2bc6d764-f6bd-4547-b6c1-ec3cfd3d06ad", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199914, "uuid": "39a8a1ef-f585-4d9e-8474-e3de8c4524b0", "value": "24576:S2lWLzy3Kkw8q0T0MMdoa+BCQQsMjqJwxxhv0v9c3ubvEM6:S2YLzy3KaqO0BT+BCLjqJKccKB6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690199914, "uuid": "8b40b042-f958-4fdc-b1c2-971df76197ef", "value": 1199682, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690199914, "uuid": "c4981bbd-0bdb-415f-b4b8-c6d06ccfb34a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199914, "uuid": "4d17f37e-5034-4b46-8f20-66b5a6e6ab93", "value": "3edd0c6f1439e03110249c5bfef9d904", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b749c8c-2a05-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690191218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191218, "uuid": "5bb1b32d-72bc-4a8b-b0c9-1e5956e93fca", "comment": "Malware payload", "value": "c74e46fbce80a7a80db8f6528e4c1025", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191218, "uuid": "ca1efae9-7ec3-4b1a-9eac-36505debdff0", "comment": "Malware payload", "value": "4c177de13d3b60d90612af9aab8cab31a4f907b55ed9b38c655c67ff0c3e2790", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191218, "uuid": "f8e7d76f-be3d-43af-9f8d-0f9679bca14f", "comment": "Malware payload", "value": "5dfacb6ab5347b43a5eb044610f6b2d678738595", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191218, "uuid": "7160c0b8-707d-4bf6-ad0d-8ee2e3b964cc", "comment": "Malware payload", "value": "ac96e954627c54a982cf6b0b661e7ca1215b283e30aff111b489ad33d6437b907241d5849b24a60df012bb0912d1e6d4", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191218, "uuid": "6c88228a-a54b-4b3d-b9b7-8bad83b8ece3", "value": "T19B968C81FD8B44B6DA431D3144BBA26F7735AC014B20EF87E6107F6AF97B5A92D36108", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191218, "uuid": "6522db89-ea86-41d1-b61c-9bc65ecd8d56", "value": "196608:GC+ESp/W2Q7mNYVlmVQjyDyZmq5WMBUGnL:NDSp/r8mNYVlmVQjyvq4A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191218, "uuid": "bcce7e0b-91f0-4043-8c6c-4c514137d8cc", "value": 9166651, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191218, "uuid": "759d1412-a41a-49e0-984f-b57c4c8ed07b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191218, "uuid": "165727cf-0eac-4852-ab6e-4089c13f7010", "value": "SecuriteInfo.com.ELF.DDOSAgent-AM.29199.13922", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54b8ef43-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1690178832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178832, "uuid": "ff4dc118-4eed-4feb-b488-5f5bacdb4269", "comment": "Malware payload (AveMariaRAT)", "value": "3bbe1bbb2c7be02f89a2003c675daa79", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178832, "uuid": "718a71a4-bf7b-4c15-a930-03b0159cd575", "comment": "Malware payload (AveMariaRAT)", "value": "4cc70af8bd8923b6f4e0ffb4b999917b1d9b114caaa2fa50bc623fe70c71e7fc", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178832, "uuid": "4a87582b-18be-4c17-b43b-b853ed97ef6b", "comment": "Malware payload (AveMariaRAT)", "value": "b9b5483cc0bf205e4e90ed4aaa54bec0d7e082f1", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178832, "uuid": "90dc54e9-7ed4-4a67-9a10-a2a7273898ff", "comment": "Malware payload (AveMariaRAT)", "value": "4345440ec27f18ee870535ceaeda6345abc5fc669e0e50b2d9503c662b0e8480e9fa9ae48eafb9e6009af49c219cc256", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178832, "uuid": "62723a3b-a638-4010-aeed-4ff59f3b2120", "value": "T170E4221233AA6E17E6D8BDF94275A109037272552923E7CDCCF620C51EA07E0BF52AD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178832, "uuid": "f4e58e8e-20ad-469c-a3b6-d450ee3a00de", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178832, "uuid": "ea6188d8-c96e-40ca-86f6-26f3c2a53d35", "value": "12288:U5DvJRBusyAIi7/9RZOgE26uPwouopnQQR8kjTn3I6:6Fut4/9jOgE1uBndTn3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178832, "uuid": "eeb9e958-5d8b-454d-a4ec-d7e86e89ba0f", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178832, "uuid": "e24f90f8-4bf1-46e0-ace3-bcf0fbbad5d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178832, "uuid": "543f32ae-e8e4-42c7-82f3-ae3222886108", "value": "3bbe1bbb2c7be02f89a2003c675daa79.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa46f286-2a4a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690221066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221066, "uuid": "92bae594-af7f-4672-bad8-1fde4e6462e1", "comment": "Malware payload (Amadey)", "value": "3382c732420771ae82b67f474b8cf26a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221066, "uuid": "ccd258a7-5e33-4c43-b61d-4202abbb57ce", "comment": "Malware payload (Amadey)", "value": "4ce4d007bec5cb84dda893734b15889a0c3776ada2d43de51874626c268f3810", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221066, "uuid": "49ee76b6-09ff-4f41-a406-641eada40115", "comment": "Malware payload (Amadey)", "value": "048fa4efaec1cff87b8cc61713be6de747d9cde1", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221066, "uuid": "694e6b36-9f4c-499a-9fa5-6bb4f9759244", "comment": "Malware payload (Amadey)", "value": "004820006c157af4e5a684f4f3b8a02e4bdddb753c259732a5c2e9ec40b9b5d97fcf1d1b9dace1e42895bdc4b0d27ce7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221066, "uuid": "3c273190-b49c-4684-96d6-02f3ff36f5f0", "value": "T14B2408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221066, "uuid": "ca1bdbcd-33bf-4027-8f84-5d5d8b09e280", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221066, "uuid": "261b4aaf-ead2-40b7-9c01-dca38d96e3c6", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690221066, "uuid": "370a7924-b9e1-438d-9207-61f22277faf0", "value": 228992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690221066, "uuid": "3e3ec54f-a1dc-4bd6-a4db-8f30dbcf02d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221066, "uuid": "d12ce202-36ec-4c95-8520-2a47b7ac6898", "value": "3382c732420771ae82b67f474b8cf26a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6186b68-2a35-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1690212174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212174, "uuid": "3a80abd5-044e-4378-8134-54e5d28ffaa2", "comment": "Malware payload (Fabookie)", "value": "8e93407f004c19fce37cd9af2cfc9e1a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212174, "uuid": "aa1e3d3f-4a46-4573-9f32-68abceaca14b", "comment": "Malware payload (Fabookie)", "value": "4cee09d3527fa54c2e7c67fee399a8ae3c8b7791a79c5e44f3144eff6e82e1a2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212174, "uuid": "41fafb83-ca63-45d7-966b-2aed264d68dc", "comment": "Malware payload (Fabookie)", "value": "698f6062ee1044f02c979d49e456147934601b29", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212174, "uuid": "aafb9edf-3fbf-4c0d-a57d-5d4e93343076", "comment": "Malware payload (Fabookie)", "value": "e3750271121b3544c2bcc86e164cfac33e4bc9391fc21a32e88e0da47a7f6e6f159b04b8e1f2e8162bfea7203291a621", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212174, "uuid": "3b9e8e2d-96c1-4fbe-8f0e-2b8d98516b90", "value": "T15D24AE80F391E195D64D81B5C927CAB85266BC1C9A341BBBF294BB5F2E313C74036E27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212174, "uuid": "606a5828-03c7-4142-99bd-0c09a841e22d", "value": "4fd11f5c9a089e7b45c77cd8b5fde1cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212174, "uuid": "c9dce001-22e9-40a9-bb54-d37612a1addc", "value": "3072:iPBCEk3kKqUa9antF5hvvJkeXp2QhHkKqUa9antF5hvvJkeXp:VUKq99UF5hvvfjhEKq99UF5hvvf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212174, "uuid": "43a56282-f4e3-486a-9e59-bf6db8c3d201", "value": 215040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212174, "uuid": "cc945857-8d23-417c-8e67-8701be7e0724", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212174, "uuid": "1b1b50f2-8af4-4893-90d2-ba464a2c21f5", "value": "8e93407f004c19fce37cd9af2cfc9e1a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78474dbf-2a38-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690213251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213251, "uuid": "55937135-217c-4755-ad72-ed55fd8afb14", "comment": "Malware payload (Amadey)", "value": "b3b5f8b573146c32e2f3460b61a91c99", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213251, "uuid": "2dc73973-dcba-4d59-8df3-f793c72931c2", "comment": "Malware payload (Amadey)", "value": "4d1ca8298fe9a99b0cc88112c28a4d00b3edff2235e4d585feccf5169336efaf", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213251, "uuid": "23005c6f-bd82-4c3b-b607-e491fae51b0e", "comment": "Malware payload (Amadey)", "value": "1ecca9ae256a821d19b8aab691bc14f2a43e30a3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213251, "uuid": "877aa29a-34a0-46e7-af58-002f41a4bfe8", "comment": "Malware payload (Amadey)", "value": "06d64bf045712ba96d425e4ce8322a9176fa1be6342a4f1aaf7ffd962ce77e24a4a7dc20dc6b88bc7f768a330c126f63", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213251, "uuid": "a02a7d1a-c4ff-4649-8f71-29d28a3bed30", "value": "T193840212F7E98432D8B517B05DF603C30A3ABDB15CA8436A3746A94E0D73688E97176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213251, "uuid": "4ddb3fcf-c03a-49d0-a05c-73671f623b68", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213251, "uuid": "3154d0c0-627a-4cc2-a2f0-aa16110ca46d", "value": "6144:K7y+bnr+Ap0yN90QEHbt3lmOUt5tqGp/mrRwAIjV+CMuE0NWpdz44d+mWYPGYXNE:VMrwy905vdUtBmrRwAIB+CtEoyvtXVY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690213251, "uuid": "504891f6-50ef-46a3-b011-95f134ebd06c", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690213251, "uuid": "9f9f6d2e-1153-4e4b-8c83-7ae1b10c630b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213251, "uuid": "a111ce23-326f-4224-9ddc-f15f440a0397", "value": "4d1ca8298fe9a99b0cc88112c28a4d00b3edff2235e4d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54e0d6dd-2a1b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690200737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200737, "uuid": "cbae8484-296a-4f46-9545-878db885372f", "comment": "Malware payload (AgentTesla)", "value": "ce4d305e7e3fbe2029ee9be524692868", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200737, "uuid": "0d7788e6-4f8b-4d71-bba8-3e7fb3c56aa2", "comment": "Malware payload (AgentTesla)", "value": "4dcdc8ee41ee8849180bc698ad3ab4e7a32c23442fc9dc70fe0adf283f219fd1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200737, "uuid": "8950237f-cc83-494d-ab4b-b8581ae1aa88", "comment": "Malware payload (AgentTesla)", "value": "d7782327b6ce4051e06aeaaec453b62c02fb2d01", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200737, "uuid": "d7a6ea76-289b-44fe-b5a0-12dcd4607d9a", "comment": "Malware payload (AgentTesla)", "value": "fd3a11f5bba12923ff08061004188d0360cd74202fd4d22fdfe5b1528e9d520bea9e797bcc0d07361a2eba5bd5fba078", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200737, "uuid": "62762452-7953-4d08-8de7-637852a5161c", "value": "T13594F7F871E1E27AC81182301E65BD7147F55CA0CE71A956EDDCF9E0DA30EF52B2224A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200737, "uuid": "d5c83ae3-53fd-4dc2-8943-bca6b4cad520", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200737, "uuid": "5c762d96-cad7-4012-9a13-30f6e8956e63", "value": "6144:MDKW1Lgbdl0TBBvjc/+ogLEaxys8MHGtO+wIo/0gRkvdDF:ah1Lk70TnvjcGTEaQt1w3/0Hvf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690200737, "uuid": "61c95ad3-6127-4785-b7c4-71912a7adf4b", "value": 422400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690200737, "uuid": "b59b946e-2c2b-48c1-85a9-b405e0aab7d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200737, "uuid": "8cfc300e-53c6-49c1-ae49-6ead448ec95c", "value": "\u00dcr\u00fcn_Fiyat 10243975_forKARDAG A.S scan%001%.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4991e912-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690178813, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178813, "uuid": "7d36309b-5a7f-409e-8535-63344239758f", "comment": "Malware payload (Formbook)", "value": "07c6c699a3bab2ace94c677998619aa3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178813, "uuid": "b07371af-0fab-4bcd-95d8-09f1f3721320", "comment": "Malware payload (Formbook)", "value": "4e0e1cd19e8e9808d32c2dc150a99e83cf9ee8e0c6c88ab8c4ee2ed519e3078a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178813, "uuid": "8148a837-7405-40d1-954a-504065c2e6d9", "comment": "Malware payload (Formbook)", "value": "a01d544617e7b47a1ffaa17261425b0986a7624b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178813, "uuid": "17769ffc-6f81-4e69-9c0d-1d0041de2f3c", "comment": "Malware payload (Formbook)", "value": "7c10e91ccee47e9a878410343dcead9535ace2fdc6ab2299ab22ac2dcdc08292f79b6e12536895207587f048b17eac53", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178813, "uuid": "97b245c7-ce37-4e8d-8c40-0ec9e3a317b9", "value": "T159F4126233BA9E17F5D9BCB08591A44563B2B3543423D3CCCDB2208D2DD63817E666EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178813, "uuid": "ef24183b-06e3-4759-bf64-289363ad1404", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178813, "uuid": "4c5f79ee-1bc4-4940-a823-2788b69e98ca", "value": "12288:PzvJRBusykLfqOocoiKemZYPMrh2Yfq6Z9gu5PIolEnRw5n9M+:LFuwLf7oRemZybYf1ZvPIoCnC9M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178813, "uuid": "703d4292-3fa1-42b6-a579-63f48060f9a1", "value": 764928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178813, "uuid": "c87c64db-d2d7-48f4-abcc-9393d0594b71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178813, "uuid": "c7e7318d-ddeb-4bef-b866-3603c2d78fa8", "value": "07c6c699a3bab2ace94c677998619aa3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c4d02ee-2a38-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690213258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213258, "uuid": "6415acde-e6df-4be5-b675-68e38e7c46c1", "comment": "Malware payload (Amadey)", "value": "956c4df2857bb0e9e8f05a86ce9b73f3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213258, "uuid": "5ec17cdc-e4d3-44a4-8ba1-2aa91e52a6a9", "comment": "Malware payload (Amadey)", "value": "4f043f30a243d12dee9c9c8829ca374a775667bac22cba0e88f8e53aab5606aa", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213258, "uuid": "badd7612-29f7-4aee-9612-71d1bc0dca16", "comment": "Malware payload (Amadey)", "value": "02b469bca38b2877462271e73de500fa86a6a392", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213258, "uuid": "ae5f0907-58ff-4d5f-ae16-61c5476d1f81", "comment": "Malware payload (Amadey)", "value": "d43df91e7d5e68e153e418186522d34194908a3215dfc960c4e5b31ed1850767cf682728d9eeb1b57e7f649736a96efb", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213258, "uuid": "e3a7d9bb-3131-4555-b250-f7cd5bdbebfb", "value": "T193840103AAE88076E9B92B7018F203D30E37BDB19C7487AB2755695A1C735D5D93233B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213258, "uuid": "39d79f3f-5859-402b-8f19-068d49ea67fb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213258, "uuid": "60ce6211-4545-4933-bc4a-6296e670bb85", "value": "6144:KQy+bnr+Pp0yN90QEVH8thXa04LbXYQoKZ8pMjofTH4ShHeoCecn6olLGFgvdViP:cMrry90fvoQU4WTHnh+hpn6EGqNN+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690213258, "uuid": "3086c3fc-7306-427e-8b15-38a054614daf", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690213258, "uuid": "21ad99cf-c4ac-4b61-9585-882c2504a7e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213258, "uuid": "b2c5a2a3-7216-4846-a417-9d529f5fdcae", "value": "956c4df2857bb0e9e8f05a86ce9b73f3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db6caacb-2a24-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690204828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690204828, "uuid": "5a738811-9a36-4fb9-b010-adc6edc48a9b", "comment": "Malware payload (RedLineStealer)", "value": "0a57b885f3d7316e2c37f2fca04d7a7b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690204828, "uuid": "90dc2860-9d1c-414d-ac1e-f2a45dab2b0c", "comment": "Malware payload (RedLineStealer)", "value": "4f1c61d2cb777506cae0751e1b57bcba23f50cf830d32fb327ad4dc50e17a846", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690204828, "uuid": "f9ed0aee-da1f-4208-accd-78139c1b92bf", "comment": "Malware payload (RedLineStealer)", "value": "379ec902cdbf5d9fdde162f99f83f726efb8e1f5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690204828, "uuid": "0f8594df-0ee1-4c94-bac2-74ad5a732b0e", "comment": "Malware payload (RedLineStealer)", "value": "f3d8bbfd206339b2484afa9f22b2d1c3bb38b0fbb39391b3cb61eb7c69b212fdac1f4d239165972cbcbc540cd9865405", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690204828, "uuid": "1492064d-0e63-44a9-b3a4-7f63f58a5b13", "value": "T120E2F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690204828, "uuid": "667203d8-d331-4409-8bb1-d69e53b21c20", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690204828, "uuid": "b5b7860c-d4ec-47ae-9e04-0c0701817ac8", "value": 33246, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690204828, "uuid": "efcbcb25-8a7a-427c-93c2-0104419c90d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690204828, "uuid": "3569f429-2205-495c-acfd-cf56771f3676", "value": "0a57b885f3d7316e2c37f2fca04d7a7b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f63c7dd-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217156, "uuid": "83a10fda-7bb8-4a77-8579-2cfddfc74af1", "comment": "Malware payload (RedLineStealer)", "value": "076b99caf9477fedca25bffeae2cb79e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217156, "uuid": "750a0322-a7e5-4fc5-9aeb-c6d41fdbb264", "comment": "Malware payload (RedLineStealer)", "value": "4f85c3e4ec4db9780db30f402a82cf4f34e6d0a934cf7eb35d8bdb58e46d06fe", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217156, "uuid": "d0542ee7-1072-4212-b8be-0e1ed87201c6", "comment": "Malware payload (RedLineStealer)", "value": "e225fe1511055fe06e101e5c83642334f338ef10", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217156, "uuid": "b3977cce-7970-4951-b907-62f736de48e8", "comment": "Malware payload (RedLineStealer)", "value": "aed5aac56b84a3fee60040b06ac2d2d6ea8a5f0d6a3dd3a8373ea294fa8156c869524e1854f114e17ad040ad2268b8be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217156, "uuid": "f9f9bc79-90a1-442e-8821-9afed60ce4e2", "value": "T120840142E7E89033D8B56BB05DF602831F367CA69C74932B2355EC5A4CB2694B83573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217156, "uuid": "0ec1d2d0-234b-4e6a-8489-66ff53116537", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217156, "uuid": "970d63cd-ea96-4b51-be2c-edf1e99f76ed", "value": "6144:KZy+bnr+Wp0yN90QEPf8b53ozQVRVtlSrZV3FB8+gBZ+t49DyLvbW3JC:fMryy90iF4ePtua+gBYC92zS30", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217156, "uuid": "14526e3a-0da9-4198-9165-176d4d348cb7", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217156, "uuid": "9fd8e50f-1eae-4eed-929f-f96a1150fcf4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217156, "uuid": "78681536-177f-4ae7-8104-275eec52bf7f", "value": "076b99caf9477fedca25bffeae2cb79e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7564eb6d-2a01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1690189624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189624, "uuid": "055a49c6-e7ef-4826-8567-fcbae1c30f8c", "comment": "Malware payload (AveMariaRAT)", "value": "f32ac2000246e47a51d3345c7ca60f1d", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189624, "uuid": "6d90ae7e-2801-48e0-911f-9b2dc0ea02e9", "comment": "Malware payload (AveMariaRAT)", "value": "501575c02253dc7e900cd236d00678dc1d51031fb5943107918b84e55de6a923", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189624, "uuid": "ca37b651-4621-47d4-af11-16180485fd32", "comment": "Malware payload (AveMariaRAT)", "value": "c02115a1c325eec4b400ee7ccdc78592b5f5406d", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189624, "uuid": "32cd0a11-e81a-4dd6-adc0-fdf3ec5fe688", "comment": "Malware payload (AveMariaRAT)", "value": "3493e6daa4a9da778e92a1fd22eb7d6801d60b58ee119ac9fb8d43e126cf34a741cfb3cf81f38153b0f7857d50b29f95", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189624, "uuid": "12aa7242-a830-46a0-87be-27931b085500", "value": "T1BD038E5AE79E02A48F410277271B0A89AAFDB73DF35054A174AC933433EDC3D42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189624, "uuid": "38df2809-c224-4c43-af18-0202cae718c8", "value": "768:XFx0XaIsnPRIa4fwJM1oaI52q9N5gjYxY/RxHWKVjVvyJjgu6:Xf0Xvx3EM1oH5f9N5tOLVjegX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690189624, "uuid": "cd8be68e-2c38-4adf-8314-054130f5252c", "value": 39315, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690189624, "uuid": "c1b836a6-ffc6-4b82-8bd5-8c2edc06992c", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189624, "uuid": "64ec25e4-539a-4a11-b5b5-631a9180ec96", "value": "Order no. 18640 -20112023.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73876123-2a35-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690211955, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211955, "uuid": "2ccac553-7a75-4b0c-aba7-6d402dfdc41b", "comment": "Malware payload (AgentTesla)", "value": "33107c5f45a7f01a4267ae7cf41f8f4a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211955, "uuid": "b296079b-407b-4474-9d65-af132c995c5f", "comment": "Malware payload (AgentTesla)", "value": "50f9aec76a39977afea63d7057a8f3d6ead2777feffbcd205d55af0f9c286a61", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211955, "uuid": "5f90aded-bd6d-41cc-8146-a3d9c3e56761", "comment": "Malware payload (AgentTesla)", "value": "a8e967271d0d0e1ce839d864e001eb048fa1c925", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211955, "uuid": "339df293-c1f0-4e9f-9ef0-4ef63124a103", "comment": "Malware payload (AgentTesla)", "value": "97693df0989a85bf6f087f34167b884ca0dbb1fb70338b16d0e519e29f27b7129c686873220ead2361680212154c6a5f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211955, "uuid": "0cb655f5-d097-4684-90a7-1a1901660f5d", "value": "T1C605121437B1AB22D6B4BBF0A2B4502403B1A5592837D39C5EF470EA1E62F816F91FD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211955, "uuid": "e085ac78-03da-4e3b-bf7f-e50ac3fe70c2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211955, "uuid": "3e362f96-e2aa-4762-b976-6ce668d62cb2", "value": "12288:xNvJRBusyfTEPUpaV9n0Tkd5jnYTqbOGb4ZQPzAOBC9zRHvq4blqTw0t:rFurppYnJDYTM2c5ChRPq4blqMi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211955, "uuid": "3c0166a7-c9d0-4f73-b90e-5371d6b909c2", "value": 834048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211955, "uuid": "1281c251-77e7-409b-b6bf-511391e5cf12", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211955, "uuid": "81d67544-a5c7-4af1-91d0-262a942b646c", "value": "33107c5f45a7f01a4267ae7cf41f8f4a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56afb4a1-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690178835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178835, "uuid": "b1452628-70a3-476b-8a5d-480b468ab556", "comment": "Malware payload (Formbook)", "value": "938377ff60a6ab80740fd08bd4a4b095", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178835, "uuid": "457b55fb-3881-42a0-8ed2-045056e0306b", "comment": "Malware payload (Formbook)", "value": "512861c49503d13c3c1e7c1fff398054eae819195f839aafd803c853cd25143a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178835, "uuid": "1cda9787-61d3-42df-9bea-d45085a5d3ab", "comment": "Malware payload (Formbook)", "value": "b3f156bcc37b272d1fbb8abee3b0e73983eaae30", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178835, "uuid": "7f87f34b-3215-484a-87bc-e0d6ade4cdcf", "comment": "Malware payload (Formbook)", "value": "09c8dc6c6e72d5257a832d514dc30ca9553484da6e03672c521cd3e8510e37635f771c26c5769550f04f935ded9b454f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178835, "uuid": "8a3035be-fc2c-4491-932d-e7304d4d9cdd", "value": "T1E6F412993B2A2E23E298BDB605A5E11613F362111123D3CDDE7750C82E66BC0FF516D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178835, "uuid": "7408737f-c23e-4dcf-9180-f37ec801a509", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178835, "uuid": "3c4516c9-2853-479c-b1c1-a69652874252", "value": "12288:KpvJRBusyLr0ClYMBsP/EkjCZmDPaV5E07+MopG/d5:AFubJYUqckjZP+Xhx5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178835, "uuid": "2567f649-1d96-4514-8e8b-3b8399e7c6e7", "value": 764928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178835, "uuid": "4b02f885-8961-4be9-84fd-3699ee0b56c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178835, "uuid": "26664012-b948-4e58-aa00-98dac4caf67b", "value": "DOKUMEN PENGIRIMAN ANDA_Html.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "908654e1-2a78-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690240780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240780, "uuid": "58ac7923-93a0-4d4b-8cec-30b64c8b3cf3", "comment": "Malware payload", "value": "ce4cafe853e9d534a5a8027c2b28108f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240780, "uuid": "60e6daac-f36f-42ef-835d-7d6e666f8f56", "comment": "Malware payload", "value": "51f0c7ac5545d95d7e8639526b2c1ed4a4a2106b09c7e8bffe4e83e2d3408c09", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240780, "uuid": "e77514e4-5ee6-4fd7-aa93-e5f7bb28a90a", "comment": "Malware payload", "value": "78959671732cbef5ba5cec434e4552983d98b4b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240780, "uuid": "dcabe021-d41b-48db-aca3-830f26d6500a", "comment": "Malware payload", "value": "f7ec25372fe31e5ecc85c8c52b901b923c1034c7be49150f4c56e05b2d1889e8f8a39797d0fb3dd57ad7e88567aa6a92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240780, "uuid": "de0da418-b317-4fa3-a7f8-aa40f93ff197", "value": "T1BCE64C5133A450E3FAA1F2B48D128E62FFB1B9E52718974714A5C1E43F46EE52EED0C8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240780, "uuid": "6e928b39-5b35-46ac-9707-959530cca941", "value": "bb6047aa5b5159757c878e08b5ea7244", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240780, "uuid": "f5bc31e3-9f30-49be-9857-d53667a698e1", "value": "98304:ApvrtiZ/wfDxfRv8QqkoGEEN9D+ZOk6XyAC8p9cmBAjvMK/E+:qUw/8Q3Ec9D+A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690240780, "uuid": "6a3c10eb-8cc4-4f04-bfdf-bfbdcc29cc4e", "value": 13995520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690240780, "uuid": "92d1c7f7-7d69-4ed0-b214-9fb520cd237d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240780, "uuid": "bca742f7-f5c4-4572-aff0-011592aa0ddb", "value": "PSG2307.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58973fde-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690178409, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178409, "uuid": "701b90f5-b065-4c23-8c67-46629bdab3bb", "comment": "Malware payload", "value": "6d5e68b2f59517586f333bff49958ffe", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178409, "uuid": "2dd3a62d-71f7-4b8a-86bc-8d6e90c36fdb", "comment": "Malware payload", "value": "534be640f3299e5752ac4862f6dc867d449019d6430c843f8a22f47a95f4158e", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178409, "uuid": "ec74908b-e384-4cae-9ef8-d0b326f88933", "comment": "Malware payload", "value": "dd7a068bdc5461cc166663655a22437012afd904", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178409, "uuid": "8335293b-444f-4983-a10c-b66a05e21a9b", "comment": "Malware payload", "value": "9e6532fad24428a10465e097195766ed197f3efc3f3566dfa975c49b0fb97e27217670008f634f17b3dcf34f25956054", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178409, "uuid": "ce824bd4-a8ae-4c81-8d34-30e5e824d30d", "value": "T19751FE201AF712D9E2774735BFECF2B74272F415B52EABB9020082E48B25210E861F3D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178409, "uuid": "c5c159af-2d77-4453-9056-0e47c4b66f2c", "value": "48:8WAh45OyTKWRp4QcQAdjbukAb3fMo2l3zQrabxb:8vYnbpNiekRzQrM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178409, "uuid": "f4f20514-8ce5-4621-8c4d-85f58ea2b63e", "value": 2911, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178409, "uuid": "0d44af0d-a621-4ada-8f47-c558abe171da", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178409, "uuid": "2388bf8b-f6c5-43af-a45c-4c55d439e856", "value": "Serial Key.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "985681c6-29ee-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690181522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181522, "uuid": "9b2a4747-07f6-4f01-9366-a5ef6b0ed1cb", "comment": "Malware payload", "value": "afbcc9c11e38e1dca67eaae18f2ab7b0", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js decrypted", "colour": "#335124", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181522, "uuid": "c61ae602-7729-4afb-b823-2be35ddb696a", "comment": "Malware payload", "value": "53b0e253e4b2ad653b1865c472acb2ae0b605c76ce99875ed16b9538d4190b62", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js decrypted", "colour": "#335124", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181522, "uuid": "6b3513cf-1cbe-4271-bb23-1c21862cc73a", "comment": "Malware payload", "value": "aab06d563543102406b18332f5367c1a13431a64", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js decrypted", "colour": "#335124", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181522, "uuid": "11411218-a4c1-40bd-84b4-aec0a23a53e0", "comment": "Malware payload", "value": "39ef78632d41226abbbb99966a85a2e84a12e0e2018c7ec13c6238c2b44610762d822153b067392ff1e6af78aa3803ed", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "js decrypted", "colour": "#335124", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690181522, "uuid": "3000f699-a6c4-41af-b124-a2730a29e3ef", "value": "T1EC93F9066E9B812052736BC5FD66AC8CF711F05B72D801477E5CA1885FBBE08E6E61BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690181522, "uuid": "992b59df-a806-4f5e-9234-75f228d0aca4", "value": "1536:hOV/d4wAbL4DKC9Q7jKyoMytVzrxEpnccQ9vIDPV:oV/d419gW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690181522, "uuid": "4ac087b3-4861-46a0-8748-97defb81c4b8", "value": 95054, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690181522, "uuid": "8ec10f59-2bfa-442a-86b4-4330edc7f342", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690181522, "uuid": "1bdf60e6-26d1-4e61-a3e8-822332f4213e", "value": "js.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43314840-2a42-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217457, "uuid": "7ac474e8-ad88-44eb-b9cd-5bce2cac0bce", "comment": "Malware payload (RedLineStealer)", "value": "c1c68296279c9f2162742677276b1aca", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217457, "uuid": "d759183b-8124-4d32-816a-ce5e6194f197", "comment": "Malware payload (RedLineStealer)", "value": "541cef4c8e2a358136427d6dca1e67aca03aeedb4cb006633e145ae24f663969", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217457, "uuid": "b0d5324a-8ad9-4e26-a40c-572b53933a0a", "comment": "Malware payload (RedLineStealer)", "value": "9d88db7c0fa46e91de496f5f503c4c30681b9189", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217457, "uuid": "88b2acb5-c9e6-4e1c-a7e2-a36d5cdaebac", "comment": "Malware payload (RedLineStealer)", "value": "9c7278e286fb5b0b14c3dd9f08061f979687b7effd7075ed5366e9a67ef277ce922824dd1e507bbc604d15469192ed3e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217457, "uuid": "fc2b7b38-b0d7-473a-b325-19a3d62631e9", "value": "T1A884F212F7E58173DDB617B15CF703C71A36BDA28974936A2682659B0DB3280E87133A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217457, "uuid": "5b823d52-5341-44a9-a55e-74a166790348", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217457, "uuid": "a7dc13b0-9782-4a60-9a88-30a69451440c", "value": "6144:KTy+bnr+Ep0yN90QEhU4WagVg+CxX/OHrxG5BfeSIWwEAmE+OZKR4GbGZjMt:RMr0y90bUrVWMrxG5lD+EwabGjMt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217457, "uuid": "46b50e3c-793c-428d-99a2-b939a7903496", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217457, "uuid": "7bf3e335-d0c7-46c5-b553-49e5fa6f340a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217457, "uuid": "e56fd688-6523-406a-837b-531e1cb21c63", "value": "c1c68296279c9f2162742677276b1aca.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec20bd06-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690210869, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210869, "uuid": "35fa0c8d-147b-404c-9082-55501c7c5738", "comment": "Malware payload (Amadey)", "value": "2c30831eb76b914da639870474874647", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210869, "uuid": "6248f17c-15b6-414a-bbd0-999cb4b940a7", "comment": "Malware payload (Amadey)", "value": "54c7045609aed1c9afab0db5cf3dca15c316247b5b42b6cabb2e5cd5f990155e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210869, "uuid": "5ca8e247-e6b9-471b-82ee-ea8de1a99799", "comment": "Malware payload (Amadey)", "value": "e239792c78544e4b4a2b2f4a606be0e314269239", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210869, "uuid": "214d5c28-21ef-4570-a393-e58e77aa426e", "comment": "Malware payload (Amadey)", "value": "55bb9dd69603ea0ec4f15f51b3085a3cc707bd385868778c594dc25b09e30b77b291faefc2267f00c961fa3a044d097a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210869, "uuid": "6192c544-84a5-4df2-8a2c-9026bc7e3754", "value": "T1A254D617C2F13D5DE927DB729F1EC3E8765EF6508F497B66221A9A2B04B01B2C163710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210869, "uuid": "f5102f73-d799-44f0-81d3-b27ae70c329d", "value": "643dfe69bb37214a28d08dd70c9d2c6e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210869, "uuid": "a460242a-c265-4241-89b5-b07c397b922d", "value": "3072:QalnuIOpL9gEfLjHtVlIF75hNGRQB5gp1hn3bzF1:37OpLaE3eF75vGRQUpL311", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210869, "uuid": "335384fe-0442-4c46-9257-bfb70b239c9c", "value": 301056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210869, "uuid": "5538d8d5-8dd8-4d90-842e-f7e93b271289", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210869, "uuid": "5680856a-a7b5-49dd-b12a-608d8158b66e", "value": "2c30831eb76b914da639870474874647.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7725102b-2a38-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690213250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213250, "uuid": "c3b4495a-6c7f-4e1c-b011-4413eff6bc05", "comment": "Malware payload (RedLineStealer)", "value": "3596d2031894bae219111af96da907c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213250, "uuid": "70e64049-cc59-4592-b4c8-9169da525371", "comment": "Malware payload (RedLineStealer)", "value": "55a2613b9117beb668b5eda94de72151952cc566a09c80460e6169cfe1e7edce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213250, "uuid": "e5b468ac-4de8-4113-aadd-5847ea9a298b", "comment": "Malware payload (RedLineStealer)", "value": "21c0f19aa3d9e05ee8d8c6433acce202f0e60ab6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213250, "uuid": "2513594e-3467-4188-9f98-790f9a994f37", "comment": "Malware payload (RedLineStealer)", "value": "42ca8e6c30de1d969806307406ced766a10a56c74b1349ec5355ac716cfb2fa8825eadf7b9ef5d3e19662ad517eeb5ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213250, "uuid": "150f2c70-efab-4003-90dd-bb3595d71ace", "value": "T135B41252A7E8C077CC712370A8F602C31B367CD19C78976B2B82AC5A1DB26D86971737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213250, "uuid": "d265c827-7666-46a2-b2e2-b7c250a4bebc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213250, "uuid": "c6b22522-1e98-4bb5-a39f-7f486ce1135a", "value": "6144:KHy+bnr+zp0yN90QESKrrG+f2s1De9WhDPxn7r6DM59U1UHSllzk7dX632XG8FWU:5MrLy90BOJW55n7rDdHIlzF36xooH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690213250, "uuid": "51ba37e0-1352-4aba-94bb-a901a27a53e6", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690213250, "uuid": "fa7cba80-91bc-497c-a48a-15ac59f8ff93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213250, "uuid": "9b1c7150-8bd0-4f20-9f10-5a94fbd42301", "value": "3596d2031894bae219111af96da907c0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90cd83c0-2a2e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690208998, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208998, "uuid": "54b6889c-4faf-4419-8a71-4d7310b9da3a", "comment": "Malware payload", "value": "63b061aa24271c46ad213e1d9cf39611", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208998, "uuid": "b200bcd6-d051-4729-afa9-b8b352d7ddce", "comment": "Malware payload", "value": "55b8f4bae4e76f1af9e36cf63490cf5037f74eb94dbcfacdeaf8c5d29a227a74", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208998, "uuid": "8341ace6-8a22-4359-8492-d63179c7f756", "comment": "Malware payload", "value": "1825b17ed17634259af5bcddc2e17bf6d8430a68", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208998, "uuid": "345480f9-de64-4ec8-9bfe-f7f11d3a1298", "comment": "Malware payload", "value": "35b95487f161e575c5ddf290e591798d3a8e52ac6317398f821824ee4b901831270c3b2ce3c3a5c0ae21c6423bb29e91", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208998, "uuid": "246077b8-8099-49b9-948d-b2cfbd2f5632", "value": "T10446334BB8CB1F32D1294775709F57CA9EA94E040B47063763FBB28538F27147AB849A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208998, "uuid": "29183d07-3321-413c-88d3-9949d7b731d7", "value": "98304:9nWMy2eOSmUNQiveS0nGRehMc6zEmktLFt7s365qqXxHw+v+y3hfHDdu7gQD:9nWMyLOiv4GRemc6zEVtBt7Q65qqXxQV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208998, "uuid": "0c44b349-a45a-430b-b705-bcc732e0307c", "value": 5881344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208998, "uuid": "98c106bd-ce5f-4573-ae5e-060b37f4ff9f", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208998, "uuid": "9daa8e1b-bd86-4213-9d98-ec35ae732a70", "value": "Setup.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c1dd7b2-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690211137, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211137, "uuid": "f6125b62-a71c-42e6-8cd3-6dfd9997e8fa", "comment": "Malware payload (Amadey)", "value": "886cbfdd99e1429ee45e56555632595a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211137, "uuid": "b2d1ab57-b228-4336-bcff-aa21a773e0d3", "comment": "Malware payload (Amadey)", "value": "55de348478f00c0877bff6a44118e1b412443ef85c1e45f12245fb8483acb6bf", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211137, "uuid": "12fcc50b-d3b3-4832-a921-70928fe3ae62", "comment": "Malware payload (Amadey)", "value": "4e6bf126ffdff44ff512d4dd7a60a410fd53a6c3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211137, "uuid": "ae7d2c8b-cf52-493b-844c-a920f7e511cb", "comment": "Malware payload (Amadey)", "value": "a09ed443bbb7997a8b826a09e31da7e46b77f3ab6391656e6f5a5aa37f4564fa628dbb02614388a162b38800ead6247f", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211137, "uuid": "13873b90-4719-495f-bc96-74b259deaf42", "value": "T120840212BBE99033D9B52BF058F602D30B36BCA24D74836E2785995D2DB23D0A572737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211137, "uuid": "2abe4642-ac37-457b-a42a-bf45ec323b95", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211137, "uuid": "0870f9ea-80da-40e0-a1fb-0280c6f10864", "value": "12288:YMrYy901cQx64cJM44GRgBYCoqZlqW3jN:gymbx2S4j6z5W8N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211137, "uuid": "7dbb6bef-5f45-4dcf-984b-0ceb34978ca1", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211137, "uuid": "c2eb37f7-72ac-40c4-8f60-3da1e7b8f08b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211137, "uuid": "b32c9c5f-654f-4a91-825d-2561942871f4", "value": "886cbfdd99e1429ee45e56555632595a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3c2baac-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690184199, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184199, "uuid": "ae6b76d1-79b0-449d-b087-19d0c9009182", "comment": "Malware payload (AgentTesla)", "value": "a747bbfac48b259b84bfacded8d55ff1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184199, "uuid": "515bd642-3df8-4780-a821-a42b6814f2ee", "comment": "Malware payload (AgentTesla)", "value": "5821bc379dd99117f94a7a780117c51c5498a16320e78add9e3a080093db9068", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184199, "uuid": "aec2c4c3-29b1-407b-8e5d-3323fed8b496", "comment": "Malware payload (AgentTesla)", "value": "cfaa6784406d86b8829ff1553f2781435627bd1c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184199, "uuid": "c5874913-3ff0-4c6c-885e-7664babb7f83", "comment": "Malware payload (AgentTesla)", "value": "ec093f74ac62e670f1ff76d3813488842df895bca3b088ce5ff77c891e97311cbc61dd8d2f444a67ada7353f33c4a343", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184199, "uuid": "41598db4-173e-417c-bd77-bcac62b6ce75", "value": "T16D6423E91A1EBAAB3DE3D701CE304785512D72D28961BAD13C32777984D06522ECB64F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184199, "uuid": "88cee0d7-ccb8-43fc-a369-94155fa2228e", "value": "6144:/pU8ih6KYXyI4ZH+RUzJF03oscSzXhxpbRBm+pZx5j+p4FXOd63bkD/rh:1ih6lCI4ZeRn3mSzXBbu+nDF264", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690184199, "uuid": "5bc30c0d-6de3-4287-a617-468346a24dba", "value": 314590, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690184199, "uuid": "0f1f378e-0f0c-4692-bceb-e4e6d3cfd440", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184199, "uuid": "8ee5223e-9e93-4cc2-9f57-eb0e9b33be93", "value": "Invoice #202188.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80ca7816-2a3d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1690215413, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215413, "uuid": "63cac1b8-d0d0-4f82-8093-317ff1b8f163", "comment": "Malware payload (AsyncRAT)", "value": "1098d320c326637bbcdf5f451204fa5f", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215413, "uuid": "42924f3d-5b1e-444b-b334-227f30d36b2e", "comment": "Malware payload (AsyncRAT)", "value": "5899c6cc2b11f9a7ea953496e5808cd87f8bf85bbed2cb419e50524e9c76cf30", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215413, "uuid": "9a7f477b-1267-43d1-9772-5ab8e53128d5", "comment": "Malware payload (AsyncRAT)", "value": "95964522934c9aa64a7515b097e05d7bd0631e5f", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215413, "uuid": "44c8ff58-1ca3-4b58-9db1-f8c9cbd8a849", "comment": "Malware payload (AsyncRAT)", "value": "2706d5b229f2476127ffede8f560271f109769f9e9042d837f08d63fd7668bfd526157715dd0d8ec1abdffc4eb7c2a40", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215413, "uuid": "0ce5d0c0-254e-4333-9446-e0b99beb5e0d", "value": "T150046C5837E80A15E3FE5FB8F0B012158B76B477AA1AE75F08E920ED0D62750E511FA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215413, "uuid": "fefee638-90aa-4e7c-ac2a-abea8de44e3f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215413, "uuid": "4da8c2ae-cb54-4d91-b361-b4472883f430", "value": "3072:ie8oX8Sb5KcXrtkkXmf/bDsvqtU+lLToChAP0UZ0b2gTlwAqE+Wpor:zXtb5KcXr7XmfgqtjhAxZ0b2a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690215413, "uuid": "cb361726-8e2a-40b7-9cfa-f4710ff69325", "value": 179200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690215413, "uuid": "175077bc-1dc3-4c73-9b08-aa42bb134405", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215413, "uuid": "7d407658-9571-444c-af45-c865f76a54ae", "value": "Server.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98d34bb8-29e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1690175510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175510, "uuid": "50d81ae2-df5e-4ff1-8af5-9b87ce47c7f7", "comment": "Malware payload (CoinMiner)", "value": "d301e057a599f796b6d1335a30efd1e7", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175510, "uuid": "c83f8680-a8ad-4370-8707-d97cf1872dd9", "comment": "Malware payload (CoinMiner)", "value": "59595ebfcadd54198faf0ad6a2c2418a262cb3900392eacb285f2e32b631bf6c", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175510, "uuid": "a4ab1c74-e5e6-4adb-9af4-a88734b059e1", "comment": "Malware payload (CoinMiner)", "value": "b6bee2b618b6f7ea611f8f415e8c8d9dec74c748", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175510, "uuid": "846f1cf9-2004-4d00-944f-26b5d8f6eb36", "comment": "Malware payload (CoinMiner)", "value": "9bf911e7459fef43fc804fb79ecc22f2201cee938b848510ae41aa0187ea751158dda80c46f87859bb2f63ef8c630789", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175510, "uuid": "0dee4f7a-6fbd-4185-909d-b0bac2dc758e", "value": "T1B5763310B981847BF63501BAC6F9A362CABB503C171407C3BF7D5EE67B689D12B29253", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175510, "uuid": "7946406c-35b1-4387-a686-f2b38fa3b040", "value": "fa8d20faea9ef7b4e2b7fbfe93442593", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175510, "uuid": "89b3879a-a750-490a-bf4f-02b7fd2b2b30", "value": "196608:04Qcq8KK8Ioew+kpFmLQFgYK6nHPTZar7crAHjDtqi/RzmTMNq/fw:EcqcRoe5kFmGbbSsADcMRCTJw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690175510, "uuid": "7e0c14a1-f54b-4620-baaa-0ea497c0c343", "value": 7437183, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690175510, "uuid": "eee116b3-6596-45f4-91bc-fbbe34d32d96", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175510, "uuid": "e11d7d5f-3acd-4272-a141-caaea160f26a", "value": "d301e057a599f796b6d1335a30efd1e7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd07333b-29e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1690175571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175571, "uuid": "f7117421-51d0-4d11-b8d2-0a658be5588a", "comment": "Malware payload (NetSupport)", "value": "e312f3a68eefbbf83da379f227dd0ff2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175571, "uuid": "16cf8265-3469-4732-992d-7aa3e8ac1455", "comment": "Malware payload (NetSupport)", "value": "59db50866d1de1b8c0f7b33a5f2569ce77797180cfe040c4fe7758f8abcf4bc1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175571, "uuid": "696bf722-53dd-4e7d-83bf-78e3a4fba86c", "comment": "Malware payload (NetSupport)", "value": "ac9951b01cd1577da7ac8f5b1114f3683ba27e61", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175571, "uuid": "08393d22-3718-490a-b2e1-965ea4064b8b", "comment": "Malware payload (NetSupport)", "value": "541ad1f3f46e287bfedae0a0c2d72a537c7d213072c01b88572e7f3ff83a0f57299e2c85a10974548d39cddc7b383bbf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175571, "uuid": "d00a70b8-44aa-44c3-ac19-dfda60dc0ccc", "value": "T1DB061886A6D111A9D0378174D6693366F93BF5DC1B248BC3AFB9844F43DAEC42AF9700", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175571, "uuid": "877f1128-078d-4c5a-b962-1e3854cfdf0d", "value": "fe1147df2ee30051a844565381a6e079", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175571, "uuid": "91e380f8-c2d2-4963-a06b-6e08eddbaa09", "value": "49152:8BWotRsnvwin6+SfrVthQA232WpNIYf8P:1zIJtho32WDMP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690175571, "uuid": "58eb6007-7004-4c4d-8025-305b890d2a0c", "value": 3869832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690175571, "uuid": "f50481c0-07d5-4164-ab96-ae602283ce5a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175571, "uuid": "54e98938-57d8-4645-9bec-ac9b9db05018", "value": "e312f3a68eefbbf83da379f227dd0ff2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bbb558d1-2a37-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690212935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212935, "uuid": "d7a24c6f-3efe-4859-baa1-cdd7ab7bbfb5", "comment": "Malware payload (RedLineStealer)", "value": "d16fcc6840fce5ce0be4ec1d78158467", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212935, "uuid": "419d0dcf-e53b-40e3-9e48-b7ee9ce156e4", "comment": "Malware payload (RedLineStealer)", "value": "5a1b4b089c6146cb5da69e8bfd33cf23cc18c7fdd6669217c1efda9d5e867de1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212935, "uuid": "abe0bcd1-2bd3-4342-8173-6bc70d810959", "comment": "Malware payload (RedLineStealer)", "value": "4989c0723780fe5f51dd122a085ec20f48cda3e9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212935, "uuid": "2582cb9c-d957-40c9-837b-3aeedcfb2f7d", "comment": "Malware payload (RedLineStealer)", "value": "e2215524e5c486bbd30008db599afd133291669fcba659f8a9e5b1967dd6ba9d5db591fa90ad382f0247fd7aaf76de92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212935, "uuid": "e659ad5a-d042-4821-acc9-d3494083d363", "value": "T13C840117FBE84133D9B92B7068FB17831A317DA19938876F2785691E0CB26C4A43573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212935, "uuid": "21acbf91-4bc3-4234-aa84-7edc21480f62", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212935, "uuid": "e91b436f-ed67-4df6-9a07-6631de564523", "value": "6144:K9y+bnr+op0yN90QE8lyVrJNRTFlpVipa92ZwlpC7Eqb74R9E0F:PMrsy90OlyNjRjpAk2YpC7Eq+9EE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212935, "uuid": "692f5904-a195-45dc-a39a-dc5948fa1f1c", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212935, "uuid": "7d628b58-adf8-4e0a-83fc-cb1e2051b3bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212935, "uuid": "f6e8b5e9-8dbf-4585-9aa9-49fbc8da4c6e", "value": "d16fcc6840fce5ce0be4ec1d78158467.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec3a1f2c-2a2d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690208722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208722, "uuid": "ca379ecb-3f0e-4b32-8d19-259a78361fa0", "comment": "Malware payload", "value": "03c415cb31899a1996a65c89a16396f2", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208722, "uuid": "762effbb-aecd-495f-9bfc-b38a0c37a4dd", "comment": "Malware payload", "value": "5a4c7f5eba2c5ef682598ea420ea5e366e1abe0933704c97dcc4bfdd3d3c0ed2", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208722, "uuid": "04554b48-4e92-4437-9f10-7bcdf8a7501d", "comment": "Malware payload", "value": "175d286c7c0d69539364c07060583c4c4bd55683", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208722, "uuid": "70d8b433-60bc-442a-9620-454c6ebdfdfa", "comment": "Malware payload", "value": "706c6ce9393cf6fee1f66c88b997b5b1b4aec41c3bce4ffb2b11d389b565fb22e7f7c29346c02f5ed0685d06cd4276a5", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208722, "uuid": "a72dd2e6-2a1c-4d02-b9e8-098b8515f86d", "value": "T1AC46334BB8CB1F32D12A47B5709F57CA9E684E040B47163763FB728438F27147AB859A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208722, "uuid": "689cf7cd-7d6f-4c03-87cd-8be430a5feac", "value": "98304:JTWMy2eOSmUNQiveS0nGRehMc6zEmktLFt7s365qqXxHw+v+y3hfHDdu7gQD:JTWMyLOiv4GRemc6zEVtBt7Q65qqXxQV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208722, "uuid": "66765e54-1f12-458e-b03d-c93861543587", "value": 5881344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208722, "uuid": "4becfa30-753d-436f-91e2-4d66039d8a95", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208722, "uuid": "6b54df19-82ca-441e-826d-bcc4b8068d75", "value": "Setup.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63ba9030-2a1f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690202480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202480, "uuid": "98e232c4-9cf4-4ef9-a557-f0abf785a54d", "comment": "Malware payload (GuLoader)", "value": "57dbd47b9f333ba8c4beb28228e0217f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202480, "uuid": "31cc8587-74b2-427d-9186-dd747222ee3b", "comment": "Malware payload (GuLoader)", "value": "5a805fe34e8b5e32ea166eb6fc3db6b0e858fcaaf28405ac4f1790215f66e670", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202480, "uuid": "fd27dea6-6303-4083-954e-cde97eef7327", "comment": "Malware payload (GuLoader)", "value": "dd5d6122135260312f376caf9ba2c72fb37c6e07", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202480, "uuid": "67a806a5-219b-4f23-a868-e55e84775423", "comment": "Malware payload (GuLoader)", "value": "46de567c803db1e565d7f7e89b119a07dbb4cee64af7b29561e110e3cc6380762e65cde23c161a7a085bf69e42707f62", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202480, "uuid": "df13d8e0-7077-42af-b7cf-eea0588bb595", "value": "T131841255A692E60BDD515B704821DEBA36B3BD92EC201A0F77503F0F7639F83484EA63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202480, "uuid": "bc4048b1-f0bc-4af4-8656-f35a63ecfe24", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202480, "uuid": "0c21d13d-c592-4ac0-9f51-d60df9f341ef", "value": "6144:zMm4CC4CCKrsoBu4FUrhpOlMWLMcTX4Qh9S1ojsEfFTrRmjfKBmFR4d9:zMwxQBao0ct7vHdfRG9FRY9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690202480, "uuid": "b5345040-7214-4b7e-97d3-25641c5b37e7", "value": 403331, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690202480, "uuid": "75b530ce-2539-4030-82c6-66a39216853b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202480, "uuid": "979e64ff-14c1-4ab4-be30-470e8b9e470a", "value": "Hylotheistic.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b006d0c-2a01-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690189661, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189661, "uuid": "9c85f22f-da8c-44d5-bff8-f70897de8026", "comment": "Malware payload", "value": "60f4b85e738d43d2ca916189d39b825b", "object_relation": "md5", "Tag": [ { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189661, "uuid": "8dbc0994-bb80-4a24-9cc3-1c0485b76a0e", "comment": "Malware payload", "value": "5aa35e083c454c5023f38430b833b82e736f74ec816d2fa40d996a05f2bdff26", "object_relation": "sha256", "Tag": [ { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189661, "uuid": "6b3f7f03-0b35-4862-b767-56c431ce694e", "comment": "Malware payload", "value": "679b1d8223cf1856dcef6af0e03efdf3d2830adc", "object_relation": "sha1", "Tag": [ { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189661, "uuid": "3c7436cd-4e02-490a-b4b3-61d073319589", "comment": "Malware payload", "value": "fb25f71ab46c86acb846375b88171219085eec0c178d6ce5a753a40904a07b5ab69063b73d6221e2695b12bf1741525b", "object_relation": "sha3-384", "Tag": [ { "name": "xlsb", "colour": "#0C1619", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189661, "uuid": "134cc7d7-4bf9-4831-8bca-5269f72963c6", "value": "T1410412994336AC48F872D0BEDA044CD60D49A5C246E18C7F16E0A7F15F7126A329AE7B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189661, "uuid": "f3d669e9-5f1d-43e9-ba46-2570dfe6f3d8", "value": "3072:E4eA/8iPyQtNNHqMiaDV02td+uiF3pX3Y3vKBs8VHGJG+sw5k1wHjiW8tApBNY:PevisMiiVzdhiDY4HmJGTCjigm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690189661, "uuid": "c2e63df5-bbc0-4d15-9912-f2f965662b73", "value": 185432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690189661, "uuid": "eab9bcb7-aa16-4535-9c36-ffc71e105c4f", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189661, "uuid": "5aec587b-fcd7-4858-bbe3-de06db871698", "value": "Payment Statement.xlsb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8607da03-2a2e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690208980, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208980, "uuid": "1d18948c-4e3c-4809-be32-f2493da16d55", "comment": "Malware payload", "value": "9a4355229ff5a8c3d8bb82e46a3386d8", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208980, "uuid": "49cbf48d-f245-4497-8342-48496826024c", "comment": "Malware payload", "value": "5aa9210c370da12afec57a25e88c0460ba2757df4ba96d2934bf6af77c3d537f", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208980, "uuid": "f27f11c9-5f24-4ec2-9083-8bcd02cce3ff", "comment": "Malware payload", "value": "3473e53f5d809c2f0205fdaafe9b40bba2c9e693", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208980, "uuid": "ef1cec32-62e1-4456-b973-48835a67f098", "comment": "Malware payload", "value": "58a95a3056a851044d764fec7a5ea0b19bf3d1c96b01e046c458aaf23e50ab1365e5268999d5d2e2d936be6686109380", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208980, "uuid": "59ab6920-041a-42ad-a7e3-901d6e43aa99", "value": "T19446335A869BFD760570277C06796B4A1FA09E9B49F7F4806C4045B8F16B8F8ABC3F04", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208980, "uuid": "25f15413-76e5-4df1-9ce0-63d359d122a7", "value": "98304:mu4uOp1bzJPU3lJGtkWqE5sAsMiIJ1cmftoSW4IKLFqIH5Dk/7GK7:moOplzqVJGtkWq4tr84pFqyU7GK7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208980, "uuid": "7533eb5e-b825-44c7-8491-bc1e1187195c", "value": 5687002, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208980, "uuid": "9d38570c-f1bb-448c-bbac-5d7f5c407637", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208980, "uuid": "6036c61b-53ae-4541-ae1b-371450f8d8e0", "value": "GoogleAi.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd28f5dc-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690184188, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184188, "uuid": "ea02f014-699e-4ebd-976b-74eb964261e6", "comment": "Malware payload (AgentTesla)", "value": "9d0dcfa4f5163eda6722ab3b7fe35cf1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184188, "uuid": "eec79966-b9b1-46c9-95ce-9cbcb2cde333", "comment": "Malware payload (AgentTesla)", "value": "5abc92d8d595c423f5599b2745382a4efd7f7af1ef76e5e4b7d5c52423e4e0e2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184188, "uuid": "c85e7b97-993d-4316-8d41-b7bf25b81aa9", "comment": "Malware payload (AgentTesla)", "value": "fcde6d90ed9fa48191de8c5e8b64648d3fa24170", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184188, "uuid": "a10e3e49-0557-48bc-87c6-bc230b1f3315", "comment": "Malware payload (AgentTesla)", "value": "aadbc78ef7779843452112cc48fa462f8bd1a32168ee4111debcca0c492778a881e270a3bca5848f391989d422099ec1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184188, "uuid": "a3b16067-d4fb-477a-93e3-34d6bc71711b", "value": "T14894CF4C560B4C1AEDA3373D47721A39ADE7BD247466623643D9FF2BBAB22803DC5046", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184188, "uuid": "7cafb4af-e899-463e-abd2-0be3538dec24", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184188, "uuid": "527c0874-677a-40f9-b2b5-7977da373818", "value": "12288:gY0iv/h2rvsV6wY6PZ0zZeRd3mSzBBbCSX7nG6k:gY0iv/h2rvsV6wY6Pqi3mq/bCmLGN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690184188, "uuid": "044ff7f4-1bcf-4c7d-80f0-e35ecf515bf8", "value": 442864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690184188, "uuid": "3926be7e-8b16-48fb-9167-1e34644a8cb8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184188, "uuid": "95b3a157-bd88-4b0d-bdd1-e67a72189b03", "value": "Invoice #202188.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65784334-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178860, "uuid": "7e837cbe-473c-4978-98a7-eeb95e45ceb4", "comment": "Malware payload (AgentTesla)", "value": "ad5982d802d2039bed552a10f41cc535", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178860, "uuid": "7a559836-da3c-41dd-870d-b204a091617e", "comment": "Malware payload (AgentTesla)", "value": "5af1aba19d9dd639542ba941b8e31495d1f9789ed426d376e87e040d5cd9df5f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178860, "uuid": "d69fa521-0178-4db9-9c5a-f1c2a78d08d1", "comment": "Malware payload (AgentTesla)", "value": "6b8d663d2f38b569881ffd458bde6f06cd30f507", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178860, "uuid": "5d35cac8-0582-4f91-a7a8-e36c3631448b", "comment": "Malware payload (AgentTesla)", "value": "70ec4b4a618a468d746fb1bed5d817d5a3193ba0e42ea4e5ff1dff2ec6cb2fdffba8ee4417b4207a04058a7edd435508", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178860, "uuid": "86d6045c-b8cb-40c0-82c3-203c54a62c9f", "value": "T185F4222033655E03E4ADFDF41AA1562663756145192BD3CECC7A30C70EA0B85BFA2EE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178860, "uuid": "08e4c48e-95a0-43a5-9820-726819c17b72", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178860, "uuid": "822cd753-8c54-4bcb-b2b3-5ead0d4d9b5f", "value": "12288:mEvJRBusyvr5Lr2zqX0y9ZAVaOiRkHIRI9SC4wJy9S8czzXqSTQRbv/Q4wj+R:LFuD5KqTZpSI3aJTzzXjTQdY4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178860, "uuid": "906c85b9-df6e-4dc2-ad48-13354a7412f4", "value": 744448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178860, "uuid": "f7676d56-0172-490d-bcaa-f4b47d9904b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178860, "uuid": "f064c50e-f6d4-42a2-b176-743c066ed498", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8911c97f-2a65-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690232607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690232607, "uuid": "da283b80-6bb8-4949-8bbf-d7efbeb1127c", "comment": "Malware payload", "value": "394f500a708c457b2a5eb4e839896c22", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690232607, "uuid": "bc14c97d-f2f4-4c6e-a833-ecd236be8fc9", "comment": "Malware payload", "value": "5b608a6729343cf8b6752d5bb201f906920fcb472f5949e04173b907f65ceff1", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690232607, "uuid": "6aedf674-b38c-4c41-bfaa-44c8f13a7764", "comment": "Malware payload", "value": "edc5d0dc190dcd0e031e2c5b43026fd3a61caed0", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690232607, "uuid": "f925269e-9691-4912-a779-ff984c1af06a", "comment": "Malware payload", "value": "f8783ff479d5750a624baf231caeda8e28f12ae298506b10ca6a5c84f2a9f771bdfcf86a7a24eea678eacaf1ba3eeda4", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690232607, "uuid": "915cb4a5-523f-4d1a-bc12-fff1fb66deaf", "value": "T12295AF0327958436EF8F61361779B71A1AB87C55C322E07F26483F69A87CE60197DF22", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690232607, "uuid": "13a08b19-e3d6-4333-90db-e3fff8cd5708", "value": "24576:HtncpVGPoI9FsEsyt8l+E+s1tB7parWM0RzDohAR5uwdtKiYn:2pUPp9FBJZEH1X1arF0KSg1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690232607, "uuid": "32d9127a-ca91-4667-94e6-6e63f77e0d18", "value": 1916928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690232607, "uuid": "3e8bd783-887a-4f4f-a5fe-13a98570e7f2", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690232607, "uuid": "b80a89a4-1efa-4ff0-bf39-309eb1fdc368", "value": "no_halt_7891.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29621773-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690183913, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183913, "uuid": "fabffae3-1dec-472c-89e2-babd95a8bbf9", "comment": "Malware payload (AgentTesla)", "value": "a7fa5ced4a417751d6a07f9b85c3f574", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183913, "uuid": "e797dfe7-edfc-42a7-8a6c-5015848209d9", "comment": "Malware payload (AgentTesla)", "value": "5b6bbfbb46ea1f1482f14231450214d439c310862952b403ee253d58c2f30788", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183913, "uuid": "7a11f328-dfb9-4ee9-b471-7016cd86337f", "comment": "Malware payload (AgentTesla)", "value": "37673faba0d2e92b4c84ed627dfe4dd7bb344315", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183913, "uuid": "f2f9d733-2c26-49a4-bb36-50ce48ad84a9", "comment": "Malware payload (AgentTesla)", "value": "12df5b82ace34a0ac6b8c2105d8d71925bb3eca8ca1929c7bd769f58956a1abe4b89b6c585a4626804386c6c640a6a76", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183913, "uuid": "34fd5501-65a4-4775-8211-1a7307c0fdcc", "value": "T191327DBA59C4D86FD307D0B6C0EB7305F2E86C936329AD4ABE30A554C97D39D5A02298", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183913, "uuid": "e8c987b9-c546-4c43-9b17-524ad073d3b2", "value": "192:y4oya0Nra4LG+4HWl4HARgZVPCK44AG9xXSJ+Ej7X4JJYK4KKwN4UKZJ464JJ4HA:eyXrlGVWEANK4499xXSJf7KJYMC4Y6QY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183913, "uuid": "6d5d4998-4461-4462-9267-58cd189017f0", "value": 11085, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183913, "uuid": "1b5849f8-388c-4104-8dcd-3562fc137adb", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183913, "uuid": "461602fa-abda-4a9e-b9d1-a00b7a289592", "value": "Scanner-payment.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "459b7cea-2a01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690189544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189544, "uuid": "38f35d1a-861c-4056-822d-f006e58b2ac0", "comment": "Malware payload (RemcosRAT)", "value": "9696b7ea51c1830ecd79efd4c983ffff", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189544, "uuid": "19648a96-b67d-4e76-8182-218810a3c19a", "comment": "Malware payload (RemcosRAT)", "value": "5b8d6d70b939f091ce83209b0cda8b79ef96490f18ea8a407ce8b1af3c89c16e", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189544, "uuid": "77f7aea4-4679-4722-a977-25bb12792ca5", "comment": "Malware payload (RemcosRAT)", "value": "ae113974a01d34bbfbe39d1ca48135a272793ca4", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189544, "uuid": "6668936e-0331-46de-8f61-16b1577e323d", "comment": "Malware payload (RemcosRAT)", "value": "88f8b019f02b056052dde726df5c6bb6c1128a737cef35111906f6c7661a17e90de759a37c42a475558b6dc43da1692f", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189544, "uuid": "4e951751-b8eb-4c84-a546-0c4f7cef0c59", "value": "T14B84F1372AD5485BCD531A3035BD86FACB728D212829992FE3207F5E1B361C1DAD126F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189544, "uuid": "92b63245-4f21-45f4-9d04-cede3f1c430a", "value": "076b06e6a65c9b7cca5a61be0cd82165", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189544, "uuid": "fc25cac0-d4cb-4de7-a136-e409f6f1dc6a", "value": "6144:Hi2E/GxdA4k7JgHczjrT5oGULZUWUkIHDKrrIX0Z8trlIEhc/mqDBn5VD7LnxUz:CzP7JMczYFUWU2r8xGEhc/mqDp5VDvxQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690189544, "uuid": "97c6593d-6b9e-42ba-a294-5026ffdd9f87", "value": 376672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690189544, "uuid": "0fa371b0-89c9-41d4-9aee-8f5fe2cde1d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189544, "uuid": "faeb87b8-7094-4f2d-8b01-240b53ef9480", "value": "DHL TAX INVOICE 289868063.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca39269d-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690191055, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191055, "uuid": "5610ac09-d8cc-4db7-a352-116f2b6f7e4b", "comment": "Malware payload (Mirai)", "value": "9f12f77027ce00fc09e63a17c691ca46", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191055, "uuid": "92fe358a-e9e6-48a6-b7a8-77bf03ee9dc6", "comment": "Malware payload (Mirai)", "value": "5be711323ccbcebd590c4123cb3ff2c6ba5c2ae7104f7aaceeef17cf489759b2", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191055, "uuid": "18bd0f35-74ac-4f78-b1c2-ea9a923b6c52", "comment": "Malware payload (Mirai)", "value": "a951fa8edb5f66e9fc858f41812973676245416e", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191055, "uuid": "fa4fd9c4-6971-489c-a708-0693cd1f1ae2", "comment": "Malware payload (Mirai)", "value": "c7e42de93167d0561e82499899978f1aaf8b7a0ed466b6937777708cc6a5d59663fa5a8f017ea344d852e77f34494742", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191055, "uuid": "2b131137-1f22-40ed-82cc-d4580ce90ed4", "value": "T154F31A46EB404B13C0962BB5FADF42453323AB5497EB7305A528ABF43F8679E4F23506", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191055, "uuid": "071e4c2c-910c-45a8-8980-068279ad03ef", "value": "3072:USame1tXYkpaWsjZuJziJccfW8mS/szDDohM/RbpMwl:te1N3paWsjZazgeFS/cshM/Rqwl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191055, "uuid": "502ff60c-a80d-4dc1-a2f4-44775eb18b63", "value": 168076, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191055, "uuid": "6c3c51f0-6af3-4124-84dc-7f3c145d7033", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191055, "uuid": "3df56f7d-a9c6-4fbc-ae99-bdf3e64ba60c", "value": "cundi.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "050b2fa0-2a40-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690216494, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216494, "uuid": "cbf77ad6-6b1e-4fa4-ac04-1cd31a8789a4", "comment": "Malware payload (AgentTesla)", "value": "f08300a335d487ed2f670388a1acdb7b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216494, "uuid": "7286de7a-9cd7-43d6-a3a2-1e6aa6d232df", "comment": "Malware payload (AgentTesla)", "value": "5cab2e50cb23e022ef1c3e42dae757fb6a3d1ab8d02a2d8f6e2e54c91dce21f6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216494, "uuid": "2c5b9edc-4347-4364-97c9-94e6db04edec", "comment": "Malware payload (AgentTesla)", "value": "6965ed8fa016217a62cf5c7af2a8d99630ed1c35", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216494, "uuid": "66294bca-f81e-44e5-a82d-0806d9e0c2a2", "comment": "Malware payload (AgentTesla)", "value": "f8edcd8b97331b34cb98b008d912dc540dbee237dc7bd19942d34a927313c7511a29e535003fb98ea413190fc7f32d7a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216494, "uuid": "55d6488c-b1cb-4d67-b6cc-600b5b7fb0ae", "value": "T1E3E423006F28A66A84CD776B7F43D79129097E6F77089CDE316BC92717CAD36460388B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216494, "uuid": "d83d6aae-a750-43ae-ba9e-8188426286fe", "value": "12288:9n9lFcjSrK6BwVOD4sBRdcbk6Hq9l85B7uUeG4Qae8QHgytkwmKBagcp8:9pcj1yVcdH2SB7pPDa77yth9op8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690216494, "uuid": "b7c640f3-b0c1-42a1-adb5-d3c18c2a9364", "value": 675946, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690216494, "uuid": "417f737d-e19a-497f-b050-357c15729c57", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216494, "uuid": "c1d9356e-b834-4d0d-83a9-dfe25c489ece", "value": "Payment slip.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef2f0838-2a18-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1690199707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199707, "uuid": "e848c9c9-63cc-4678-a7ba-0fd48e76b6fe", "comment": "Malware payload (StrelaStealer)", "value": "b20d6a8a4ec265a69b5b0bc599cda395", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199707, "uuid": "4f25b4d6-691f-4110-897c-27e18c1406e8", "comment": "Malware payload (StrelaStealer)", "value": "5cc401e73cef3381c501603d94fd5743e25ea66ff851d1fdc0285b68e4e53fdf", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199707, "uuid": "00bdb48d-1668-4600-8281-86a78adc5f9e", "comment": "Malware payload (StrelaStealer)", "value": "66fb24423fb44c952af60e39b1d26f4a51b9563c", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199707, "uuid": "64acc257-7673-4da3-985c-68ae10933c29", "comment": "Malware payload (StrelaStealer)", "value": "ea1fa28c23a33c00899d4d9430e410be20f87f15db9ae1888f2220d07645004d4dc5d8a3485311d8eb475e253176f590", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199707, "uuid": "8d72f358-b30b-409e-874b-46580087db63", "value": "T15F05FBBD65DB650AFE659C306FFCBBA0D77764A9C79BC6F044E9A03024204A7DC02927", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199707, "uuid": "b44f4a9f-40b6-4b4c-ba1a-377c33a7e27f", "value": "fcfbe5457e76d2ac347d7db113c0ca3b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199707, "uuid": "fb33e011-9771-4c22-97b0-e40e8fd25a72", "value": "6144:0LXoDIXntmw2200b6D8sMQK2g6+gNdrT7lVc2WqhKmTKhv:0LK4Aw2R0fsMQ9llrxVWMK2KF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690199707, "uuid": "2c9a1fcf-d12d-42e3-a7ac-f675f51e7ed9", "value": 807147, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690199707, "uuid": "fd1900cd-bfe3-4179-bac7-d52efbaba04d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199707, "uuid": "794eec64-5a0a-43c9-838f-6e5465e3750f", "value": "sbtadfttqlytpzpyqlatobnnpgnsxlrjnndshflpduitgkcdvm.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09380314-2a40-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690216501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216501, "uuid": "ff359379-bc97-4c38-85cc-631bac1e33a4", "comment": "Malware payload (AgentTesla)", "value": "c3c2f287283ef0c2fae3815fe51e9d36", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216501, "uuid": "5b0776a4-f5d2-4c7e-aee9-5ea1014e09f3", "comment": "Malware payload (AgentTesla)", "value": "5ce651ac4d414f62033562a147cd6e7e821c408f50240ac3cd7c14fe89aaa108", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216501, "uuid": "37baaa77-ca88-4373-ac9b-8fd7f31b768e", "comment": "Malware payload (AgentTesla)", "value": "dc85dc7c893faf612494dc983e9d7b6a410f793d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216501, "uuid": "582dad03-8bea-42d8-88e2-671cafa2e57e", "comment": "Malware payload (AgentTesla)", "value": "7588695412364e1f5df690db129c1bf3ba63691e4cb4332491458755315ac149f81e6bd4d028827d0426bd00472488b1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216501, "uuid": "cba58981-0eb5-483d-a820-63f18526b6ee", "value": "T1BBF402103BB8AB12D5BCBBF5A6A052140371B5992977D34C4EF220DB1E66F916E42FC3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216501, "uuid": "f31449ea-897c-4adf-8abc-1bb0463cd397", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216501, "uuid": "79f4ac5e-5b22-4ebd-962f-43864734144b", "value": "12288:F5vJRBusyEE8739OWiG4Qaa8mHQ8tkmmCpQrtSoSW8r0:vFugjt9FDanl8tNLQaZr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690216501, "uuid": "f47f6497-38ec-4931-8728-1e67d62e5a9f", "value": 758272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690216501, "uuid": "30d3c581-8ca2-4cf0-b83a-95be20b02773", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216501, "uuid": "29466ede-5c19-4b6d-960b-9c6825479823", "value": "Payment slip.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44504426-2a42-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690217459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217459, "uuid": "430184cd-97f9-4362-8bce-b9c3f9631215", "comment": "Malware payload (Amadey)", "value": "527da7c040e2ac8c856ad78b0473030f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217459, "uuid": "076c4027-ec86-4bef-8a31-79fd1b8f9d22", "comment": "Malware payload (Amadey)", "value": "5dfbb4fcb75ff239040924cc879fe749384083634397875448a7ca218b7c8f4d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217459, "uuid": "bd5f01fc-ec9c-46ba-9f0f-da0ae31b1707", "comment": "Malware payload (Amadey)", "value": "f60eb6c2fe4c29a3f0db6810234f973f67f8e7d7", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217459, "uuid": "32711509-77ec-43ba-a3cb-5526a36c7571", "comment": "Malware payload (Amadey)", "value": "164ecb4abf8c0d52ec9c5f7e512ad63b1c269ba23c63d0964154d93a9366cb3104f013d3e2ec98a495417bb492cf7cc0", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217459, "uuid": "1bd485fd-335a-4639-9c42-fbca66a508ed", "value": "T1F3840246EBD49072D8B11BF018F602D30B3DBCB29DB4836A2741A86E5CB27D4997573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217459, "uuid": "c449f6d9-5a8a-4e59-bc4e-ae3b423e623b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217459, "uuid": "021ee2b5-6e3a-46d3-81ee-d1be0ddfa9d4", "value": "12288:lMrRy903+axdP00F9iKBdgBYCDP4rYJW:kyCxdP00zifzLpJW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217459, "uuid": "8ef8dc32-ab1b-4def-8e1a-c793b3e89953", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217459, "uuid": "9f350628-300f-4df3-a026-d3e738c9165c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217459, "uuid": "7464936b-08a6-45f7-b2a0-47ebc64c3c5a", "value": "5dfbb4fcb75ff239040924cc879fe7493840836343978.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92cda3da-2a3a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690214155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214155, "uuid": "29a35d61-a200-41e3-8465-154e82f495cc", "comment": "Malware payload (RedLineStealer)", "value": "0633f12fe0e7ba0eda6b612ac9e08e1f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214155, "uuid": "5eb0772d-7047-4141-82e1-4bb16826ecb5", "comment": "Malware payload (RedLineStealer)", "value": "600eb91c53c6fd01ef5881045d8fe7b4fb7f96978ca05fdcab15e1edabff8236", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214155, "uuid": "648cf6b8-13f1-46be-b794-36e3fc2ed63a", "comment": "Malware payload (RedLineStealer)", "value": "22fbbfb4fc27803ab439625a274590f56a2d888f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214155, "uuid": "cc590d0b-e96f-4987-9fcb-a17effc26230", "comment": "Malware payload (RedLineStealer)", "value": "6c9a91b46064b6a95c75ffd045d57d53918c29313d4da644e37f45ee612a193c491b1c3e414f3218e18a258ecec4e324", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214155, "uuid": "65c4df9c-789c-4004-95f4-abcf9405cb55", "value": "T113A46C7792A17C55EA17DB729F1EC3E8761EF2508F497BB622199E2B00B11B2D273700", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214155, "uuid": "28dbe258-17a7-4eb8-a2e5-3a99200e4b40", "value": "288497572d529233d7fe65807fe0c26b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214155, "uuid": "47f7ed86-5d57-4da2-8fc2-1d54c09ed531", "value": "6144:ihkYLfwBNZdKITIxM8o9QaWvfxNtCjI1s20BJtLz5sq/Xi7MK5MVvLLp1ETC:ckYrwxdcMbQaKN8x2mtssGWpLpO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214155, "uuid": "89ccd977-5bcb-445c-aa74-98623c15dc39", "value": 471552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214155, "uuid": "a0a1aead-db01-4f2f-a281-0125f28c386f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214155, "uuid": "3260d06f-acf9-49bf-926c-1e82bf9754cd", "value": "0633f12fe0e7ba0eda6b612ac9e08e1f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17bce279-2a1d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690201493, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201493, "uuid": "624872cd-8057-468f-a930-4ef1119ccfa4", "comment": "Malware payload", "value": "62faa0fbd1e2b209ced86598451c11df", "object_relation": "md5", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201493, "uuid": "003f1d40-cc83-4a8b-a6b3-7661be14dba0", "comment": "Malware payload", "value": "6032e39bec46c8a1ca0c6a5d5fbf32f0d3c4f5ae30e077ff0cfebf021eb7d4fe", "object_relation": "sha256", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201493, "uuid": "cc21d40e-f14f-4576-99c8-47900d3d6485", "comment": "Malware payload", "value": "7dc9154573a48c2c80cc1225f96d65e51526fac0", "object_relation": "sha1", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201493, "uuid": "0dbddbb9-3b7e-429e-9bc8-1217ac15a277", "comment": "Malware payload", "value": "18fa0f6f44e2b49e0addad2830894049bc297d78afe453b074ca2a2bfe8f0074b797c0cbe2a28fc967f9f82647ee19a3", "object_relation": "sha3-384", "Tag": [ { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201493, "uuid": "63fc1a8b-d8df-4f5d-8a96-5d938edac562", "value": "T1D95512326B1366A6C972817A38231355CB739E274544CF9BF39C76247FB38C24629F4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201493, "uuid": "fec9d894-59af-4f22-9019-7da6e0b95a50", "value": "12288:OQThhVZc8M32XM/KTWp11ETLOyaYeuuVRw:OQ/VZVSlKTEGB/eA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690201493, "uuid": "e9fd6adc-636f-48f8-81a8-c4d69b6c22c3", "value": 1310720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690201493, "uuid": "28bbbeae-b141-4d70-9e60-37e94dfea61f", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201493, "uuid": "2d100c00-8bac-4f20-b667-95d45f85cb43", "value": "Pepsico_LLC_RFQ_Information.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86b2d7b5-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690188794, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188794, "uuid": "40e54318-6d21-42fd-8025-7aac2784279e", "comment": "Malware payload (XWorm)", "value": "943370da4fb31492ecd97cd415ebef5d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188794, "uuid": "1257e072-ae80-43d0-88a5-3b0110b04742", "comment": "Malware payload (XWorm)", "value": "610d0cf6380fdc5457680f9a60e343ff31e62624de584eca701b8a4a4a0cf1fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188794, "uuid": "1c42042a-54d6-48b1-80dc-953e9e135f41", "comment": "Malware payload (XWorm)", "value": "0294e005ae3440a817339ef1192c0022e071d610", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188794, "uuid": "07dba837-7550-40f0-88ae-e339e080aa10", "comment": "Malware payload (XWorm)", "value": "78ed786e1a382bb34309907fe169bc74af62b0df48f7017e8ef8c5c55603a9376933a7d3b16a8d5a4d947cf34305b368", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188794, "uuid": "37462a45-3883-4c64-81df-6595afbf5fbd", "value": "T1E6F25D087BD4822DC5FF2BF96973AA510274E6038A23EB4E1DC8556F6B33B8189453D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188794, "uuid": "43f20c28-a141-41aa-9a69-91c999a5487b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188794, "uuid": "9c4e9385-9c5a-4996-bebb-50166ec4233e", "value": "384:FqgaOCQY0hF07WQEaN5NQ35muFjlLTRIpJm3/KNm0vs0VgtFMAmNLToZw/RZCvKD:ZVC+XInCJTRt3CNsVFQ926OMh3u7lA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188794, "uuid": "709c8e67-f43f-44dc-9641-1704cc56228d", "value": 35840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188794, "uuid": "92a2439b-a04a-47c7-b2b6-0d86288a981b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188794, "uuid": "5b0defea-4684-4813-b782-945f4a090b9e", "value": "Celestial Loader.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57d5aafc-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1690178837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178837, "uuid": "469179b9-f70a-40fb-b245-bb1bd30a7338", "comment": "Malware payload (Loki)", "value": "0c5c6f0db0ed04bf299104894b66256d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178837, "uuid": "c258e22e-9246-46bc-8470-359772d9e5f9", "comment": "Malware payload (Loki)", "value": "61868e99c4fff04df6ba82cbd4eb414c132c5932acd762f379b4c0fe852968bf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178837, "uuid": "cd60c3e8-3ece-4a43-acfd-88ab473b87c8", "comment": "Malware payload (Loki)", "value": "d3232f2988d2f0961d31976935ee9c0b76a9b567", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178837, "uuid": "7f0aea65-f9d2-4475-b87b-5e8f15e166a4", "comment": "Malware payload (Loki)", "value": "0b14a14a0188264102e7c018478bbf9794219e2287c49ec6a80c33bf03ba2810520577be5068955c46c10b821e5d50a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178837, "uuid": "87929fab-8d9b-412c-bee6-515529a8da4b", "value": "T1F9E412913B599D13E16DBDB98EA1611413BFA2052823D3CDDDB620896EA13C0FF11AF7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178837, "uuid": "f56cff69-fb91-4da6-8009-611a36a1325a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178837, "uuid": "d64cedce-1825-470c-9b53-f1aa072506ca", "value": "12288:UpqWvJRBusytuJtYxF8DuN2Pgb6s/b4BFBLP4VbaoGH3:uFuu0FbN2PgfUBbKbG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178837, "uuid": "0fd71a9d-1b80-48fa-b70c-52df5be55d03", "value": 671744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178837, "uuid": "229f6b2a-b072-4e35-ab95-b37f083d6e49", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178837, "uuid": "e3435d3c-5191-45c6-afcd-e1bc8da0ad7b", "value": "Remittance 35395.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b529a59a-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690211636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211636, "uuid": "891a2bf1-afc6-481b-a51b-a576ad672c3d", "comment": "Malware payload (Formbook)", "value": "2ce4efe144d9838df5b03eb4471e3642", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211636, "uuid": "abcecb69-320d-445f-964d-98a6637ddaa1", "comment": "Malware payload (Formbook)", "value": "619f67953d98b6eae667c79a66d478b82ed6c9e842932d9d2cfcdc8af152b3e7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211636, "uuid": "7d8ec8a1-fd0a-430a-9efc-18e21e6709c4", "comment": "Malware payload (Formbook)", "value": "3a259bb468e2d3fdba59f5ec8e0b29a0649aa931", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211636, "uuid": "6a744ea5-e79e-4210-9d19-0cc1abc4346c", "comment": "Malware payload (Formbook)", "value": "8d607c86ebd14a991410fd1e6baea1e0ab6b5611c6f369f39f517339e0c2d78b0d3d1ebae9e955b3bbee66ce967b945f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211636, "uuid": "c3afc825-d030-4a17-ae5b-8b9133ede34e", "value": "T13805019437A8AB5EE1B97BF0535063200376657D5423C3888EF120CEDE62B91FE51AE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211636, "uuid": "45d93766-476d-4923-af77-27ff9618f7bb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211636, "uuid": "74fec3c2-41ce-4558-b7fe-26c4c2828a2e", "value": "12288:qgvJRBusyhEv6qWgT2DfxLLDSDR78zBxfFzqvtV/r373:XFulERWgTCdPSDR8z1zqvtV/rz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211636, "uuid": "d187a71f-cc68-4194-8995-e2b6b120c7b7", "value": 819200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211636, "uuid": "90c9d789-673f-4475-abc4-32e8aef2bf47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211636, "uuid": "00275657-43f5-47fd-9bb7-12b5cd19254f", "value": "hesaphareketi-02.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0eb57810-29eb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1690180003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180003, "uuid": "d90d3127-6486-4404-9755-341b81a71089", "comment": "Malware payload (StrelaStealer)", "value": "129a61ce2977ed5c2410fa7fd31c416e", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180003, "uuid": "d067f728-a144-4989-b85e-eb512ee0489d", "comment": "Malware payload (StrelaStealer)", "value": "61a2c42585cb1623f18afcb4049f289543147843af7f3b0c4896a3a57dc77ee1", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180003, "uuid": "7c96e8c7-3871-41d4-945a-05717ddda36b", "comment": "Malware payload (StrelaStealer)", "value": "bd30c12d437af527b405512152f7b34fd15b94de", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180003, "uuid": "1f2eec6f-18be-4ac6-8f48-2361afcacdfd", "comment": "Malware payload (StrelaStealer)", "value": "c737009e112d2c2b5f7537a394610f2bea3dadf40c5109d9a5a5016899412b4558ddb8cce7f4cd92bf6cca0ebad0374e", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180003, "uuid": "93d61937-0079-4116-b3ac-39c078f3cc19", "value": "T1D6353CF472D07BD70FB9690DB7CE41B23D54B957F0EDAD86128D0E1E928029889B7DA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180003, "uuid": "3208ca22-c5a3-4dbd-b489-8ae24c92c001", "value": "24576:R9E473GQUHMC0vSOrB70D/P93GWAMxtrjw3TNMtnqV9MdiFZ2PmZv33Lh:q/4EPmH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180003, "uuid": "82371f84-0abf-4bcd-9eb2-d388f3f2885c", "value": 1116114, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180003, "uuid": "0be78f93-50b8-42d0-8530-f2a008c3455d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180003, "uuid": "e96f9c2a-9547-4cc5-b9a0-63ec87f03c07", "value": "PDF4193259643881.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac20e3b8-29e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (STRRAT)", "timestamp": 1690178120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178120, "uuid": "cc8c880c-6910-410c-bfca-0472506c30da", "comment": "Malware payload (STRRAT)", "value": "f32896248b03141654203787de5ff9c9", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178120, "uuid": "45cd7c78-89fc-4fad-b466-35de697a33c5", "comment": "Malware payload (STRRAT)", "value": "6234029f926de59ac67f0b58ff5b0702ceca4fafb61627bc098054929ddd5e81", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178120, "uuid": "90e5685f-aace-4df6-ba65-db11cbca464c", "comment": "Malware payload (STRRAT)", "value": "eedab02a567d09aa4f87722653485aaff75d286d", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178120, "uuid": "7fd08182-df21-4fa2-88b8-f9d489b68c3a", "comment": "Malware payload (STRRAT)", "value": "eafc358f0596b5748d7318073b3eed5846fa4ea8cb80776af5f19ff114eb03fc9d7bba55756bdc312f67edb7e5a61cc2", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178120, "uuid": "18b52436-8149-4fc7-8215-ba2cb689b989", "value": "T1B865D54B0E691A06B362F861422DB7135CB8ED533EB702D6DD853D4EAB76C204E7DB60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178120, "uuid": "31683b43-04f3-4d55-af09-0e5d389f0850", "value": "6144:i549oCoSAtBfjAkaoIoFoP3X6eqNrW2l8xsTARsAh9ZGQFOq0MRIaa8AmkGZ8uKQ:5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178120, "uuid": "036be1fe-08d3-4103-88e2-7563137f75e0", "value": 1504986, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178120, "uuid": "02f7ae4e-d570-46f5-8ac4-a5e13f1d9ff8", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178120, "uuid": "d863b84e-05af-4050-a73a-e4052e4f2d01", "value": "Order.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a3825e9-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690178868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178868, "uuid": "064c1924-90ee-46bd-8275-37c7201aabd1", "comment": "Malware payload (RemcosRAT)", "value": "f9929a7948c397de3713793d8bf24848", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178868, "uuid": "34b99ff0-9ecc-404d-9002-ec38a55cffce", "comment": "Malware payload (RemcosRAT)", "value": "6333f3de90012f2acd3436fbd0bc2672a989238ccd7ea97a948c2f07f6397a9e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178868, "uuid": "70b2a0c6-8945-4aa0-8768-ecc30531b6f8", "comment": "Malware payload (RemcosRAT)", "value": "1800d5a8ea57f08d11a4194804cf11eecc9c347d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178868, "uuid": "bd6e673e-e6d6-43b2-be91-0b0cc8b12bef", "comment": "Malware payload (RemcosRAT)", "value": "fd9132ad437cd9e5e905b085652e6243d454fc54f5eb6e3a0fe7cd2888dddb2cc0a45644049976c2e1df18a7893ed5fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178868, "uuid": "babdd8c8-6e13-4700-bb49-8968dfb752f3", "value": "T13135239433B99D13E1F4BEF04AA4960113B252416123E7CDCDFA71C52E96781BE62BE3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178868, "uuid": "a3d3c12f-946e-4688-8d5c-3393096f856f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178868, "uuid": "878d2982-7109-4d3f-bfd8-b0153db8caa1", "value": "24576:TFuVmW+WUrqHvpmaRlknX0Cyp/sotXogaY/IvddpR:Tam2eqHgpXB4EotXoe/I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178868, "uuid": "b2db2b0c-aacb-486e-8532-bc45b26a3d0a", "value": 1080832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178868, "uuid": "0f1bd2da-6cb6-4b85-9693-0fd49df71ced", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178868, "uuid": "21a84dab-adbf-4996-9738-cfce9741bb79", "value": "9876545678900876.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6eb60bd2-29ef-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690181882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181882, "uuid": "419a95d6-7fa7-49d2-ab8a-a5cb302c243c", "comment": "Malware payload (AgentTesla)", "value": "4ffa1725940a634a2eef3bed85ea9bd7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181882, "uuid": "429867d4-0560-4acb-9742-a13459c3d8e9", "comment": "Malware payload (AgentTesla)", "value": "63b80f917e968fe46f8c892d725e7bf65236681e8b9d864e141a4ca0aadd8abf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181882, "uuid": "2f3d5229-8aa7-45c0-a71c-0fbfe6c5c525", "comment": "Malware payload (AgentTesla)", "value": "5aca95bb2489e478d6fb44fac8c85721f5b6fc5a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181882, "uuid": "643c5c9a-b1e8-4c9e-8275-c1fe3487c6e2", "comment": "Malware payload (AgentTesla)", "value": "29680eaa802d1a255b140164e657a2274506955391a2dd5c0592863f705d8f4d34b5e826b8cf0a203d707154d0765e06", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690181882, "uuid": "5d245388-77d6-40a2-9c4f-602ad57bc06f", "value": "T167034A5AE79F0264CF5102B6271B1E899ABDB63EB35051B1746C833433EDC7D02666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690181882, "uuid": "22846c05-bbf2-41b7-87c3-f1bbdba9f251", "value": "768:PFx0XaIsnPRIa4fwJMFUmVDrr41pj39Y6DZnOL:Pf0Xvx3EMJVDv4h1DZW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690181882, "uuid": "0fb41bed-5083-43f6-a14e-fd80d7e4b6a3", "value": 38844, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690181882, "uuid": "a7140840-4cda-421e-82f6-6cfd3ffda104", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690181882, "uuid": "1ae35e00-aacf-42d6-a796-f5f8b6a60b6d", "value": "4ffa1725940a634a2eef3bed85ea9bd7.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b29e72a5-2a2d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1690208625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208625, "uuid": "1413beb3-d50f-4b9f-9d66-69ef17b3d4eb", "comment": "Malware payload (NanoCore)", "value": "07d9eeffaac90b7fcd1bf8b3930a2044", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208625, "uuid": "bb8ffead-9d3f-4791-9c0d-f2d1cef998fc", "comment": "Malware payload (NanoCore)", "value": "6427336ade955128d895921dbb9bbcc379ad910690ff63f6deff3794a2086c8c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208625, "uuid": "665b3ef0-49ca-4cd4-acf8-cf8ac3c63013", "comment": "Malware payload (NanoCore)", "value": "445b329dc821c72cdbd167576cb4e5654b49f1ae", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208625, "uuid": "a36379e8-12ae-4d87-8c3f-54fd50908acd", "comment": "Malware payload (NanoCore)", "value": "42624dcd5a038f4ba712beaf5cdd32208ba79919001e7d7f51718ec68d20bf14572a639f6805c5493437ad47ee8a38bd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208625, "uuid": "d22b19ed-926e-425e-83c2-437578a4a737", "value": "T14254C02B3715410AE14A893517626AF566FC2C337C91AC1BFB86FD4C38BA653E4F121B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208625, "uuid": "9a61f737-bfc4-4541-97dc-bbcc3d175f85", "value": "feae4b4d85d0b5d3b68f83f4fee0492d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208625, "uuid": "0f9f28d5-b749-4ce6-a172-4d4fccee9126", "value": "6144:4mRcsQAKqVYM8AFtE3GK9U5lB88PFdvOGa7XDdK:lRcnYlRFjn8ebOG6B", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208625, "uuid": "b9b31a94-032e-4e36-820e-25f474ab308f", "value": 286720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208625, "uuid": "b31947f5-5a69-4f72-94a2-3fb23e7429ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208625, "uuid": "1478978e-7ce1-485a-86d9-2b5048137ae8", "value": "07d9eeffaac90b7fcd1bf8b3930a2044", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2c93c8c-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690184251, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184251, "uuid": "5cb16249-a602-4717-b446-6ec70e7e68c7", "comment": "Malware payload (AgentTesla)", "value": "4bfa76cf1c8038f869cc73be9bc0fe1c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184251, "uuid": "7feec7fa-73a6-4403-b90c-6cd105729ad7", "comment": "Malware payload (AgentTesla)", "value": "64ff519257d1070b845d9b5150375782b75871ea4efa65e01495df2ac51a57e3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184251, "uuid": "6cd7ca79-6dfa-4caf-9715-6f1eedf828c7", "comment": "Malware payload (AgentTesla)", "value": "4ebdaaf3451a02f33718d60ea6884438d6515f07", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184251, "uuid": "c7c8ed68-3705-410c-b8cb-dfe934ed6dd6", "comment": "Malware payload (AgentTesla)", "value": "c4d7aa323554c0ad1c2bf483ecf336c36398735e1be906ef4a34bec98da1e8192010839a3aeb1fc28ba500b59ad5ccb0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184251, "uuid": "5cbdb2b4-458b-4d59-b572-0e001a33235b", "value": "T19305173818B81627C1B4DFF58AD18427B2E0A96F7114EE34ADD357D64216B06E9C3A3F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184251, "uuid": "789da7ec-3c58-4d3b-a15f-ce6778e4fb78", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184251, "uuid": "27afafa6-a2c8-4403-82cc-898594ee5c17", "value": "24576:KOSB9kVCApaeGrsLkrjHJEswGRJn23wN:KLB9kieGr6WFEKk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690184251, "uuid": "0e6bef6f-66ca-4818-b2c3-bdd40492be42", "value": 815616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690184251, "uuid": "fb1d160b-7530-4525-8a77-ca5285e3660b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184251, "uuid": "bd32834f-ab79-4acf-b727-e02c80ec79ba", "value": "Scan_21072023.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12b5a14f-29eb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1690180010, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180010, "uuid": "249753d0-cb0a-49aa-9f80-bc7f00d698f4", "comment": "Malware payload (StrelaStealer)", "value": "5a716e46652670d3e6c6584a495ffbfc", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180010, "uuid": "83206f32-26b8-441c-b5eb-143aeab58f9f", "comment": "Malware payload (StrelaStealer)", "value": "66082d6b613f7ed23a85fbfe6033e609a33fd20267ef568ddf09d228a506b72d", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180010, "uuid": "a390a418-1a58-4cb6-9369-9a6f07774fab", "comment": "Malware payload (StrelaStealer)", "value": "a87ec6c78d51206001281d6b508ac0853e44a6d0", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180010, "uuid": "086e00d6-e37b-4ad7-b482-b4c6dd4749d2", "comment": "Malware payload (StrelaStealer)", "value": "c357d45e6bbed2d5cbd486495489f5762b36dbed691f86ce26df64baa6ed1196fcebc764dba44aa05f53110a4b191d81", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180010, "uuid": "f6340a05-dac7-4843-bacb-53c474387442", "value": "T19005FBBD65DB654AFEA19C303FFCBBA0D77724A9C697C6F045E9A07024204A7DC02927", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180010, "uuid": "c5885c0c-9859-4f90-ac1c-668732c77e74", "value": "fcfbe5457e76d2ac347d7db113c0ca3b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180010, "uuid": "3aa8584b-6cf6-4f10-ab58-531fc5c9572a", "value": "12288:AjALAPe1QBKZ4Wnhb2BN6W3dkXYY9V9OK3:4pWcj6Mdkz99", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180010, "uuid": "eb170400-df5b-4d3f-a4bc-b8d6bd52c3aa", "value": 802027, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180010, "uuid": "5da3bdc1-af03-4e61-8ce1-4cb2bb9951af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180010, "uuid": "ce3832c9-27b9-4494-a6a9-89daac3c2e79", "value": "vvvnybgccvvnugwitxuqprafflaqjermfhlzjxchnrcnqeaeuc.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "199a796f-2a0d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690194624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194624, "uuid": "96713ea9-23e1-4515-82bc-9d1d4b45beec", "comment": "Malware payload (Mirai)", "value": "a7f7feb202977febc7186edb51c0acab", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194624, "uuid": "badccf8a-a367-4a99-94fd-f39bbfece4a4", "comment": "Malware payload (Mirai)", "value": "66b99e7b530241eea679464d121e51afe18890f262098a07a2210a888e34d16d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194624, "uuid": "2dc7aa78-1edc-4726-a11a-9869ef12dc6a", "comment": "Malware payload (Mirai)", "value": "af339d523c16fae0cf4fe923d801a8c3da0beef3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194624, "uuid": "f0fb89c6-8233-432b-95d4-f5c9dfda3a47", "comment": "Malware payload (Mirai)", "value": "7408e0b195635e9bd5e232f5105a053e999665557a0d8f4876ae0b4a4f3b926f94f7fb5d607a34ed2933683133f9a2c1", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194624, "uuid": "a09fca91-43f8-492f-a504-2559c9527620", "value": "T14FD308C7F900DAFAF80AE33748630805B130BBA145925E372267357BED3A1D91577E8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194624, "uuid": "0f38fc73-99bf-448f-9c41-05d9a205ebef", "value": "3072:qiWLYtB7iCKE+HHQPAF5H3N6VrjbieLSRz0vyb7z4:fWnFHSAT3NILSRuybP4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690194624, "uuid": "d77bb62d-6c06-4e99-8f0b-a64684930c82", "value": 140448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690194624, "uuid": "8ab46130-e66c-4e5b-a628-42044e5f3707", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194624, "uuid": "282257e0-1398-4253-94a1-4bce82fb6e03", "value": "a7f7feb202977febc7186edb51c0acab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f962728-2a01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690189641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189641, "uuid": "e14f595b-c261-4061-b4f8-119e870cc023", "comment": "Malware payload (AgentTesla)", "value": "db4c893fe8cc1a092fbda847600a9f96", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189641, "uuid": "2862dbd4-0872-4c64-b1af-7c13ae17d7a6", "comment": "Malware payload (AgentTesla)", "value": "67349de16fcd49c2df92647f3c27f5ef96506676261409e37da49c6ac5238435", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189641, "uuid": "7afd0266-68a0-47c0-a231-7407f59355ec", "comment": "Malware payload (AgentTesla)", "value": "3ef453c86e58689d22879963a0527400d228e469", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189641, "uuid": "085ced50-eea3-4008-9b95-e2ef7f32feec", "comment": "Malware payload (AgentTesla)", "value": "7fcd6f013b9ef2a1c9c4d45a45c6c524e24b499f0f6b956025b23ee50bda75fada55c6da1ae17b3fdc516b09f609f449", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189641, "uuid": "acd52fb2-157f-45c7-b0c1-5eb395af830f", "value": "T1ADB42311E39913B6E910A6F5DB61530EF0AE7BFBF912F3435975CF0256917B282804B1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189641, "uuid": "27a60384-2834-4bcf-920c-7365ae08eb19", "value": "12288:HX+Dq09NqE+WJPceyBefjthgCMwK6Xzjjfx9jswqGQQy7m7PHj:HXp0HtEeyBeZhfNKGjTWGQQ2g/j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690189641, "uuid": "e5ec14f3-d005-48d3-b0f6-8d3433156222", "value": 511488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690189641, "uuid": "75bfced8-e8fd-4841-9ec2-a2089e509274", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189641, "uuid": "b80217e4-1833-4b23-9c07-45eb814941b6", "value": "QUOTATION_JUL7FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d731310c-29f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690183346, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183346, "uuid": "e94e9cbc-eccb-4076-9ec3-a2f77dade254", "comment": "Malware payload (AgentTesla)", "value": "7bf8b6fa7e5b49e753a5678d758d045c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183346, "uuid": "a63f4c7c-27e0-49a2-ba63-4508e0a97dca", "comment": "Malware payload (AgentTesla)", "value": "6771834e7cdb8a8f7813d313e65281901a61493653beb7fd0aad365036ede94a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183346, "uuid": "5e45878e-c4da-4c4f-9a26-9d36ece4e808", "comment": "Malware payload (AgentTesla)", "value": "d4badfe82cba5869fdee15da86de0e2bf37ee68b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183346, "uuid": "2b60eda8-d498-44d8-9f0d-28ab6010ce53", "comment": "Malware payload (AgentTesla)", "value": "f38f0a8b532c5aa686092cefc5f05ff6959c4ab3d33c90046e30c617ed644bb30e5027ed13f57700598975499ca40fca", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183346, "uuid": "cb20dc01-58f0-4a90-b309-f582c17262c6", "value": "T17CF4026533B59B12F2F8BFF59260901813B1A5891467E38C0EF220D61E62FD4AF91BD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183346, "uuid": "4f8c737e-e6c2-41ff-b93b-1b1d40beeeaf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183346, "uuid": "5679542a-5877-4f57-8128-9bd6fbc105ab", "value": "12288:wnvJRBusyj1HkyghpJQMnG3YQV7e5o8eJ31T6CPMq4Ympswt7u7Cc:AFunyXTmMn07+9ep1T6Bpb7S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183346, "uuid": "032bf142-bb59-424d-8188-d1cdc4273155", "value": 758784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183346, "uuid": "abca77a5-e00e-42d6-85d6-7d9eca2cca04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183346, "uuid": "8c14eff2-faae-42ad-a460-228ac58aff7b", "value": "overdue invoices 502133 500410.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "032709f9-2a1e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690201888, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201888, "uuid": "c1093f8a-d333-4e12-a787-baa1a9a7a6d8", "comment": "Malware payload (Formbook)", "value": "3c8cc581916cdaad14ba26f167906470", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201888, "uuid": "94fb00db-da2b-47ba-b80b-37f7f200834b", "comment": "Malware payload (Formbook)", "value": "6946e0041130a44d2be606d3b7eaf6b32e93ab84677225dfbb46bb5e97f10c6e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201888, "uuid": "cf512563-ae43-427e-89b5-3e1d6c5d545e", "comment": "Malware payload (Formbook)", "value": "2025cd6a6b05701640c7894d4e9f645e57cf4fd0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201888, "uuid": "4227f19c-3d1f-49c6-bc79-9d178a29a1d8", "comment": "Malware payload (Formbook)", "value": "6acfb4c946ef14e001f926001c239a966d2ba51526a6b862674382d003865fa32af66ebdacc7f5757ea6209964a0037e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201888, "uuid": "740a7c90-193c-45a3-9f09-5b0a242bed49", "value": "T1BC541298A49194BBD9F153B28FB9571B6BD2B03B04B45B0B17803F69B872B41ED0E353", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201888, "uuid": "4218f96d-3f6f-48ce-a58a-1b2a3babaa66", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201888, "uuid": "9fe78e2e-db32-4850-80b3-105c3c227d65", "value": "6144:/Ya6Q5PguBL0C5KuLc7aKpET9W+01tshH3zT6aHPu9G8lTuWCn:/Ym7XBUNKTADavvv0G+TuWCn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690201888, "uuid": "dc0c5249-1746-4c41-ac46-bab689541c2e", "value": 279039, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690201888, "uuid": "e5f68709-13fb-444a-99ee-2124f32286b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201888, "uuid": "d4703f6e-348e-4846-966c-872a85792ae3", "value": "SecuriteInfo.com.Trojan.NSISX.Spy.Gen.24.2180.25178", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7985104-29f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690183373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183373, "uuid": "0b02d92a-3099-40d6-907e-2e99b7b227de", "comment": "Malware payload", "value": "75f053df60d9791bbc8d6f580e610824", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183373, "uuid": "0152de89-301a-4f4f-b696-402d09a733b5", "comment": "Malware payload", "value": "69c83611913153d5b89fd7c1073a01d7a6dc289ce4cf8242bc5881dda894422e", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183373, "uuid": "72939974-bf49-4ddd-b769-4f93a35ced6b", "comment": "Malware payload", "value": "f16fa03db3a587e7fa57653067bbe516d2b3d8a7", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183373, "uuid": "8bd8a294-d094-428d-8a47-1fbdcf67da60", "comment": "Malware payload", "value": "b2f3a60f34ff21a1c3c828728df97e33db12be5e476005705baf9f32afb467fc08a9b427a2f31e9958da04badc507567", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183373, "uuid": "34069df5-d8d5-43ff-93d2-b88c91e2238b", "value": "T162A66BC1BD50C24AC7385E31EFE6DFD8A23B7E315C856A4BEAD4F33E19B214451A94A0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183373, "uuid": "720fd014-c9a5-427b-bc66-9db8f75f57ea", "value": "98304:VUEqMs9Hpeve4PO89yY0wy/94lQcEXIU33JKAkSQrvFwb+Ydp461WZXWUoCw:kM2pEvX+IiJKyQrvmtR1WZXS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183373, "uuid": "63f860aa-c9c9-4974-81fe-df4d5d662f40", "value": 9710570, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183373, "uuid": "c499b677-b8ae-42b1-9204-18fe858a2929", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183373, "uuid": "e157f0f5-3d67-4b2e-b464-d27d6372f2ef", "value": "75f053df60d9791bbc8d6f580e610824", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "addbb614-2a3f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690216348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216348, "uuid": "5d399f94-a2a0-4338-afcd-55d58df687f8", "comment": "Malware payload (AgentTesla)", "value": "2412874c01133ea40eef5c1418adbc3e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216348, "uuid": "da88ada7-0d43-42d7-977a-2941548cd978", "comment": "Malware payload (AgentTesla)", "value": "69f711c95bbaef231d8783bbdf6c4e414853fd3fcdd0b91b33d29a725f708570", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216348, "uuid": "e9acb5d3-81c0-4143-823a-68dc33a66c9c", "comment": "Malware payload (AgentTesla)", "value": "65c950f2640c87f31e71e72146a2ebab57c5023d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216348, "uuid": "1ab6c2eb-cfd1-41d1-be0e-71dfdbd65a02", "comment": "Malware payload (AgentTesla)", "value": "e4ac17978a042e83a251dfa741ea96c88c3a0d4713de960c0c24a3fb65dfcd7f084829fb2b6e9dbcc3554f40cae09e2b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216348, "uuid": "1cc0ce4d-a17c-45db-9e2c-f60f5a6bca8b", "value": "T1C415387239DEF986E28DD37D202EED046B6AF4119213A0DF84056EC9974BA49F447C2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216348, "uuid": "c9a92e2d-16f2-42aa-991c-bb18bf01a6b9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216348, "uuid": "c6d76c37-4eb5-4d60-9532-cbc4a0142546", "value": "12288:J6zq91fjp5ELC7SjYUCEvWE4ydQwZINZy2thtpG8OYrAqa7:kqLB1Ev14yoLdh1Ah", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690216348, "uuid": "778f9160-f476-4b64-853f-a32d1f30ca7b", "value": 912384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690216348, "uuid": "df9e007e-7d2a-4915-af54-38d05b2ac9ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216348, "uuid": "64da1c1d-6244-426e-8cef-cfa716fc139b", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4b8575c-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690191046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191046, "uuid": "0b1b47fe-e634-44fb-a4f4-d465f1685603", "comment": "Malware payload", "value": "b0dc2a1d27e0fbbfcd0dc74f3faa109f", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191046, "uuid": "f0ad451f-929b-4148-a318-87a468d1439e", "comment": "Malware payload", "value": "6aaee1be8cc4963b365ff3dc6f30f1fc24b0434ffd816e134fa02f0a1be39e80", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191046, "uuid": "1ca90de3-5b1f-4194-a2fc-73b287d522c3", "comment": "Malware payload", "value": "03a470784ab3147cc01ecce9d9be28b9fae409d1", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191046, "uuid": "cb35c067-586c-4c3e-b792-2285da452b9c", "comment": "Malware payload", "value": "bdaf5abed8c243ecc8e6fb3d5c74d6faafc07b3e8453d06df21ccb4185b157442675c1f607cc1fa6ab5d4bf21fa356fe", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191046, "uuid": "c2a98323-eb0a-42ff-aea7-61aaba3f770d", "value": "T1AEF3A91E6F338F6EF668873147B74925975923DA22E1D684E2ACC1105F2039E641FFE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191046, "uuid": "74d900f4-e869-402e-b112-62bf7dcf241b", "value": "1536:9MHV0dA9edSAZTZtZdNKGd7sUeN8IlPBjmTfNYoDFQT7GvQqQK:9M6JhZtvNK+7sR8IfMYo5QTKvQqQK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191046, "uuid": "d00ff7fd-3696-438e-be90-27fe7f8b7e91", "value": 161416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191046, "uuid": "a4e20dc9-2b9d-40d3-98b6-dc52ae361027", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191046, "uuid": "4c5d2db0-11d6-4472-95cc-d3b17554c3e8", "value": "cundi.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91b65809-2a3a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690214153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214153, "uuid": "79a19b38-4e0f-4d59-abb6-897425c9e114", "comment": "Malware payload (RedLineStealer)", "value": "78c86c788298654a24872aa32946a352", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214153, "uuid": "cca957de-95b0-4478-bcfc-7b4d971b7cc7", "comment": "Malware payload (RedLineStealer)", "value": "6acdab52328e2506c1371f6fc2f46918bcd6b1abeca3aaf96722a977721483b9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214153, "uuid": "b3d1ef1b-8862-4531-9222-9eb440e76ae8", "comment": "Malware payload (RedLineStealer)", "value": "0a87b9138b59b4aa62f529a234787e8390115fa4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214153, "uuid": "d4c53c57-6bbf-4a2c-8e36-11b8ebf0334b", "comment": "Malware payload (RedLineStealer)", "value": "c4240bc5c9b1fc4f130f223325a53c81c19071544d7476f1abc4831823d49eb9f15b22f8224e8d3a288d536bd86fd4f5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214153, "uuid": "547755ee-ce5a-449a-a40d-f980eeade766", "value": "T103A45B4792B17C5CE9179A728F1EC3E8761EF2508F497BA632199E2B14B11B2D163FC0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214153, "uuid": "16c04e40-e3a8-4858-89cc-39b73bb117ba", "value": "288497572d529233d7fe65807fe0c26b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214153, "uuid": "131c7360-58e4-427e-aa71-e73bf78292b4", "value": "6144:98kHLgP/I1aU6a9hFIBDl4JGb+yCq4aBDz4Lht0ulTbscR3D2vLs1ETC:CkHMP/tfvB3XH1sVPlTo83msO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214153, "uuid": "c2dfa156-376e-4946-a7f2-37f59efa4d30", "value": 471040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214153, "uuid": "199fc716-a51b-43bd-a5be-319b67b36992", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214153, "uuid": "de23a85e-09aa-4d6d-8b8a-f47beaa5fbc3", "value": "78c86c788298654a24872aa32946a352.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2778f6e8-2a4e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690222565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222565, "uuid": "8dae19a9-e55c-482a-a639-fa8f7c12b7d1", "comment": "Malware payload (RedLineStealer)", "value": "7653cb530bb1afc8d4dd75cc8af7929d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222565, "uuid": "c754eacf-ee89-4de9-998b-351fe30511c3", "comment": "Malware payload (RedLineStealer)", "value": "6aec183a583bea0012704d51b860a5d4dc2eaa2d5a1b16c1b991a8fb1cc86e31", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222565, "uuid": "90ae81af-5495-49af-a5e5-71455617d51e", "comment": "Malware payload (RedLineStealer)", "value": "d38792a7e9d0450270adb2794d98b5c3f3ee92cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222565, "uuid": "186f4733-6580-4184-a77d-f6833d5f9be2", "comment": "Malware payload (RedLineStealer)", "value": "e68154856b5c83ef660c62d886fa9f07a206da46a14ff916be6c6ef4dfc5a8cda7d942b1e83f2f0855ba7a4d90dc7801", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222565, "uuid": "a7a5c04d-10f1-4044-b4e8-a89dff0d6e16", "value": "T182840253F7D88532E8B917B058F707831B36BDB49D74831B2385A88A1DB2684A83577F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222565, "uuid": "0d2fbad5-96f5-4b1b-8d42-5d41c4f1a002", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222565, "uuid": "a4b8917c-b400-457a-a56d-09c4f9e7065d", "value": "6144:Kiy+bnr+Ip0yN90QEeOFQXweVg+CxX/OW2ASWuXgneKZIWXcJHWKPx8x:aMrEy904ueVWuwfq6lKp8x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690222565, "uuid": "461aa6aa-822b-4ca4-835b-fb118e021dc2", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690222565, "uuid": "d717f279-123c-4aba-b6d8-9d509a3327d0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222565, "uuid": "65397124-051d-47a9-bab9-177360c16496", "value": "7653cb530bb1afc8d4dd75cc8af7929d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27fb9f0a-2a49-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690220418, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220418, "uuid": "829af94a-0778-48f3-b21f-4afff43ca02c", "comment": "Malware payload", "value": "3910fd66e7a8df6b635662838092c2bd", "object_relation": "md5", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220418, "uuid": "90a72d73-6342-4127-8b8c-037b881330b3", "comment": "Malware payload", "value": "6b11ce7c0306afb09c81991aa88969f585e0a53bb6249346395c55970b85ae31", "object_relation": "sha256", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220418, "uuid": "6969926b-5b5d-41db-85b9-f4bedfb43034", "comment": "Malware payload", "value": "2e1945b198efa5a48fbe451e33a350e726e01cf5", "object_relation": "sha1", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220418, "uuid": "1b5a1a88-a424-429d-8bbe-3b92b1039fe2", "comment": "Malware payload", "value": "f8f82375a2032880c0581967818a91e3761471357c1b0ac675329586cc482821ade505d4ef15e2521577302b05798b80", "object_relation": "sha3-384", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "url", "colour": "#4660F4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220418, "uuid": "b796c601-af00-468b-825a-54db14047c04", "value": "T116C08C60863EC0BC89A3162CC80A8C6DEA825042227AD9B143E12A8AF8530A54F8CDA5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220418, "uuid": "3d64891c-04a7-4b12-bde8-4697ec2a8346", "value": "3:HRAbABGQYmqSsbIHtzKEgDgFFHvUo1YSo/QJ5FLvyYesbBSn:HRYFVmqSsbw1fSgnPISoIJ5FLvyYesbw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690220418, "uuid": "e5118e0e-ac4b-4edc-9816-178e966f3ed5", "value": 152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690220418, "uuid": "83a2505e-f7b3-4d9a-8e87-f7345d81a8bc", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220418, "uuid": "579e7905-7d84-490c-9ef6-e6bdae9ba8f1", "value": "Install%20Updater%20(V105.215.8412_silent).url", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f35c9744-29d1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690169220, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169220, "uuid": "12048184-fce4-48d0-9a50-df3a059a938d", "comment": "Malware payload", "value": "3ba37cb8618c858e71d9584d1c90e0bb", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169220, "uuid": "f96bfbb7-7bc5-4b04-9988-32417c30a88a", "comment": "Malware payload", "value": "6b968ec9848edf832ba3616e741ffa09e339c57bbc841aba47eab77dd312b215", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169220, "uuid": "a19e63fc-1d3e-47f4-b175-2ea0a97287e2", "comment": "Malware payload", "value": "2065ee7199b7ce3a524481433a271dc91e4fd9a2", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169220, "uuid": "f90e14f5-97f1-4b59-93d3-9a3a5b4de1d2", "comment": "Malware payload", "value": "b4022626ded389c36972611ca86677167421892af87573a1ef9313ee496409b65f36dedcb2424970dcdcbe5f8552bdf0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169220, "uuid": "53618ae1-d023-40d8-95b6-e1d752dcd5ec", "value": "T10F336C05B660C0B3D5AB123869A9992206BF7C625FF880973FE9074D4DB16D1BB3D363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169220, "uuid": "685f29b9-f352-47f4-957f-290c7010a66a", "value": "7eb17c54ee1d1987b0134a9ec86afc33", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169220, "uuid": "4808fd9e-e18a-4e5c-8cee-e85c353f1f58", "value": "768:MMNThpajNAjPZsVnUHENgCl/FhZbYL7KELjWqNKfsQymdjfTtBYZ51vU:XNThYxE4UQg0NhA/KQkfTtBYv1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690169220, "uuid": "3b391a55-7429-4ad4-b2be-67db60dc343e", "value": 50688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690169220, "uuid": "ec05051b-62ab-4720-9b0c-fa98cc85a225", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169220, "uuid": "2f819707-165a-43db-8c2a-032b691adf2c", "value": "SecuriteInfo.com.Win32.PWSX-gen.12192.26262", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff35a468-2a42-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690217773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217773, "uuid": "4e668656-71f3-4471-aa93-fd0554e74d72", "comment": "Malware payload (Amadey)", "value": "d85f3f0781672e1d166c614a8e2fc803", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217773, "uuid": "4e721a05-b9a6-4878-8d1a-a855c4628259", "comment": "Malware payload (Amadey)", "value": "6beabb80873ac5981f7d69e6d66e49ed86ce86587197a85f9bb079028c8ff0e8", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217773, "uuid": "c22310c3-6a6e-4137-9309-377c6af9e48a", "comment": "Malware payload (Amadey)", "value": "614ca04b117a2a0088488d5dd78fdffa0a05fad0", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217773, "uuid": "1689e402-324b-4453-ba85-6ab8f795b706", "comment": "Malware payload (Amadey)", "value": "8cc9ab9fea9fd0fd19642b52b97194f2d8633436ec079cef5aeed6f78f3968bfc55d70876a408a69b58acba6b96ebc5c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217773, "uuid": "44ec28a9-d735-43ab-9e9e-a6b90d65232e", "value": "T10D840116E6E44033E9B017704CF707931E3ABDA36938076F274A998E0C726C5A576B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217773, "uuid": "2c1f86c0-0582-4eaa-baff-84bbadb0879a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217773, "uuid": "866cf02b-7bdc-49d6-b892-f0334fd97a6f", "value": "6144:K/y+bnr+Lp0yN90QEwPDcIXsVBtj35xtdfAlQBBr4V+w+tcvfMywh7Xqr/eLDxp:VMrTy90WIIXs5HclArMlfMth7XqqL/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217773, "uuid": "a71c0d3d-c0be-4465-96ba-6c765596811e", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217773, "uuid": "ac050495-e3da-4afe-8692-1fb6d020703d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217773, "uuid": "e0657b1b-dfba-46f2-b6ab-df38cc500054", "value": "d85f3f0781672e1d166c614a8e2fc803.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c63d409a-29e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1690175587, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175587, "uuid": "62d7e9ec-c237-448b-8a44-63f444f7b6ed", "comment": "Malware payload (NetSupport)", "value": "d3a24d9fc3d70a9719344547f8a2341c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175587, "uuid": "7213fa23-f677-4726-8a82-2240bfc5664d", "comment": "Malware payload (NetSupport)", "value": "6d3e53f049f891c6bd818554d04f3c41c8c5f2bf02d48ffa3ac6382262e95b57", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175587, "uuid": "ad60873a-9ccd-4ea1-b2df-a9f7b0a824a9", "comment": "Malware payload (NetSupport)", "value": "6d8d9aaccb8bc5ef2a0c8a6f19e46bd3a1483499", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175587, "uuid": "9fd93109-c3f3-4dd9-b669-302e217deb7d", "comment": "Malware payload (NetSupport)", "value": "c6f93d325b2cc7f572b68472f873f2d17fea9165cd35a387088a0532a74be79175625472138c79db1e94ef09fbd95492", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175587, "uuid": "235d8e22-4f78-43ca-b8cf-789a5eb2737d", "value": "T12A061886A6D111A9D0378174D6693366F93BF5DC1B248BC3AFB9844F43DAEC42AF9700", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175587, "uuid": "133ffa43-00e8-4917-aa76-9296830a1b31", "value": "fe1147df2ee30051a844565381a6e079", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175587, "uuid": "0d1a45a1-7a44-45d8-9944-93a7ab785fb8", "value": "49152:8rWotRsnvwin6+SfrVthQA232WpNIYf8P:bzIJtho32WDMP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690175587, "uuid": "3652a1c7-cac2-432b-b236-ac4393f4682e", "value": 3869832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690175587, "uuid": "d0e8afa2-d8e0-4657-adb4-c7b06cbc69d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175587, "uuid": "2fedee82-0c0a-4839-94ea-86fe50f319d1", "value": "d3a24d9fc3d70a9719344547f8a2341c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1bc3449-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690211737, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211737, "uuid": "7ea52d09-829e-4e67-a63a-68764c922b90", "comment": "Malware payload (AgentTesla)", "value": "15d1a67de3bba5b4df4b984d848c1d05", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211737, "uuid": "e7f0cf8d-fde7-4757-9810-4f30cf6c9297", "comment": "Malware payload (AgentTesla)", "value": "6d5b825b8559f912c5e26bb5290bffb54c674347f98711fc9e63d2aed0bc9c12", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211737, "uuid": "8259cd86-6796-47c6-9233-0069dac25510", "comment": "Malware payload (AgentTesla)", "value": "06c9cc48be922153651650619a8c703aedbf57c7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211737, "uuid": "3632b32c-30bf-4682-82ce-e6757314edc4", "comment": "Malware payload (AgentTesla)", "value": "794a98bbdf2d8af4e2739f22dba04db35b37e335c2b9fe8273f21351510257d4217adaf843c8432103b0e98b3d7627d3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211737, "uuid": "5c69a8a9-35b6-4c14-86f8-47ebad376b81", "value": "T19F0522A2377AAE13D1A8BCF442E4C501033266512927E7DDCEF160DD5FA67E0AE109E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211737, "uuid": "cd6cbe6a-3baa-4930-a18f-4eb4ae906c16", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211737, "uuid": "bb69b744-dd81-4179-a726-ba2c1586b034", "value": "12288:CGvJRBusykCS2t6urw9M8TFOXRuRcajuSAvlgoSu3KPaoFzpoR5:ZFuYCSQJrw9M1QKajuftvqaE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211737, "uuid": "cc83ef42-5b95-4a80-b72b-4bfe2e495987", "value": 834560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211737, "uuid": "1d49e4f9-4ac3-4ade-80e9-7862192c8032", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211737, "uuid": "4f480bff-c2ad-4b7d-94a7-021f7695933b", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6e4c3a0-2a1f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690202592, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202592, "uuid": "784fdae2-2926-48a7-bf20-f3c46917e73b", "comment": "Malware payload (GuLoader)", "value": "56805820198a2e21d72d894a542ef339", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202592, "uuid": "380d8d14-161f-4e32-8b50-297564803a80", "comment": "Malware payload (GuLoader)", "value": "6d5ff1836e64d10cba3715bdd4d3f5ef4aa9479fffecdafe9f7ce0532fc93e51", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202592, "uuid": "42b21cc8-dca3-47a2-a760-0de342eeca13", "comment": "Malware payload (GuLoader)", "value": "95c28d3bfc0e2b7fa872431001e9964c6b3ac281", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202592, "uuid": "93a75df4-db8f-4bb0-987e-7cd4544d389d", "comment": "Malware payload (GuLoader)", "value": "92a8217a6bc8cb848ebf5e07a7cf81139bba4d7d9fda424cb26eca5c23100c926104655ff7f480837f034b886d78d64b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202592, "uuid": "930ed6a5-4791-47c3-9c74-14fcab5a8951", "value": "T107641342B7D0D177EC32C9B0583922EF2F9DF93046912A4A63803B563D6B563E92D9D2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202592, "uuid": "dc06f6bb-2e5d-4178-ba8f-b9a3529704b1", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202592, "uuid": "45b0e5fa-2c04-47e3-9312-f80f75acad8e", "value": "6144:kpkXchIk4kfn0v6J9ctSbbvlTeHiYIaXj4TTeB3VfoHhE5BAAanY/+wQJJqZwC9Z:hJk4kv0iJ9c+jlTPBaUTTpYAbnPJJqZ/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690202592, "uuid": "df2c2199-9511-4dc3-9976-bc7ee641d954", "value": 323796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690202592, "uuid": "42508f4f-5f02-4310-b625-27f572dfd6f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202592, "uuid": "ea583a8a-2a2a-40ef-9ee3-ad94213068bd", "value": "QUOTATION RFQ TWM 419077 INFORMATION.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b4cd6b3-2a14-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690197768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197768, "uuid": "2b3f9d5d-0824-491d-85b0-82d1347217d9", "comment": "Malware payload (AgentTesla)", "value": "e916eabe7ee0e3d7b1dee9ce8ae535a7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197768, "uuid": "f0d5fd48-7bac-4b04-8c50-97a9930ef4cc", "comment": "Malware payload (AgentTesla)", "value": "6d78f4ea4c2f187ecfddc070d7431e813a725ae9d8dbf8dd9229ea01ceab7580", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197768, "uuid": "cd4606c8-2dc1-414b-a678-0862594a0fda", "comment": "Malware payload (AgentTesla)", "value": "f8cb6538090cc869fdf91b134c915c1fcd557d22", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197768, "uuid": "37858514-98c7-4e17-beea-aa89ff773d02", "comment": "Malware payload (AgentTesla)", "value": "455cc8f554824c12ce8d5418646af0e18da0425ee7d09f8ac79bfec666b620d802f36e649146f2f108263064be579a13", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197768, "uuid": "7aefcd3d-78b8-43bd-a8a6-46a7525fba42", "value": "T1F95512513775AB51E2B8BBF485A066140371A4552833D38CADF920EA1F62FD0AF92FD3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197768, "uuid": "25d2a7a2-b143-4168-aa18-f67e20205dc3", "value": "12288:AKvJRBusy2Za5+vqGXQsSsxr7j9cFuPFPaLW4+w1:fFuiZg+SGg8zWWF25+y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690197768, "uuid": "f6262ea0-3bd6-4a32-a481-42576bb93790", "value": 1310720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690197768, "uuid": "cc7743f8-4c04-4f84-b033-f7896ae78743", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197768, "uuid": "657d36a5-cf77-4b59-b1c2-25df57adb834", "value": "nDHL Shipment Document_24-07-2023_PDF.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9610587-2a44-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690218568, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218568, "uuid": "59892c40-4b3b-4eda-9abf-492ed5037fea", "comment": "Malware payload", "value": "1878458770c0aabb25ed8cd0f00d19ff", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Mallox", "colour": "#4D554B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218568, "uuid": "046ec2f3-06e2-41a2-8d2a-66cbc188c25c", "comment": "Malware payload", "value": "6de853a9d15eed7187d4a0c758a51e9f992be6ccc8c2d2145e2a37e957e306ed", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Mallox", "colour": "#4D554B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218568, "uuid": "5cf9504c-9d34-4ec6-a5cf-901b0c7f228a", "comment": "Malware payload", "value": "91b994ad9f6299cc09726ab5490bdc66849411de", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Mallox", "colour": "#4D554B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218568, "uuid": "3c72e0dd-134c-4059-bd8e-5c6089d386ba", "comment": "Malware payload", "value": "ba687d756ef1de11c13d6ddec94a44c931252365212e7465263cb5b86fe5106c09bea130241da7a0d6326817bf955064", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "Mallox", "colour": "#4D554B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218568, "uuid": "e10c4fee-9ca5-40d7-b020-9e55f85fcdc0", "value": "T1060402C2927125D78BF0A4774C8CAA4A575FCBD10328F0DF60D61C82E82D977EB855EA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218568, "uuid": "18d9b02d-d33d-48ef-a73e-8797ef5f23a1", "value": "3072:nkkkifUxmBboh2Fd6gQduYi6XzLq6oea/5xnRGfG5Lazs4PIEqBXUjtj:nLkiMMB8h7zLNp65OfG5+znCZA1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690218568, "uuid": "5343f2b6-0e6e-4801-a81c-b8a684206b50", "value": 184789, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690218568, "uuid": "f3ee27ee-4733-4dab-8935-8df7cf36bc78", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218568, "uuid": "2daed367-566a-4f90-ba9e-fe742bcbed9c", "value": "Gsismkswcbe.cmd.exe.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "454194f3-2a50-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690223474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223474, "uuid": "6c4cf0e5-303d-4e4a-b0b1-5ec862713ed7", "comment": "Malware payload (RedLineStealer)", "value": "839ab7b272050c45c4d481763360fbcc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223474, "uuid": "907cf76a-41ee-4c4c-a8eb-6b7d2e583802", "comment": "Malware payload (RedLineStealer)", "value": "6e09b22b9b11f03869eba95ab1d7936b478a6d65b332e85cda5b6940cf567bd7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223474, "uuid": "0789a86d-80e8-4453-b6e8-f26cb9c4710a", "comment": "Malware payload (RedLineStealer)", "value": "0d56efb66326e12c610d80d6bcf927b3e7811ed5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223474, "uuid": "7770b171-43a2-4a1e-8710-6b08473b8814", "comment": "Malware payload (RedLineStealer)", "value": "04fa933de870044d87f34dc72723b58e948538edb8dfbf9c2ffb1c61b18d50a5cc5f3be7ce0c6b52852b586aa740b7fe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223474, "uuid": "f9bc8512-d2e6-40e5-8889-df493d86f822", "value": "T17CB40247EBD88173D9B50B705DFB02930A367CA19934862B33956C4A5CB3A84E5B273F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223474, "uuid": "ad616bf3-0a12-4b43-98e4-f01bbd76e91b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223474, "uuid": "c7c4aa90-6a6e-41f1-9c77-4fbd54d3c135", "value": "12288:SMrLy90dmKKGQk9Y/pGn7b2EDo8N1BSK87:RysMk9Yxm7bJb1sKA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690223474, "uuid": "89fbf111-c936-4a8e-9bb2-00daa08e430c", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690223474, "uuid": "488bdf9d-edb1-4e20-ba8c-687a9124ce90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223474, "uuid": "32b4865d-f064-4157-abe6-526141c6e2ef", "value": "839ab7b272050c45c4d481763360fbcc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2833a3cf-29ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690180475, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180475, "uuid": "32a5e89f-450a-4570-8d9f-1b70e60a1e5b", "comment": "Malware payload (AgentTesla)", "value": "e6062652a956936758214e4099faabc9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180475, "uuid": "8e2d7edd-b703-4dd3-822e-f124ba31503d", "comment": "Malware payload (AgentTesla)", "value": "6e47381a638f8ffd26a8009ddb73d38b63459161a0b9633b17445c49ffcd965a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180475, "uuid": "d68b1aeb-c34a-4968-816f-d7f85136aabf", "comment": "Malware payload (AgentTesla)", "value": "960080862a56e9fa163e8781d82d09f74bea0f2f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180475, "uuid": "b4b61a6c-0d28-4a0b-a4c4-7fe7acbb43e7", "comment": "Malware payload (AgentTesla)", "value": "6731df011092a58947d9426556d61b2fa01c7c82989480da5b4b9bf2ce9e84f4fd3dfb065a5bf6ce56309eebd1ba9a80", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180475, "uuid": "81c37d32-8b78-474e-9664-c2375e0639d5", "value": "T13EF4F102FABADE73CA2D56BF875472350F7E1F5241B1FA8D2888B0981DFAF048151697", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180475, "uuid": "4a9ed8e2-e265-4bff-9125-e901c44052ab", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180475, "uuid": "0cba95c2-8f7e-44a3-b017-5a0b75fdf531", "value": "12288:5TUZ9qT9qIxqysfO7FWYEkG30I7UlwnSSZ1haCMbbCkKeK6DPJ:tUZcVxqeWYEII2XCQCkKeK6D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180475, "uuid": "8778395f-56af-4b26-a74a-cf45eb9896d6", "value": 738816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180475, "uuid": "a0ca7a2b-6ef2-4a04-a59f-f9e4c60dee3a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180475, "uuid": "b1f30b06-0f1e-4a5c-800b-4bc0eea59ced", "value": "SecuriteInfo.com.Variant.Zusy.478183.26222.24209", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b641149a-2a3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690214644, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214644, "uuid": "35bd34fd-78e8-41ec-b435-c9e9c1e2fb6d", "comment": "Malware payload (GuLoader)", "value": "b584af26682595c6bc00bfa48cf1fe66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214644, "uuid": "1ff7a20a-6a74-4d25-9e7f-2477fc4e38f6", "comment": "Malware payload (GuLoader)", "value": "6ef8c4ab3a5a7c626a151ff95aa444789f29b87db1dec656377e50723651b183", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214644, "uuid": "61fae5fd-0c0b-4ce7-adc7-c81fe40aa213", "comment": "Malware payload (GuLoader)", "value": "821859be5c7992928da5e4846313e8248accb10b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214644, "uuid": "bc3650cd-7cd0-442b-9394-013e3e14a98a", "comment": "Malware payload (GuLoader)", "value": "5470faf036a958160530dbb7165e49492d357201942b8748f72c254f3dc9d1489688676e4e94b5d4946c73a4290f82ef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214644, "uuid": "debd91d4-b71b-40a2-b02f-e2f9a29ba304", "value": "T1BA841263FA91DA5FCA508B705C21DBBA7BD1DF12D8241E0B23543B0F387EA42590F686", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214644, "uuid": "89845df0-1095-458b-bd65-9b82c79f5c80", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214644, "uuid": "d6f34c53-ae99-492a-adeb-b39fc9665883", "value": "6144:zMm4CC4YhmZEwLlbbretvCqQ1XPlXhnTJIBIRNlrvSHfVOMjBR4dh:zMwxMmPbK+hnemHDSHAMjBRYh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214644, "uuid": "049aa79f-57c2-4606-8ac6-7daef10b4650", "value": 397404, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214644, "uuid": "f8dc6b63-f424-447a-8278-3824454701c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214644, "uuid": "11e25d4e-51c1-42e0-92da-39264b61b305", "value": "pedido.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d4bb5a0-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211139, "uuid": "5216f445-f546-489e-a3cb-70b6480d8107", "comment": "Malware payload (RedLineStealer)", "value": "896e388e9b953837602b0f8ccd322fc5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211139, "uuid": "d9909944-3600-45ed-ab5c-ff3f1177fefe", "comment": "Malware payload (RedLineStealer)", "value": "6f0e94df21c99d849f0b3655a9c3eae6787f979ace568b0f22c2da1bb04422b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211139, "uuid": "b55dab35-dff4-4e3f-b89b-6bbc588bc0f2", "comment": "Malware payload (RedLineStealer)", "value": "4a90dbedb6cee79cae9e2014e04c6fda6cf9ed82", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211139, "uuid": "ad58fd23-1ffa-4af4-a11d-4596fa787ae9", "comment": "Malware payload (RedLineStealer)", "value": "cb66dfacb0b9fbc3dd05ebe030ef35e002f0273420dff7faa0a1c248be41ad01698ac50119aae4514680e7a46264e047", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211139, "uuid": "5e9dc4b7-b323-43bc-8a44-0e480bd8598e", "value": "T15B840113F3EC9172EDB55B7059FB03930A36BDA198B4836A2385980F5CB36D0A57136B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211139, "uuid": "9bbddadb-b4a9-4adb-b159-d954a75ab1eb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211139, "uuid": "2ee1d772-7b54-4dec-89c8-c2440464e03a", "value": "6144:KFy+bnr+Yp0yN90QEsKRGL/J/tFld/P5JbBe7clBK9MGieb4TdRkmh5OKdBngH:LMrIy90mmGLBFFld/LA7wK9XieeRhgH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211139, "uuid": "05435984-babd-4ef9-b905-c9106da806ab", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211139, "uuid": "9be96d4c-0b47-4feb-bcc2-64c574a6f6ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211139, "uuid": "c82fa465-7593-4d99-acea-5749b625e16f", "value": "6f0e94df21c99d849f0b3655a9c3eae6787f979ace568.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d91b3da3-29f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1690182920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690182920, "uuid": "8899e537-70cc-44ce-8a8e-6965f4529417", "comment": "Malware payload (njrat)", "value": "109895fe7d953482205f47305e0771c5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690182920, "uuid": "d16cfe84-7b77-48b7-88ee-d3bb9d587718", "comment": "Malware payload (njrat)", "value": "6f5d2a5e1a8a4f6fa15f8145c228f85d597efd39e4d642f3111b4999964e8915", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690182920, "uuid": "cc40fa8d-e075-4196-8d70-4fce1bbb564f", "comment": "Malware payload (njrat)", "value": "7604b0bee477de70720f74844c566194afcdd424", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690182920, "uuid": "cae2acad-16f0-4027-82c5-3ba9544b68d6", "comment": "Malware payload (njrat)", "value": "3cf1875c0397670552329f1208000e879f5846d2a8522ed388ef7760f60b9b2c7353787f9ada512d195b5779ebb40dc6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690182920, "uuid": "90426e4b-0ce6-4b69-9416-e0b93e002fb3", "value": "T168431844BFEA4A01E2BD8F3468F645150634BA63E532EB1E4CD668EB17327C58C40FE6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690182920, "uuid": "504a577f-a2ca-408b-9893-04f1003a56b4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690182920, "uuid": "47e3773e-55c9-4e06-bb82-d932204ab3db", "value": "1536:fUgcDnAvNtki5pKD6iwsNMDVXExI3pmLm:7cDnA9vKD6iwsNMDVXExI3pm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690182920, "uuid": "03580b0e-b7ce-4bbd-9640-03c4b45ae45d", "value": 56320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690182920, "uuid": "95504725-e909-4527-a146-21c345dcdc11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690182920, "uuid": "bc7f1df3-9a3c-4927-92d0-f403508ced43", "value": "109895fe7d953482205f47305e0771c5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89ab95b8-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690211133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211133, "uuid": "bf09243a-f837-4945-bbf0-aa699cb25b42", "comment": "Malware payload (Amadey)", "value": "c1777f62dd488227c5b769fbce3c8738", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211133, "uuid": "ca646143-3eed-45d2-a26f-d8c9430f02a9", "comment": "Malware payload (Amadey)", "value": "6fbaa297a42203e83f322f0da0525ec8cdd49a4c02041e9c118e5e29ce7e3888", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211133, "uuid": "22c39e3b-a699-46b0-9cbc-59e3cf1dd286", "comment": "Malware payload (Amadey)", "value": "b2b92b65ae37aeddc8b741a7286fddcd9a59f7b4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211133, "uuid": "0c7ae4be-48c2-4012-b291-6f35d3e0130c", "comment": "Malware payload (Amadey)", "value": "23c300a8767a34f994b3c78435090f7982f47ee601616fc732c1073f5708f4e714fa203c69cb54ae5d928c164835f3d3", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211133, "uuid": "d36dc137-b38f-4723-9c45-0e9aa96910b6", "value": "T1A32408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211133, "uuid": "06889dc0-6743-4baa-8a61-7799bea1fb8c", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211133, "uuid": "2d43f377-1f11-41cd-8e94-a2a722f140fb", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211133, "uuid": "aeaf94c1-472e-4b22-9c1b-f03e8b528d16", "value": 228950, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211133, "uuid": "a40f02c8-ae9a-49dc-ac8c-b3585ac23f25", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211133, "uuid": "70b8d0c0-c9cc-45eb-8e0c-53e7c146298f", "value": "c1777f62dd488227c5b769fbce3c8738.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bffd70ad-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690191038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191038, "uuid": "a1bd74e9-0cd4-4bb6-becf-9d14767b2d09", "comment": "Malware payload (Mirai)", "value": "4589bd75f1a4fd2403352ebd5d10630f", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191038, "uuid": "a7cbda2c-a61d-4b8a-9e20-c84a0f66ee33", "comment": "Malware payload (Mirai)", "value": "7046847a4b8cc27532b91e7abb7616502d2d66434ffd368c87b11480c7dd0a11", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191038, "uuid": "ccf3e150-224a-416a-a07a-21f1aa025937", "comment": "Malware payload (Mirai)", "value": "62b7b236395abfd37aeb8fb0c5eb42a337fa4521", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191038, "uuid": "04905458-3a7a-4772-bcf1-9e43f8024441", "comment": "Malware payload (Mirai)", "value": "0d8c68ce2d19e345cba6b0608d2611ed341e1fa981dced4614b55e572bfd8236ba57b439982145e4ea5f607715bfee70", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191038, "uuid": "1fc3fb99-b3c0-453d-a03c-81542b7785b3", "value": "T1C1735BC8BA83D4F5FC6309B25137A7728773E12A146AEE42C729AD35CC92910E72735C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191038, "uuid": "40d848e0-74d4-4554-ba26-4d93941f3243", "value": "1536:ui0zOLnGHoKB5KAvMMZlpdtqNEloSjot0rjCeya:f0zKn4oKHCMfLt6k1j7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191038, "uuid": "dc10dc1e-e761-4ef8-941a-cbb30e860641", "value": 80232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191038, "uuid": "c1dc2f4e-fdcf-45ab-b025-f4f0cec20324", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191038, "uuid": "d0e33af4-c0ce-45f1-9102-76d3941f7886", "value": "cundi.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8389e34a-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690188789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188789, "uuid": "4d871869-5b64-4628-84a5-a5a508d0f3d0", "comment": "Malware payload (Formbook)", "value": "57a38337a7bf9a0f40cc19b9106fb664", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188789, "uuid": "35d0a1e2-93ea-4825-87ea-d89a190cf72f", "comment": "Malware payload (Formbook)", "value": "7049513f0a55cdad1d145ba2c2f988ecf02767bd04b52cd443669e0776da997a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188789, "uuid": "7889f34d-335b-4c26-975d-8c9df67df362", "comment": "Malware payload (Formbook)", "value": "5c376c9e64137c175a1b3eb463d0a8d44557cfb2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188789, "uuid": "08864f8f-b495-4be1-a329-8abd49f25667", "comment": "Malware payload (Formbook)", "value": "be85e0acdeac6db5006ca0d40da357ba6641f15b981fce7a3340be5f76b1a699f69e1d29aefb31346a788231c86ee2aa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188789, "uuid": "d643341d-dc63-41e5-b750-1f72414aa98e", "value": "T168A5F144375B48D9C7769D308A908385DBE6FF2312E8C6163ACD3A8C5FB1B5443A1BDA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188789, "uuid": "7c2ac86d-86c7-489c-81ef-15847bd6d388", "value": "9222d372923baed7aa9dfa28449a94ea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188789, "uuid": "0a159442-60c1-41ec-967c-1cab519a9890", "value": "49152:TdmAznU4n9t2ELj18p4BDifoM83ig9Apl14yG9pn:TO49wi73fWchn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188789, "uuid": "e64740d7-dacc-4dbb-9580-ccfc8223db36", "value": 2204672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188789, "uuid": "53d3ce7e-208d-494c-910c-7390ad606606", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188789, "uuid": "9fba796f-d1c2-4203-914b-46500921a39c", "value": "BlitzedGrabberV12.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "504bbb57-29fc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690187415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187415, "uuid": "61b63364-e8af-46dd-af5b-c6a1fe6468c6", "comment": "Malware payload (RedLineStealer)", "value": "8b2c22060d17a78d5120cdb6373565fc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187415, "uuid": "1b5adcec-e99e-4936-b353-ae8b8f37b1d9", "comment": "Malware payload (RedLineStealer)", "value": "71a8ad79ae5c79f96835207df1aa8b717106032e8ad4fc40487e97cb992117a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187415, "uuid": "98e841fb-fbdd-4cd3-9a3a-58bb8cd757ff", "comment": "Malware payload (RedLineStealer)", "value": "03c80ccbe0c2b6c60102e4bc274b6342a1a5280b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187415, "uuid": "42bda9d3-19a4-4598-bd0b-86de41266126", "comment": "Malware payload (RedLineStealer)", "value": "f607895b34803da9880b948ae9a24780ae3afb9ddbd155a0a00f9a43bcf4523fb50ae767dbc40ac57768977b3ec97730", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187415, "uuid": "af5c7bcf-ee3d-4d83-bba5-ebf0004ec914", "value": "T15584295392B33D95E927DB729E1EC3F8761EF2508F4977AA12199B3B04B10B3D263610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187415, "uuid": "41b6d59b-aa22-4e77-859d-35ac8704350e", "value": "8d73c631f2f5f137cb9690031965306c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187415, "uuid": "bc1c085b-6a7c-4b03-89e8-7276d2a3f23d", "value": "6144:Lz9QLNE6dzvyx0JEE3C2VmaISi/idxmdQ11:3G59dzvyx0J73C2E//2GQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690187415, "uuid": "653fadc8-4357-4be8-abb7-b0966bea4a3a", "value": 377344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690187415, "uuid": "8d316d5f-163b-450f-b908-f3290ebf9c0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187415, "uuid": "3199f0a8-0d7f-4ac4-b316-ca6e8fa36b0b", "value": "8b2c22060d17a78d5120cdb6373565fc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77740f22-2a2e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690208955, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208955, "uuid": "9feea494-08fa-44ad-8418-cf07f7b305b6", "comment": "Malware payload (RemcosRAT)", "value": "682d6744626bc028880d22ceb3f313a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208955, "uuid": "3cfb4ffc-e145-47cd-a742-524155f2cffc", "comment": "Malware payload (RemcosRAT)", "value": "723a40b5d10baf215da246cb02dbb7b5eee5e2a53efe6eef08414094f3e12563", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208955, "uuid": "6ff04d50-6dc0-4c62-aa02-301e2de63d05", "comment": "Malware payload (RemcosRAT)", "value": "bd809b4522f3cef5b402b7763ad12e3150a56750", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208955, "uuid": "a5b861bf-6ad9-4f0c-bd20-f1599e774a24", "comment": "Malware payload (RemcosRAT)", "value": "d3985d52f13096f91cfb4be94488f1a21962abdaa45114f5a8daa575aaed819791a8ffcb6aff247a10f8607e5e028573", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208955, "uuid": "4375c549-4b8e-41f0-b7f6-3960f6fc0dd6", "value": "T11BB4125D7914B2EFC84BCAB9CEA82C68EA117476474BC307746716AC5D0C6ABCF121F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208955, "uuid": "904c0aeb-1d8d-41e5-90c5-55436777635c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208955, "uuid": "26618b51-8d0c-4c66-a5c2-962a32bbd0a5", "value": "12288:bZfX/w60A3WQziQdkWJwGpLIKPGz7JiZlO8tF5:bZfX/jNz7kWtIIGzNi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208955, "uuid": "22a6b9eb-cdbf-4cf5-a480-034194d742d6", "value": 528384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208955, "uuid": "8d93d534-8847-407c-9712-f7bb50d7da92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208955, "uuid": "caae1aff-858e-41c5-acc7-ba0f7dfad7cf", "value": "SecuriteInfo.com.Trojan.DownloaderNET.345.14389.9037", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4504dd72-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690211447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211447, "uuid": "4e148a6a-900f-42e5-a898-87d192f17e73", "comment": "Malware payload (Amadey)", "value": "aa413f00a634a54138763909ad2d91fd", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211447, "uuid": "03acc688-cdaa-4fa6-ac23-ccad6ebf3ab6", "comment": "Malware payload (Amadey)", "value": "72a27ce3ad4f2daa863374d24914b9bdd41f5b34e08b440b9988fd847de7a3a5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211447, "uuid": "9d57b8ec-e9eb-4df7-b4cf-fc44349da8c1", "comment": "Malware payload (Amadey)", "value": "1878f20db3f565f33a3e719132e7c1a26169a938", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211447, "uuid": "943eaaf1-79c1-4752-9839-024e8e9fe8c0", "comment": "Malware payload (Amadey)", "value": "222355b06d5ccee8ea98b9260b7452f95131615cd436e2b52d20a7fc4edbd25fe375f9fc6f5a453c745f8539d2ba9268", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211447, "uuid": "6c1398bb-a641-4aff-b0dc-fa7b993ade99", "value": "T1A0840203A3D88073DDB51BB019F616930E3ABCA25D74836A37499D5F18B3AD4953633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211447, "uuid": "c0909341-6f18-48c2-85c3-8aa4f309b4e6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211447, "uuid": "1c3afa9e-ab16-470c-8c97-699636a4b703", "value": "12288:tMrKy90lN9Rx8Rh/VCUR3OFegBYCRCThPL:vykFx8RhVCUB+9zuL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211447, "uuid": "11f849f1-0427-4fad-81f2-f23322569fcc", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211447, "uuid": "314fc7f9-748e-4411-83c0-84bc60125b53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211447, "uuid": "68097edb-ee8c-4f70-aaf2-dc5c7ecf8641", "value": "72a27ce3ad4f2daa863374d24914b9bdd41f5b34e08b4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72d616e4-2a2d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690208518, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208518, "uuid": "f814ca5c-2270-4564-af09-e5cf870ea206", "comment": "Malware payload", "value": "f07654a61a3f6b705bff08125f2815e2", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208518, "uuid": "a64150bc-44bc-4fdf-8cef-544d4dd3b153", "comment": "Malware payload", "value": "731e73facef89ec7a1e5f65b3abe64ed7e705f1769c4d492c4abec9a9457f180", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208518, "uuid": "ad38af16-d750-40ac-bffa-f549456ad431", "comment": "Malware payload", "value": "0045dfdca3187856e7d5b314cf6e11aa4c5ed256", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208518, "uuid": "0bca0d7a-8530-439d-964b-1c243ba13be6", "comment": "Malware payload", "value": "3c247e618be93713eb62695c8ae47bca7c4737dcaf51bab273341715471ed48860b693cba8fba9a54306c2125079aeb2", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208518, "uuid": "341f51b6-e23c-4eb7-b6ae-fab075cfd870", "value": "T1A74633A5DC32C8F60F61894509EF8CE2081128DEB718EBE8765E56934C8D77C6650BDF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208518, "uuid": "b6b85341-6171-4b82-9440-e7cd5096e5de", "value": "98304:j280xcmluv5zjHGXNJcNUP+JetHfHI8BwUBwjRD3570ET5rjz:Z01lC5U+EHQ8k9D3DT5rjz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208518, "uuid": "5a26b3ca-3c09-49b6-8fb1-1b88d38e6ee4", "value": 5687381, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208518, "uuid": "c0b0df22-c10c-45c3-a1da-7d02d06c8b95", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208518, "uuid": "6152b3a1-fd07-4a28-8282-35199c84141f", "value": "Ai.Google Install.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdf78aa9-2a37-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1690212939, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212939, "uuid": "91841d1a-b6d2-4548-903c-cc0e87998143", "comment": "Malware payload (Rhadamanthys)", "value": "ca3617108aedb1c053c7ddde6e23419d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212939, "uuid": "b32763bf-b4e9-42f5-8c07-7ec619708b9c", "comment": "Malware payload (Rhadamanthys)", "value": "737a4e3c0bc536fddc9f55099a01736da0b5ecb543d62b55ec3f29650a1305d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212939, "uuid": "ac980718-3d28-4b5d-b091-e50949e113e8", "comment": "Malware payload (Rhadamanthys)", "value": "1a211c1700ebca4765c29624b30311a552f2c042", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212939, "uuid": "de1d4bc3-800c-47d3-ada2-ff7620e07d12", "comment": "Malware payload (Rhadamanthys)", "value": "6e06681dc890039e5434efd8c84f361df80c1c29e9efe105d399ac5cb5e2e5b6f3d48875a7b459377b4a197714cd36d7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212939, "uuid": "ed624676-5dc2-4af2-88b9-d2a80ce0a5b9", "value": "T1F5D4124A23F860A2D8BA97B994F202979A357CA11B3546FF12C5C56E0E337C4B531F1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212939, "uuid": "f67e41b3-a2b3-4753-b3a8-935bf18de1a1", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212939, "uuid": "08b3019e-f8ee-4892-ae7e-b11e8f81c160", "value": "12288:uiFy90BNN/yMuQ0oqysKxi6dQMZR2uCVbVgeZs6K/w/GdfWpQ:uOyuNN/r4ApnZMgeNK/YE+pQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212939, "uuid": "32bb9ad1-c067-486c-9f86-6e8aff514ab4", "value": 628736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212939, "uuid": "6b2be736-6c27-4cd2-81de-b2f4d3bc1d73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212939, "uuid": "044082fb-30bd-406d-ba15-e0d0a3a8f370", "value": "ca3617108aedb1c053c7ddde6e23419d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c718ee47-2a61-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690230993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690230993, "uuid": "125c56bd-0028-4e3b-92ea-06d2b3ac8489", "comment": "Malware payload (Formbook)", "value": "0388d374cff9694d30c5c0de31296aa9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690230993, "uuid": "82acde39-c5bb-45f0-ad44-fd04794ffc7e", "comment": "Malware payload (Formbook)", "value": "73c59acf10fc928b703d88860a219e13493dce599914ec48e59a2ceeec3bee05", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690230993, "uuid": "2e3978b4-5c7a-4a92-9c9f-072a1c7f7ac8", "comment": "Malware payload (Formbook)", "value": "46a46322a3bdc57eddf9fc56f4090e50d705abd3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690230993, "uuid": "080ea201-e8b8-4439-96dd-2608f1d7a7ee", "comment": "Malware payload (Formbook)", "value": "8d32dd3b7b2bcdded3f0d0422dfbb338bd69d0626699dce20502696a2d8c1f4ad1174141642995e0c4abee837a160b6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690230993, "uuid": "51d4c5f9-5566-4679-be30-c4bc26207d96", "value": "T1FA74018C7A10B69FC597CD7A8D9C1C64AA616077031BE313A49366ED9A4D2CFCF061B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690230993, "uuid": "770f5af4-af1e-4d6d-a356-93355a73fe54", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690230993, "uuid": "1441b642-b6fe-4757-8d54-4deb4cb7dcf1", "value": "6144:NaDeFpgekpxx2vmYIs246mJzouubnvytxPSi+4AGeJNOPd/BLtIAzGaLC04:NaiFpgTpxQvmSO3yt4ztGJd/BLtFzGvb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690230993, "uuid": "fdbb8efd-fd57-4e13-b463-ebf31800286c", "value": 345088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690230993, "uuid": "027d9379-2f69-41f4-9965-be079ec37557", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690230993, "uuid": "12e4d53c-c8c6-4e52-b724-f4b7094c69ab", "value": "rformulariodedirecci__ndedhl.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41c6e4e4-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1690178800, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178800, "uuid": "f762502c-b2a1-4ab9-87ec-4d949210d0ff", "comment": "Malware payload (Loki)", "value": "4633bee23a6139ae11f2abd21cc80d21", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178800, "uuid": "e04becc9-b480-4419-a82b-3dbc89fbed4d", "comment": "Malware payload (Loki)", "value": "73ca91a52ed319db604f0951f4b95ebd4a93eabc6f410e3d7f7ffd33efa29982", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178800, "uuid": "0c633092-2880-4589-926e-072e92fb0e68", "comment": "Malware payload (Loki)", "value": "4cf12f604c00ed90bcbb2f9827e45deab011e110", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178800, "uuid": "7e4cbb6e-d140-41be-bde8-175000ba3568", "comment": "Malware payload (Loki)", "value": "56b9592995bb1e5bfdf10b673fa951e3ac21acc2a3e305d96ae4321d03734114f2e10ed79fd3b60517488ae5caf3c766", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178800, "uuid": "a9bc7074-3727-492e-b7f6-51a61596c110", "value": "T14EE4126533ED4D03E2ADBDBA56A4B0601372A3641923D3EDCD7620558EE1F80FE116EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178800, "uuid": "781dc930-2aa2-4f8f-acbf-89584fd30136", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178800, "uuid": "59288817-82db-47d6-af4f-8a06ce33dea0", "value": "12288:PGvJRBusyE7RkAr278h4DeUFdSJv1FNDqml9XO:YFuY7SArpCKcSJd7VG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178800, "uuid": "58a7360a-e058-426f-bad2-cfc0b6bc3d4e", "value": 674304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178800, "uuid": "de486d9c-d771-44ae-9ac2-970d1335e82a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178800, "uuid": "103d4d15-ff6c-46b1-bea8-d35634c79524", "value": "BNT ASIA BANK_SLIP_210723_Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14fee6d9-2a1e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690201918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201918, "uuid": "370d8558-19db-4e76-acc5-4e27fabf7792", "comment": "Malware payload", "value": "0204cc301e5f048f1c8dcbe5b2cd8ac4", "object_relation": "md5", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201918, "uuid": "c9b6e913-0409-4e68-8b10-b88d4e09cdd5", "comment": "Malware payload", "value": "74654343098d1d901fad3d4dc69d753e5ae1f6f25ce6edaa4e061fe64b8be522", "object_relation": "sha256", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201918, "uuid": "22529e5b-40de-417d-9e06-3c5aec2d0a91", "comment": "Malware payload", "value": "1371b9cf76fe3cf513e42e938b897891b20a3c84", "object_relation": "sha1", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201918, "uuid": "33546d6e-f50f-4946-8053-944ac04f758f", "comment": "Malware payload", "value": "c5032dacd25f926716faf360b4a88f49376612c3e8c271a057764e32b123a8a372c741d3486c6976cd82d87a8021e3e9", "object_relation": "sha3-384", "Tag": [ { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201918, "uuid": "8b23af55-2a11-4f35-b8be-3a5ff3162df9", "value": "T14F41EB152AE94326D2B20B3B58BBB720C562BD44EB53DF8E019441CC68A6201F974F2F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201918, "uuid": "823d3f15-7dc0-4843-b68d-832249e2e9cd", "value": "24:8cCJJCJYrfI9QqIEAYx+/t1M4I0CWeM3FReUMkWQRL4o0w5CwdoESNkUmaHgnN:8c3JNnaNI1MCHno/RmMUtH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690201918, "uuid": "e8d41e4c-d647-4d34-8eb0-6e96f95c87e7", "value": 2073, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690201918, "uuid": "c97c1db8-5df7-40b8-b7ed-8c335077f5ae", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201918, "uuid": "8101c0a3-1fe8-4157-8a80-15a47958f5bc", "value": "74654343098d1d901fad3d4dc69d753e5ae1f6f25ce6edaa4e061fe64b8be522.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "246db324-2a55-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690225566, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690225566, "uuid": "af9e4081-a867-43e4-8833-41c5a7f01ee9", "comment": "Malware payload (RedLineStealer)", "value": "03bd44cd1cfb0e46841527b122bf5db4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690225566, "uuid": "3fc368c0-33cb-4e9a-8ef2-eb92e06338af", "comment": "Malware payload (RedLineStealer)", "value": "74c94bb88efa873b6c765ca48f35c9c34574ebe1c1d67b6426f2a42526273629", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690225566, "uuid": "cbe6ad47-d56c-4770-8bd5-172de52d4229", "comment": "Malware payload (RedLineStealer)", "value": "fedb41c0905a372200d474609ca23615c5e34ce2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690225566, "uuid": "419fbb54-b8e1-4793-a40f-21b2b6d922d4", "comment": "Malware payload (RedLineStealer)", "value": "3da0f73a5d7c9ae5d97db2470f327ebaa793c3367fa8ffa15b4492b2df9baf4f4fe6401ff9aa97b24a0aa80758315c5c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690225566, "uuid": "6dc2cb1e-ff5e-4475-8dce-b2ce80e12958", "value": "T145E2F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690225566, "uuid": "27ffb112-9906-4936-a077-34da2e15a3de", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690225566, "uuid": "59d7dd49-4ce9-4597-a7d6-507fb6fb13a9", "value": 33961, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690225566, "uuid": "a5883d4a-7194-462c-878e-ed2965a50c48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690225566, "uuid": "92f9d2c3-7b08-4c2c-b01e-47d3f835bd09", "value": "03bd44cd1cfb0e46841527b122bf5db4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d40e080-29c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690165639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165639, "uuid": "48fbaa31-f272-4f79-b2ba-6275e64a8430", "comment": "Malware payload (AgentTesla)", "value": "1f56c245157f59bd32238edc9170a11c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165639, "uuid": "be563d60-4c94-475b-8b36-f771859778d3", "comment": "Malware payload (AgentTesla)", "value": "7510d23c5bd88ede2d8d2efbd6d851da1dfcdc1dfb089b80a4a310b7fb96df4a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165639, "uuid": "0318b2b7-e650-4f5b-af66-6594939bdbf5", "comment": "Malware payload (AgentTesla)", "value": "a693ec7bdaa1e0f372511b9669fd7cd955b49d64", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165639, "uuid": "20c236c8-5d83-45dd-b397-517f5349b1c6", "comment": "Malware payload (AgentTesla)", "value": "2f92820910f1710bc1bc7b976cb8df270e5672b76a9d3b05efd08f7600567157f2c0bd799f4823e551ab0ab76a86c4ec", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165639, "uuid": "ca864c08-8be3-49ee-8d6b-a3e52f2139c3", "value": "T1C0F4128333552E0EF2DEBABB5A61461123B155562813E38DCCB22D857FA17C4BF806DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165639, "uuid": "ccc0ba84-86b8-42d4-abdd-63c3f5194041", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165639, "uuid": "5ba46613-3e4f-4c37-9c1e-a63ca0710f9b", "value": "12288:midvJRBusyjqsH/4YDHkR9/L3WpQZrPfcuF5NQ9oJ0SNx1N:LFuqe4YDgipQZrPUQ69oyWr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690165639, "uuid": "c72a3ddf-26f9-4ad6-9d4b-f0057029770f", "value": 758272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690165639, "uuid": "6fd3700c-e933-46df-87ff-a488772ba66e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165639, "uuid": "0ff0e429-05a6-4110-b8e2-7a3f02319770", "value": "SecuriteInfo.com.Win32.PWSX-gen.3985.20842", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd0dee85-29e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690178148, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178148, "uuid": "edd12ca9-4218-46fc-b091-29de4e6c03fb", "comment": "Malware payload (SnakeKeylogger)", "value": "0c337b4ade00b54b752df594cfe4ea79", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178148, "uuid": "3e890228-1d08-459b-a747-e66042f304d7", "comment": "Malware payload (SnakeKeylogger)", "value": "753f470c8a987dc26efc0c804f48249358e3c0440b7d0dd17244ae77ffe2c3db", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178148, "uuid": "a33ad286-b137-42e6-a147-2dfc67d85fce", "comment": "Malware payload (SnakeKeylogger)", "value": "1c1c59438b05a7fef78b31077f0d8a221bcd7576", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178148, "uuid": "111f302a-0cb7-4a50-bb2c-b41665109a98", "comment": "Malware payload (SnakeKeylogger)", "value": "f50435cbbdf4104dbd7c1b5dd1c80193dc683d289e9b66250097e0a920b7c1185e9800e32b71d3b02b912ffaacc54c01", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178148, "uuid": "4be07d03-f9f0-4895-8c5f-ab17237e2259", "value": "T18ED3181D27F89810E5FF8D7705B15112C776BC42192ACE0D4AD2F55A2A7CAA08E1BFE3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178148, "uuid": "55054b7c-3c69-4de0-ab76-f0f41c9a1f07", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178148, "uuid": "b905d275-56d0-4332-8196-7618d8e53d34", "value": "3072:WOOYz25B+Lq9UZVO1QVKb7NdyCpwBjb6gbY:XzeuSJbzibDb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178148, "uuid": "11a63c5d-d0d4-46ca-aeb6-ffdb09045cb4", "value": 130560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178148, "uuid": "5dc39fcb-4b24-4e79-a686-56c6fd967fca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178148, "uuid": "aa7a8d45-a279-4629-aade-4ab0f3f4a852", "value": "0c337b4ade00b54b752df594cfe4ea79.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03d45bdb-2a1e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690201889, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201889, "uuid": "58e7f143-dc64-4da9-9bfb-c744b7f708c7", "comment": "Malware payload", "value": "f6ada0ceac68af3ed2c321533d308440", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201889, "uuid": "46c5d18c-12d3-4b11-b9ba-951004e2a306", "comment": "Malware payload", "value": "7585af7ff26196fbcca44cac2efda77246a206b63cb476daad00352c15e55127", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201889, "uuid": "0800e91d-0202-4e5c-8baf-045dd01b533b", "comment": "Malware payload", "value": "05c608b9e1623941f1d197f12fc9565e3dfdc271", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201889, "uuid": "8d922153-fc31-4232-80e9-ed934c4a344e", "comment": "Malware payload", "value": "4c38354106dafab0a760b5a7d821f0405ffbd5532d0437c3bd763dec75f13fbf8c0a73dd4abe4d1faaa1b61af4fa5984", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201889, "uuid": "cda2392a-17fa-4572-8966-42212601a11b", "value": "T1A764BFF0379098D2EA9E9B97E1595D9D133620BBEECA258C0045FFD92AB73418E0DCC5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201889, "uuid": "45db994a-3cb9-429e-8e29-4de2e9f8410d", "value": "3072:spzgVZNT7HKoLb0P1aaVoHg9IFRO/2u+nyA7mvjRWjCl+P2UK9M:OsZgoLsaaVovnOdcyTvdWjj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690201889, "uuid": "96859818-c29d-435a-a49a-67fb9e7e16f5", "value": 331266, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690201889, "uuid": "18df6083-796d-425e-8441-192b8f481523", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201889, "uuid": "fd50e90c-689d-471a-b293-7fc1a7880141", "value": "SecuriteInfo.com.Exploit.RTF-ObfsObjDat.Gen.29418.4292", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46f90bc9-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178809, "uuid": "945d4baa-ec92-4abd-9236-f8a5949dc4cf", "comment": "Malware payload (AgentTesla)", "value": "3e63523bd51914bb24470d038b0ba931", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178809, "uuid": "00940bb9-19f3-4ee4-99d8-348eb65e3ea5", "comment": "Malware payload (AgentTesla)", "value": "76d55aec6c6ce78586bcfa2b1ae7e727d9c922ff75a3f2aedc7cba917f793395", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178809, "uuid": "541ed7d6-e1e3-40d8-a030-5c696b124f14", "comment": "Malware payload (AgentTesla)", "value": "dbdcbb4f6569a517bfc6bcfef584b356fb8a61e1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178809, "uuid": "9068818e-6a73-44ce-b998-c808dc401c9a", "comment": "Malware payload (AgentTesla)", "value": "a13a352d4ac4e6a8e6269c487d2d042d3609916bcaa32a88f63f76d80a15eeb4b9b191fda31826baafd577af17ec3cc6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178809, "uuid": "9c3d03a6-5342-420f-8cb6-89f00eb6fe7e", "value": "T1C9F4125533A95D03EBA8BDF8469492281372A5912827D3DCCDB360D81EA6BC0FF316D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178809, "uuid": "cd532c41-44c4-4177-8454-1af248844639", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178809, "uuid": "c9704d88-f929-40f0-a1c7-acecd11d2b61", "value": "12288:M2vJRBusymCtVhKg7lpgoFQe0YO/dZH2Tl+peGryawQ5kuKufj3dxR:/FuyCtVn7lp1FQlv2Tl+2Q6uKufzdx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178809, "uuid": "97353b9d-e438-4f5c-b0c7-f7ad147f0fb0", "value": 745984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178809, "uuid": "97957c43-8ef7-4a93-b409-3e5ad45048e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178809, "uuid": "71e271de-3538-49b8-92ce-4c05e4a23275", "value": "Shipment Import Invoice & Clearance Documents.xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75ff6052-2a38-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690213248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213248, "uuid": "aa513e06-c7ba-4bfa-846d-0484441ac86c", "comment": "Malware payload (Amadey)", "value": "305ecbabc0304bc3d2708d6d511e019a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213248, "uuid": "f175433c-ff1a-4d06-9dd4-e08e999d6f10", "comment": "Malware payload (Amadey)", "value": "7731afb0d4949a79a0ce96055a2aa053f146a0c0420a6cab24b9cbd2067c0210", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213248, "uuid": "89aa26e2-b7f3-495a-a673-1099969fcb43", "comment": "Malware payload (Amadey)", "value": "63aa542890fb0c5dd2eea5325a8736c77359f037", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213248, "uuid": "9a51a14c-23de-4a9d-9af8-064b7fd47b3c", "comment": "Malware payload (Amadey)", "value": "0ad6219c0659509a3bd72a70d057d70e776419c71a5121c24b6ea90942afe4679c2d64329c1c0d907615ba51a9fb750b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213248, "uuid": "90fcb351-ca73-4bf9-b93b-9758830b7840", "value": "T18B2408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213248, "uuid": "8c5f5cd8-191f-4fdd-ac8a-9f36b8b97ced", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213248, "uuid": "81e9ccb4-656c-4a5f-ad0d-76ec629c1014", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690213248, "uuid": "1e7e4bec-e7b7-4821-83bc-90ed56f21341", "value": 228870, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690213248, "uuid": "1537897a-19e1-4bd8-97c5-9a4818a2a05b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213248, "uuid": "64fbc460-4a53-4bf3-b915-4c3833b18c3a", "value": "305ecbabc0304bc3d2708d6d511e019a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2919403-29f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690183365, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183365, "uuid": "715860b2-56d2-442e-af87-e34b0d4b5c28", "comment": "Malware payload", "value": "04a7cdb9934ee0dc858296492046161c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183365, "uuid": "585a2538-d2e1-4d85-b13d-c722fd03de3d", "comment": "Malware payload", "value": "77be1807a138cfb4913cf96ef67a9934d5d385ff3f516d756dddda22f9eb5a89", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183365, "uuid": "7a3eea6d-68f3-409f-a173-762fce9c6990", "comment": "Malware payload", "value": "39bda83bba8bf5495ca4fd5735672c56ed95b8b0", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183365, "uuid": "bf384597-7635-406b-bbce-0902f0365804", "comment": "Malware payload", "value": "929e565c1244216d210f35afb277d670f9c93549b8a1be7423f0f93995d89ceb97ec6138d9944e7148694fe2cbc4f345", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183365, "uuid": "10d69e6d-7988-4a96-8cde-76b83bb60381", "value": "T1F7968C42B6045FADC670493385B38AE127727C696F219653AB14F67EBCB33091F06ED8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183365, "uuid": "c1a33a68-7b99-4731-bdad-68e0e556b18a", "value": "196608:T0WqIgqQFtF4+O1QjWuyy9svTFeXaAet8E69HB:T0WqIZQFDuwJXaEh9HB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183365, "uuid": "dba529a4-ec6f-4ec5-b7f3-b1b5bb77d68f", "value": 9170884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183365, "uuid": "e87803dc-9f1e-4441-9eb1-e582f08c9a54", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183365, "uuid": "ce4fca84-8946-4592-a20a-091446b94ebf", "value": "04a7cdb9934ee0dc858296492046161c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a988bde8-2a47-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1690219777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219777, "uuid": "ed939f34-e8ea-4ca6-957a-c3d096bee5de", "comment": "Malware payload (DarkCloud)", "value": "5089ba7e6218875adb604ec70bf0a570", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219777, "uuid": "98f09ad8-21ee-4936-8447-2657fed560e5", "comment": "Malware payload (DarkCloud)", "value": "797150ed71196346ce51bc641cddf2c37ad8414b33971986c9cee2ad4be0e254", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219777, "uuid": "cd550331-4566-4118-b63e-92e79cb78cd1", "comment": "Malware payload (DarkCloud)", "value": "fda7f71537bddd96570b3793b5571c7329358266", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219777, "uuid": "6438c460-7a99-477d-afbf-f635ce8e0409", "comment": "Malware payload (DarkCloud)", "value": "097324f183a4292c02f5ea27e9cabbe3ebf521c628e4b2d338e901fddf8c24e4c94954fc82515bcec15f4d98db783af9", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219777, "uuid": "63b8b904-35c3-4fb4-8403-d8f61fde5e1c", "value": "T1541533C59854462CE5A379BD7F1FE2997EC0C32553320611AB1733FB2E8E9168CC6DA2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219777, "uuid": "ade8958f-63a1-4bd0-a388-cff326606f9e", "value": "24576:BGX8BPFRe27K+Sdqf1GYF5041ddWQs24hl0gljp:BGX8BPrP++Sdqf1BHDqn/0gljp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690219777, "uuid": "e9239d2f-7e90-4b41-a64d-cfb7264274ce", "value": 904627, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690219777, "uuid": "f562d012-4fc4-4077-9359-253a17d607a1", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219777, "uuid": "c5cad8cd-5169-47dd-acfe-521d9c5cd285", "value": "\u0395\u03bd\u03c4\u03bf\u03bb\u03ae \u0391\u03b3\u03bf\u03c1\u03ac\u03c2 4010061141.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "00e1881c-29ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690180409, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180409, "uuid": "df1fb688-80bb-4084-a419-aed5b13831ab", "comment": "Malware payload (GuLoader)", "value": "f386cf2609175bd8834d0b66aceedd8d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180409, "uuid": "8c3e681a-927e-4efe-a195-88a8ab945b48", "comment": "Malware payload (GuLoader)", "value": "797922342b601df4389ce79cbe6ccbc154974d0a25d593e3e6013d27aa76dc9c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180409, "uuid": "dbf08d04-e5eb-4dd6-8af4-91bde610f4d2", "comment": "Malware payload (GuLoader)", "value": "08bb49c421fc8811ba2b2aae01d7ef3c8890db70", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180409, "uuid": "f5e8f038-9975-4da5-9a1b-c73e3ce1943b", "comment": "Malware payload (GuLoader)", "value": "11f4e34481d31a61e961bc49a744fc1290451b9151060e73d4958b7bafd5e8164b9c1603d49a560abd29db5b07ac916b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180409, "uuid": "af10305b-dac3-41bd-ba4f-b83fd4607c5e", "value": "T1193412766394C6B7D9776731097067AEEBFA9A0000811B1F67981BEC77B72C1971F202", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180409, "uuid": "b7edc120-4da4-49bd-9ace-746d56c55a48", "value": "ea4e67a31ace1a72683a99b80cf37830", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180409, "uuid": "6d50f140-3893-4754-85bc-5bb9c2eac85f", "value": "6144:vPX0na42XAejGxmdj+dtLIPeR+0Q3yGFjmQ8VumhVjYDf5iqJC:UnsLdCdtkG80/VVAx0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180409, "uuid": "c181cbdf-abc8-436f-9a89-0167459874af", "value": 239488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180409, "uuid": "e48459a8-b7e5-4bdc-8205-3729832097d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180409, "uuid": "3435dd08-6fca-4072-bce5-b0926ea73ad1", "value": "f386cf2609175bd8834d0b66aceedd8d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15d85d5d-2a0d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690194618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194618, "uuid": "dbf659f8-633c-4d88-a304-0536d2970e74", "comment": "Malware payload (Mirai)", "value": "93e55013fe43b9b2f50e8dcc1641fad6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194618, "uuid": "554c5aea-a36f-4d69-bef3-e453134c145d", "comment": "Malware payload (Mirai)", "value": "79db0e3cf4fc5fdbf2785a3a59db53e9be61889103ba4372f9b7eec7c54134cf", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194618, "uuid": "6dba6110-40f0-46a5-a9a6-0760a277b73e", "comment": "Malware payload (Mirai)", "value": "8e0b0e978251512844b247e49b7230227f362be3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194618, "uuid": "d0fb1f76-0ca2-46ea-b5a4-30dfc0a88b1e", "comment": "Malware payload (Mirai)", "value": "83c2fc2730e77175d7bab1cf33db88b61c87e5aaa11a737bb8c65937f669770506758e31abf8ca60f1abcbce581295d6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194618, "uuid": "9ddfc83c-308d-4b34-9d18-bb2f5295bffe", "value": "T1AEC32A05B30C0947D2633EF43B3B27D1D3EF9A8121E4F644255FAA8A92B1E325586DDE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194618, "uuid": "e185a3d7-80d9-4695-baf4-9e48f98d9ce7", "value": "3072:aUCccxH71b9LgwFbMArr6/tMhEhhhhhhl:a7ccxb1b9LgwFb5v6lMhEhhhhhhl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690194618, "uuid": "7a7753a8-5503-4aa2-8ee2-75f46f336863", "value": 121720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690194618, "uuid": "72f5c857-bc30-42bd-9a63-23eec0081421", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194618, "uuid": "c49a5050-a230-4f7c-8240-d5aac7af5cff", "value": "93e55013fe43b9b2f50e8dcc1641fad6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "940922f5-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217163, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217163, "uuid": "18822b1f-7d7f-4e6f-9e00-0f1161bf5953", "comment": "Malware payload (RedLineStealer)", "value": "118c662f820166afa9227a295d5e2cc2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217163, "uuid": "9aeb8a30-9281-4e76-a4fc-cbd4c49bbea3", "comment": "Malware payload (RedLineStealer)", "value": "7a4ee8388222f5e129b4d1d82750bea32e3956ea160d1a752dea1af994fa77ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217163, "uuid": "1bb1457d-3200-435f-a872-0ac70184041f", "comment": "Malware payload (RedLineStealer)", "value": "a2b6493129c6fa84aa662e694cdaee7685aa51b3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217163, "uuid": "e4bd8671-2e07-465a-8497-5c3fd8099f3a", "comment": "Malware payload (RedLineStealer)", "value": "1458437951e0ad7d0b50415a1da860271ac4e5a544ea04ab5227da0c01deed8f563afe81eb27938f0231f6d2f7468bc6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217163, "uuid": "dbf707ef-ce1e-496d-a1ef-0a5102f30e25", "value": "T102840123B7E8C473E47517F158F912C31A37FDA19D34839B2342A99A1DB3680A57272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217163, "uuid": "e8dd1b09-eafd-47bc-8647-1485e233757e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217163, "uuid": "5def6784-8500-4438-8b81-60badda63561", "value": "12288:HMr+y90/RJg07IvDFwhm5YY2sRO/vUCA:5y4OVvnL2sk3UCA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217163, "uuid": "27fe330f-5117-40be-a250-03ab8fda34e4", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217163, "uuid": "aff1b3e3-f47d-422e-ac71-280a7fc1c9d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217163, "uuid": "f5232811-00b2-44fe-88a8-7f8fa3af8719", "value": "118c662f820166afa9227a295d5e2cc2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04f55e4e-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CobaltStrike)", "timestamp": 1690212199, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212199, "uuid": "178fe66f-1b17-4250-9232-34a5aee2bcba", "comment": "Malware payload (CobaltStrike)", "value": "3ff73af6fea07537e7834e9b5edd156f", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212199, "uuid": "21764628-4378-4347-8175-48c53964e309", "comment": "Malware payload (CobaltStrike)", "value": "7a70c1a08b3481a185a0783ca3b27e55e0d16998b9ca4c97929b56c2cbc59a7c", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212199, "uuid": "5a4eefbb-e688-4f6b-bfb4-98e4f9404d1a", "comment": "Malware payload (CobaltStrike)", "value": "b6a402e136db60b994f010bdc383665d4f30b7c2", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212199, "uuid": "bdc42635-4ca9-4cc4-aa33-fad4176c87cd", "comment": "Malware payload (CobaltStrike)", "value": "e91175340f2ee60776aea3b0a52d3bf5016d1643fd3a37102301b649b3fc297c9916ed9a0a34d7a24a6af5de2f900c6a", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212199, "uuid": "e02d5174-6013-45dc-819c-49c0da91b411", "value": "T11EC59D477C9950B9C0AAC138CA65D252763178A8073223E73F81B6BD3FB6BD41E79358", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212199, "uuid": "0b08685b-1583-4a3c-aa6f-91439735ade6", "value": "c7269d59926fa4252270f407e4dab043", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212199, "uuid": "a8a915d0-3763-4306-98e6-fd725ce75519", "value": "49152:WHMqmKMCrb/TXvO90dL3BmAFd4A64nsfJ/cqcvHNsOyqnc2Gg+DexLb1XBE:WHiKMxeNE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212199, "uuid": "28218332-2461-4a53-8c6f-b4c227150474", "value": 2732712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212199, "uuid": "31e3b268-41bb-457d-8e1b-6c5b65ee50f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212199, "uuid": "b84e603d-5eb6-4cc4-8f74-41b193199765", "value": "3ff73af6fea07537e7834e9b5edd156f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f96d107d-2a2d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690208744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208744, "uuid": "82f77cad-1cd3-479d-8174-55718f05fe72", "comment": "Malware payload (RedLineStealer)", "value": "45e9fa4c141409fdb93acb87cb3a5607", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208744, "uuid": "09199ec9-fb06-4727-9b6c-60e171b8324c", "comment": "Malware payload (RedLineStealer)", "value": "7abcf6dd45f7dd04716c72f511eac0642bb2401da536123698f117b0896816f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208744, "uuid": "22c84c89-e03e-4606-aa0c-357a3bf2dda0", "comment": "Malware payload (RedLineStealer)", "value": "55461ab509ed513d2e6ec38a9e03eb8985523f44", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208744, "uuid": "52ce9dd7-a8b1-4f53-9eec-dd8d71f622ed", "comment": "Malware payload (RedLineStealer)", "value": "fd4d968c94dc63c9f1d42053000e77eb79a8ef0dec656a5bc6dcc9b98a3f7826a6254a6c35744be4e749a5611cdc4371", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208744, "uuid": "83e8ffb9-b47a-47e3-926d-bc655a2781a5", "value": "T12A94E7F871E1E17AC81582301D61BD7197F51CA0CE71A956EDDCF9E4DA30EF22B2224A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208744, "uuid": "c509954b-87f6-4f42-b624-7a11dee64179", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208744, "uuid": "3d9e52a6-7c72-45bb-a00d-7eb9110eed44", "value": "6144:RDKW1Lgbdl0TBBvjc/xogLEaxv7aCKVcMrGm14y6g6Ju4X/:hh1Lk70TnvjcpTEa7XKVcQn36N0k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208744, "uuid": "6408b168-0e75-4f96-abd7-504d906b1e45", "value": 421888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208744, "uuid": "08524275-cd5e-4894-9797-eac479d80229", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208744, "uuid": "692368cd-7394-48ae-9e9f-48bdb316d71c", "value": "forKARDAG.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea2e38f9-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690212584, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212584, "uuid": "e8cc206d-df34-4e27-870d-ccb712709ef8", "comment": "Malware payload (AgentTesla)", "value": "b41462c53fbe3a7f1d5eb3822c4a6fe5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212584, "uuid": "b6c937f1-34c9-4387-b1c0-e485fb3958d2", "comment": "Malware payload (AgentTesla)", "value": "7aceda8fea4cad8f6077aa809bcb427bc896e8f0639aa20fee3013eb077199be", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212584, "uuid": "fafa343d-9050-4811-aad4-e276ed1c8215", "comment": "Malware payload (AgentTesla)", "value": "b8f6a821cb4c848043a035d55f1d26628359ad64", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212584, "uuid": "8c21abcd-59a7-408c-ad74-d6b276f392a7", "comment": "Malware payload (AgentTesla)", "value": "9ef29ce02f2be5989d363dc736b49f3ad8eef3a01221b0fa010fdcd486c8f98f7aa3d3990978cb6da2d1bd7b15990a21", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212584, "uuid": "e9126bb1-31b7-40ec-b801-89a62df78854", "value": "T15FF4126437BAAF16E5BCBBF456E051240372A5A91837D30D8DF260DA0D62BC46F81BC7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212584, "uuid": "6bbb92ce-5f09-4da9-8419-07297ad511b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212584, "uuid": "194fa33b-62cd-4d5a-8f46-20651ee89f33", "value": "12288:LWvJRBusyCX3/ET5JnH1bvg4nddIe7kFrXIHdw7Q4fvUBUuMFLY:EFu+HQFY4nddI0GrYHdw84nMU7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212584, "uuid": "9cfd9135-daa8-42f8-a5e7-2ec2c245a720", "value": 757760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212584, "uuid": "83eed9bd-6c8a-42a1-ac5f-61ac5129f807", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212584, "uuid": "aff572db-4500-4f95-926a-54f5969f965a", "value": "b41462c53fbe3a7f1d5eb3822c4a6fe5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78b84357-2a2e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690208957, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208957, "uuid": "0fa32637-9335-4277-a43c-48d6d1152b35", "comment": "Malware payload (AgentTesla)", "value": "97531555c8195ce8a23db292d80ee351", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208957, "uuid": "7f1db54d-1a3f-4b17-b4e9-9c362a952576", "comment": "Malware payload (AgentTesla)", "value": "7ae867cd981bcf4ee5a98923f6ca7e415f3287b1ad04a6e31b3f905a67b2c1e5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208957, "uuid": "fbbc5e7b-a8f0-4a45-9fe6-604315cbe1df", "comment": "Malware payload (AgentTesla)", "value": "dc3ac4963afe9dd0ff68bddceab01d8cec11028b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208957, "uuid": "9afed9f6-1777-46e9-93d3-16b175e49163", "comment": "Malware payload (AgentTesla)", "value": "5148293bb589db5d514d6cfce5503f973099bdeb2010a786369cccd1288dc96a0fb04f05a37909a72b3e21871846c084", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208957, "uuid": "5ce0f605-bbc4-4569-903b-98b3805d40e2", "value": "T190F412513779AB51E2B8BBF495A066150371A4552833E38C8DF120EA1E63FD0AF92FD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208957, "uuid": "b8e9137f-be53-40c4-b6ad-078a32d993f8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208957, "uuid": "ac217911-40a6-4c3d-99cd-b45d29e17b69", "value": "12288:hKvJRBusy2Za5+vqGXQsSsxr7j9cFuPFPaLW4+w1:2FuiZg+SGg8zWWF25+y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208957, "uuid": "d1e0ddb3-b6c5-4652-994c-bc8a2af9bc89", "value": 759296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208957, "uuid": "ccba3ed3-63ba-4aaa-9aa2-fbb6012ad525", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208957, "uuid": "0caab00e-a470-46b6-8ff3-850c8a2b44da", "value": "SecuriteInfo.com.Trojan.PackedNET.2192.7126.12952", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70cea12b-2a4d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690222258, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222258, "uuid": "bdf2e510-68ec-4d29-938e-a79d9e5d2a2b", "comment": "Malware payload (Amadey)", "value": "11baa1b7efc317dced301ee22d864dc8", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222258, "uuid": "854fab0d-29d7-4cac-867b-af1fc35f64a9", "comment": "Malware payload (Amadey)", "value": "7b22e6cc31710809bbb88f27afa15ad45784dd0ccd3da27be9b6ca3b039a15ce", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222258, "uuid": "9b30a076-557e-4ed9-8568-0e83577326ab", "comment": "Malware payload (Amadey)", "value": "1e1fdb8796ff4ecf41d61973f20484ca2bdd97f2", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222258, "uuid": "353c96f8-580f-497f-9ebd-7e3df5696077", "comment": "Malware payload (Amadey)", "value": "25361c98565325d6cdbb907f1462feaf212fe21fb9f8bea1f63619d08bddfd452ee801f760d2905bc2511f534a4f34ef", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222258, "uuid": "7a462420-1601-4d8c-a341-cf7e1e6413e1", "value": "T1AF840252A7E9803AECB52BB04CF607830F36BC519E78526E2745995E1C739D0E93273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222258, "uuid": "5f0ca841-410d-4af4-99ac-ccb8380f7330", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222258, "uuid": "d47cdcfd-7c34-4830-a5c2-d2fa4dae8968", "value": "12288:KMrIy90ROSK9OUDX81nBWW3U0qgRYYGlcVg:GyCiOEs9brweg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690222258, "uuid": "cf93abd9-d5b6-4ba7-aee6-555534a18caa", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690222258, "uuid": "91d6e579-1e40-406b-ba39-f8d54bb93ee6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222258, "uuid": "7c6da03b-26e7-4a15-885c-d73234546195", "value": "7b22e6cc31710809bbb88f27afa15ad45784dd0ccd3da.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f536415-29fb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1690187118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187118, "uuid": "1d3e437c-3a44-421c-a9af-21c72eca77f5", "comment": "Malware payload (AZORult)", "value": "7703fe4d7db0a52cc417a9d36e5b9bb9", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187118, "uuid": "ab48bf5b-59f0-4e2a-9267-f5507147bc14", "comment": "Malware payload (AZORult)", "value": "7b55f6b13b655e4496970081de38254cd07c684c69119a56cfb17a41ae4e3558", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187118, "uuid": "7f526042-4ef0-43c0-a64d-97b8fe39f323", "comment": "Malware payload (AZORult)", "value": "98858961cfa20952da1193cbe6ad15f3bdeb7dbd", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187118, "uuid": "8ecd8b58-ff57-4319-b6d9-024c0d378f9e", "comment": "Malware payload (AZORult)", "value": "becf32a1a3d4c4b3ef2f8f8311c90429183210d2949e30a7f73f168ac8e8b99c8cddeb0579d403e2f3b6f16e4cb7f1b5", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187118, "uuid": "6d0dcbf6-1fb5-4f3e-9d0c-711b6291ee5d", "value": "T1BCE4026137B1AB16C1BCBBF991A0A51403B1A4556C23C39C8DF620D61E62FD0BE92FD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187118, "uuid": "5937a23c-c45c-466c-8b14-9f09f82c4c16", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187118, "uuid": "b188a697-5448-4f08-8ca4-9b258d794792", "value": "12288:7uvJRBusyGnyfiynsPpznYL94c1x/tp3tZ8qCw/iGN6Yw085J:8FuSUiO2YL1zlmqtF6Ym", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690187118, "uuid": "53349e2f-08b0-409b-908f-21b10dc4f6f7", "value": 702976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690187118, "uuid": "a8a6f254-d822-481e-aa5e-9a3361133632", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187118, "uuid": "761f00e8-e29c-4fd2-b9c0-71a2484bc103", "value": "Order Specification.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c076580-2a7a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690241470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241470, "uuid": "9692a99c-dd83-4392-8973-f34ef77c9e51", "comment": "Malware payload (Amadey)", "value": "3ce850173175eddd1da4645de1749450", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241470, "uuid": "bf748a6a-f862-4748-a40d-455d1e6e895f", "comment": "Malware payload (Amadey)", "value": "7bb4b4e59bed18df15eca7ecd0f926c219148cb1437596f29e04ede43455ad07", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241470, "uuid": "8cb8a952-9d3a-43f3-a478-34dd68941526", "comment": "Malware payload (Amadey)", "value": "349a4a95a679f0117e8bdc3acc43b54d7a91162a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241470, "uuid": "49905cb8-a283-410d-a350-e40c62f77081", "comment": "Malware payload (Amadey)", "value": "bd2b78c0bf6888074699719932fc12abf665720356c0a975d66cc63be5ce31fbe7d4849e45bd3706c153891f1fb53830", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690241470, "uuid": "64b208a7-1b0a-4092-ab7b-ac8bf0f7c994", "value": "T12FE2F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690241470, "uuid": "1bc260a1-7ace-421d-8dec-40f8e5e9ef9d", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690241470, "uuid": "09f3a153-3932-4752-8bfe-0a3a65d9ff3b", "value": 33761, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690241470, "uuid": "eecb1700-51a4-4451-8e10-6cf4dc4c8d30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690241470, "uuid": "19ecd4c2-cdfb-4c32-81f1-f3792e3205f0", "value": "3ce850173175eddd1da4645de1749450.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c71bb9a9-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1690212525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212525, "uuid": "e7b18979-17fd-4909-ad67-cbafc7883058", "comment": "Malware payload (Fabookie)", "value": "70bbc94f8814b927459c7c3767338317", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212525, "uuid": "0b0a8308-1e31-400e-80d5-75954cf5b658", "comment": "Malware payload (Fabookie)", "value": "7bf2f88fa02682b61647e1185839456c7f0bf67b9212c2cc354c27ac6469f38e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212525, "uuid": "aa546f38-17bd-4b97-a1ac-8eaad278dd7b", "comment": "Malware payload (Fabookie)", "value": "69713b84e4f7ae72321f2b2778c7e82654b4b0ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212525, "uuid": "1edd55ac-b4ce-4f20-b5c0-700b93d6fcac", "comment": "Malware payload (Fabookie)", "value": "f9f23a0612b29036a5b943e5bb822cc7df51ce8c67c7e40f6250f16d97dbdfe0f7b00783905d4b35e40469b588765538", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212525, "uuid": "af201552-805c-4297-a4b8-cfac24d6148f", "value": "T16224AE80F391E195D64D81B5C927CAB85266BC1C9A341BBBF294BB5F2E313C74036E27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212525, "uuid": "ff0a378e-4357-46f2-8355-715676a88666", "value": "4fd11f5c9a089e7b45c77cd8b5fde1cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212525, "uuid": "9d6391ba-b2db-47c4-b721-1a8aa96d2201", "value": "3072:iPBCEkvkKqUa9antF5hvvJkeXp2QhHkKqUa9antF5hvvJkeXp:VcKq99UF5hvvfjhEKq99UF5hvvf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212525, "uuid": "40ecd55f-88b6-4209-904f-c0199a299998", "value": 215040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212525, "uuid": "3c84e466-307a-4858-9f60-2e1fc7f99e22", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212525, "uuid": "aa8779af-2bc0-402a-b117-17fe2335d277", "value": "70bbc94f8814b927459c7c3767338317.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a43b3a04-29c4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690163504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690163504, "uuid": "ce947c85-b0ae-4c0b-baae-882993c89b60", "comment": "Malware payload", "value": "043227f5fa0d9ce3c189e1c8b7209390", "object_relation": "md5", "Tag": [ { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690163504, "uuid": "92d0bfcf-96c1-4f05-859e-d2ced77b4889", "comment": "Malware payload", "value": "7ccad2ff7c63b35b722a7cb64aaed405e819f04ee0f422b8121644772fe345b7", "object_relation": "sha256", "Tag": [ { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690163504, "uuid": "009c6d6b-c3e2-4220-8e23-c30687d4e2d9", "comment": "Malware payload", "value": "9f56105da2632965861aa983597b47d90f4b6537", "object_relation": "sha1", "Tag": [ { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690163504, "uuid": "5fb2d394-94a3-48e4-bbf2-00558ffea3b7", "comment": "Malware payload", "value": "1395ffc61468a00b2953daf5d4b69c6f608887e2c297b7df78a523af81649db0d9a166a512e27116972784c7c5dc374a", "object_relation": "sha3-384", "Tag": [ { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690163504, "uuid": "236605c9-5edd-4505-9d4e-6491059cee1d", "value": "T1D24633E8E80042E79E77516342513772E8A4DC989713BD7383459B63B24DD8F7AB33A8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690163504, "uuid": "9833e43b-248f-4efe-be5e-c3ea9f8ebc2d", "value": "98304:tK0AuZt23g5Eh82JrV312ory3QJuhGBpWAaXDKNBSPx22kihZ+rG9d/uK6IyPwx3:tTRZNbwxHYMuATWtu85kiirGX96Iy45", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690163504, "uuid": "99c5ddc7-e4f2-4fbe-9a70-c25678d3321d", "value": 5687658, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690163504, "uuid": "ad9bdf70-ddd7-48e5-8218-030e7eb17f8c", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690163504, "uuid": "d608d8c6-aaea-453e-8aa6-224ec2f3b389", "value": "Aigoogle_(1).rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fd83da1-2a3e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690215868, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215868, "uuid": "8e95735c-5556-4269-a6d8-5e8fe58a7e28", "comment": "Malware payload (AgentTesla)", "value": "b0dd5dcf3609bb538d7c61d5f67b643d", "object_relation": "md5", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215868, "uuid": "b99ded57-51cf-4daf-abe5-db5a01253c81", "comment": "Malware payload (AgentTesla)", "value": "7e184afe23568f63aa598ba39f43f5df49792ed6e899643f9c5373b5b149801d", "object_relation": "sha256", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215868, "uuid": "1480509c-dc74-4f4c-91bc-1028d3931460", "comment": "Malware payload (AgentTesla)", "value": "4a2060886c9dfbd0ad46f4ca3420eb006555d090", "object_relation": "sha1", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215868, "uuid": "085957c6-a82e-4afa-ad0f-b794e4cc2bbc", "comment": "Malware payload (AgentTesla)", "value": "634e50819bca7b8a2db69ae339038badd3f91e823faaca2306eba88f80f969368419dfa19695d629f7776315d0a5b7d9", "object_relation": "sha3-384", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215868, "uuid": "bcd04379-dec5-42f1-8b2d-7fe7ad0e9c58", "value": "T1044423D702078712362F32E1AD56544083AE38523E0957BE9AE14BBAD68F1C7EC97C7D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215868, "uuid": "8987489e-2120-49c1-b465-c1d0ad217184", "value": "6144:L5nZiGIDFjmnLa0QVhfU66LOm0s7o+t+YyZp3AKnntBrQRw:tntwqLaDEOm1ovrZntZQRw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690215868, "uuid": "dcb4434e-e44d-4892-8b92-d2c5612e49a6", "value": 275529, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690215868, "uuid": "f436a81d-7fa5-4da6-a921-21a7ec2a43b9", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215868, "uuid": "ed531183-28db-4566-a487-1192a3f985bb", "value": "Quotation.ace", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b539ca6-2a01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690189607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189607, "uuid": "24f5973f-c4b9-4433-845f-e3729a7bde59", "comment": "Malware payload (Formbook)", "value": "fa6624acbe289a7dfd7f81413150952d", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189607, "uuid": "e3c4cac9-62b2-4d8c-9cc0-8e324faf12b0", "comment": "Malware payload (Formbook)", "value": "7ea05ed78c1582e0e4aab0ad19acd910c962b7d2863573150fd9f99992e3c50d", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189607, "uuid": "44359adb-8317-4b05-8971-5f659e92bd0f", "comment": "Malware payload (Formbook)", "value": "5ac2f7ea9020d2e64107b69d5e5827dfe3da4595", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189607, "uuid": "eed61014-838f-4216-bba7-9df57b37eb53", "comment": "Malware payload (Formbook)", "value": "2d5cc0b5c941fbec5999ac572edc2a10353aba0b244aeb4192cceeb68a291f246e0286cfda7ecea4445bf73a74f8c476", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189607, "uuid": "b2e05c0d-3abb-4a02-aa1d-8941de372c2a", "value": "T1D5337B5AD78F02A4CF511377571B0A899ABDB23EB35444B274AC837033EDC2D4666ABC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189607, "uuid": "fd5c506a-860b-41ed-a6c7-b11331e9ff90", "value": "1536:4Xf0Xvx3EMez+Zi9bI0hZBsl32sJNVNcrt6fP9G4B:0sXvKMI+Zi9k0hZBst2sJNrQtUP9hB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690189607, "uuid": "d757eca3-2ee3-4302-9cc3-cc159fd7c723", "value": 52439, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690189607, "uuid": "06f9cb59-976c-4ef7-a79e-1b722c03f1b6", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189607, "uuid": "f0b9d5bd-21bb-4b12-8da1-357d340773f5", "value": "New order_24-07-23.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c00da9f-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217177, "uuid": "567c2738-365a-463a-a396-7fe246fb6e48", "comment": "Malware payload (RedLineStealer)", "value": "12a7a4d0225306c91585158c70208c77", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217177, "uuid": "b021c3f0-6106-42e1-a2f2-141be4778df5", "comment": "Malware payload (RedLineStealer)", "value": "7ee737ff5196a9f2ea7af4dcddd2a5644b3d727f96f33b20281562f57677ab7b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217177, "uuid": "18c19555-0038-4408-9ea0-fc056cb60f69", "comment": "Malware payload (RedLineStealer)", "value": "603c389084adc7037cecb603b49b21f614624030", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217177, "uuid": "bf85c884-23bc-496c-bb30-5a1d8faff1b5", "comment": "Malware payload (RedLineStealer)", "value": "aae3b24932b00770223a523b20d87e345ad591da7ffac78f900f709e09a426acdd21db33ada18d32d2a7a51e93f53129", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217177, "uuid": "2baff942-64a9-43bb-8b66-f5770c324d04", "value": "T175A46D0392B17C55E917DB729E9FC3E8761EF2508F897B6A32199E2B04B11B2C17B710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217177, "uuid": "bbdd371d-9f9a-44ff-9c40-f060a0f31c25", "value": "288497572d529233d7fe65807fe0c26b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217177, "uuid": "3f86c49f-aae1-49dd-96a0-f126887dfeee", "value": "6144:jPkXLAir+T5i47BrOTyHGftyQwgVLNk/pTxmyHMDnKBMzFvLCn1ETj:rkX8iqFBrKuGfYQwgY9pMDnKBMFSO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217177, "uuid": "c25e722a-0e85-433a-b63e-48892f807fb7", "value": 471552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217177, "uuid": "20775551-fbcc-49ee-a6fc-35f7ed28f487", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217177, "uuid": "fd7919a8-66b9-41fe-b08d-0b59e87fcb49", "value": "12a7a4d0225306c91585158c70208c77.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c44aba3e-2a4f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IcedID)", "timestamp": 1690223257, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223257, "uuid": "59039444-fa12-4e45-90b8-d0503f0b680d", "comment": "Malware payload (IcedID)", "value": "35052b9c0fb96e53beb69757873b5bad", "object_relation": "md5", "Tag": [ { "name": "1561373935", "colour": "#77FCC8", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223257, "uuid": "de0491db-4922-4456-954e-d40afa746dc1", "comment": "Malware payload (IcedID)", "value": "7f28c4bd1ac88ff3475365e3c77974fb99adc3a4ec9597e7bfeba6f1da51c24a", "object_relation": "sha256", "Tag": [ { "name": "1561373935", "colour": "#77FCC8", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223257, "uuid": "5b005e27-c5a9-49c5-ae52-3b881c604b8d", "comment": "Malware payload (IcedID)", "value": "d7952ca47683759e57ac86e92a71849da647adde", "object_relation": "sha1", "Tag": [ { "name": "1561373935", "colour": "#77FCC8", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223257, "uuid": "1ab4e874-e934-42b8-b1ac-c8ce104da8f2", "comment": "Malware payload (IcedID)", "value": "84bd63163ba0b5a526fafac2c66e48dcb8a8d51355b3b26a2f1fded89064783582f389c172a3df6a6982a31646ce4e11", "object_relation": "sha3-384", "Tag": [ { "name": "1561373935", "colour": "#77FCC8", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223257, "uuid": "a212128d-c752-4f92-9250-bb2f7cd0671f", "value": "T156F2F16096170846DB970534D44B211105BFB00D8FDEFF2284998FE1BCF69A6BD663E3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223257, "uuid": "fd1cd816-cc1f-4e86-bf9d-986f3856c18d", "value": "768:f7dFwNy5W+7b/01vCx+bSd249OxHILfgyeLkVNL0VKsWfNW5mvdw1R8A1:eyzbPxOn496Hc/KyIVvWNEf1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690223257, "uuid": "c5c31904-f483-4fdd-8866-281920ecd8a8", "value": 36911, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690223257, "uuid": "5f16a2ea-35dc-4591-8978-0fd755941184", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223257, "uuid": "8d7b7a2f-58ee-4975-8a7c-0f92c17f25bf", "value": "inv-details-jul23.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e0050c9-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690178391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178391, "uuid": "90dec5ab-b335-4dfa-a8cb-8dfe66541417", "comment": "Malware payload", "value": "a287b8c08c07cd9eed58a36d4046f164", "object_relation": "md5", "Tag": [ { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178391, "uuid": "e5f2c795-1db8-4da1-83a1-b7c9e94fda0c", "comment": "Malware payload", "value": "8016151f93da037f8ba2ff2f91a5d677f9e8b804f89a3e1615eebcf4084c8256", "object_relation": "sha256", "Tag": [ { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178391, "uuid": "c04ba77d-654b-412c-9bf7-704699d45449", "comment": "Malware payload", "value": "8d7d460a22e262c8e0f7d50f93ab6aca322fd8a1", "object_relation": "sha1", "Tag": [ { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178391, "uuid": "e8f7651e-57e1-4592-9467-1f2bac6b8f9d", "comment": "Malware payload", "value": "47cd9939b041623ecdd8b005186e6f7ed1978142147fc804c0a0c05cb0e717c0e9d6c3f8ff7240ed0e0794fa696c1180", "object_relation": "sha3-384", "Tag": [ { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178391, "uuid": "939ace6a-35e0-47f1-9ce4-a094b96c696f", "value": "T1C1B4120534D48E5BC84282746EF7758F09AAFC22DFC5F2031975FBAE1839664A4627CE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178391, "uuid": "0e76da6c-0545-4f5c-b8a1-883aaf11c7b8", "value": "12288:L7ZnBC6uEkqqC3BC6uEk7UqLTduUYteiKiaCut:pw6s8w6sJgxep", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178391, "uuid": "77cd84ec-6ef6-44c2-8cf1-3f9b239fa40f", "value": 524800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178391, "uuid": "c97c3167-e4d8-4f61-bf61-7aeb111ff4dc", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178391, "uuid": "d10002c1-bfd5-498a-b0a9-844ea2a537df", "value": "ORDER ENQUIRY.xla", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0c19deb-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690210850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210850, "uuid": "8a31ff0d-3129-4621-b11f-201e092607e2", "comment": "Malware payload (Amadey)", "value": "299378977c651b5a1f1729a30e2be90d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210850, "uuid": "d27082e3-8af5-4501-94f8-fd30cba01ce5", "comment": "Malware payload (Amadey)", "value": "804b91577e6c2badbbe6ca498d0ebea933ed75d7896a9edd48bd1b5dbdf54162", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210850, "uuid": "78b0c5bc-b565-426a-8927-17b89b894b5f", "comment": "Malware payload (Amadey)", "value": "ade319b48192d97658680c285eab174dbd95a42f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210850, "uuid": "18966e6e-1609-470a-a63a-a4b3190db1bc", "comment": "Malware payload (Amadey)", "value": "45e6440e65419235af1a9adb7f5ed1ad562e109606f402697a2ab214f7c42af394157385eb41c072791999f4b1634792", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210850, "uuid": "15f30639-c542-43fa-bb9a-60b383804b4f", "value": "T13DB40252FBC84473D8F11BB09CF517831A31BD62CC78875A264A999B19B2BD0BD3132B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210850, "uuid": "7ac6dfb3-1b74-42d6-a106-440a4cd9224a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210850, "uuid": "f2e7f483-19c7-4aa1-b489-eee54043a1e2", "value": "12288:jMrUy90UbtIquZLNOsDa+IB64f02dHKggbFknzVyOZf/:/yDberOSI7funCsON/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210850, "uuid": "820f37c4-6007-4189-8acb-bed4eaf35ea8", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210850, "uuid": "6e8aca4a-1dec-46bf-a73c-f896f33e2d46", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210850, "uuid": "802d45ef-1b7f-4289-b78c-0a44a47dc28b", "value": "299378977c651b5a1f1729a30e2be90d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cff44a80-2a37-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Metasploit)", "timestamp": 1690212969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212969, "uuid": "a0d59cea-5f8e-4662-a748-c4e206758a0c", "comment": "Malware payload (Metasploit)", "value": "c937ef041b9f50460fb48a3e7632b271", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212969, "uuid": "79cbccee-55af-4068-991b-920dabce7401", "comment": "Malware payload (Metasploit)", "value": "809e1a5f0eb7f6312c5187f418bc19c45a1cf3e017691f9726def350af9246d2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212969, "uuid": "be86764c-c2fb-4c04-9afe-b91f40b848be", "comment": "Malware payload (Metasploit)", "value": "ef28ba3e04927ac18ba20685c28ac0b8ebb6241d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212969, "uuid": "cec85556-cbfd-47fb-8ac5-e814dc582850", "comment": "Malware payload (Metasploit)", "value": "e794bd45d706cec9dfaa1d408405505f3a7f76864e5d7b6b7e412288f7b22616ebbfa5a01c5597c0b50b6d8e9673b807", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212969, "uuid": "cad37bba-1ec9-46be-9b92-0be7b870ad5d", "value": "T1FE1633506BF882E1D1371AB4AE5FE3143F598CFE15F60269982BA554CDF7C106CC3AA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212969, "uuid": "78fdb620-1982-4cae-a4f9-8cc91bb04667", "value": "98304:gOmZb0bHkeaRs4WpcF8uztWOiiROB4/Oo1sRF:DmZb0bEds4XFR0OiC/GT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212969, "uuid": "91026010-fccd-4369-a693-f767f1f1a0e6", "value": 4040776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212969, "uuid": "51ff44e6-b64d-4341-b701-37d98af440f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212969, "uuid": "48178f8f-d9d6-459a-a71e-3cec700cd3f3", "value": "c937ef041b9f50460fb48a3e7632b271.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e7c510a-2a2d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690208591, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208591, "uuid": "421ad5d9-4fd9-46e7-9d81-059deb841c83", "comment": "Malware payload (AgentTesla)", "value": "b56bbaa88d90472fb3f46503f67f3658", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208591, "uuid": "ca988108-13d0-4722-b501-e5fcfc62f1aa", "comment": "Malware payload (AgentTesla)", "value": "812b79890b4f2f12bbf6feda239d5daa55bb4870aef44cc01621a02f1fad4814", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208591, "uuid": "06c93d25-c951-46b8-bd74-0c1555061d4a", "comment": "Malware payload (AgentTesla)", "value": "4e35bb48384287eb100d1bff56d17ce69efb9d95", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208591, "uuid": "1896b79c-06d9-42c2-b47d-48835d77b613", "comment": "Malware payload (AgentTesla)", "value": "fa9595345951c741bcdccb942e6c86aed1932b2ceeb535e24a932845b6ba6d8d20a97eaa1304caab814c68a517a18cc2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208591, "uuid": "225f8bf8-6bbd-4114-865d-426f5efb2474", "value": "T151F412A537AD1E03E2A97DF94AA0A0210377B1C56537C3D9DCB520885EA1751FF20AEB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208591, "uuid": "f926293a-8338-4767-b395-aa8468483c1b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208591, "uuid": "1d214927-a246-46f3-9be0-ec6e9cba15e7", "value": "12288:egvJRBusy8xJPeoKiAlecx3PlTnF0vpcvb4um5TCDENqM:DFugxJ2oNAB0vpcv0uACD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208591, "uuid": "b54c9347-9899-4a8a-a001-1efdbaf86263", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208591, "uuid": "a65f94e7-b74a-40c3-8f36-cc02666ebbc4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208591, "uuid": "6cc63492-c683-46f3-b0a7-ac5188341aeb", "value": "EDC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0d248d4-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690178638, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178638, "uuid": "9440837a-a0df-4e9c-92d0-62813bd1a442", "comment": "Malware payload", "value": "9734c05d176689c6820215b5beb824c4", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178638, "uuid": "de3a2da2-7b9e-4084-b0e7-f3a4b58415bb", "comment": "Malware payload", "value": "819a172b47523605f4b864c5167a22e7c87ab4c6c157cb31fa65b0a8a96d8dd5", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178638, "uuid": "e8ed675d-6a53-408a-9f68-4e82ef7a93f0", "comment": "Malware payload", "value": "8b595b961211e822f40ffe3e7859e59f7ac9ea3d", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178638, "uuid": "69694387-2550-417e-828f-49e68491222f", "comment": "Malware payload", "value": "0dbbfd70ddd84ab4172b634880b36a497b2d86b7db4984717fed9838eda42f5d087b83ce2274b2a96283fed28fdbeddd", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178638, "uuid": "06ec3d92-7a07-407a-9b33-ec173ad7a9f4", "value": "T10DC2746C9DF761A89923723F836FA40860E45583080DEE057C6DF2406FD993957BEAF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178638, "uuid": "e1cb7555-59e9-41e9-a994-61383fcd4e55", "value": "384:JIScef24oAHP0UQWZyLP2h5Dh1SMhQ00ImcZIvE1O3DAaG6oMT:xceToCvjXOImcZIvHcaGM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178638, "uuid": "343342aa-0697-4353-8f67-7ea21cd63aad", "value": 26187, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178638, "uuid": "30f687e4-de39-4497-b10c-8bed0f929ce2", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178638, "uuid": "69165200-c0f6-4960-a573-5a4dd34010cf", "value": "56575657.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6857e35-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178674, "uuid": "64ea8f48-3c1e-4de8-a87f-3d634ce66a23", "comment": "Malware payload (AgentTesla)", "value": "cfa11d0ca5431483e455233e003a3609", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178674, "uuid": "30ead61d-f92c-4a5e-80b6-98f4a9965188", "comment": "Malware payload (AgentTesla)", "value": "81a48f67c7805ecf8ee47f17999208a9a116fca844d8dff8dbf12f66f4c91445", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178674, "uuid": "a90ef9d4-0946-4f80-a07a-03026d03f673", "comment": "Malware payload (AgentTesla)", "value": "06e622d802ef9dfe6582cb75e4076d5749d50b65", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178674, "uuid": "c740f093-30e8-41ec-8bab-0696a78ba5a9", "comment": "Malware payload (AgentTesla)", "value": "39bbe8dbb3f41854e79a1e4d453a6c364238f914f930277fcff1a696e8a5b96b706f672b371c4a6a4747ca50bf8f493c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178674, "uuid": "d3b618bc-8eb5-442e-847e-b06ff3f7af9a", "value": "T1D00522A5334E2E23D2A5FCBC4764A450137122A5213FD2CCCD72609DAEA2F917F626D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178674, "uuid": "27837be5-0f52-4b5c-b208-1c25cc85bcc3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178674, "uuid": "2d872a42-fbda-40db-9619-47eac4f976e5", "value": "12288:jevJRBusyO3oXl4UVSZiIC38gOBJcqVuHppBJLZEZjtjq0y+Oq:UFuHl4UVS7G8gUcqyWjtumOq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178674, "uuid": "c569eab7-7649-4768-8543-dedcc142a4c8", "value": 835584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178674, "uuid": "a053954d-a226-445d-a258-74718fe109d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178674, "uuid": "5e6fad92-45cf-4b53-999a-8c94ea72f700", "value": "DHL Invoice_UTJU1GTKE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2489d51-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203095, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203095, "uuid": "27c4081b-6e3a-4faa-9875-a055daae1a78", "comment": "Malware payload (Mirai)", "value": "294aac9676a0196fdb8ef49fce975c3f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203095, "uuid": "1d4b98eb-d78a-4b4f-ba44-857405361067", "comment": "Malware payload (Mirai)", "value": "83e7c5383d23e1dd152e1754485bbbf57d4c7f2863a014ec9700204a8b55b620", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203095, "uuid": "95065e1d-c6fb-496e-8147-ba1c4d616175", "comment": "Malware payload (Mirai)", "value": "2d17d9bea87af8db8f48cdb86e3c9c9a9062e0b9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203095, "uuid": "7af854d8-b77a-4761-8ad5-2354ceeec98e", "comment": "Malware payload (Mirai)", "value": "bf6887da58d705b4480c0b5da899a7782cc31c037283236bae4ba171595706b4f350dbc5c753f66e18e0d72369e55bc3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203095, "uuid": "292b1a8e-a4a5-4b2a-952b-ee1713ebe2d6", "value": "T18DA2D11166A32D65F3EC1C3DC96A8357B9A61BFC80F6327669401620C94D24B3F38A4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203095, "uuid": "9639b15f-d423-430f-b328-2957ed5be376", "value": "384:vvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjYq4hymdGUop5hJ:vvQn4j+ZO5fKAlxUq4s3Uoz7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203095, "uuid": "97c8f1f1-7825-4e49-b99e-7db5944ddb70", "value": 22160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203095, "uuid": "05c58d55-e0d0-4447-8bcb-410d8421bf62", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203095, "uuid": "7e60da2d-96f7-4681-818e-c13fba67f4ed", "value": "294aac9676a0196fdb8ef49fce975c3f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d7fa140-2a48-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1690219971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219971, "uuid": "3ce1eaa2-0caf-4835-a96c-2782b72669ba", "comment": "Malware payload (NetSupport)", "value": "fcfd7e25e415f1d9ee598ab41ca31840", "object_relation": "md5", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219971, "uuid": "5aa7d3c6-bb8d-4943-bb3c-636ec0626b49", "comment": "Malware payload (NetSupport)", "value": "84172e09798be8252fb18887e9cd29e47279df9641ab50185a6eea50f4c02fef", "object_relation": "sha256", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219971, "uuid": "7533e2d6-d624-4c94-b531-94ace0f27e2c", "comment": "Malware payload (NetSupport)", "value": "d9ccf012e7d06de46415f4d6152451842c1bdd9f", "object_relation": "sha1", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219971, "uuid": "b951afef-f26c-4ad7-820c-1649ac515829", "comment": "Malware payload (NetSupport)", "value": "7ff14e9b6f821a359426327cee45cd52642dbba4716b8680ab05ca33feeeec8d4fcc918a394089ecfbd6311fa5487582", "object_relation": "sha3-384", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219971, "uuid": "80c754e8-09d1-4e25-aadc-3edfbe14d621", "value": "T13B219A141BF60706C6B68B3ABCE6B366D977BC09EA459B9E1690C3880815610F815F2F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219971, "uuid": "7e0e3d25-0934-4965-8e39-b3319a6fe4d4", "value": "24:8mN4OglPNTJjaMcK9rhW8pThAcWQCa+/CWzyKMgDB3Y7l7aWyImdab/2XT:8mNXglLofYCuKMgDB387aIuab2j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690219971, "uuid": "db0629f8-47f6-4e17-80f1-aa36e5157a53", "value": 1394, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690219971, "uuid": "ed2d7373-dd15-4982-a568-3396f4e8c371", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219971, "uuid": "dd1b3813-9ab7-47d4-874c-f24617f0d5ee", "value": "shdeulerinstall.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa0cabf1-2a49-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690220771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220771, "uuid": "c2988192-c19e-4fb1-9428-e86c7eea631f", "comment": "Malware payload (RedLineStealer)", "value": "ac4375ac45780e4949849d1ca7ab85be", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220771, "uuid": "fed63fe7-b103-430f-82e9-9d21286dee9f", "comment": "Malware payload (RedLineStealer)", "value": "845321e0072b6a37c502b6f5992d8e750ac254c3b09c9e55874722fae5ba87d4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220771, "uuid": "da6ee40c-1b39-4445-9e27-28f0af9ef0f5", "comment": "Malware payload (RedLineStealer)", "value": "36b132f27eea8191792b6014ac870a242e347bc3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220771, "uuid": "22a00727-3eeb-4267-899a-7609e4a9ffe6", "comment": "Malware payload (RedLineStealer)", "value": "5b8d522aacc49c1d6e6950239259d246f94a40e38b4205dd375b3528cd11422e3a258188f8e94fcd3b50ea4194314333", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220771, "uuid": "f151a07d-de57-47ba-9b0c-5e195b33e928", "value": "T158B41252EBD85063D5BA1BB01AFB03930A39BD275E79C3872385690E1C736E4A971337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220771, "uuid": "49e2e7ee-425f-4459-955c-51018cdbe606", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220771, "uuid": "5abd9a00-5f40-4e23-946b-1890302cfc66", "value": "12288:JMrly903z5zsi/B44Q3WrgsSqucBR/KJUFE2:Uye+7cTqU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690220771, "uuid": "ae9274a5-985b-44b7-9177-f49a0d114b8e", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690220771, "uuid": "90ca6539-3d61-4a11-8065-47ba055add1d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220771, "uuid": "e88b8ed3-ca4b-4594-83c9-6388597bb276", "value": "ac4375ac45780e4949849d1ca7ab85be.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96239bd4-2a78-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690240789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240789, "uuid": "4f0adc47-971b-4f0d-8a71-38acc7030341", "comment": "Malware payload", "value": "4ba14f75d1d0d0fc213578292dae1297", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240789, "uuid": "cbdd7629-5ffd-418f-ace1-04d2e79301a1", "comment": "Malware payload", "value": "848a195f9b12f826cabfffb9a8024de3488e6c0ef570914cd2aca77c5807adf3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240789, "uuid": "15e20feb-270c-426d-906f-816e0b88b2db", "comment": "Malware payload", "value": "64b8b493bf15307691e4731617b18d577d60a279", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240789, "uuid": "7d325731-8d24-495d-b95c-0f1d9b093e1c", "comment": "Malware payload", "value": "e262332b052f510dd34d341e79b388fed902b46f7635a001cb3796a9c601184fea70f0217a461f10367f88603e9995d6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240789, "uuid": "2e723c88-364c-44d1-9088-2e5e9c957410", "value": "T171645A15BA561879D16BC07882534A62BBB67CC10731EEFF12D4613A3F3ABE06A3C754", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240789, "uuid": "f6938c7f-3790-4368-9bf1-cf26505935a3", "value": "230c2064c7853810ac54060ba958b0e7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240789, "uuid": "435c3116-1122-44c6-80db-80949e80c71c", "value": "3072:xEnt7inD2DCYDci2zhT/f5DJWDTeEQjrgBzhIZdeCv/Pt74fIL6J3hxZJc1r1Jxl:mtOjYDfyhlyYfgIZZv3t7p6J32xU2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690240789, "uuid": "39c819a6-c813-4e40-acc6-65b7d2f12c9b", "value": 315904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690240789, "uuid": "09d7d736-0a6b-4fd8-a00c-6552ab25ae41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240789, "uuid": "db15dbb4-cd62-481a-95bc-377249051001", "value": "dxva2.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "76d2652d-2a2e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690208954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208954, "uuid": "fba94a56-adeb-4572-b382-c23feb5b8f69", "comment": "Malware payload (AgentTesla)", "value": "36afc6ff15afc58ff708d529475594f5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208954, "uuid": "848693ef-2b42-4510-acff-99f1905793fd", "comment": "Malware payload (AgentTesla)", "value": "8573f0b0ca38799192fa3c6d6bfc928a2f1383f529e65c43f8c324b825735bd5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208954, "uuid": "437dbc87-bb13-4c10-8e92-1df4f27208ec", "comment": "Malware payload (AgentTesla)", "value": "d40983ac826c440521f4ccb1031d8433467d3ed8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208954, "uuid": "9a4bed35-19ea-481c-b36c-59db934d22af", "comment": "Malware payload (AgentTesla)", "value": "1232c2468c0ba4af8eebaa4aa0e31a75d86ecc68c926538e4fe8b7d1132e72bd3fafef42be21c76e620a41a3736298a3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208954, "uuid": "4ae8a58a-cc4d-46ca-961f-45991a54829c", "value": "T1C2F4226533A9AE13D19CBDB84FA4A461037262606433D3CDDDBB20895ED17C0BF926DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208954, "uuid": "6ce1c69d-6fd1-4374-98b0-d9627092214a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208954, "uuid": "12492291-4ea4-4f25-a9be-cc9ed17c36fb", "value": "12288:wovJRBusyi0/3AS5Xf8FnDeqiIf1E0ch/88ao:xFuJ/35Xf8tDniIf1da", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208954, "uuid": "54a7e788-20c8-4755-93fe-2b32c4b102ff", "value": 742912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208954, "uuid": "caa2720e-f244-4be4-941c-86643242e871", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208954, "uuid": "f201b73e-da95-43f3-8808-e620023e339c", "value": "SecuriteInfo.com.Trojan.PWS.Stealer.37323.16857.26464", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58f98b92-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178839, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178839, "uuid": "550cf4e3-95f1-4165-864b-66a0e6d5635d", "comment": "Malware payload (AgentTesla)", "value": "d81a7d8a5e629ecedb1d7f0cc7bd1209", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178839, "uuid": "1798ef53-ae57-4f36-97ba-d22e5f990023", "comment": "Malware payload (AgentTesla)", "value": "85b2f0ceaf3d56c60c74f4f787874575d5518dd4b1a12c98ae6e7f8f3b42949f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178839, "uuid": "8a59a1ee-feb1-459e-920f-6b0848115b5c", "comment": "Malware payload (AgentTesla)", "value": "dc642e09110d5d5aaee111b4e2a2656c735f77fc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178839, "uuid": "0fc31455-d04b-45dd-85ae-9d416a16237c", "comment": "Malware payload (AgentTesla)", "value": "8c2b86eb6dccc8ca27422bc6a068992a5c3328e68805d9f2f7efe3988b0f19d95f98ff8837e16310039a8fac78b868ff", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178839, "uuid": "53869088-39e6-4618-88ac-62e98116af59", "value": "T1D0052261376A5D13E55EBDF546B0A884137236242827C3DEECB721891DE2BC0BF116E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178839, "uuid": "1ea27e1c-3c6e-4e97-9cfd-64671d905370", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178839, "uuid": "baf58804-13e1-44b8-9891-2fd7af17fd9e", "value": "12288:IPvJRBusyMfRVzPsxV/wLsjZfKgo/U9LCOqh1OH9hH6/PRDM6nl:kFuQfR5P2dwojZEs9y1OHPGptl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178839, "uuid": "c6915728-bb18-46cb-911d-c7080fafdda9", "value": 827392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178839, "uuid": "1b4b3d46-78a8-45c9-befa-bf6c59feb818", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178839, "uuid": "098aea1d-a26a-44a6-b74f-c3372345b59b", "value": "Order 800210 - BA1252016FR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2ec2d13-2a2e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690209028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209028, "uuid": "5a08819f-7ab4-435c-b26c-534192d6d1d8", "comment": "Malware payload (Amadey)", "value": "25037fa953c2cfbdb1a9ffacfdb6f906", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209028, "uuid": "2d61356b-63b5-4e7d-854b-1cd77561fb0f", "comment": "Malware payload (Amadey)", "value": "86a4144d0441512db0de5743c8af5c8ea2c4f2d1f417caaf11a59f09fceed583", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209028, "uuid": "db4f808f-07ac-4174-9479-31c8e27173cd", "comment": "Malware payload (Amadey)", "value": "c056954af24dc7105842a9a13bcceedc545a098b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209028, "uuid": "ee0727a3-e3d7-4dd6-9097-0cb85b70ed24", "comment": "Malware payload (Amadey)", "value": "553cfe434000e267d5762bb694689f380894005eba0ed02ac2bf2950d50bb4631dbb330b366369012cf91e48edad862f", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209028, "uuid": "ab2c0938-6f66-4686-bc8a-79094e253f33", "value": "T19CE2F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209028, "uuid": "fc62c185-e366-493c-8111-313b7a781a6b", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690209028, "uuid": "30b73a08-9667-49db-a5d4-4512e1eba8a4", "value": 33680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690209028, "uuid": "c3224223-2b38-4ddd-b384-eb577484a6b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209028, "uuid": "9e58fe18-61f4-4236-9597-d1e2fbcbb7ba", "value": "25037fa953c2cfbdb1a9ffacfdb6f906.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69c56be9-2a01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690189605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189605, "uuid": "7ac41094-133d-4b45-aa90-00b78b5b5020", "comment": "Malware payload (RemcosRAT)", "value": "3358e5212bf4e83302f9b7a398cf71a2", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189605, "uuid": "e74b2870-170a-4f2b-aca3-bb5fed2a479f", "comment": "Malware payload (RemcosRAT)", "value": "87347040649e03aaafad47aaf8d43843e2956662c7c3040e759bffef76d6539b", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189605, "uuid": "1753aa24-cbb5-46f4-9385-33b97f12f2c1", "comment": "Malware payload (RemcosRAT)", "value": "5aacb9e2e94756aa22120615795db8b073d4e2ce", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189605, "uuid": "03ae4d72-1d8b-4cca-8083-8f3dc8a20b2b", "comment": "Malware payload (RemcosRAT)", "value": "293c73265ac60cc226e40e9d1b8724db011115f4bfc1467709d66d9b682240b9105b8359211f424f73fad8cb3ed229e6", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189605, "uuid": "f890475c-981e-42de-af73-7d2da4f7856d", "value": "T108E4122577C8CE0ADC4288715DEA7A9F464FBD006EB4F40734527B2F1A72666F5623E0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189605, "uuid": "76f200d6-9fba-4a54-9d03-77e4919b5a8b", "value": "12288:C7o87q6o9qUu9VneEqpqUu9VneRLqm5ZN0MF2c/0px0byA2MFmLqAg6X/:fu9VEu9Vy5UMFj/0p57MFm2ANX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690189605, "uuid": "21c6ffa4-6797-41da-894f-a99b2d712299", "value": 717312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690189605, "uuid": "d1d9ffce-a5cb-46ed-977e-234de2ec02d0", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189605, "uuid": "abcdd8d6-73ff-4855-94ba-6f8cc5856b0e", "value": "00499393.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f9fc4ab-29eb-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690180005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180005, "uuid": "b92ececb-46ac-4a54-8d74-087216622bfe", "comment": "Malware payload", "value": "439971b450986a9876062acab6141d0f", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180005, "uuid": "1faf76bd-c68e-423f-8068-58b5472ca47f", "comment": "Malware payload", "value": "877c6ad6e27f1a5c82a43eab41ce51a9730889a9cba6fc1464ceaf0fe32e2d4d", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180005, "uuid": "f6880984-41dc-484f-9416-e7b7b3d24ba2", "comment": "Malware payload", "value": "15b9f106aa550205a583dedd4bad18e7c36fb589", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180005, "uuid": "3bbc2aae-fe59-4199-a687-c6da1c82f7c9", "comment": "Malware payload", "value": "1c75d9d4dcdcea4896fb081c1b9c024713bd78a08f6324028f19f9a5b56b1fee0af89d130607b275d9b1aad4367abeae", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180005, "uuid": "44733e13-4d24-4c67-807c-a075ab1e63d4", "value": "T16D352BF472E077D70FB5690DB7CE41B23D54B857F0EDAD8622890D1E92802989DFADA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180005, "uuid": "59d52862-a10b-47bf-a105-9f2d8d37c465", "value": "24576:m9E473GQUHMC0vSOrB70D/P93GWAMxtrjw3TNMtnqV9MdiFZ2PmZv33L2:7/4EPm8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180005, "uuid": "4146a694-94fd-4062-af77-9e08950ba6e8", "value": 1075314, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180005, "uuid": "ca2a5fc6-3de5-468a-bbb2-2bd2dfb0ff90", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180005, "uuid": "1905fbca-deb1-40ea-adca-8b3483e5e536", "value": "awrkwzpiuyxvsceedfazlxrdlhdhnlgljqshjotzvnnquauorv", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c70c5d3-2a1f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690202414, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202414, "uuid": "3da67c23-e5ee-4d24-966a-52a540a38ebd", "comment": "Malware payload (RedLineStealer)", "value": "2663a9b7ffe0144c3517e95b13021e77", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202414, "uuid": "1865de91-1aab-4fcd-baab-6d914dfa6fd3", "comment": "Malware payload (RedLineStealer)", "value": "878f2450db929df41d50b2918bc3c00b471e0563282c64b6162fb91429919f6c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202414, "uuid": "4215dc89-9402-4ad5-aef0-08d014258107", "comment": "Malware payload (RedLineStealer)", "value": "8a8628a52bc669915e3a803e0f55e5ecf2dbc7b7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202414, "uuid": "81c0eb5a-eaa5-4eb2-88d0-e31df3cc4e33", "comment": "Malware payload (RedLineStealer)", "value": "517ca60a230e540c39fb4ce913e8ccfd0a2697872c3da389946c3c60f61e7e851ba5823085473c433451206cbdc5919e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202414, "uuid": "7154845b-5bc6-4f1d-8967-e473e01bcfe5", "value": "T1BF843A07C6F23D55E927DB729E1FC3E8761EF2508F497B6A12199A2B04B11BEC163720", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202414, "uuid": "f2abaa88-9936-4610-9ff3-57a8b05635f0", "value": "266fc9b95dac31574046704a6db5e3eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202414, "uuid": "fd4a04d5-4fac-4611-8c6a-ecf14f70f989", "value": "6144:02LuZPTIC/S+r9Fo5bqletNqksLh8q5aqzSgwAtLn11:jKZc7+RFuqleOksN8Caqeten", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690202414, "uuid": "7b7e1247-dc5a-4d61-89f7-e09655024f33", "value": 377344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690202414, "uuid": "e07f58f0-52dd-462f-8b79-759c7bc3f42d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202414, "uuid": "f12a6853-15e1-4489-8c54-6f9c185f2f94", "value": "2663a9b7ffe0144c3517e95b13021e77.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03721499-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690187715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187715, "uuid": "1a4270d6-b135-41ee-80ef-a4629c99d320", "comment": "Malware payload (RedLineStealer)", "value": "3c4be657ab700294f23f3d51011b8b3c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187715, "uuid": "9ceb13a8-4ca7-4cb4-a542-ebb35d51e099", "comment": "Malware payload (RedLineStealer)", "value": "87c9b723dac804469ebc6e59f5a3d9b141dd02fe2315a417e51490325b0a54a0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187715, "uuid": "54d8060c-02e3-4188-9804-71ad06f63e52", "comment": "Malware payload (RedLineStealer)", "value": "dc7c831172712971f3a20534e3572cab063fe0a1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187715, "uuid": "c6f92d07-bc6f-4d79-a8a2-0ebdd26d5253", "comment": "Malware payload (RedLineStealer)", "value": "b7b7e88e6d1fedb4e622995a41813d978406249f4f5e8867e4a0f115c79d783b829846819c949cef9c1a3ac2dc6ad22d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187715, "uuid": "75ad5962-98ca-452d-95f2-802e040afbb5", "value": "T11284390792B13D95E927DB729E1FC3E8771EF2508F497B69221A9A2F14B12B2C173350", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187715, "uuid": "f823d8d2-1957-4d73-bc81-80661ae9e3f7", "value": "8d73c631f2f5f137cb9690031965306c", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187715, "uuid": "a7682f94-e3e1-427a-99d4-5db8bff7a388", "value": "6144:tz9QLNM7Pl1s6Lm86Kyw3eHOfU0syD4zjMvr0mdq11:VG5M7Pl17/7IyXH4zQbq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690187715, "uuid": "cb095c6a-c617-4e56-9096-06c9feee93a0", "value": 377344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690187715, "uuid": "58fab1c8-bb41-467b-b4d5-a18c3eb9b261", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187715, "uuid": "b72ea672-4ad7-4d46-8d15-bf6d4dc2c0a0", "value": "3c4be657ab700294f23f3d51011b8b3c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "efb90f32-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690211304, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211304, "uuid": "d51ec079-bccf-48e6-8357-d84c316ab818", "comment": "Malware payload (SnakeKeylogger)", "value": "525b146ee6b368641a823dcdd1403a91", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211304, "uuid": "57cc3e8c-fd12-4ac8-b131-5ff8a5b0bcbf", "comment": "Malware payload (SnakeKeylogger)", "value": "87d51901b2076eb3775657ed6a5497cc8e9e05768e674add506f6ddadce495d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211304, "uuid": "f950e4ca-592b-43c0-a858-2cbe7ac039f7", "comment": "Malware payload (SnakeKeylogger)", "value": "e142fc60a42b1313d252c19bf495008587066e74", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211304, "uuid": "4f066e05-a7a2-4df5-867b-e131d88c8ce7", "comment": "Malware payload (SnakeKeylogger)", "value": "016e91ce1e747a4bb407d84c273489e03137d86345c2568e2d10b4168f69ebd2aac043fefd0ae475258a5701c415ed11", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211304, "uuid": "a0bff526-2837-4cf5-ae32-c5a75aec6800", "value": "T1BBE4026037A5AB12E5E8BFF5A2B0542803B199545837D38C4EF120DA1D22FD46F92FDB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211304, "uuid": "def95eef-e328-4b9c-9bcd-3201ce080c08", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211304, "uuid": "884a1ab1-8380-4030-a977-fb5404380b7f", "value": "12288:drvJRBusyQlJN3PspIXABUB3XATHFlHR3kg+SouvsU+8Lq+4:dFu0lv3PspIXAGOjNwSouvPLqz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211304, "uuid": "201d70ac-5f5c-4995-9ae9-81289dd87932", "value": 717312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211304, "uuid": "e1999cd2-27c3-490b-9959-8b420dc53b3a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211304, "uuid": "0da833a8-8635-47f1-b6fd-0c25f30e9a16", "value": "FT 2023-24.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fcee4fc-2a3a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690214150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214150, "uuid": "cf0dfcfa-37e0-4e61-8efd-bb94fb38f539", "comment": "Malware payload (Amadey)", "value": "ddb805209d9e1f0d2dd98e1fe374751a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214150, "uuid": "1d9a0b68-5e0f-4705-9544-2be2b5543d8d", "comment": "Malware payload (Amadey)", "value": "87ebcb235fd23c6cd6996ceb269c299b29c0d8e1a1535f383a3298a0d8ae52e8", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214150, "uuid": "7569020e-6c37-4df0-b07b-a78c4fabca47", "comment": "Malware payload (Amadey)", "value": "a96476ff34e85c7cdd2e727877aab8538b1f2b6d", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214150, "uuid": "932b8a6c-f4bb-47c0-a6c0-8ee5e6f2e9df", "comment": "Malware payload (Amadey)", "value": "2c29c495cce5807768ec306d493e1cd29cf2ad9ae54d559916bc3102e6686867222d95efe63e073b2c16af5a179aa72a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214150, "uuid": "cd4af1b4-32f3-4dc6-9a21-6892a5921e9a", "value": "T1252408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214150, "uuid": "81d94464-b876-464b-a5b0-616241a44b58", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214150, "uuid": "3b1252f0-c8d0-4142-9404-a007ea6ec3c0", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214150, "uuid": "092fa90f-01ac-4b66-b59f-1eb4ffcdc66a", "value": 228894, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214150, "uuid": "b07ded90-6517-47bd-9364-f5f41a54c976", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214150, "uuid": "cf9462cd-d887-4a06-8132-c1c61e7a7d6d", "value": "ddb805209d9e1f0d2dd98e1fe374751a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9547036-2a40-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690216850, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216850, "uuid": "50723656-6a83-46b1-9a63-35cd384814b9", "comment": "Malware payload (RedLineStealer)", "value": "0e98f9bbcd46f4e2d3a2c7d168531fae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216850, "uuid": "33247362-40f8-40a7-8281-bca90530f2b3", "comment": "Malware payload (RedLineStealer)", "value": "87ed29805098229fec99d768f3ebc225fa6ad4c1da6ba695825a3530b2bc3c26", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216850, "uuid": "56a21019-51ec-48d1-8361-4e89ae28d002", "comment": "Malware payload (RedLineStealer)", "value": "d37fd892156ac40f705c324cf31ba00b13cc13fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216850, "uuid": "e85779c2-e230-431f-bfa2-4b52925e8793", "comment": "Malware payload (RedLineStealer)", "value": "768eaeeb0387edc2543300e01d53beab42318cac8bd33648935122bee7a1e9aeb9ca0dcccec49441dc327d1171700355", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216850, "uuid": "e58decce-d76e-4455-b47d-5c4a0dff1790", "value": "T1C7E2F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216850, "uuid": "86d77975-3fbf-4901-a6d4-aa81bbd4f03a", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690216850, "uuid": "dad924eb-4a29-4f9f-b369-0c95b28ddf49", "value": 33774, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690216850, "uuid": "ef391d32-f78a-4ee7-99a0-78d92d7dd850", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216850, "uuid": "adfbe0c7-03f5-4c4a-b4db-50a6bf8d625a", "value": "0e98f9bbcd46f4e2d3a2c7d168531fae.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba606b90-29e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690178144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178144, "uuid": "9871c4a3-ac9a-4145-a587-028674a19ca6", "comment": "Malware payload (SnakeKeylogger)", "value": "9d687d7bd50873ebf64e156783965d4d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178144, "uuid": "6af55579-8291-4948-a37e-755d613e2830", "comment": "Malware payload (SnakeKeylogger)", "value": "88b562c7a56631c4d9221faa41b327b797546ca3be4577438357ac63eaaa316d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178144, "uuid": "ef6e096b-2f7d-4edc-8ea3-a3d4a385767c", "comment": "Malware payload (SnakeKeylogger)", "value": "0e578758bc1bde48f09745d8dab835896561f717", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178144, "uuid": "5f886a2e-3b6c-44c3-8413-6a0425415e39", "comment": "Malware payload (SnakeKeylogger)", "value": "04150bcb7f0a11290acdb632025bae01dcbf991b9b2f7e3f0de31c4b05f82b5cd1ef70a3f8e56d0977419ace2b64ca71", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178144, "uuid": "827018d7-474a-4dff-ac00-42f36a953c94", "value": "T10FE412A537BA8E03E2597CF50AA4D505137362417C17C3DC9CB6708A6EB2BC0FA526E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178144, "uuid": "ab696446-1b0f-4980-9e68-003a9c65bef7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178144, "uuid": "004b14ab-f5c4-4ba2-9a93-3e50567f54ca", "value": "12288:y/vJRBusyHtkMACATrIcxAVheYaswqbVQyO:KFuJkMALTuVQgwzyO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178144, "uuid": "a2efe78f-7c49-4e5a-b57a-d787dccdf3ef", "value": 702976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178144, "uuid": "3c5c1263-21e8-4740-a5be-529aec48682e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178144, "uuid": "b4cc4098-b23d-41a7-b866-c3e4a250db10", "value": "slip_55089.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be39d646-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690211651, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211651, "uuid": "05b505d9-2374-4bb0-892b-4fee60099736", "comment": "Malware payload (RemcosRAT)", "value": "efff3b0834bbf50bdb7ae416a83f3cf0", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211651, "uuid": "c995cf0d-74fe-4b0c-8931-9317b4dfdb94", "comment": "Malware payload (RemcosRAT)", "value": "899e86d5c1923002d921ee8cf0e88c8b93ecaf43366fb4245c20525e53cd7bf5", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211651, "uuid": "9a03bd2b-c237-46e5-874a-b8ef4081ae3c", "comment": "Malware payload (RemcosRAT)", "value": "2d68e66ac0ca398515a71c26b0810385f3ebf880", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211651, "uuid": "7c40b225-bdce-4ddc-abed-cb7ca1972bcf", "comment": "Malware payload (RemcosRAT)", "value": "af1c92629f02b6f2d7880250281f356d48de62a322b80c4608010d75d7be40e39a206ce04f175102221884420f18f965", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211651, "uuid": "645f41b9-7417-4edf-a9b0-de1a6d4bd9da", "value": "T16AB58425B1743DC7932612B2868FAC4A6319FC47B3971ED8C05EEEF52CE4575A302E4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211651, "uuid": "bd82f295-4866-4b16-bbb1-9aafaec622fc", "value": "24576:Mnrr3sH+0iQTIhi+WAF0UhQZ+4F8C0PdK8lIG+SzHG:9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211651, "uuid": "df3103fa-ed55-41d1-ad03-b016405cb75b", "value": 2491999, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211651, "uuid": "6153c844-4e0b-4669-bbbd-1618ebb11377", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211651, "uuid": "9ad63259-aab6-48c6-87da-3ccbdf64ca9c", "value": "Swift details.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ea66cdb-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1690183976, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183976, "uuid": "a68f979e-b7b8-4828-a9e3-85a4452b27a1", "comment": "Malware payload (AveMariaRAT)", "value": "8c48379daa9269ddb7ad3a4d313f7cf2", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183976, "uuid": "a38ffeb4-1707-493d-b544-967bbf22ea29", "comment": "Malware payload (AveMariaRAT)", "value": "89af57a200871a7fde85575a169997f2b6324a05087e5f6d56897111ae0cf7a3", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183976, "uuid": "80602d1f-70a8-4a15-8c0a-dcecea171e5c", "comment": "Malware payload (AveMariaRAT)", "value": "d8fc713929e96eaae7c5081e678dc8e2d797a00f", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183976, "uuid": "9f0d37f8-ef89-4069-a9ab-b46dcbbf9a8b", "comment": "Malware payload (AveMariaRAT)", "value": "aed078719972982d1f318d16d4f9164b4dfd2e2ffaac3d8a14e35cd28f980984849b5aa170fbd58de20c4ac2b60be8a0", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183976, "uuid": "20912aef-0083-4212-8a15-6be3f2019c91", "value": "T1D7F4F783BA5786B2D68953B7D3AE4C0493A2C997738BD70F758E23A8194337B9C01D17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183976, "uuid": "09e2208d-7113-43ff-ad77-9c54f8f41eeb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183976, "uuid": "fbee708f-4bde-4c7b-8b1e-a705f4875da6", "value": "12288:kYuO2pedIWFDmOXmvZ4kgLXxEeJ3aunwhmafx1Xw6uPgy5gqRMeCBNUkJO:juvpAmI6ZZC2xxw6uPq3eCBNU+O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183976, "uuid": "c013ec3c-b7bb-4046-8be9-22091edd2749", "value": 763392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183976, "uuid": "8df160dc-2edc-44c7-82f8-2c176ca3c9df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183976, "uuid": "823f73ad-be06-4399-a9b3-954b973e8601", "value": "ORDER RFQ.pif", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "018a4335-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690211334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211334, "uuid": "be0c2682-2ca9-4491-a1f8-b072461bbb65", "comment": "Malware payload", "value": "f059eccaa0469062843a76a4308d2914", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211334, "uuid": "b6b6fdb1-d25c-4b6d-8906-91c12173593f", "comment": "Malware payload", "value": "89f57e127512fd97f5f046b154ed1c59813193058cfbde1d9d82bbc6ceb14698", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211334, "uuid": "ea37e6db-4a4c-4b88-a758-7fc47daca9b9", "comment": "Malware payload", "value": "09c4ad2736f90af25fa1a118de9d64a1d74bd794", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211334, "uuid": "d482efff-0655-4cc0-9239-e9bb5f86c639", "comment": "Malware payload", "value": "b71fc90a90f7ac925ad07ab9166fd51b37a44a2e975e1253be573b744ac1ab10b0b62a90d4388f08dc0cdb92bd818b6f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211334, "uuid": "7b696753-5bd4-4bd6-a4c4-4f417842b5e8", "value": "T1666522207AD58872D86709392AE5A7717A3DBC341F3A8EEF43485B0E8F245C0D9357A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211334, "uuid": "f12eee08-1dce-4190-bf35-7b7c1c0dfeb2", "value": "91e96141ed5dbe3bc541c8aad7ff3c38", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211334, "uuid": "35e21e25-4269-4bec-bea6-530625790463", "value": "24576:WBqaS/LEMgbxs9HRAZ9Mwu2gbj/oji0MpRGIU4PvC0ucjDuZ:WBqaaEUHRYMhfjk4vCaeZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211334, "uuid": "a61e41a4-ca6b-4bfd-bde8-9fc4fa24f725", "value": 1484305, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211334, "uuid": "97ca5131-911d-4614-b296-eba94f662114", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211334, "uuid": "4276e449-ae8d-4d9b-b517-1b61932b8ec3", "value": "f059eccaa0469062843a76a4308d2914.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d040f4b-2a44-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690218360, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218360, "uuid": "93d0d2c7-f94e-4546-9ba5-b6d0f3c8b1e4", "comment": "Malware payload (Amadey)", "value": "9f6a335bf9ab56bdea4e7a190bb076d6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218360, "uuid": "e85ac069-d4ac-4bc3-8dc9-a13e4a58045d", "comment": "Malware payload (Amadey)", "value": "8b31e3ed284822040e4b85ea218460650e187126e936524d1d47c4f92497c98b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218360, "uuid": "b323122f-6212-41f0-a70a-da7700dd97a6", "comment": "Malware payload (Amadey)", "value": "8972c8ad61e5835cd94baa25570bfce04a83584e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218360, "uuid": "65495ee4-5bb2-4a92-a1d7-2c2c9702dce4", "comment": "Malware payload (Amadey)", "value": "7aa10112f1f2be4fff81841714aedace1773b463db98b032089afc3daec9792b4b36378300f64141db748b4eb462407b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218360, "uuid": "4e1ee529-5f9c-44ea-9844-3968e5ecfdb8", "value": "T13F2408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218360, "uuid": "631333be-6dda-4db3-8016-1f76da1f63b5", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218360, "uuid": "e607fc88-9f5b-427e-bdff-5d5a0c4becc3", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690218360, "uuid": "d57c51d0-44b3-4956-a713-caf34c61c4e0", "value": 228962, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690218360, "uuid": "a3751964-d0ab-4616-ac05-d2f81b3f727e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218360, "uuid": "a712027a-5751-40c6-869d-32078b812e7d", "value": "9f6a335bf9ab56bdea4e7a190bb076d6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94b3c27f-2a4f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IcedID)", "timestamp": 1690223178, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223178, "uuid": "5b4db8b2-9d0a-4e49-8b6d-00bb5d6b1d11", "comment": "Malware payload (IcedID)", "value": "a463577ab5387177cff4826fe75cd7a8", "object_relation": "md5", "Tag": [ { "name": "1561373935", "colour": "#77FCC8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223178, "uuid": "dddd82f9-02d2-42ba-9491-47dd60ad152b", "comment": "Malware payload (IcedID)", "value": "8b5529d29aeaf195889ebad68f2c3a390845e173edfec923acaf25fed824a529", "object_relation": "sha256", "Tag": [ { "name": "1561373935", "colour": "#77FCC8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223178, "uuid": "2ad947c7-2352-435f-b5da-0e0ce28e7609", "comment": "Malware payload (IcedID)", "value": "7f618a3f19c132e51fa55970e45c8cb4e17e9ba1", "object_relation": "sha1", "Tag": [ { "name": "1561373935", "colour": "#77FCC8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223178, "uuid": "080927e4-5243-499c-a40c-72d4ae17fb77", "comment": "Malware payload (IcedID)", "value": "c2980f93f644e8f6ad8af87e43b031de33924feddcf10cae690743522bb3dccb20bbbb647fb79bfa14fb6fdc49323db1", "object_relation": "sha3-384", "Tag": [ { "name": "1561373935", "colour": "#77FCC8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223178, "uuid": "9e9e0f72-3116-421b-860b-637db957a17e", "value": "T194A426C6BA56F8F9CBF3C076E45123363E0DF9D144A09E724761C3BA6C24818A85EDB5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223178, "uuid": "603c2879-3da9-4401-ad84-5a5e96c18e15", "value": "06f25df4360c0ab9ee30cbac816de0f4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223178, "uuid": "2b1a181c-72c7-449f-b74a-09a7a1193c49", "value": "6144:CWuz3M1ukesfTqAYVTuFOBTfh3SVOFJzlBSFHds79zAADpgSHK6BdunkC:C3zUukBCiFel3tFJz6DeDpgSHKUMnh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690223178, "uuid": "9d658cdd-3a19-4aa4-bdf1-58e3808be020", "value": 458416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690223178, "uuid": "c399106b-cc42-41ad-b344-e02cbb30b331", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223178, "uuid": "16cd543d-04e8-4d12-9166-0a6ed3fda961", "value": "INV-Details-JUL2023(176).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78430d3f-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690184046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184046, "uuid": "c98a6405-4b69-4fd1-96d6-501007a5243f", "comment": "Malware payload (AgentTesla)", "value": "cdc20638beea2923a75540481e39fe05", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184046, "uuid": "0046ddde-1e81-45ae-b5fb-5b491a8e6998", "comment": "Malware payload (AgentTesla)", "value": "8c0f9965639e4dfba9700034a7feab52c9ee3324be0717d9baaf0ad1ead0568c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184046, "uuid": "cf74ff66-dc6d-4284-a747-b49184b4ef66", "comment": "Malware payload (AgentTesla)", "value": "90ec8aa1e8809775cd41aa4f2a5636d85279218f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184046, "uuid": "9f99e12c-4615-405b-a607-85c340b0c421", "comment": "Malware payload (AgentTesla)", "value": "de9cac3b37b5ab140884558fa3c5514523695ccccf72b05d96b678d3af367d09958414ed6d70087d89041cb1c3a2b92e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184046, "uuid": "312dae46-5be0-4735-9287-fb9da40deed7", "value": "T146327DBB58CCA8AED30750BD80D77348F6A4359373299D0BFA30B558CD7A3CD5A0029A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184046, "uuid": "b9337c7b-b559-44f2-bec9-c2438f45b93d", "value": "192:imya0NtqEsWJARgZVPCK44AG9xXSJ+Ej7BJYTKwGKP2JWYfcWe++w0l:7yXtqEsWJANK4499xXSJf7BJYTRFYfvc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690184046, "uuid": "6a885fbf-34b7-41a7-8858-f2c78d036dd4", "value": 11084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690184046, "uuid": "aba3ddfa-4191-459c-8cf7-c2b07ddeee9d", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184046, "uuid": "5a6f7a82-df42-43ad-b65c-aeb626344352", "value": "Balancepayment.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7f39d52-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690191051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191051, "uuid": "c841e71d-6277-423a-bb31-8fcbcb5873c4", "comment": "Malware payload (Mirai)", "value": "89416ebb2959870fdbaa81229212268b", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191051, "uuid": "0e46404a-d661-4f88-a239-753bfc903e57", "comment": "Malware payload (Mirai)", "value": "8d205f649a7a2f86e002dd58bafc7022f48922dd1d512716739dd7c2b91a4745", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191051, "uuid": "a912bce3-4fea-4fa5-ad22-1dd38d175f73", "comment": "Malware payload (Mirai)", "value": "1d52cbc378af5bf4cefae37f721ecf2e9c9e0760", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191051, "uuid": "d0780bf6-08d2-4a2e-909b-c8e08a1b1f65", "comment": "Malware payload (Mirai)", "value": "6f74274ca6ad4e76311351e619682b9f7d1cb7cdc15ca333a9c4f94d74fc32d29758444f12f5f87180ba339896cbbaca", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191051, "uuid": "78ef9811-ef51-4c42-aea5-55bce150acdc", "value": "T144B30845FC509B17C6C212BBFB4E428D7B2A1768D3EE72039D256F65378B85B0E3A142", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191051, "uuid": "d549b36b-fbed-48f9-b054-2d8eed0b7d55", "value": "1536:ZhNOK2dTNan1/AxPG4VamYT8rxxJMJM6qNfRZxl8+wywLFOKHHrWHlpWGOpY8:ZhqZw1/345Y4rxxJGqNZr/8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191051, "uuid": "84e01873-b6f8-4498-85bd-383ee806ac59", "value": 117504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191051, "uuid": "abca7e3c-63d1-4af8-8f44-2f8d4f2d779f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191051, "uuid": "7f0665c0-c575-42d7-bbaf-486f6eed1eb9", "value": "cundi.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7f86537-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690212580, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212580, "uuid": "a8c7ee25-2ded-4eef-af3e-d5eca96a4d3b", "comment": "Malware payload", "value": "396bea675af3155ba75d791761a7ed48", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212580, "uuid": "36a0802b-6a1e-4aef-a08d-6f806bd73d15", "comment": "Malware payload", "value": "8d8c084cf97a4b05760ddcb7507557b49e82f7398368fb33a423ff7ae4adcb12", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212580, "uuid": "2d2c6a72-c968-451a-aeaa-a7cd954338ee", "comment": "Malware payload", "value": "9467057caad3935f9578aabec7b5d2e9fe17b845", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212580, "uuid": "4dc292ce-3753-4181-aa35-d6c9627fb468", "comment": "Malware payload", "value": "54e7e5153c59187ba6697f95b714d0a017075a36ad09f99284c2e3d534661eac439b2e03ee2a967da9a77f34a74b383b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212580, "uuid": "01aca4e0-8308-4c6e-a572-09ea64eb94ff", "value": "T1EFE37C1575C080B2E563283257A485B15E7CFCB00FA6BDDB2BA41E7A2FB04D1A634DE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212580, "uuid": "37e5382a-574a-4040-8692-cec1ecb2eb01", "value": "dcff091e2e9aba82a244d7ff6e487382", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212580, "uuid": "34db93ad-b133-46d9-b5fb-825af68d3ccb", "value": "3072:KlZ3TFfpCRzzwQjiRb5welYpK23rlx4cLXfHXW:er8LjiRVwz86rPXW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212580, "uuid": "fb1ac0b5-bde2-4ff7-9266-67bfd5977c13", "value": 151549, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212580, "uuid": "f6f85cae-ea6a-4907-9cea-45fc53f32793", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212580, "uuid": "dade8cb8-17bb-4b8f-bfcd-cf01cfc9bb0e", "value": "396bea675af3155ba75d791761a7ed48.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8d8f9bd-2a49-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690220769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220769, "uuid": "053c6817-3a63-41a2-8e1d-4d95c92a8ddb", "comment": "Malware payload (Amadey)", "value": "677f197c96b0a095a95a98a5465e00d2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220769, "uuid": "df6005fe-97bf-46ce-8d3f-9bdb2d8b5271", "comment": "Malware payload (Amadey)", "value": "8dca550e1103f8f3162602f771cb621c1a807127190997897a0bd373c3c43462", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220769, "uuid": "b7b0ec81-4b4b-4e06-82e8-cbbcf605bab5", "comment": "Malware payload (Amadey)", "value": "062fa1df84f20fd04a8648fd25ee88a55c67a53a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220769, "uuid": "5a2e03e1-0014-49d7-90eb-3eabff0b0ee0", "comment": "Malware payload (Amadey)", "value": "aa217d99201817414371ae42b0bf81c736178f0b0f85fdb46cf2bb69a908bfaae17807c239aeb0f6c6e7fa8fb3f9d2fd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220769, "uuid": "231223f6-1a3e-4a02-a66a-712ac7db2dd8", "value": "T1E12408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220769, "uuid": "9cc52599-07b9-4680-8b72-974740fea99d", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220769, "uuid": "17046774-7402-42f2-beac-b65548d5660f", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690220769, "uuid": "20cd1043-391c-4d26-90dc-2e0829d65135", "value": 228991, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690220769, "uuid": "928bdf85-5476-4a3d-b956-d4a1883ab98e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220769, "uuid": "36a62f89-1dbc-4a87-b95f-ed1bb006105d", "value": "677f197c96b0a095a95a98a5465e00d2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f7093f6-2a4c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690221880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221880, "uuid": "ad97e295-d1f8-485c-b4d1-26f31c645d57", "comment": "Malware payload (RedLineStealer)", "value": "eaa7ddf9a5fe256bc115f2604c8bd754", "object_relation": "md5", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "spy", "colour": "#472410", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221880, "uuid": "b9c331b1-9f38-4c1a-ab87-4c10eeb71b86", "comment": "Malware payload (RedLineStealer)", "value": "8df6ff949de778a20deb98bd90e21d9e9449045b73f75cd62c051957997882bb", "object_relation": "sha256", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "spy", "colour": "#472410", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221880, "uuid": "0b674801-575c-43ff-a2cb-0a81d47e6b32", "comment": "Malware payload (RedLineStealer)", "value": "09f8eaa1cf59dc319ac9f531a9a7ebdb0113c447", "object_relation": "sha1", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "spy", "colour": "#472410", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221880, "uuid": "48da3411-cbec-4bbe-8731-428126f96c27", "comment": "Malware payload (RedLineStealer)", "value": "461e09b488f94817ba6c20827e1c116a5d5cee89820fdec29a85e4d3283c53c782ab2585b566620b1f8fd59347fb0a7a", "object_relation": "sha3-384", "Tag": [ { "name": "dropper", "colour": "#04C509", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "spy", "colour": "#472410", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221880, "uuid": "52e0cbe1-369e-4916-bc77-f0f2e108629f", "value": "T150B40247A7E84133D9B92B7058FB17930A36BCE15C78831B2789999F1CB2188E57133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221880, "uuid": "64997f20-cd46-4782-89d5-44b33e6be397", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221880, "uuid": "d3d0cf3a-57b4-47a6-a559-27164ea3a832", "value": "12288:OMr1y90xhXa1bsVhIyYGYpy7TzyiucJ7VXec:by+w4Gti1Xec", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690221880, "uuid": "67f1e9e0-b1c9-4ee1-976a-e143bc530c49", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690221880, "uuid": "a4cc1ee8-fc76-4c2e-a730-5e632ec4d9c8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221880, "uuid": "481c7593-02c3-4641-b8bc-080c9f75db8d", "value": "8df6ff949de778a20deb98bd90e21d9e9449045b73f75cd62c051957997882bb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86a0e6e8-2a48-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690220147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220147, "uuid": "748ec123-1448-4335-998c-794eb88caa34", "comment": "Malware payload (AgentTesla)", "value": "bbcde254909c0968cc1e61f3ed5dd85b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220147, "uuid": "3fde7420-537c-4b46-9a74-3db09a0c3327", "comment": "Malware payload (AgentTesla)", "value": "8ed8950fa5b89ea544a3bdfe37667e2a4013022278318f321d6811bc9017108a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220147, "uuid": "edc111e9-89ea-4892-80d4-5832c1ce4cdb", "comment": "Malware payload (AgentTesla)", "value": "35dc8b1abd5ac6e79eb1dc42bb2b456ed62b816b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220147, "uuid": "a9c947ed-3527-4929-8c53-9dccadbe271d", "comment": "Malware payload (AgentTesla)", "value": "610e7879c3c7caec97565f894c367cbf0a4c1d4c2d5886e756cd8ce87fdb803f8ca76078c9a2e859de88b9a2a51abdf7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220147, "uuid": "093d7577-c99f-435b-96a2-bcc817cf686c", "value": "T1CBF4022537B9AF52E1B8BBF5D2A041190371A0552877D38C0EF230CA1E66FC5AB91BD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220147, "uuid": "c51a880a-34a8-4c2c-abc9-b0e8638ed4ea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220147, "uuid": "f0d03d36-31b4-4a20-971f-2319337ed16f", "value": "12288:bDvJRBusy2y4HxCVJ9eIlPaYxCqplIWb/yk2rivrsNzLFbY+RUF:3Fuiy4Hegvq4c/ykNjALFbYK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690220147, "uuid": "629db8c7-c7f9-4d56-a73f-2d41a97db528", "value": 756736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690220147, "uuid": "20df6b85-2b52-4ff5-8d4c-1c7d40bd0bb4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220147, "uuid": "eed7df29-329d-4f5e-8368-c283d61cd40a", "value": "Order No. P0004028 - order registration.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1e14a25-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203067, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203067, "uuid": "ff5eedc9-a37b-46af-9ffd-883deb860690", "comment": "Malware payload (Mirai)", "value": "95d5d0413bb49f819556cd007f436d59", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203067, "uuid": "e979e297-20dc-41dd-8a96-ca95564524b7", "comment": "Malware payload (Mirai)", "value": "8edec172b55066aa69b3719b453ae662f241eeec386782f399f6f61a830a4d3c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203067, "uuid": "8038f51e-28a2-4699-9454-92b0c522508a", "comment": "Malware payload (Mirai)", "value": "1edd49ae54f084ee584b188a6f1a814ea09514db", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203067, "uuid": "32ae30c2-02b2-4dea-a041-ab67b674af07", "comment": "Malware payload (Mirai)", "value": "919dacbdf68c6bf678bb7fe8bb785e67d8cc6a13f01e4325229126e3031ac179f2bf2da58aca4712f64ca170330f3133", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203067, "uuid": "e34f9541-1fcb-4ac6-9b76-7ec05caf9bb5", "value": "T1FE82CF3062AB75E5DBF14430EAADCEC6A7160BF8D1FC36D217586F78894210661F92CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203067, "uuid": "18f1135b-eda3-4532-817d-f79c8a1e7e81", "value": "384:MjWzRV0P6iOwrkom0DRnVATuSlShu6NvmPWtUn+KMaWhymdGUop5h5lp:6GV0P6+kom0tVAoNvm+to1Ws3Uoznlp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203067, "uuid": "2743fdae-5a09-4fe9-b229-d97802536f3a", "value": 18488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203067, "uuid": "1049562d-2eb0-4181-be8b-8b698b4aadd3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203067, "uuid": "b7be980e-d2cf-449f-8dbb-21dcce8ed4c8", "value": "95d5d0413bb49f819556cd007f436d59", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "596f6dea-29ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690180987, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180987, "uuid": "6ce40fd5-5a70-41b3-9982-178c54790907", "comment": "Malware payload", "value": "0ef8ab68f5133a9e0cb694abf14df145", "object_relation": "md5", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180987, "uuid": "724634d3-94ad-4633-915d-5747c474576c", "comment": "Malware payload", "value": "8fbf835eeafb1fa4ed214a0647ac6d970d9b1b0c07f7d277e0a1603a92ca0e2e", "object_relation": "sha256", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180987, "uuid": "628f1940-cf6b-454f-8996-b27196b6c013", "comment": "Malware payload", "value": "a0e5aaf9af5ca5dbe49150a0fa63ddb785e4f609", "object_relation": "sha1", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180987, "uuid": "84707802-381b-4bef-beef-2d530332f731", "comment": "Malware payload", "value": "f993b7ee39f12add586aeb91394d4c6a7b96ad6ea1ec7407de1721a0a704af9b70526dff269d5e7944f910a9ba8bf15e", "object_relation": "sha3-384", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180987, "uuid": "d1302dea-15e8-4df0-ad0f-a43ef51af425", "value": "T193177EBA3BE30D2BC0D3617197AF21C1F325C01B2268E468BC5D92541F58A65977ABFC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180987, "uuid": "d6356104-011e-428f-81c1-0c2c4828112f", "value": "98304:LwglnKpioB6u4MtP6/FlA4BYyDZdWN8eVVgbA4JGmFDIoZG+a3HnYQj7GZTj9QXU:DlKttP65Rg7BohsRY2y2u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180987, "uuid": "16f0ee1e-510d-4525-97ab-2b1c45edd628", "value": 19900308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180987, "uuid": "efb1cfd7-c39a-49b5-84d6-73af7a7facfe", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180987, "uuid": "88106591-45e2-419a-97b6-2c41c46ad2ce", "value": "app (2).asar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce839790-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (PrivateLoader)", "timestamp": 1690212537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212537, "uuid": "a0eaeffe-3aa5-4d0d-8abe-e6e0f179a360", "comment": "Malware payload (PrivateLoader)", "value": "eba137b582c67acf005339a8ecc2103b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212537, "uuid": "af18492c-046a-43c7-a684-a3334957e41f", "comment": "Malware payload (PrivateLoader)", "value": "901bb2af39f52f86d0173bf737610ff2edfabe7f5a1c406d35ff016f66b115a8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212537, "uuid": "91597696-fdb6-492e-b9a6-d0907413ec7c", "comment": "Malware payload (PrivateLoader)", "value": "046ff0c7f6403bc3ed736cf817135a4563f5ef16", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212537, "uuid": "f4cdfbfc-a7c7-4cf3-9aba-ea6063c57229", "comment": "Malware payload (PrivateLoader)", "value": "b13322597f5181d9853f5dd45d44df110d91eafe8af79eb115918f89fa88eb8ddedb594426e68eefbac4aceb4c03e734", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212537, "uuid": "d96a0ef3-5942-4362-9752-10ae89d1a0fb", "value": "T11D351976A315B45AACA28136F56B0AFB15281A30B3C544FBF7938E5139D27D2F238D07", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212537, "uuid": "c2b7c116-f5eb-4c7e-854c-4b8c40bb68a2", "value": "24576:k0bDXGEP1Ytp7m02HW4vusuN/Ukrp9E+dGoH7N59vsfZHBxb5IStw:kHEP1Ytp7MnOYoH7NzvsfZHXlIJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212537, "uuid": "523060b9-055d-4a56-9fc3-94a559b62147", "value": 1133298, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212537, "uuid": "861d1c58-477d-407e-bb2e-4a50611fc020", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212537, "uuid": "0a6acd63-ca53-4966-8f9a-95006986364c", "value": "eba137b582c67acf005339a8ecc2103b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fa619c8-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211143, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211143, "uuid": "cba3ce7b-a6f9-44d6-9603-e7251852b4ed", "comment": "Malware payload (RedLineStealer)", "value": "bf25dfc471b2e7cb3596cbbd63ba36f8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211143, "uuid": "205fe717-c9b0-4268-9659-d2b3b201b924", "comment": "Malware payload (RedLineStealer)", "value": "903aec9d247ac31aca8518655026902f1f3ae706204004425838471c99f3f81b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211143, "uuid": "76297537-3198-4ff3-b2da-3ffa4ae76a8c", "comment": "Malware payload (RedLineStealer)", "value": "4cc031ecfb25b73aa8ecea84e66bc187d946f152", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211143, "uuid": "ff680192-486f-4c02-b4c4-677e41be257d", "comment": "Malware payload (RedLineStealer)", "value": "8cf78c6defe99640b70dae6e885ffa836e59149ad32231471bf710cae7135c6af6381e4c2b507b3cd1464250e0efe7a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211143, "uuid": "22336fd8-8fb0-4395-8cc5-8e511ab24dce", "value": "T1B0840212E7D89077D9F12BF058FB02830B357CA29D78937B3646695D1CB26D0A53272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211143, "uuid": "20e2e378-c8e4-46f1-8314-ffa721dbee97", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211143, "uuid": "bbdee14a-f8e3-4291-b408-00d7f7ea75bc", "value": "6144:Kiy+bnr+wp0yN90QEz/GqH0Fq0ydcJM4G2qVNmZIkgBZ+t4zDcPL5qs7OxoU:GMrgy90F+94cJM4GPNmWkgBYCzklq+U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211143, "uuid": "83b5ef42-290a-4980-b12a-b38c7102da2f", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211143, "uuid": "c1e8dc64-f05d-4e04-b24c-ae63fcc24a59", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211143, "uuid": "ef5aa9c1-5e83-432c-9f8b-c73b9f28c931", "value": "903aec9d247ac31aca8518655026902f1f3ae70620400.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0cac2873-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690211353, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211353, "uuid": "d93e7c4b-d2ab-4a76-bbbd-4c023e11376c", "comment": "Malware payload (RemcosRAT)", "value": "7cad2d460bf53e4e93f10287e336b8ed", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211353, "uuid": "af377474-5ca9-42c1-822b-b24d28e72f01", "comment": "Malware payload (RemcosRAT)", "value": "9094c418e7ca2147c0588669539e56274dd5be2b9ea602af6080d556f6f55950", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211353, "uuid": "2ef424ac-cee1-42d5-8087-287cc3b2b4c0", "comment": "Malware payload (RemcosRAT)", "value": "3a39cae4fa4e9bc3678894a321ef43d4dafd992c", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211353, "uuid": "7ab68909-151e-4d8d-86bd-f8fc83fb480e", "comment": "Malware payload (RemcosRAT)", "value": "592ae054757890b4ebe32d721469be7e66a909b73169533107e010fe65eada346534c84b9de47b9b54a522490dd9b77e", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211353, "uuid": "102c6fc7-6324-4b75-82e1-392b116e45b2", "value": "T15965F103D8048B83C41D83F87E531EE90F1A6F19E8A9BDDB10527F8B3A71B62495E55E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211353, "uuid": "86c51715-5eee-4192-aaec-2562db12492e", "value": "24576:Rfu9VNZyOw6VajZyYw6VOViNhuuvvtWyonQfbXQwcgZffnLl35wZx:RfuP+6Vals6VmiNhv3tjBXXcWLZ5O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211353, "uuid": "84973111-538f-4a56-8048-7f2b5bd29aac", "value": 1501184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211353, "uuid": "cd92b772-3612-4bc7-aa2d-0f9a4ffc35f7", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211353, "uuid": "e3bf215f-84bf-4b61-bc34-0d088a2dec94", "value": "PO 0039921.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aca74f37-2a1a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690200454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200454, "uuid": "e475da6f-36cf-4f01-9927-de1e7fba467b", "comment": "Malware payload", "value": "b503ffd3552cd5a97874afe409f3b469", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200454, "uuid": "b69d06bb-d9b9-42e1-b3a4-349a59442af0", "comment": "Malware payload", "value": "914631ce7609070f94c97ec1e811d8c9b930c0e69636169d2498ac7103d3fefd", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200454, "uuid": "e5d443a8-e341-4765-b62e-5d34abc66202", "comment": "Malware payload", "value": "d868ffa7215b95715c7f8773171bad2eca2163ff", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200454, "uuid": "722e6e1b-1faa-4910-9226-3b10a9178c1f", "comment": "Malware payload", "value": "cfbcbf1ef0b0686315bbb0459cb6fb73cfd96dcd64491eb3fee5ef70be828f9a0b9ca6b11709ccf9787f1573d9991bb0", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200454, "uuid": "0839a1ad-96a8-47f5-88e2-c11d47c25b27", "value": "T17BF423237D2F0AA6973C7D2F3F5BD7D216909D608468F987A2B9E348249CF91720354E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200454, "uuid": "2bf7f678-eceb-4197-ae3c-5eb25c0f2ced", "value": "12288:apgPEpE3i1xykBz7sRMJtyTTRzxuZFowBUUc1nA+:apgx3HEz7sRIty33uk7Uc1A+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690200454, "uuid": "2858d712-e8df-4e33-82bb-97a08c67b882", "value": 741962, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690200454, "uuid": "0a878a29-dca3-45ee-ad9d-040e436fa8ae", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200454, "uuid": "49f36b15-37e3-4d44-a7a5-be57d196be76", "value": "Untitled2.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbe4e3c1-2a03-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690190628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190628, "uuid": "92665c08-03eb-43a4-a7b0-3f3e1ed1569a", "comment": "Malware payload (Formbook)", "value": "0c3cacf759814e610535fb7f9b75722a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190628, "uuid": "5c914a15-9a4b-4bba-81d2-59538b008748", "comment": "Malware payload (Formbook)", "value": "9292d7b24e619b853df2eefe4a41acee5fd6e7af72a42baf497bfa1d17154629", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190628, "uuid": "100fd772-0026-4de4-8c62-fb00dbef8493", "comment": "Malware payload (Formbook)", "value": "46bb88a027a4458fd67d4fd4ca5c4fdd86c44ca7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190628, "uuid": "e235cb94-c6f3-435f-8f15-8811a38008d9", "comment": "Malware payload (Formbook)", "value": "520d6d06cd7ec907bb56984accfbc92b3f795486dabda8ae0ce3845b1c372f74df3599dcc5a248b099f7fa3f815d31ca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190628, "uuid": "c0624ec5-0591-4655-b3d4-661122874c11", "value": "T1A14422817B94C893E5A34B72287E07FADCF9D01612EDAA633730C65DA971D01CC6E366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190628, "uuid": "31ef9011-a544-4480-8eee-943eb8f4a33b", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190628, "uuid": "7944b27b-d878-4649-a403-d80fa3318a22", "value": "6144:/Ya6J2UPz9RC7YsN8nqR3dllHNk1sujsJ+0YfnmDjwg0XdqlFKJGZ9DIG:/Yb2UPzsN71HKj2+0on8jOX0lXSG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690190628, "uuid": "36a98bab-a2bc-405d-b381-f8850d5841f5", "value": 278409, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690190628, "uuid": "ffedc911-28e3-4050-ba53-f6f42ef066b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190628, "uuid": "d91909c0-fe1f-4b79-8ed2-0247c600c96e", "value": "Bank details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "beab5880-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690188888, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188888, "uuid": "18c20be1-2cc0-45c6-a6fe-768b2f10447c", "comment": "Malware payload (XWorm)", "value": "67cdda3364bb6b2f63866117f13b4d79", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188888, "uuid": "5b42b92b-2a9b-4039-92fe-c2e0a2ec08e8", "comment": "Malware payload (XWorm)", "value": "92edef62579a23755b2eac21af028675f409bfdc9a283f35c8ceeda0a2b79570", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188888, "uuid": "b39e9cea-0ca0-4c17-9fcd-7e6d08154c8e", "comment": "Malware payload (XWorm)", "value": "5717ad7f26bdabd762df3ec537c7ac58f34326ae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188888, "uuid": "5cf5872c-3418-4c02-a591-0a10b893202e", "comment": "Malware payload (XWorm)", "value": "b0e8d8c524d0148093b9c02b15fbdd7ce46dde6f7e79e8da076295f73b23cb1575b682a9afd97730806412dc75e49f79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188888, "uuid": "9607cccd-ee87-4269-8f88-8e704e694558", "value": "T12EE24A487BE18332D5EE5FF57DB2E1050275E5078A23DB9F1CD889AA7B636C246013E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188888, "uuid": "61b6258a-73ad-4329-851f-03c675d31b7a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188888, "uuid": "083d1338-1959-4092-9909-ed6527dbb01c", "value": "384:Y4sYMqC1y0O9/89I3/qjk8LlzwDs2ETIiMoR+gtFqBLTiZw/WNCvK9IkVu75xOjg:pC95/lEePMoZFr9RgOjhp/7vA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188888, "uuid": "d63f3710-31c3-4610-bcd3-300317e47ce1", "value": 32256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188888, "uuid": "4100e79c-6150-49d1-b783-c32a7b1981b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188888, "uuid": "0728a155-0d9e-4ba2-b0b3-bc89da91e534", "value": "XClienttest.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1763a875-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690178300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178300, "uuid": "120a1de2-f63d-4f8c-968d-563f7227911c", "comment": "Malware payload", "value": "bf1ea7d09a14ea6f8dad317c084df9b3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178300, "uuid": "b47b37b1-165a-4ed8-9769-fddafc619cc6", "comment": "Malware payload", "value": "932a83d8393db73570a8dc9fad7810341a32dffc6e0465fe106a1232fb40bf81", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178300, "uuid": "32e110e2-cc50-4263-852b-5872d2b005e1", "comment": "Malware payload", "value": "eaa2cb3cca1ba9e557e92fa59cde940ac2b71e16", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178300, "uuid": "3649d4eb-66ee-4494-8e08-56b362c5021b", "comment": "Malware payload", "value": "01b79a7d70b766472cf48b560bd2edc22f2123c5bef323d22f0a8f129eecfcc76c91441b0e54f61347287240e550703c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178300, "uuid": "e9b8407b-386d-4980-887e-14e902a74311", "value": "T1B186E017ADA8CC6CC9A394331092C397D20AE14DAE0DDB9F13B11945CEF496B5B12BED", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178300, "uuid": "fd5d6f2a-36ad-40ae-9a7c-2a21260d7771", "value": "1f2702872592229d2f4cb1162cfbc55b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178300, "uuid": "bb3a82c9-b364-4151-a2d4-198762ba6dc3", "value": "196608:ixAVtVB/Yv2Xsi+XJaLkNnbzo+jLGxUMxpWouTKTXo/dRFCjCm:ixAbwv2wJtNFjMU1ouTIXopCGm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178300, "uuid": "ae6047ba-80df-4447-84e6-9ee07ac0e86b", "value": 8446794, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178300, "uuid": "2892bdd2-14dd-4fc0-ba4a-f7bdebb95f91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178300, "uuid": "bd631dcb-2626-4a51-8c76-719fa65601aa", "value": "bf1ea7d09a14ea6f8dad317c084df9b3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a74f84f-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1690178842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178842, "uuid": "2fc6eca9-6663-461f-be58-912890db076b", "comment": "Malware payload (Loki)", "value": "d4d03ecc9490b788c85cd0cecd74438d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178842, "uuid": "ae25a943-f26d-4681-b37a-2bf51310fb4a", "comment": "Malware payload (Loki)", "value": "9346d441c3136edb70bc96afd06717fbb96074592bcb4896741ede01be7925ed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178842, "uuid": "519753c0-abea-4928-aec0-d502cc8d087d", "comment": "Malware payload (Loki)", "value": "ce1eb9b56e0ae523e69d5370622ef80ab3714e47", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178842, "uuid": "49c028b7-9307-472b-9ae6-6f426ba45ab1", "comment": "Malware payload (Loki)", "value": "f64280b17ca3594c4983df77f8c5b1f0312db101ece422a107fee7ccbddcd56ef6917dd630faf6f0b791337157e4b141", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178842, "uuid": "d15ea078-e50d-48b9-b4a4-21bbe4489e66", "value": "T190E42365336D1E13E6A8BD758AA5E20113F262257827E3CDEDBA60D81DD1780FF021E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178842, "uuid": "2f55ddc5-d074-457d-94bb-81cdcb58aabb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178842, "uuid": "89efbf1b-19df-4853-927b-fa20e32de9ef", "value": "12288:zwvJRBusyVqBXzoSbEkUA0sznu9GAwFNzLU:mFuCztUdQ5AkzI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178842, "uuid": "017feafd-5744-48cd-9c77-ac91b88ac7c7", "value": 673792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178842, "uuid": "1d582f47-41da-424c-97f2-7ea4ece65c83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178842, "uuid": "4412c2fe-0075-45ff-89be-a518f28f2f60", "value": "TBHD AWB 1ZY0W5038626871089.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7f038b9-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690210862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210862, "uuid": "904af561-669a-435c-88a4-e1139a9093a3", "comment": "Malware payload (RedLineStealer)", "value": "45779e12d1e09c0f1de2d34b77bb595c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210862, "uuid": "0d9ac82b-f2ba-42dd-a9d6-ca8a9c6a7670", "comment": "Malware payload (RedLineStealer)", "value": "93e4503b44c8e0cb8e7a7a8c2bc0d9a662117650a2d0608132b39a38aba0600a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210862, "uuid": "6cb975eb-4278-4ac5-8ee2-ca26bdf98fab", "comment": "Malware payload (RedLineStealer)", "value": "7f0a11476d81063183d1e2a532807430b322741b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210862, "uuid": "88c1890a-0a53-47b0-a1ca-2b34d5aa446c", "comment": "Malware payload (RedLineStealer)", "value": "6c10f884fd66c6e6e121e0885c5fde74fe8c065d862049de66b753f7ce0f93e25e23fea154164c0293f19cc43972ea41", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210862, "uuid": "aba7786d-4f62-4721-8fe8-9e802b1097a8", "value": "T18FB41206A6DC4033DDB25F3048F642830733BCA16D79872B6795AD5B4DB3AA1763236B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210862, "uuid": "f6c8d9f9-6e2b-4c94-92a5-763a165f933b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210862, "uuid": "426bbe2b-0bcd-454b-bcc8-ec4ebfaae3d8", "value": "6144:K0y+bnr+Xp0yN90QEX8iUq3yZR7ZIk5zoZf9rEbw9FpYFIohPN1FkMeRU0ZgELWh:UMrXy90gQ87ZILf99FM3PexgELM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210862, "uuid": "a0a7b27e-944e-4219-b34c-54646e2ad2ea", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210862, "uuid": "80846ce1-bf8c-4956-a192-8f4aa8fd279f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210862, "uuid": "21f8d17b-7842-4357-9125-1c3fe562f028", "value": "45779e12d1e09c0f1de2d34b77bb595c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "182e1a8c-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690211372, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211372, "uuid": "e6dc766c-cd4d-448c-b146-46df06220b28", "comment": "Malware payload", "value": "eb4065ee66375d40c882bc311091f9b6", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "miner", "colour": "#CDACE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211372, "uuid": "45f1d33e-dfbf-4077-b36f-c7c920aa6bd1", "comment": "Malware payload", "value": "94b8e3e6571d018e6b2f2027539be086226da9452309d4178f93b1000e7054b6", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "miner", "colour": "#CDACE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211372, "uuid": "f766a2b9-31a8-41ff-8e63-67c1878cca1d", "comment": "Malware payload", "value": "4a0edc36cbafbd818f4a3151cc7a74ab1a5caa15", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "miner", "colour": "#CDACE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211372, "uuid": "f55031e2-1740-4a88-88e5-777c15aa4b86", "comment": "Malware payload", "value": "ea09cdf82e318751925f2d1ee3f97414b6767292b898e440e4336866d6cdac2bda8fd26ba992897eab2679f5c1066d27", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "miner", "colour": "#CDACE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211372, "uuid": "59c504f5-144e-40d1-a881-b98477372ccc", "value": "T1778533F9C87E89FE8616062DDD0A9C104CE7FA4B3600121D499CD3EBA2A7DE56D2F51C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211372, "uuid": "48988f04-b15a-4323-b221-98f6de88ea9a", "value": "49152:TIZya7pmP/ayFrLqSg6BQm5dR3Q4WCc94teHq1wpo:sZz8/ayplumVq94tmm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211372, "uuid": "c1b8615a-c71a-4223-b427-138be7354bd0", "value": 1868600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211372, "uuid": "7b9df9f3-1f28-4275-9f0d-b17f475666c8", "value": "application/x-sharedlib", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211372, "uuid": "65ce0b50-c3a0-487e-be6b-7e613c09bd50", "value": "xmrig.x86_64", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85c28953-2a14-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690197812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197812, "uuid": "0191b9f1-174d-4f8b-9c31-bb8554ab8d9e", "comment": "Malware payload (Formbook)", "value": "bab285a6553bfb7f6580eb418d73429c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197812, "uuid": "2a70ae80-b904-4144-b145-3c954e8dde25", "comment": "Malware payload (Formbook)", "value": "95c058c714f6b443f68eedc24f78b9b5b834b4e4d77dbc20666684bc6d2e321d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197812, "uuid": "10e60583-fc84-4d31-ba1d-0861371914a8", "comment": "Malware payload (Formbook)", "value": "c248eddfd9dafed4f12abf83b4d895ee573f9e6f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197812, "uuid": "86ffdb56-d8f6-46b7-8cea-09332f2f613c", "comment": "Malware payload (Formbook)", "value": "05622236066c49563349b1d809c764dead9424faac7926910afad2189c16339ba444afa45cc283803cded862db7b006d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197812, "uuid": "26b30cd9-cf35-49aa-a232-04880b103faa", "value": "T15705283818BC1627C1B4DFF58AD58427B2E0A96F7115EE386DD357D64216B02E8C3A2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197812, "uuid": "cece57e6-b92d-4671-866b-a448cc1c8340", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197812, "uuid": "20341d36-2840-403d-959e-02a1896466f9", "value": "12288:78DHORHPUTG7mq/wY6+a002ECOGZZRMIour7HGvhhjB:78DORvUS7mq9pLOoaIogG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690197812, "uuid": "b95b2b25-7458-4c4f-a333-ebe0d408fc4c", "value": 853504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690197812, "uuid": "5f576e7d-3ae7-4788-bb56-cd15bf4f0a90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197812, "uuid": "92406f77-c8be-4ceb-b3f6-0266527261c3", "value": "z1Emir.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f34fa58-2a06-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1690191627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191627, "uuid": "c44e7aa2-aa76-48d0-b22c-09d7a318660e", "comment": "Malware payload (AZORult)", "value": "820f01a0e68c10951755f39657de552a", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191627, "uuid": "fb94b8c3-6930-42ce-beec-02f85a96e4e3", "comment": "Malware payload (AZORult)", "value": "95ee4ecd2ceea6e825a123d337708e9cdccdbd229943832894079f76b683b8d3", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191627, "uuid": "8c442bf7-5104-42a1-8470-71e2a287718b", "comment": "Malware payload (AZORult)", "value": "30f44b0c648b730d1e4e30357d3ce510ccb9e216", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191627, "uuid": "821fba7c-90bf-4771-866e-8cd5f28eebe1", "comment": "Malware payload (AZORult)", "value": "1420bb1d66ebe0dda911339379f3f75450cf29c7ac01d4ed4bebdf89a07cc4b7a9d627583f99530c2d65b5296cb7257d", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191627, "uuid": "e72ef59c-4ec9-4c4b-9ea1-b0ec13c93dfd", "value": "T1D81412536780C6F7C43B03748E3AAF33ABFADB916691960713857E8B3D135428B1E196", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191627, "uuid": "45fb6bcc-1269-4780-a61e-0a1382416978", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191627, "uuid": "483f80e6-a585-4d87-b7f9-07cf69f07bfa", "value": "3072:nwDijpS4DbYcr8bUfhMuQ7iQW7t3OWxsXHInIbEoOByoIm548xVvXwgIJ3yY7yeW:nFPeEMiB3XxpHo3nm548Lk3y0yeW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191627, "uuid": "65a36c5e-0a55-4cc8-a4d8-7e70505e690c", "value": 195096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191627, "uuid": "7b123c10-ee09-4d47-83c9-bda1c50218e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191627, "uuid": "475bc706-b8c7-4bab-91fb-8aaaddc6571a", "value": "Ziraat Bankasi Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3459aabd-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690187797, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187797, "uuid": "edfe7468-39e3-45d0-83f9-d81c4a9ed7cd", "comment": "Malware payload", "value": "29c47179204362861a122b5bcd647452", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187797, "uuid": "d75cd179-122f-4725-a39f-433da7b4a7f8", "comment": "Malware payload", "value": "97998689dcca7f8fac116a458168c2e7575f6442ef68e4729543799d07ccd849", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187797, "uuid": "5c6f4691-0017-4a9e-8fae-4205eb23b14a", "comment": "Malware payload", "value": "eb8b0266b93f492e4ed5aac332ee474c4ae176e0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187797, "uuid": "c1c2e1f9-86ba-4ee9-85b7-aba37734f26d", "comment": "Malware payload", "value": "27fa708a796eb3e5d68f5865b74cd3db4cf8204936fe22c0323cfcbb16cccf74e11c1ca27f3c19235d977d43d71f6081", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187797, "uuid": "d9914b8d-f4b8-466a-b1eb-aa52b7cb8ff5", "value": "T1CEB4010BB22D233DF2E86A7F526A34CE32BE20F5856AEFD5117E00D3696163056C746D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187797, "uuid": "09091a27-b8d5-4682-9c2c-05398beebbeb", "value": "12288:6qYjPOgQWmJm+jgpbtZmNrDLWgQskpWOs6Qm7PHo:2POgHmEAgljzgbk/qg/o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690187797, "uuid": "cb96a6a9-d3a8-45ed-a524-42eab715a465", "value": 499200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690187797, "uuid": "c83d5db0-16be-4e69-abad-0db3d09fbc9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187797, "uuid": "e4a567fb-4106-478a-9d81-7ac0c11e182c", "value": "29c47179204362861a122b5bcd647452.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb0a985d-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690188882, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188882, "uuid": "d71dc951-2e7a-4d45-a80f-54f687ee8260", "comment": "Malware payload (XWorm)", "value": "49e08c858a708ea63ccbb585bbe217b3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188882, "uuid": "33c6a5e4-988b-45e3-a305-0592a79da8bf", "comment": "Malware payload (XWorm)", "value": "98e31627b19f043069d716af0f479420029a4a5003fbdde9cf4e576a3daecc88", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188882, "uuid": "c7e102b8-d129-4272-9759-6bcce3750196", "comment": "Malware payload (XWorm)", "value": "68c25a247192956d5482a1c404a354fb447c60e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188882, "uuid": "000c3148-a379-4383-8240-ff3b962c6053", "comment": "Malware payload (XWorm)", "value": "afb8c68a68f6420f238bd9c0bee7b81398fed8cab0f95425435d351f4cd86bbf70608c67651dc900c94f612a6f87c036", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188882, "uuid": "00b1f43d-cc1e-4002-8b5e-84a1718cdfba", "value": "T16BE24A487BE48336D5FE1FF53DB2D1050279E5178923DB9F08D88AAA7B636C246013E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188882, "uuid": "fa060914-196c-4183-8480-68525a1af76f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188882, "uuid": "e014e16a-98c7-4319-8bad-1affd373db20", "value": "384:RWrVqCDweO/ace/VgFpLJPXwDs2ETIi9FR+gtFqBLTiZw/WNCvK9IkVuuxOjhL/t:ZzT5geP9FZFr9RzOjhL/3vF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188882, "uuid": "42b3ab95-1301-4306-85c3-7706debf882e", "value": 32256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188882, "uuid": "82a32dc4-97b7-4e8c-a91a-450858436e8f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188882, "uuid": "5e292d4d-c594-4d51-a6bc-59b4a270fa65", "value": "XClient_1.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46134697-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178807, "uuid": "7a785d3e-bb35-454a-a55e-2e5496f9e82d", "comment": "Malware payload (AgentTesla)", "value": "57db472b0ad4bfe381d6cdd7ed38f1f3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178807, "uuid": "d0dce4b3-ebb6-4230-8c29-0c20d805578c", "comment": "Malware payload (AgentTesla)", "value": "99867d6b9ab9654b849966da0fb19d10c1cc63078538a850ee0def53b457e0e4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178807, "uuid": "517f0df4-a9fc-4521-a6be-1947732d58bc", "comment": "Malware payload (AgentTesla)", "value": "c33ec068ed5cedc5cc87cc210fea63c0ba095a4f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178807, "uuid": "7bc4e469-0508-44a9-94b1-ebf4f9994403", "comment": "Malware payload (AgentTesla)", "value": "9a76d4b91bbac7a217ddcfe5def8025ccc8eb0932fb3269b6c32d752e7992a2ff74a5ebe8b3f3fbb2ae51c99d5da8a9d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178807, "uuid": "4d71d9ef-8fec-4063-b981-b9d42ca83a5c", "value": "T179F4122833BA5E07F165FEB58664E168037B36121423D2CEDCB660946ED6BC1BF522D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178807, "uuid": "6b9adf2b-f4e8-4e0b-b34c-6eb613b16928", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178807, "uuid": "a085c8ba-0613-43d2-ac98-29d2a06bae9b", "value": "12288:N9vJRBusyJML98dys+629OzYYhvzbmUqJQ+NPZXHyk:DFutMGuOsYVnFqZCk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178807, "uuid": "9250df60-ff5c-4b94-ad0b-0906ec8b04f3", "value": 743424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178807, "uuid": "ee8d97ae-0295-402a-a431-6d008be10b2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178807, "uuid": "aae02bcb-3284-4372-bb55-d183fa856a50", "value": "57db472b0ad4bfe381d6cdd7ed38f1f3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92ca3173-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690217161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217161, "uuid": "84765c54-d9f4-42bf-b3fe-ab1274bcdee9", "comment": "Malware payload (Amadey)", "value": "426162121835a052fdedbdb1af53b137", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217161, "uuid": "9e82d072-a5b8-41bd-9bc5-c872c62098c7", "comment": "Malware payload (Amadey)", "value": "9a314ebf430d48634aa9d29118dce9d1b9a93ceb3bac798643cb5df651b0e232", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217161, "uuid": "2e741957-f54c-4fdb-9706-67ce3972e5bf", "comment": "Malware payload (Amadey)", "value": "918b3ffb492966af30ce4c3c026acdc6cb00edaf", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217161, "uuid": "3d2a9319-6707-4140-91ad-c3c04b7a418a", "comment": "Malware payload (Amadey)", "value": "8f49efd1017bab80357485e2050906dd7ce45286b5a7b26452a77f13bc00d545d148accda9b9c6908467c6df2601ac9d", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217161, "uuid": "1763644c-0d02-47b7-9426-7df4b9d94a59", "value": "T119840222E7E98073E8B5277098F702C30E357CA6597C971B278A655A1CB36E4E53133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217161, "uuid": "bd737de4-aa17-43a9-ad6b-4b2e6230b04a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217161, "uuid": "f98b44e3-fe51-4353-a9cc-a65aae603be4", "value": "6144:K0y+bnr+zp0yN90QEtEhAY8N8N0xQRqjn0rgBZ+t4QDnZ9sIYtE6vrxd7:EMrjy90NYa8N0xQDgBYCQ7Z9BYHvl1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217161, "uuid": "ef9771f9-0963-4c3d-b516-038d20cfbae1", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217161, "uuid": "6cd9a0bd-a2e6-4e1a-b5d3-1bf4ad624e67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217161, "uuid": "2528fdc8-10cf-4211-8282-a2bde5c7730f", "value": "426162121835a052fdedbdb1af53b137.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dbd42cb7-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690210841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210841, "uuid": "85f84727-b696-4053-8baf-c0fa4b6f8a7c", "comment": "Malware payload (Amadey)", "value": "1ce73fdd22328e71e22466a4a05f151b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210841, "uuid": "104a4864-c428-4057-8fee-9f7d1dcabfb4", "comment": "Malware payload (Amadey)", "value": "9a927266265fcc6455b4518951cc27a394dd139fec82956ce89d446783b0e37a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210841, "uuid": "eb5c6b4b-7eb5-4bc4-8c5e-fdf8763ab82f", "comment": "Malware payload (Amadey)", "value": "4e6a6565e055e2765aca963688b711682341269c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210841, "uuid": "aaea7f6c-8245-41e7-b134-105fc5edad60", "comment": "Malware payload (Amadey)", "value": "fa28af622d7e824686988a1a7b10bf2091abe0cb7748090f1701f2070947e05c80e152ef62838ac965c4da368776f861", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210841, "uuid": "f86af32c-3573-48af-88ce-8a7eda55dd38", "value": "T1202408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210841, "uuid": "8a4aee8a-2365-4d60-9bab-ca6c93e8130b", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210841, "uuid": "405b31d4-afea-489f-a07b-7b633f5c6af3", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210841, "uuid": "4d4e4645-0f0c-427b-9bd8-d1921b84e609", "value": 228901, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210841, "uuid": "104e2dc0-4948-43c3-9aec-3b44204599b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210841, "uuid": "bdb23dfd-bbe3-4a1f-b95c-ca9fb53f1bec", "value": "1ce73fdd22328e71e22466a4a05f151b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b74380a-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690178870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178870, "uuid": "dd2dc840-fefa-4ca7-aff5-56e0d807d7c9", "comment": "Malware payload (Formbook)", "value": "4db86526f2dc3403ad4e826ff5698811", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178870, "uuid": "0e9ac68d-b6ce-43f1-8109-edd809bef89b", "comment": "Malware payload (Formbook)", "value": "9b856353b8035076d471e5d49541384c399c546ac325f7d5a68f3f7aa6935496", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178870, "uuid": "6a50b44c-5a68-4474-8adf-970c0580c033", "comment": "Malware payload (Formbook)", "value": "bcedf85e48194e127d08cc45887fa40dc7c63407", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178870, "uuid": "0be22641-164e-45c7-a3dd-17c077b3ad87", "comment": "Malware payload (Formbook)", "value": "20efa522942ea1e628f818775b85de16ad644fadb4eb1dac7871e026d0632c4bd93d19a028be94f8502acc9e1765f408", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178870, "uuid": "39eaeaec-55f3-4964-a33e-b43629507988", "value": "T10CF41251376A9E13D2E8FCFA4760D50523B5A255342BD2EC8DF2209A1EE13C0FE61AD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178870, "uuid": "641b7b20-2cc5-40ed-b303-3f6634b20a40", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178870, "uuid": "8cd6f2c3-dbf7-430a-9732-b779b23ad94a", "value": "12288:wSvJRBusySWQllVoMzQYXCYTqfEaw7JEHp/c84NOSEfqntMCvm2QC:zFuanzQYyY3a6weOSKMFFx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178870, "uuid": "6f55a734-bc78-46be-b614-d746af25ea5f", "value": 775680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178870, "uuid": "cc9e5b4a-1e30-44dc-99ed-7ee5e205e22d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178870, "uuid": "6292fa3f-afec-4583-bc40-34b4f9bb4d49", "value": "RFQ-21343223 Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92680748-29e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1690177218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690177218, "uuid": "bf2f6932-a652-4e0f-b3f0-93bfb732eaec", "comment": "Malware payload (AZORult)", "value": "aa74f12c88406ba33e3c6bc4ff660ea0", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690177218, "uuid": "840ed4fb-fe23-4cdc-af0f-a578d791ccdc", "comment": "Malware payload (AZORult)", "value": "9e0f3a76f2002cf91bb6c9e63450af0119391a5cc5ff1da070e7116157e6f35b", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690177218, "uuid": "bb80aecd-0ab0-40ed-933d-a6a23e47f95f", "comment": "Malware payload (AZORult)", "value": "f5f766d71894c6609d69c41c586b2b8f0cf6fa9c", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690177218, "uuid": "bfc2e6fb-49f1-4396-9245-ac9b45c875ac", "comment": "Malware payload (AZORult)", "value": "caf6780e7f32686d596ff3d92eb4b8f8698c94d89426bc67513ec15e523ed78483b53f116093bb8589c283866a4e09d1", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690177218, "uuid": "a18ebd14-e9f9-4d32-911c-a41f09903f9b", "value": "T14F15273814BC1B27D175DFE68AD08113B7E0AAAF7129E9399DD257D64211B01E8C3A3F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690177218, "uuid": "811724aa-b383-4ce0-9459-7fc1b8563265", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690177218, "uuid": "64dca0c7-6e1e-4e89-a328-b9757c364fe0", "value": "24576:cFG4n014KI6XdY3NgqQ0YmBrMFHOSZIymhu:c8MBKSE0XRguGIym", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690177218, "uuid": "2864692f-16d8-4713-8e84-a442ae5d2a7e", "value": 882688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690177218, "uuid": "8b3091af-0f99-427f-a7dc-6b0369c4dcf1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690177218, "uuid": "d17f6b2b-0708-42b8-a397-2420c85aec70", "value": "Order specification.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0da9ece-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690203119, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203119, "uuid": "d132e42c-ae78-4e61-928b-924e67d367c8", "comment": "Malware payload (GuLoader)", "value": "9b4d643c93959717790a53046766ab32", "object_relation": "md5", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203119, "uuid": "bbe092d7-dea8-48f7-a19e-b9006e9d4f04", "comment": "Malware payload (GuLoader)", "value": "9e1f83335645e865b0226128cfb287081b6578772f319ddc32064d0a63859319", "object_relation": "sha256", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203119, "uuid": "86699b15-cfbf-462a-be82-4882ca277c3a", "comment": "Malware payload (GuLoader)", "value": "ac703846590b6b4a4784354a12090ef29a6dd50d", "object_relation": "sha1", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203119, "uuid": "95a8cd41-173b-4bce-9363-15dbb180dfb7", "comment": "Malware payload (GuLoader)", "value": "325c599618ffefa1674ecd17b5a3f941aaf629e4500a35c18990b7c6319d04c8a61d218e8a7b601d22b460efd87e4587", "object_relation": "sha3-384", "Tag": [ { "name": "com", "colour": "#1D22E5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203119, "uuid": "c3235fdd-3819-460b-84c2-3a3db586cdcb", "value": "T13B6412312613A2A6CD7281B67D2B1395CB239E7785459F9FF3943A247D33C82422EF46", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203119, "uuid": "ebefd00d-b854-4ca3-ab22-66a4c2f2ea2c", "value": "e2a592076b17ef8bfb48b7e03965a3fc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203119, "uuid": "42e23c70-ed98-4aa3-bc2e-1bb21930f131", "value": "6144:kpkXchdAzxZ8Xr8i5vf26toe7/DpzdqTvueajZ2vcXETLAC4yaYlAP1uuFiQRgzZ:hhVZc8M32XM/KTWp11ETLOyaYeuuVRwZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203119, "uuid": "0b7824ee-6d67-42a2-a601-b94d22bdf68f", "value": 329209, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203119, "uuid": "8dd80f33-2ac3-4e3a-880f-5f6b6625cf00", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203119, "uuid": "07d71b91-71bc-482f-b08c-45a3827fa7bc", "value": "Pepsico_LLC_RFQ_Information.com", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d4f44ec2-2a3e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690215984, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215984, "uuid": "068e6eb5-d5bb-4004-a636-cdb264ac5466", "comment": "Malware payload (Formbook)", "value": "75e48af75572fbeebfd5b220f0f33065", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215984, "uuid": "438b324e-9295-4eec-92f2-49dcefe39e0b", "comment": "Malware payload (Formbook)", "value": "9eb85d11c4ce141c6703205c6c0bab1dc1501ff33bc681b382a782dc5f86ed91", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215984, "uuid": "434d6110-f837-4327-8baf-9e4b4445cfea", "comment": "Malware payload (Formbook)", "value": "6ba356c08e1fd36f7b81fd2adc9d68add6c3fb73", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215984, "uuid": "546185e8-a4d3-4198-a4d6-96ff871653ec", "comment": "Malware payload (Formbook)", "value": "061d473fde4cb50fa6c9ac44bddafa88e0c798f1b332b735a56ea5cc4531267209db10baf1ecc829f31c2cc0b1779525", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215984, "uuid": "5fa38305-8c0c-44ad-87f4-e258056de8f9", "value": "T10944231BB9D56D5BA2D3E454D828D29BB53B2C4FA68B301B10F74D0A2E36A95C0ECC1D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215984, "uuid": "3779ab13-9ca6-4bd9-bb00-853e9cc7c926", "value": "6144:kybf79wznBJeaecPt4py6K+5t10umXUf5jhMusOKNKFKyM6Pl:vL79GnzJ4sRM8WRhMcFlM69", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690215984, "uuid": "676ace89-a6c2-4065-b82e-cbba022fe188", "value": 262678, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690215984, "uuid": "7f016518-2324-4af6-a071-1bd6fa3e8d43", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215984, "uuid": "612f8a65-43fa-4bac-9c8c-01ff55ee4d96", "value": "Purchase Order.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6eae5bd-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690211639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211639, "uuid": "e4ea8092-7d41-407b-9b85-92a5928945a2", "comment": "Malware payload (GuLoader)", "value": "ef3f7343f6881f1f6f2462529be898e9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211639, "uuid": "f831fcd9-8408-4fc5-a4c9-b14e5af1d0f3", "comment": "Malware payload (GuLoader)", "value": "9f276f8da95a8bfc18d4640880f8815734bb150b1a75f030be587ca863c19a74", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211639, "uuid": "ce7b3e6e-9a48-47c3-afa0-28a270143fc5", "comment": "Malware payload (GuLoader)", "value": "8d6cc5b35521b370b85409e2c4f36af44c264f04", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211639, "uuid": "eb81addf-49f1-4f8d-9c8a-f47673926b59", "comment": "Malware payload (GuLoader)", "value": "b872778d39a43d861acfbe9f2f8a1f70d713f4a445aa3972ad3cf6bfe61fcc792bc66f6065200e0b74172c53f414faba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211639, "uuid": "11e2e0c3-b850-43df-92cf-ffdada5a5092", "value": "T13054078461A2F64BD3410B70D9D0E77A25BB6DF59A02422E6D9E36F84C3FF690DB0172", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211639, "uuid": "fdf97080-6e49-44ab-8a0b-3389565e5278", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211639, "uuid": "bb35582a-af32-46a0-9160-6ebb9a8ccc38", "value": "6144:ajC8w75wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww5w5wwwwwwe:z8w75wwwwwwwwwwwwwwwwwwwwwwwwww2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211639, "uuid": "1c5d7627-62ec-46ab-bebe-3679a85747b1", "value": 283916, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211639, "uuid": "8e8526c1-c304-4ef1-8651-f79f74c9fe0e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211639, "uuid": "02110df3-f8e1-4b14-8f4f-fc50976f3558", "value": "Hesap_Hareketleri_10072023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd2d8937-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690191060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191060, "uuid": "2f623493-bc86-4940-bbc6-8d3322265d14", "comment": "Malware payload (Mirai)", "value": "fe7ba45fab02b74cc1fad6f7125556df", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191060, "uuid": "669f33a6-d2af-40e4-b2e2-11ae4d7e316b", "comment": "Malware payload (Mirai)", "value": "9f7cf27d29b0f86df72bf96bcdedaca4bea33df7652c526152f6cc19bcad42df", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191060, "uuid": "1fd49f13-7a73-47e8-a788-ee8ec2ac52d9", "comment": "Malware payload (Mirai)", "value": "47f88d855ea99b16de77125800dc434eca11c2e7", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191060, "uuid": "6c0a945c-a436-40b5-9b48-25b23a7c7762", "comment": "Malware payload (Mirai)", "value": "301399657d65efbeb40d3ff5ed5aa5fc7dc732e0b82c9ef39ac0eb645821925a1912635f5bbf6bed096efebeed9130a8", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191060, "uuid": "a7389e4b-58d4-4029-8c96-ee76904ace6f", "value": "T1E8C32A45FC508B13C6C252BBFB4E428D7B2A1758D3EE72039D256F61378B96B0E3A142", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191060, "uuid": "623f71d1-b721-4587-b09f-948f85506eea", "value": "1536:JhtOKCrqEXRFOAKBc4Va2/sTgdMVyTvaCp2EnIdllDuawywrFv7k8uZtlqGKKONg:Jh25hFOc4pkMdMVyTXsqIRJk3U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191060, "uuid": "a2a619d5-b7b8-49eb-99b1-c486ea9c26c7", "value": 121600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191060, "uuid": "28b3ebac-7757-4128-ae3c-5034e2468246", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191060, "uuid": "23232dbe-5ebf-4114-8beb-e933748cb030", "value": "cundi.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4a22bae-29f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690185006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185006, "uuid": "d1d3f1a9-0d7c-421a-ae0f-233c434d3b0b", "comment": "Malware payload (AgentTesla)", "value": "6d7bedb94cf6eab15329728cca92a0af", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185006, "uuid": "ea58748c-9282-482b-838b-18bbebf40738", "comment": "Malware payload (AgentTesla)", "value": "a04182cb18b9bba60134d31518fef14b138c40a631bd09c098a7cdd875f7daa2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185006, "uuid": "c5b19fc3-9861-45dc-a4a9-1b1f29aeda62", "comment": "Malware payload (AgentTesla)", "value": "f9e1807345730644e4ef57862fc3709f38a36c80", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185006, "uuid": "65d36974-3c55-44cf-a8b7-f2f74ef87b10", "comment": "Malware payload (AgentTesla)", "value": "32bf32c073875c9b2049cd40fe86209fb780a74b885842026cefde0c37d99ce268a8bff399c2f249c9748a0e50c1f9c3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185006, "uuid": "05011ac0-dd3b-441d-81d0-b13fd4ae3832", "value": "T11E358FD1B150CD96E96B4AF1AD2AA53011E3BE9C54A4C10C5AAD775B3AF3342309FE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185006, "uuid": "3d8bd675-3ae2-4e43-b717-096d775094dd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185006, "uuid": "ec8f5443-43a5-41b4-ac1d-2d545b792083", "value": "12288:AIlvJRBusyo2er8Usl/5J7tt85YRaHg2dON+wrdCPBaQl:DFup6Psl/3p6dOQGIBL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690185006, "uuid": "75384817-6056-4196-9e4c-42dcf704ef86", "value": 1136640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690185006, "uuid": "ea6e57de-81d2-413f-84a1-844f44b4061b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185006, "uuid": "56e30af4-70f5-44a2-8996-1b893d6337a5", "value": "04251452615625625.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "108b9bce-29eb-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690180006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180006, "uuid": "85c99de6-2658-4e84-9b4e-3ebed7ec7717", "comment": "Malware payload", "value": "88bf90858663d3545e0350215a2773af", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180006, "uuid": "0ada5070-92af-4a25-9e58-9e2faf80ccd1", "comment": "Malware payload", "value": "a07a8c9ab1cb0825f819e20b5cb29d90635a2e23c88c8a8f73e9ff454304f1de", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180006, "uuid": "f8538580-82e5-467b-b516-9fd959a834e9", "comment": "Malware payload", "value": "280b9676f79f6bb72bd0d7e278c9ca24b331a87d", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180006, "uuid": "8e1bbb78-62ff-4f43-8eb1-150582a2820c", "comment": "Malware payload", "value": "29919d053138a46f1122e03348f704867815ea4055dffa5692d5a08f88c93ff0e31cd997b8fac3a96694d92d4cff7b19", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180006, "uuid": "b9340d59-7d87-4da5-ad72-bcaec20f6983", "value": "T189152AF476E07BD70F75290DB3CE41B23D54B457F0EDAD8622890E1E928035999BBEA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180006, "uuid": "ef840f0b-9840-41aa-98a7-846d12466cdc", "value": "24576:36NvB3f39v76xTo+4yKOxNwPeJY/mbGI8lGxcd3c:qLi/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180006, "uuid": "1e40f4b8-2433-49c1-96ee-21dd22f92028", "value": 952718, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180006, "uuid": "24a93f01-6dea-421a-b267-a2be44b87370", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180006, "uuid": "fe516614-33e4-4b0a-8ab0-4d0799b4adae", "value": "mplelmkixpcfiabxalmdllljcthufoddfkrtqaonuiotzwqnli", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba5b2a62-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690188022, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188022, "uuid": "e8d0e9b6-1f1a-46fa-b79d-47219a8a56e9", "comment": "Malware payload (Formbook)", "value": "3cf9b6d9965f819a6c8773d0ca956cdd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188022, "uuid": "2f9db1bd-a2b6-466d-95c5-489238530b06", "comment": "Malware payload (Formbook)", "value": "a109ec0efe79a43932c79afca8eeee5c462b06c8ec4cbf3d966ee65ac4978ade", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188022, "uuid": "8cb64d30-0f94-4d33-8060-213cf74bb553", "comment": "Malware payload (Formbook)", "value": "48c490c51603ceb6b89ecb9d7d548a8d7f2ace9e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188022, "uuid": "1fcd46f2-652f-4ad9-8665-fbd6b478eb99", "comment": "Malware payload (Formbook)", "value": "d05d12b133356b26661194732e9af1975e3d8858331f2846bee0c571d274d27a540155f67cd0c9156d3567c9c92aeeed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188022, "uuid": "1caa851b-58a7-4437-b28c-67e5e43dfeae", "value": "T19024120526AED2B7C8A213705E7D67657BFB9912487397071780972EBEB2301E90E372", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188022, "uuid": "6b26f1c1-dfde-4ef0-8c89-be757037d2b0", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188022, "uuid": "3db65773-1c5c-4719-bcc6-4248f7ca02d0", "value": "6144:/Ya6s+/NrKjjjA68i/C9QoCj824T283sO8+p518VBdEl:/Yi+/N+rAtiK9QoCH8cO5f8/dEl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188022, "uuid": "121fefd6-f07b-417c-abff-4755b7adf49a", "value": 221474, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188022, "uuid": "82432655-0c58-4a18-8ed7-1ada54cc81a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188022, "uuid": "280d9710-0493-4d65-80c7-2e94a9fe56e4", "value": "JULY-PO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8ca403e-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690217225, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217225, "uuid": "30864eda-e0e1-41ca-9315-db59e34337fc", "comment": "Malware payload (Amadey)", "value": "9caca4f6209aeebef98db8b0cee2c47e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217225, "uuid": "a8439476-0db2-4c11-ae06-b73f9e7b97ff", "comment": "Malware payload (Amadey)", "value": "a190e8098a06c228bd9c838c794ac27c007cf7a0fa1fd7ddfacb19fd5d85e2a4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217225, "uuid": "50c086e7-2121-438b-b2b6-6c01008a49f6", "comment": "Malware payload (Amadey)", "value": "77829dd90264a372bf2b24f73978abe15fb703a6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217225, "uuid": "f0b3306a-f32e-455f-8df7-b0f8ff09cd7b", "comment": "Malware payload (Amadey)", "value": "0122b17cdf3080b4d06a7b4cd90d558a6c3c690affb66e53be2f56110381d3cfb72d9f7cbcdb7f99d83f75dbc25e2b01", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217225, "uuid": "4506bb40-44e1-480e-9913-4b2bdd55bcb8", "value": "T13E84F153B7E85432DDB62B7018F603C31A327DA19E74536B2749A95A0DB32D4A83273F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217225, "uuid": "f82b5e28-9a6b-467e-a8b4-5484008e76f4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217225, "uuid": "0b51e6e2-74af-41ca-958a-6f684a9dc8a3", "value": "6144:KYy+bnr+tp0yN90QEPY2bqUPyzFs1Sdl9xrJxnPiOAmuvyrg4RXl:4MrBy905bLAFsG1rTnKOruj4RXl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217225, "uuid": "d02867ef-e5f3-44f8-8d8b-20c9a85b8bc4", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217225, "uuid": "36b78adc-7ebe-4769-9ffc-7a49a2caf6b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217225, "uuid": "50c92c2a-9ce4-48e9-bbab-2363bd374a66", "value": "9caca4f6209aeebef98db8b0cee2c47e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9d0b0b4-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203080, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203080, "uuid": "fcf4e630-daee-4773-9f6d-8ec891498972", "comment": "Malware payload (Mirai)", "value": "3f4adf984a4bb3e8758c5d05ae035e5c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203080, "uuid": "8b25e6fd-2d0e-4aa6-ad12-3d51e8ee65a8", "comment": "Malware payload (Mirai)", "value": "a1a46c4539201c47cc66807c51d1b6b3829cbc887c291635c6aba55b0ce8a74c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203080, "uuid": "33589cfc-2c6c-479a-b7ad-90a29ac242e2", "comment": "Malware payload (Mirai)", "value": "b02f9dd3e82961b6737553f7114c4216b4c5158d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203080, "uuid": "429a4c5f-7ec8-4132-a892-70747bbcd7d4", "comment": "Malware payload (Mirai)", "value": "0b4210e6145b7a26d3cd371469a0e2886a4469733d690d18646aaf6b3f5cecaadb2ad8fd48429643379e3683aaee2df7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203080, "uuid": "6fe89386-ba18-4135-859c-51a2a1e25140", "value": "T145A2D029E349AEF4DFAF9D9493C1C2C276E547C7278AC8E340EEAF016506042F788D49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203080, "uuid": "6e507181-f9dc-42cd-b9cf-66f53fbe18c1", "value": "384:9/JywWc84Tp2YshxqlDeAkSqjGJLeCE5zRW6C5fM4uVcqgw05VxJ/B:9RxsSVsMD6xiJJE5zRWNa4uVcqgw09j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203080, "uuid": "b917ae39-4826-47b8-b36b-938b556f1528", "value": 21884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203080, "uuid": "9afdd2ef-057c-4290-9965-80fe464a9274", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203080, "uuid": "1a35661a-280a-4b42-8831-33c8c2741200", "value": "3f4adf984a4bb3e8758c5d05ae035e5c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ceedb41c-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690178608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178608, "uuid": "53e24b5b-8160-49e5-aa82-4e8ef51536ea", "comment": "Malware payload", "value": "0df08ab582f19745c569b85f44d69ce5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178608, "uuid": "5665b079-8cec-4d43-aa59-e5d28b307e63", "comment": "Malware payload", "value": "a2d2a62835ec13260cc35eb5773e32b5205adf74c8dac852e614f6034c634309", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178608, "uuid": "176e63fc-7c6d-4bb4-b121-ad4697c584a9", "comment": "Malware payload", "value": "5a9fe479676fd9f52056543281757eaa6e4bc9bd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178608, "uuid": "b9fc00f9-79cc-4775-b584-4d85818a78ed", "comment": "Malware payload", "value": "6ae20d3d3d0da236ae971801fb7694919e80bfef02e30ddbebd14cc1061715dcd2884bf64bbacec3be8b82bcc4874373", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178608, "uuid": "f902fccb-e693-4336-b854-1e507d014520", "value": "T171B42302B3B74346D5007575BEC88D1C73AA393E7A49DBCDAF44106E4E90F4AEA11EE6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178608, "uuid": "f5de9bb5-027c-4368-875a-c9f34b90e342", "value": "12288:sFjxMClnVIZ+Z7BNpWxAlbYTONZtNIkb8ZyS5AohGw5rCD7HcOm7PHY:sFiClnVIQBLSGvNTNIkb8v5RhzrAHcOd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178608, "uuid": "51294cc6-c2eb-41bb-a0d6-459ce498e5e8", "value": 511488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178608, "uuid": "7bfa8321-6673-41fb-ac4f-d58ef0cf09f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178608, "uuid": "69a33209-003e-4f35-aeb4-269efc4825f0", "value": "RFQ no. JULF247-QN22110077\u00b7pdf.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "04215321-2a3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690214345, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214345, "uuid": "2a6338f9-ef15-47e4-b333-a2af853ddeac", "comment": "Malware payload (RedLineStealer)", "value": "c22472eacde5b6e4fd612eeacc87158e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214345, "uuid": "475197e1-0d80-425f-806f-ff52a1335988", "comment": "Malware payload (RedLineStealer)", "value": "a2e542e81caacf5742f227aeec06f54f95825b25a07a2463628b73b84a9ee65f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214345, "uuid": "a3da34e3-a2be-4bd2-b6ab-8f9d37622b60", "comment": "Malware payload (RedLineStealer)", "value": "3131f69f230b9c87012a7553624397704ae31195", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214345, "uuid": "1fc29376-0ba8-44fb-98c7-28ad8d879847", "comment": "Malware payload (RedLineStealer)", "value": "dc03bef5ce96c7e5afa175008f544d48a38d764bf2bfd6f64abac9234fcdb03b6503c77b3aa919c6420e9a8b35fd0669", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214345, "uuid": "f6b24fb7-8b1d-40c3-8be2-774add7051fb", "value": "T12784F102E6E89473DCF46B705CFA03831A367DA05974976B2755A85B0CB3BC4A93633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214345, "uuid": "ccf20d29-cbd4-487c-9be4-bfafcb6d339a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214345, "uuid": "6e313b9d-c54c-4f6b-9ebb-e0e1b89cefdd", "value": "12288:RMrby90Ltp1BYlyjgF30JbgrXqcmkSRLn:WyOU6gKMLqHkCb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214345, "uuid": "170c4e4c-78f7-48ed-ab4f-8e0d0fc0433f", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214345, "uuid": "aecf114b-854f-423d-ab31-e8b1df2ddc7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214345, "uuid": "3a810b22-943d-4ef9-843b-a6e72958a693", "value": "c22472eacde5b6e4fd612eeacc87158e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e462af1c-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690210856, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210856, "uuid": "1b6b1b18-b769-4da6-bd6b-b047c5e5d0c2", "comment": "Malware payload (RedLineStealer)", "value": "0f99c516eb53f2b1a5bc9a3cf075c2a6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210856, "uuid": "26129c70-1ead-44a4-8296-911ffcd2b01c", "comment": "Malware payload (RedLineStealer)", "value": "a339b087c89b1e09431ac42913bb29ff27cf1dfadb62dd16f480bb959c7ebaad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210856, "uuid": "46bf0af0-fdc1-42a3-b545-f07e192b1257", "comment": "Malware payload (RedLineStealer)", "value": "81b2ba355df05e5369d129ff4720e31c95a589e5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210856, "uuid": "d6072c59-0d6b-4dbc-b69d-1d0a50701e82", "comment": "Malware payload (RedLineStealer)", "value": "f0a35003c2f1ee7bb01642b90052b757d9e7206f258ad9b53b1fa53ae1d1ed4d3a04dde275034166436cc93c5bf7c9e5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210856, "uuid": "bfcf7c60-5877-4ac4-a4a5-1eb82fb45520", "value": "T11C840206F7E88063E9741BB068FA13C30B36BD62A978976B23554D4A1C737D0A93173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210856, "uuid": "cb39c520-c270-455a-a02a-cb16b669dc53", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210856, "uuid": "15f212a1-01f1-4844-95e1-a2f4259fddd1", "value": "12288:EMr2y90Kylx8pzFld/QSZBJcGAbNMmKj:KygxizFQSLJcGSO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210856, "uuid": "8917ade9-c97a-48c1-9e25-6da11ff0145d", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210856, "uuid": "778934f2-484f-4488-909f-dfd3214b073d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210856, "uuid": "eab710f7-cd03-4f4c-9dc3-11bdd8960a76", "value": "0f99c516eb53f2b1a5bc9a3cf075c2a6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "310ee600-2a1b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690200677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200677, "uuid": "8d165ab9-46ee-4dbe-ae54-57a370f26479", "comment": "Malware payload (GuLoader)", "value": "e955f46ecd77a843c6d54f46b147668f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200677, "uuid": "3e1980f7-add9-41cf-855f-24b55802a81e", "comment": "Malware payload (GuLoader)", "value": "a34322247f7f9705a3002533b485264c3e4173b071a35ef230992fa0b284e53a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200677, "uuid": "d556d7f9-183b-473b-808d-1091226d0675", "comment": "Malware payload (GuLoader)", "value": "72deeff1d7fc328dd1c947eab884488d9304d281", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200677, "uuid": "14eb30ad-5be9-4ddf-9ec2-22a212e1067e", "comment": "Malware payload (GuLoader)", "value": "7dc0033e3824670a931eefc2b96bedf69b90a8f0c623c198281e577d5c6e19141fd0d85f52bdf287a4ab60043d98af3c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200677, "uuid": "70d7037e-05a0-4dd8-8c44-1a307fff41cf", "value": "T13D1412133780DCA3E55E433A097A1BA2ABE8DA426137B61B43D57907B523783CB1F257", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200677, "uuid": "3c64ada4-b151-4c49-8f7e-22638814a4cd", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200677, "uuid": "9447535e-e803-499b-9b0c-90e04d4ffc30", "value": "3072:nwDijpS4DbYcr8bVxRNjciP3z3QmFUv+fpQ6e604DkphSIVIJ3yY7r5bemkYe:nFPetNjhj3QkUp6edu973y0xed", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690200677, "uuid": "cc10db16-4c04-4b86-973e-7e5910703df2", "value": 193608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690200677, "uuid": "05dd94d2-36ba-4af2-9f6e-e5e4f2e6d479", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200677, "uuid": "64fbca12-3ba8-46a0-95ee-98003dddf1c8", "value": "E-dekont.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47dc9606-2a3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690214459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214459, "uuid": "d783444d-c8ac-4109-b676-a5ae52ce7cc0", "comment": "Malware payload (RedLineStealer)", "value": "ab8959ed4c6fb55352003a292b640a88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214459, "uuid": "794ba418-ac78-4b4a-b2bf-148fdba9e9c6", "comment": "Malware payload (RedLineStealer)", "value": "a36015026438b4dccfb5197f56285e5cf48423b5de957e77398f6250bd5d97e5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214459, "uuid": "6f8415f3-5b50-41df-917a-1264c165844c", "comment": "Malware payload (RedLineStealer)", "value": "6951bc4424e182a688ce8da284c35116fcde87f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214459, "uuid": "554e4892-0a23-438b-97dc-73e6624a063b", "comment": "Malware payload (RedLineStealer)", "value": "3681ec1447eecba2b678bcc388f3a1692bc13e0edb6722a0c55f3e496aa161d82b92c88c9cdd7e443da6b2fa9640dd6c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214459, "uuid": "6ff8b311-930b-445b-a037-10fba4ebaa90", "value": "T1E1840252E7E58433D9B517704CF702830B3A7CA29E74436B3795A95B1CB3A90A93173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214459, "uuid": "ab9981eb-4a61-465d-93a7-11d90d9c34df", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214459, "uuid": "21e19c2b-b487-4f65-9769-ed6ac0f644cd", "value": "6144:KKy+bnr+Yp0yN90QE94dMUier2NfRqWhMvvHCqI2NG9kO5fmyADPnM5wHCbeU:GMr4y90YdMUJ8xEvHCYcHQzM5wHu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214459, "uuid": "c915c1eb-2760-4ec4-9d41-f5b91f16cd43", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214459, "uuid": "05681bd8-7879-44b0-adf4-447eddb765b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214459, "uuid": "02303de6-d4ea-417c-a839-ce47ec0c22a4", "value": "ab8959ed4c6fb55352003a292b640a88.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d62773e7-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203101, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203101, "uuid": "252e76fe-66fc-400f-9b03-2bc058384263", "comment": "Malware payload (Mirai)", "value": "4cf6cf533343b043314d6717da56abe1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203101, "uuid": "de7e3957-2e29-4c0e-b35a-cfc744f64c65", "comment": "Malware payload (Mirai)", "value": "a371949f8cccac7951e4c09d88f007987e01ca6de5035a12f065ce2b7817c4b5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203101, "uuid": "12c80668-aebe-4d53-8e7e-46e1d4a290ce", "comment": "Malware payload (Mirai)", "value": "d298a07018e139c9978f6cb34aec02f37cb3b8e3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203101, "uuid": "01851729-6156-460b-b27c-89ae9091afe9", "comment": "Malware payload (Mirai)", "value": "4f88e1495e0a00ac92ce53a518a433d0ce48c8b4639d80b27b6af525ad436a0a53dce6ebc70410ed0af9d1096be2aacb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203101, "uuid": "f9e29ab9-9dad-4b99-bb94-b02c8a47789b", "value": "T156431921B63A1F13D0E0A47D21FB4B59B1A15ADE26A4C64E7D720F4FFF11680A943DB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203101, "uuid": "1c05b71d-b310-4e2f-9120-04027bc7fef3", "value": "768:RqowmZPu9wtnfbltWgC6BSJsBcfDSTFIuQKqgESnmC/xO+KpAwn:RqtmZPuutfbltZFBSJsBcfDSTFI+BEn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203101, "uuid": "962b9261-f4b2-411a-94ef-25cdaa822137", "value": 58376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203101, "uuid": "bf2af760-4841-40a8-800d-2f30b73773e1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203101, "uuid": "f3aa2923-3ece-4f40-8e84-2756e5ea3738", "value": "4cf6cf533343b043314d6717da56abe1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5a3320d-2a16-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690198725, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198725, "uuid": "1b0b7042-694b-4b90-8fad-cc9fec7fd03c", "comment": "Malware payload", "value": "752050706604d168aca8ff1d06fc7eb9", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198725, "uuid": "f0727e05-171e-452f-a768-ed8200b9b7a9", "comment": "Malware payload", "value": "a373c09f006c29057f16a910a9cd9831423aaee59f866832922a3be8e296be83", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198725, "uuid": "b2a3cd9e-bb2b-4c29-a2e1-f81819610a8a", "comment": "Malware payload", "value": "389b1aff2f2c311a6bb760ffa67248acbbedfc9a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198725, "uuid": "3b9d376a-a7ad-4378-b79a-99dcdb1127a3", "comment": "Malware payload", "value": "eeb95150502bf3b9a745b6e47ac76b1094b14bf9351f9a777e86170e2d28b80aaca15ea7dac2918e084aab08e7e8b7a6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198725, "uuid": "16252250-a85d-4821-89f4-330abd9d38ad", "value": "T1CB336B04765180B3EAAA123875AD8A6106BF7C525FF484933FEA034D8EB25E1B73D753", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198725, "uuid": "8715bf51-9a40-4f4a-b5e9-84a6ba3ce118", "value": "b75316755c341c81f20ea9365d85eda8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198725, "uuid": "cb5d535d-879c-46d5-9b9f-535c79df966e", "value": "768:bXI0wZW/mK5achNoJru6nbYqrE7KWANKOIsQymdj8TtBw8nES3SK:DzDjOJbkQk8TtBwbSiK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690198725, "uuid": "491b1ea0-6da9-4dfe-8a03-3863428fb8ec", "value": 50688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690198725, "uuid": "04434f1d-7b90-4549-a1c8-742f68db3963", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198725, "uuid": "45c02eb1-d123-4151-a122-530d4d65a9c2", "value": "SecuriteInfo.com.Trojan.Win32.Lokibot.DECC.MTB.2700.5025", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd34985b-2a3e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690215944, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215944, "uuid": "eaa082ee-d2e0-407c-a8fa-9a63084af7d8", "comment": "Malware payload (Formbook)", "value": "ac2a29166580370354ea21fa214fe1c0", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215944, "uuid": "6df7e8ca-ebde-447a-ac28-3fd4e5344448", "comment": "Malware payload (Formbook)", "value": "a3ae5e6b24fcf909565c06f9281ef72ec74a60eb7c2f1a770bfa3a08a519bb72", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215944, "uuid": "257e6da4-536a-46f6-a11d-7eb55fe57d60", "comment": "Malware payload (Formbook)", "value": "0c2742fb972ef7f846316460ca479986b9928b53", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215944, "uuid": "72f4b8b4-1f4c-4e1c-b8f3-21002508fe9c", "comment": "Malware payload (Formbook)", "value": "8bb4a3e6274da6124b7693134533b6a79cbc52bced19227f9dc8c4c240f1f6e1c2dc31271e8f9f70b5f797460efa807c", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215944, "uuid": "0fc5dcfc-00b1-46fe-a3dc-a00a18065d54", "value": "T17C4423F01086EE468F6F4ED385C5B3E8E5403B2A0A6987C7A413EC4E5F64ADB2D507E5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215944, "uuid": "2f441770-9a2c-4569-a442-0b2dae7f825d", "value": "6144:TJZPdyMnzM/wtGoRGylcmws+WuGDf96UrYiB2vwf:TzUQaeACPwBGDf5YiBywf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690215944, "uuid": "676e5153-1015-4cd0-944f-6092867bb9a8", "value": 263120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690215944, "uuid": "b8ea3fb4-d174-4e23-a5c9-eb9c7b4ddc80", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215944, "uuid": "e7da8153-4715-4a68-971e-97d42ea9f8b9", "value": "RFQ # 1045981 - MAA_D Plant Project r01.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "060f086e-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CobaltStrike)", "timestamp": 1690212201, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212201, "uuid": "60ed3869-0774-481b-bfed-394d092d33ac", "comment": "Malware payload (CobaltStrike)", "value": "0f98260fae28d8424c808ee593094c5a", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212201, "uuid": "85fb9cd5-2e85-477d-a839-4f48697d5b05", "comment": "Malware payload (CobaltStrike)", "value": "a3fbf1aead035c063da828ea18ed8cb85f9259ebc47851837bb510fc8737fb35", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212201, "uuid": "ef65023b-38f9-4a01-be15-e183166fbfce", "comment": "Malware payload (CobaltStrike)", "value": "d47ecf84389fb04cf73f6290187f8070de684aae", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212201, "uuid": "c1b68d0e-b089-4ac4-b508-3398fcad66e7", "comment": "Malware payload (CobaltStrike)", "value": "9b546812f1e2b8b99c6fd915b8e4da102d5d178df9c93b5e5cbce9a95f9ddf619787eb3eeb11d37a9e486c704d68f0b5", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212201, "uuid": "a426c253-0316-47b7-aefb-f5365a69eb72", "value": "T1EC55BECCA9F1FDB7D8854F7410953328F0DA71709F9B952BE9A8FE28005B6D821E254E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212201, "uuid": "a762171b-5704-4645-b3c1-c1fe32427846", "value": "7c4e296c67498d0ca3bb31360c5368f6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212201, "uuid": "240b3a52-8950-4bc0-9a80-d0081091a24a", "value": "24576:CcOGVkCPXwBHp4VmM0DPjp5NNUvb+ZR8aP7Qy0o0Q5NvkkP:CcfVZSQmpDPPro+saP7QDo0Q5NvkkP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212201, "uuid": "c689a206-974e-494a-85a1-ad501cd70ec7", "value": 1329811, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212201, "uuid": "81200037-ac9a-4f7f-889e-98a8bc160a15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212201, "uuid": "38201074-cd5b-4775-9fe6-e3e595af91a7", "value": "0f98260fae28d8424c808ee593094c5a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "964d0342-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217167, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217167, "uuid": "5e3f5f8d-f85b-4490-9ea3-03b18dce07c1", "comment": "Malware payload (RedLineStealer)", "value": "0100b3427637a02505b42977a81b232e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217167, "uuid": "8e54c9f8-e766-411a-89cb-9a2e69eceadd", "comment": "Malware payload (RedLineStealer)", "value": "a4e1fdeb4b5dc9dc7082092bdfb7d1a61e2e7444fb95ec54377dc930222f983b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217167, "uuid": "45e5d788-f11e-4a04-bd73-e5649efe2cf3", "comment": "Malware payload (RedLineStealer)", "value": "a73a09c296848bf46dd89bf955e53024091a655d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217167, "uuid": "d3f3a649-d166-4f2e-8e1d-b0a8ed09d7f8", "comment": "Malware payload (RedLineStealer)", "value": "fee9450bdac26597a4230cd81f004520fe95286d751dfdff0ea492d65b7003d37612839445c9808cd8b3a4ea9c45b2c3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217167, "uuid": "a965f5ef-0bd2-4138-8d8f-aa5d120512e8", "value": "T101B4029267EC4432ECB61B7018F713D70B37BC619D38976B6385694A0CB3594A532B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217167, "uuid": "0bef174d-4c9a-492e-94ed-2e4803c20b06", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217167, "uuid": "e21f1604-7262-4820-a885-3b6362ba645d", "value": "12288:TMr7y90rd3ypFAv1r86phu6Pv/uqssYQ5:0yWXvt8oo6Pdn5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217167, "uuid": "9f4e358f-762b-44fe-b841-175ba85cace1", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217167, "uuid": "e68d7af5-9eae-4e4d-8a30-b964a905cf59", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217167, "uuid": "74dfa254-e73b-4eb0-b859-ea01e26607e9", "value": "0100b3427637a02505b42977a81b232e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e6d3b67-29e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1690176593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176593, "uuid": "c751476c-c5e4-4268-b61e-04cc838df382", "comment": "Malware payload (Loki)", "value": "47a859da389554cc3d0251b5b6339609", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176593, "uuid": "62626667-3c20-41ac-90ef-5ce03704295b", "comment": "Malware payload (Loki)", "value": "a65903f3968b96768cd2ca31af342c23b7f8c8b0d928b6a7f9119c80f105b3ee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176593, "uuid": "3b56862d-4418-4d36-ab0a-663df310adfb", "comment": "Malware payload (Loki)", "value": "8bb9628ab0a0c9226fc63ff057527c144157ceca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176593, "uuid": "873f8e51-79da-4af3-8405-4a90b563e539", "comment": "Malware payload (Loki)", "value": "16dcf63264e9662f4b7d4f4f7cd37bdb7f72697d31822f626aa17061212437843cfaf25e0381240355ded7c965dc42e6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176593, "uuid": "20e9eeab-8f73-48d7-9659-73332bf09683", "value": "T119E412643BBA1F13E1A9BEB90B64954523B1B5647023D7DD9CB210CA0EA1780FF139D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176593, "uuid": "7c188f16-4d29-481d-b79b-7daeecaa49fc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176593, "uuid": "adad1a8e-d100-4e45-a531-14a2f16445b8", "value": "12288:VcvJRBusyDMvwAbhcXsouCVCgGYQ2joatq:8FuuC3VCzYSat", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690176593, "uuid": "847c0843-d426-4e5f-a038-7426c255ad25", "value": 670208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690176593, "uuid": "0a46dddd-54d4-4968-abeb-820cc36618c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176593, "uuid": "c134ed67-e5f0-4ab3-a638-b17fc1538988", "value": "Wire Advice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61a8f879-29b7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1690157808, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690157808, "uuid": "0178ea2b-8440-4def-bfc2-8d20d7de277c", "comment": "Malware payload (GCleaner)", "value": "dc1b9eab74db5537e94ea941948984f0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690157808, "uuid": "b6db2b75-9cd8-47e9-9139-34f3dd0945a5", "comment": "Malware payload (GCleaner)", "value": "a6705ab6f4e9b8cae0bd50cf6ce866f7f40ac78c8df7ddb1e685f80fbe9be9cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690157808, "uuid": "6ecafec3-1a70-4890-b34c-54189b9bb17a", "comment": "Malware payload (GCleaner)", "value": "a66ba4b539d01254d5d9937cccb3299c7b2c0e02", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690157808, "uuid": "53a57be5-e44a-4126-8c55-ca0f4510d5f2", "comment": "Malware payload (GCleaner)", "value": "6a27c0401e72e22c69b55f8a283573b77550b6cf0847eb5b8ac1cc56abb587dc1d31798c323efcacc723a161e53470f5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690157808, "uuid": "b8c4f0e7-ba2a-4766-9064-2ece0bd76496", "value": "T194453326FA608574F0718D753E35C922D7237CA584A268A826CCA7EE5F278D7C8C5B60", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690157808, "uuid": "1d5a39b0-7886-47ef-89d9-80857f5993d9", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690157808, "uuid": "d647c12d-633e-41d0-99e3-c8d41dc5f353", "value": "24576:S2lWLzyRcgPvMetHAUCd0H7twjz8INXkJ3rKhvqNeCwk6CohJTubvEM6:S2YLzyRcOvtgTi7tWl6prNZfzmJ+B6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690157808, "uuid": "2c89b7a0-56e7-459f-9a9a-436cfe6298c2", "value": 1268050, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690157808, "uuid": "91c0dae1-accf-4f05-87cd-031e59633d46", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690157808, "uuid": "20cb2208-f650-4272-991e-b729bc7c4f9b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "764ba87a-2a44-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690218402, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218402, "uuid": "69b08d9e-af36-4e91-b9d0-6763878ade26", "comment": "Malware payload", "value": "092c9f4f9b696ec8297f2953e85a5160", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218402, "uuid": "a90b9362-d2ea-4372-800b-7984c51263c3", "comment": "Malware payload", "value": "a69f65c155b5190b56ad1637534f7e7886ca7064b8794da55318caaaded9169c", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218402, "uuid": "b4be27fb-f697-4658-9433-e3b8d3aa617b", "comment": "Malware payload", "value": "672c7d80c57f6e66ecc0e0fa2d9cfd918377434e", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690218402, "uuid": "881429d1-7b79-4cba-9112-416355fcc36e", "comment": "Malware payload", "value": "ab7d0cbf91277c0291f82867c3e18e666cee6f6f8518d3998b809bc5d5bfe662feced4d46cafb0ff50e4f9fb9d941d74", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218402, "uuid": "d83e5bdb-68ec-4b3b-b185-c1cc1f0e99c9", "value": "T164D16D7B29540803D702B237AA062F33EA49EDD59978A247EDE1F326391388D175E476", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218402, "uuid": "c1776ece-8f01-4a97-a206-59cbccd0afe9", "value": "96:4szn2e+8GE7eIlm1bZ++NYdDFxhSrF+cFrrH9O+zJQCTbn6u4NFj/gfrshO8h:4in2F8V5aZO52F+Gr4MTb6lNgQE8h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690218402, "uuid": "0c84d468-8fff-4e99-9214-f1b7b1f7ca9d", "value": 6584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690218402, "uuid": "8c6f50eb-661d-49de-9408-440be8965b84", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690218402, "uuid": "10b5ace2-7436-4ddc-a661-6d19c5d17ddf", "value": "Braemar MTM Report.xlsx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "851d8082-2a01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690189651, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189651, "uuid": "de5c8c41-c32d-4ca1-8f5d-ad2a922740f7", "comment": "Malware payload (GuLoader)", "value": "5979babb1f60827a4f0d1c0aaf55d789", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189651, "uuid": "2ced193c-943c-4b5c-83e7-aece99d20573", "comment": "Malware payload (GuLoader)", "value": "a6e1cd5a012f8a7290862a9d6ed503de1d43a86f1e35e71c4edf838fb3159eef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189651, "uuid": "a0039128-aeac-4b10-8001-cdd4879edfc7", "comment": "Malware payload (GuLoader)", "value": "eacbdc0c327353c0e8cf0a9ed85155151593d02d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189651, "uuid": "a3ef80ef-dac9-4664-bf18-2e623d0ade1a", "comment": "Malware payload (GuLoader)", "value": "f48de074944b3630e3388304f1ed4dc6b1af0a3b574978bf4d18789a26e75d9599f4352f5980c1fa9d744c9d49822530", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189651, "uuid": "c4253b3f-40f9-4e93-9250-5151318e8414", "value": "T15B940255FB51C16FCA510AB11D319EF27A92AF52FC280F0F23453B4F7979A82880E786", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189651, "uuid": "50712752-a54e-4344-b6b2-297834aa5e00", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189651, "uuid": "e5138867-3214-429d-9ff4-d7b31716e4ef", "value": "12288:zMwxaHroVIcy1j9SXe1iG1pExO39LH5RYG:zMwxaroyZpEx+LMG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690189651, "uuid": "4d9b18af-501f-43a3-b26b-885811b9d12b", "value": 420141, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690189651, "uuid": "68ebcf1a-ba44-441c-93aa-876dc94b11e3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189651, "uuid": "498e3424-821f-41b4-90c5-0fb1bce1c81d", "value": "QUOTE NO15448-1.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89b01b3c-29f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1690186222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690186222, "uuid": "13f5f91f-168e-42a0-bffa-d1f7b4bd8735", "comment": "Malware payload (AsyncRAT)", "value": "1a945b235d2905d3dda5565ebbd52d8c", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690186222, "uuid": "325d905e-dffc-4b53-9ae5-2ee4245858ce", "comment": "Malware payload (AsyncRAT)", "value": "a716a71126549bf1d872da1f82a28c965678e833aa0470121d3144e7c33f715f", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690186222, "uuid": "21611629-73f2-4ec8-a83e-f088caf44841", "comment": "Malware payload (AsyncRAT)", "value": "c5dbad0215eb12c4926f2afbe576b9547a53307e", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690186222, "uuid": "e9e628b0-dba9-4161-bda4-ae383c637b1e", "comment": "Malware payload (AsyncRAT)", "value": "f12d9026e1809680af71a65ac672bfcb3c7930ca03d55c503ee1a99906966f76401544dc388a3aa9cb3038d67eec4d9e", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690186222, "uuid": "8c050359-5c5d-4324-b48e-c10c2815c5f8", "value": "T192B3A34C33BB828EE52ACAF099A2615D0976AD72FD41C70D388736BA2533E871D415B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690186222, "uuid": "3cec404e-3505-442b-9be3-dec7b7bfc5be", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690186222, "uuid": "91bc93ca-fc74-40b4-8bf4-9dc9570e97e5", "value": "768:RuKjvdT9IQzpWUBi2Tmo2qLnz/PPItzjbMgX3iJ5/5gLmlTaIBDZsS5JmX:RuavdT93B2o8t3bDXSrRgLmAudUX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690186222, "uuid": "8f60f972-2bcd-465b-8864-352b2f5487ec", "value": 114688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690186222, "uuid": "e0ea5e73-078d-4b7e-9ece-e9a03c842eee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690186222, "uuid": "8ce2e8d3-5619-4e95-a05a-42fc131d9e8c", "value": "1a945b235d2905d3dda5565ebbd52d8c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "958fff1c-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690211153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211153, "uuid": "1929d4c0-1fcf-49da-ba7b-039c20907b90", "comment": "Malware payload (Amadey)", "value": "e5b9ce32c3bd8e3e59a00a1fad0b360f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211153, "uuid": "fdf75b6b-cf4a-4533-9b91-2c8bbaacb5e1", "comment": "Malware payload (Amadey)", "value": "a75c888fb4e1986e4f4a0698e57e55b05ab76583457ee9087e9320acf88b5904", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211153, "uuid": "285bfdec-a567-44d8-b5a3-bc977bacebe4", "comment": "Malware payload (Amadey)", "value": "11f6f4e50d08f1408be52a45c3a1d91365d5348a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211153, "uuid": "10505626-f448-4313-ba03-410fb095a18c", "comment": "Malware payload (Amadey)", "value": "8468b3abd11df6f84d7f9fc6c56a4f2785b3d0ba6731ce18b08b574b9222adf490cecff6bd3fc640554fd0394cb090ab", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211153, "uuid": "728089bd-5153-410a-b08c-32df53bcc31e", "value": "T180B41256ABD980B3DC711BB088FA12930B35BDB14878835B375A949F0DB29909A3573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211153, "uuid": "7866f18a-0db7-4f23-9e4a-c45fa51320f8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211153, "uuid": "c15b7297-fc80-4066-a397-a8097f022d41", "value": "12288:iMr7y90UZEWhRpvdNeA3sl1u2I83RmG0koGAGCm:JyZZEWhrdNTELQG0FnGJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211153, "uuid": "a2cbb739-1c34-4152-ab23-25d0985cb386", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211153, "uuid": "74166ca4-e0aa-495b-b8c1-c675f55d9573", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211153, "uuid": "ef01c20f-2239-47b3-8b84-16d7c1b75581", "value": "e5b9ce32c3bd8e3e59a00a1fad0b360f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbca25a5-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690191058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191058, "uuid": "463c37af-b636-47ca-ad7d-eeda47040e8a", "comment": "Malware payload (Mirai)", "value": "79e5bf623882a5467a7794aa35dfc463", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191058, "uuid": "6c43675b-5e36-4f77-abbd-c5f1ef3f79be", "comment": "Malware payload (Mirai)", "value": "a7c2ab5166f9fa7169c2dea0bc1a85dcdfe367c4ea17c96c74b3608ff7bdea97", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191058, "uuid": "8ef489d6-34c3-456c-9c7c-42c31b2af218", "comment": "Malware payload (Mirai)", "value": "023cb5206eaf27d60834a48f03d3b0354ead543a", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191058, "uuid": "12de98bc-5db5-4f35-8d0c-89a6d24cfdf5", "comment": "Malware payload (Mirai)", "value": "b41f1f22891fcc2a39039aaad5a9c46d5f762667b6fc734612bf594650a55eb9952526c73b33cb027391cfd3b4a4dfa4", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191058, "uuid": "8d6b727f-0808-4114-b2ed-ab2080552dbb", "value": "T1CDD3F856F9819B12D5C111BAFE1E124E37131B3CE2DE7302AD246F647B8A8BB0E3B515", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191058, "uuid": "c476205c-bdaf-4056-882a-c248266ecaad", "value": "3072:EVaUYamXEXOmkcgxaGztzH/b/zCZVMVsq:3LNEXZkc0ac53MVMVF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191058, "uuid": "a4a6f012-d2be-44a4-afef-8a0e133f0797", "value": 131900, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191058, "uuid": "da9d070f-37dd-4b59-b3fa-a1ae7e84ba2e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191058, "uuid": "6b70a610-ac2f-4bf9-860f-0e9a989d5521", "value": "cundi.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6a930f5-2a60-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690230643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690230643, "uuid": "6c5bbd1d-48f3-465d-af5c-34b6e9319a78", "comment": "Malware payload", "value": "076183483d1913c25c1e793d3226399d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690230643, "uuid": "68ee4bff-3759-4b5a-8cc6-f5ba8dafe9f9", "comment": "Malware payload", "value": "a825a88be502f40517f5688ff3ad4f767ed8c7785416f4b743cdc155a7253d80", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690230643, "uuid": "6e0d0344-e833-43cc-b3e7-e4a25613ad5f", "comment": "Malware payload", "value": "1b9546f47476b39220c68eeb7039b889702aa176", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690230643, "uuid": "35b4c61f-5ae8-43b3-b649-cd34b58932e4", "comment": "Malware payload", "value": "b6efb194bb5473e9f6388fda1ed0772969909e0ab82996393ef7d2cd3e1ece83b7420bb7f215484432911f1dd5e8a1f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690230643, "uuid": "3b98b777-196f-47fe-8fea-e3ec58995892", "value": "T1BB948C49E763ECE9FA660239257158223F41DC5E61D928AC228DF7263C32253509BDFF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690230643, "uuid": "8a8956c0-34e8-49a4-b1ad-3e0a22a18b7c", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690230643, "uuid": "95a56d92-40de-46eb-b5cd-16b87d0a1176", "value": "6144:ywq3Npouc40dWQXsXFhLUQDoIedZPRfDyJenzwDLcR+qree6ubORP7GVba:yzkpbdmT4+WZPxDwERlXjqzGVG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690230643, "uuid": "25e1f918-e514-4a36-a094-8e1a02fed615", "value": 414299, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690230643, "uuid": "c4399ac1-0ed5-46b7-8d30-54ee8a0fb699", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690230643, "uuid": "5d83c433-3dee-44b0-bd01-aba9fa648fea", "value": "z55ASCD0001INQ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c6bd713-29e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1690176617, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176617, "uuid": "7c74be2f-e37a-4682-a5f5-b45f040f89df", "comment": "Malware payload (NetSupport)", "value": "54d7a871c8acfc326d6bc0e737d28180", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176617, "uuid": "4e40b9a3-ccfa-43ec-9064-86b5d2698094", "comment": "Malware payload (NetSupport)", "value": "a86fa532f408880e859f76d9a00454c16230fc5e035ea8913130fb20822af8b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176617, "uuid": "2b190acb-c637-42f6-9a7c-d38981c35a4d", "comment": "Malware payload (NetSupport)", "value": "1d172dd55977d3a49915225565ca9078be7937f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176617, "uuid": "c1fae438-c069-4ac5-9007-3ee74e9f8643", "comment": "Malware payload (NetSupport)", "value": "1937c9145c7dfd14e960739a9df032b545c9a6e298a047a34a11b49a558ed1b93ee3b0999437826922f212e6f800bf4d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176617, "uuid": "578221cb-252d-431e-aa5a-dcc1ef0cd52b", "value": "T127061886A6D111A9D0378174D6693366F93BF5DC1B248BC3AFB9844F43DAEC42AF9700", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176617, "uuid": "e064b2d9-c504-4838-b802-7e02c73e909f", "value": "fe1147df2ee30051a844565381a6e079", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176617, "uuid": "7fbbf075-3e1d-475d-9b12-e8efe6684d00", "value": "49152:8rWotRsnvwin6+SfrVthQA232WpNIYf8B:bzIJtho32WDMB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690176617, "uuid": "5af5859d-a4e6-4877-986b-17d3e2859079", "value": 3866407, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690176617, "uuid": "85400654-f208-4758-88a2-aac5d2a69f2f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176617, "uuid": "c0c0949b-a6a7-4099-ba1a-3a718c7746b2", "value": "54d7a871c8acfc326d6bc0e737d28180.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce109405-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203087, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203087, "uuid": "fd14538a-3a14-493f-bbf1-e3ee0027c720", "comment": "Malware payload (Mirai)", "value": "3bc56ce23d0e12cae85df955319d7a4e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203087, "uuid": "f131f172-73c7-480e-80ad-a5b1db496a21", "comment": "Malware payload (Mirai)", "value": "a8f1fc5eec676423e463d88c05799c1a583bca7746729813905d60c42e8ee9be", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203087, "uuid": "a77abf5d-b9ee-46e4-8b2d-ef226229e454", "comment": "Malware payload (Mirai)", "value": "fbd7d32bd88f8aaefab0560dfe71902795b61bfc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203087, "uuid": "2b55622e-169e-4c95-8353-caa728dd0515", "comment": "Malware payload (Mirai)", "value": "036a95c27788f3e9a00302b34e1e875678dc60010270f08daba9836b37311617d82e4bdd534ea49a03b9ae126baa6447", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203087, "uuid": "954f5f5c-637d-4313-aca6-bf46c6a52dae", "value": "T1AFB2D0CC61943084CA8D7C7C178D4A664F68A0D0BADE8B26E354CDD8B3BDA8B785D079", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203087, "uuid": "4cb7ff12-7925-4f26-b1dd-142ecd6e545b", "value": "768:obrQlS07dEv0UXqUhvQE+CXQKMQKCXBpTZqSWvV:4QlS07FUXqIYSXQKquFq9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203087, "uuid": "8a2e0ee9-0d32-46b3-8ba0-30c857cbb403", "value": 24912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203087, "uuid": "5d7dd27d-50bc-41c5-a1df-e921817bab9b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203087, "uuid": "bc5970fe-af08-431e-a7fc-fead3abf983a", "value": "3bc56ce23d0e12cae85df955319d7a4e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4916af63-2a3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690214461, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214461, "uuid": "eaa868d1-55b1-46af-ab05-5c8c72361308", "comment": "Malware payload (RedLineStealer)", "value": "2c14da685db62e94be476d61a3760de7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214461, "uuid": "56a70ff2-9e32-4f47-980e-ce4fb2188f14", "comment": "Malware payload (RedLineStealer)", "value": "aa4bf7a698dea479457ac0f46aab0e4c386d313ce80fc8b531f1495f0351c188", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214461, "uuid": "1afd38f1-99aa-48b4-9822-205409dbf184", "comment": "Malware payload (RedLineStealer)", "value": "e6987ab756f1dadd76f6320c541f5e84b6d6f000", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214461, "uuid": "14c515ed-98ab-41e3-9e7f-8eec310f9e38", "comment": "Malware payload (RedLineStealer)", "value": "0425c3776c5c6abf6ad07594e03e2f238a7141d82eb10f87026df407bd597475941bca4da8142bf409b4ad430b0df330", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214461, "uuid": "61d7ffd6-7140-4863-8105-c9f2f1ad8436", "value": "T1D6840212E7D89073D8F517B058F702D31B3ABC925D78937B3745A96A4C722D0A432B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214461, "uuid": "387f2a63-0e17-43f0-9d70-6ac2e6652da9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214461, "uuid": "85c449a5-dbc0-4d5e-9c5d-422c13148d45", "value": "6144:KCy+bnr+Gp0yN90QEzrg3dNyVLR/2uUAr2ylQFtk0gBZ+t40DIosvpWDxs:qMrey90Zg6UuUAllt0gBYC0soCqK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214461, "uuid": "722196ed-acf4-4e1f-9f60-f200d070a812", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214461, "uuid": "3f777ea5-c83a-4b78-b36f-5b79f7bb83e8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214461, "uuid": "50f7b1da-4594-4105-890a-dd99df2068dc", "value": "2c14da685db62e94be476d61a3760de7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27dacfd3-29ea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690179616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179616, "uuid": "47e63368-d608-4721-b591-22eb283e054b", "comment": "Malware payload (RedLineStealer)", "value": "5063433b588f597f3a82bb66b43b5458", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179616, "uuid": "bd78695d-b4eb-46a2-b2d8-75b71433970f", "comment": "Malware payload (RedLineStealer)", "value": "aa56066e30f9b519c34778a5aeca2cd94eb51e37a846c62e78fed762d7522453", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179616, "uuid": "4bfa5e9f-3cbb-4226-b9a4-5f577c9f406a", "comment": "Malware payload (RedLineStealer)", "value": "5e842a1f0093311b156abdc01f76abff506374ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179616, "uuid": "85fdea5b-052c-4f02-936b-66c0159252ca", "comment": "Malware payload (RedLineStealer)", "value": "c16904f7c6953016444c9d2d51f3f04b61710c9afd90f484f8c93523e47d3feea60900d4c893abc011615d474a275582", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179616, "uuid": "945d736e-7f10-45fd-9f81-6e6926fce6db", "value": "T12944C022B2E0C073D5A355305530C6A11B7BB8725BB592CF33A82B3E6E617D09F76396", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179616, "uuid": "4479c7db-678b-4cae-abfd-e8345a550e49", "value": "795d5374158688612616ccbdb5ba25ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179616, "uuid": "16bd1feb-c965-4c09-b433-c9785c75702d", "value": "3072:NWdclo1qNsGvNCj3H1qN7PHHnP0+TSdSQbz33iEXzRR64k8W4Uwx:NbWSlvsjX1+nP0+Abz3SEim+wx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690179616, "uuid": "fa571657-323e-45ff-b694-81fd2f1c9170", "value": 265216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690179616, "uuid": "5034f011-71eb-4fe3-9b36-c128ff0f0452", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179616, "uuid": "6b7e3cde-2d02-43c6-bf24-4dc9dabad2df", "value": "5063433b588f597f3a82bb66b43b5458.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "135235e2-2a27-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690205781, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205781, "uuid": "752e1af8-4e7a-4b0f-b751-73f793a6625a", "comment": "Malware payload", "value": "1a5cecd39eabbd71e867094847bce6d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205781, "uuid": "3f8308e2-31df-43e7-9cbe-f5050f1d5579", "comment": "Malware payload", "value": "ab62cbfb68a316eba4772f2fc35bc7f2c1b59b1347fa485cd2eb43cd9455667f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205781, "uuid": "96f15103-b407-404d-b102-aa994afc1dd3", "comment": "Malware payload", "value": "1b04fc2192f83b1f3312fecc1400043563f01773", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205781, "uuid": "e9ce1f49-8444-48cf-8ee1-e5aa403ecc4f", "comment": "Malware payload", "value": "fa486b9b82d2946232774ca0e79afac38db0a03ef0cf0c6daf609d4c0d88276e1a56c49944a096e0e953d581cfcfb39c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205781, "uuid": "e9c5af98-9655-4f35-b0a2-fd7619ceb7a5", "value": "T16EE42388DD8BC77ED58D847E4FC3F8E3F28A719F51256A081BD1AE5ADD1E24221F2190", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205781, "uuid": "52749234-8556-4851-a01f-650e2b95bd38", "value": "12288:7wn84gBPfa62eW9fnSvA9Fx3KB7zVhLeSQR1BCbesrcp4sBukMSLJ7iGzMEd/v:qtgBnZQFN9Fx3KB7zDeV1BCBofJMSFG6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690205781, "uuid": "c2aa1840-516a-4b6f-82ff-8df748aad282", "value": 681472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690205781, "uuid": "8f781506-0b80-4079-a60b-b946bc241c9a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205781, "uuid": "75ef74cb-23a9-455a-ab75-3c0a2361bc6b", "value": "vt_ab62cbfb68a316eba4772f2fc35bc7f2c1b59b1347fa485cd2eb43cd9455667f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41cf28e5-2a50-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690223468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223468, "uuid": "3365c9ed-bfb6-4219-b107-7bacf162289d", "comment": "Malware payload (Amadey)", "value": "3399b84812ab72b96a5796af4b02b6a3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223468, "uuid": "568eb44d-5229-411e-b57f-60435e9e4dc5", "comment": "Malware payload (Amadey)", "value": "abb5c8b4eb90dc1b52bfcb7c9c9861af541be37e0e1b5de57bbeb6729c003997", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223468, "uuid": "c509c41b-f6ba-436c-b548-d874a411f40c", "comment": "Malware payload (Amadey)", "value": "ceed791b221d03025b0f33f5b28df7a535bdbef8", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223468, "uuid": "48a2b984-0bc2-4ff1-80f0-76eba73a840b", "comment": "Malware payload (Amadey)", "value": "d91967d9991caa51966d8ade204d590ebf2771fad20d7ed84929ff086e07729c4ea52a8b16bdcb53da608d28d9cf5420", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223468, "uuid": "b3ccdc57-ab56-4205-85b0-adbc0f545f32", "value": "T1252408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223468, "uuid": "7666d5aa-ce5d-4b28-83e4-b9e0c744c88f", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223468, "uuid": "7d488e15-21c8-47c9-950d-28c5672a03c2", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690223468, "uuid": "7f8bbeec-c2a6-475d-a263-7d794a65f3a9", "value": 229021, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690223468, "uuid": "b603d96b-a9b5-4da0-8d6d-a6224b7ff1c8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223468, "uuid": "5cec0d82-8b6c-4f56-82eb-c1a9c55ca6dd", "value": "3399b84812ab72b96a5796af4b02b6a3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "747c530b-2a14-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690197783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197783, "uuid": "ae35d9df-33f4-45ec-8d93-d2b64d5327bf", "comment": "Malware payload (AgentTesla)", "value": "8f67a17b1c061e009170ecf0a833c86b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197783, "uuid": "711cfdd8-8e62-4e02-9263-a90b999bc129", "comment": "Malware payload (AgentTesla)", "value": "abea1f682468ba857e3c9a6925c196dd3de4b80cb7e8af70c71491eb6233ae76", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197783, "uuid": "e7455096-2f80-449d-8e7a-3f280df11801", "comment": "Malware payload (AgentTesla)", "value": "cb41d4512b2ecedda63b2c273e5af15a8dd90da1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197783, "uuid": "5ba2d775-e8f7-4b9d-a2bf-60c3f834c708", "comment": "Malware payload (AgentTesla)", "value": "e085891b7a8d76793c601add6588bc168dd8ba1e7a0f2dba55b069fc9c095ebe6456d5cbb3843c6191200b2f1203835c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197783, "uuid": "ef8da319-e376-4f44-8a3b-40842c05f742", "value": "T1CFE433734AD8E61BE65C1B291FE9BCF26830B794E47181E4A94FD60D9BCD5CC20C550B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197783, "uuid": "5bf7c346-a3f6-4405-8171-ee7bb5361196", "value": "12288:Kj6Pp7aVA6E1aJbnFvx973Au5UieFnDxfiIj1EZch9zAn50wMcf4:KguVAJi1z73tUietDNiIj15+50XX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690197783, "uuid": "0c89eae4-8719-4bc7-ab86-8bafec2a839d", "value": 662967, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690197783, "uuid": "d4eb9370-35f7-42ed-a449-ee68db6c78c8", "value": "application/vnd.ms-cab-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197783, "uuid": "d81778cf-cd90-4498-a997-27d2a5b06ec7", "value": "nPayment_Confirmation_21July2023_762839-PDF.cab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b21034ec-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690188008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188008, "uuid": "8a319b09-3279-4087-917c-8ecbc8db01f8", "comment": "Malware payload (AgentTesla)", "value": "95e2f700c217d459d64023f5099a212d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188008, "uuid": "68bb8fd2-4595-4aa4-9a43-36d55aee10cf", "comment": "Malware payload (AgentTesla)", "value": "ad4b6d94d4628ea0901d0cc2471779dc6605f149385011051f7eff095874e8bd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188008, "uuid": "7e1becca-d7e9-4096-9b3e-7356f8f3b99c", "comment": "Malware payload (AgentTesla)", "value": "d2091d4fa1146d2c0a59bda93ed1ff58e68773b4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188008, "uuid": "8e7bb16e-bf2c-40da-8312-5562480067d4", "comment": "Malware payload (AgentTesla)", "value": "84ce97d516e0dc5b4d2a0d3bdc5650d9f79f400ac0dabb30a6739e440c79778174658163eaa3d145f64ce937150eb665", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188008, "uuid": "e7b6b5cd-995b-47ef-895b-fadf233818ad", "value": "T115358FD1B150CD9AED6B4AF1AD2AA53011A37E9C54A4C10C5AAD775B3AF3342309FE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188008, "uuid": "37ac189a-5887-4a56-886b-1c5ef58f7135", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188008, "uuid": "4dd2f446-2824-4819-832b-d84e6d974714", "value": "24576:LFuQn7vHDgapsKpwD+7HcGcrsccNy3jpZ:LhvHDuEWsROjpZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188008, "uuid": "2cc2fa14-deb4-40b8-a546-f06df96dc54b", "value": 1137152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188008, "uuid": "e87f499f-6906-425a-838c-21eca2e4c882", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188008, "uuid": "99f37710-7350-4512-8eb2-83e48c278dd0", "value": "Belge.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a838eda-2a2b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690207725, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690207725, "uuid": "0cd867ef-db01-48dc-9667-84c06d75d181", "comment": "Malware payload (Formbook)", "value": "88db7cd7a7bf158c5c7cc68fc46514dc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690207725, "uuid": "1635e6b3-1229-4945-9f41-258b972a72cf", "comment": "Malware payload (Formbook)", "value": "ae1d70661ab698b4238f318ddf3ef679a60ed269fafe3a4065e9742a6840a584", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690207725, "uuid": "21f2aa93-1102-4778-bdb2-0fd57333eaae", "comment": "Malware payload (Formbook)", "value": "d71925b1bf238ae5efb4ff098b149eb6dfd50c7f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690207725, "uuid": "dacf71af-cab9-4a35-91ff-4a8754334185", "comment": "Malware payload (Formbook)", "value": "6a982210afb5792a3225b29825fc974df8d95469bcfb2994ad9d139fe010dbd68322f0741df970ec40093a3c88b9e2a1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690207725, "uuid": "4c44043a-fe6c-4f9c-ae4d-f730b477c52d", "value": "T187541263B6D8C017D2136FB20E7A1267ECB9EC0605918B8B67906B1CB6775C0DA4F772", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690207725, "uuid": "78f3351c-1fd9-48ac-9a7f-2277799c513b", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690207725, "uuid": "1586336c-7691-4042-b5c1-1f742884518d", "value": "6144:PYa6faI5CIZZADKdzATFaxPSKmxwyuOHWSjf96uPXvTgECj/7S5UzFWoh:PYV9MIZqH26KfyuOHyufLK75Xh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690207725, "uuid": "a86805d5-78ff-4d17-877c-c3bbe998ae17", "value": 282149, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690207725, "uuid": "fe13107c-a600-44e4-b9b0-43a599babfd4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690207725, "uuid": "67afa591-d741-4cba-ad92-e0395af8fb15", "value": "RFQ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "669a51cd-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178862, "uuid": "c82bc92a-8204-4e2d-a475-a0d2927ba5c1", "comment": "Malware payload (AgentTesla)", "value": "3f91ffbeb2f368e34d6ea1c6bf1a6b79", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178862, "uuid": "9195007d-6125-4294-8f44-27837c4b8ce5", "comment": "Malware payload (AgentTesla)", "value": "ae2f668db376e89695e11dd9bed4d3becf18a74f812b6b647beaf39ab2aa3610", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178862, "uuid": "700b9a9d-ea30-4b04-9fb4-b30e979d10bf", "comment": "Malware payload (AgentTesla)", "value": "5dd03b69e6014357278d3ecc00c48efdeae15145", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178862, "uuid": "da1aa309-1c77-4c2f-9779-1f4727dad724", "comment": "Malware payload (AgentTesla)", "value": "65714346754fd185121ee4e1f3d754f5b65292ed82f38c0ff713b929fe5e221e0a108ab1470044cc9939a6dfec322992", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178862, "uuid": "751bd4e6-569a-458c-b14f-b40f238c1b2c", "value": "T13105221137BD1E23D2E5BCB546A0C65013B264556833D3CE9EF220C62E69BD0AF627D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178862, "uuid": "2683a3c3-c2b3-40c7-b6b3-9dab2d77fe5b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178862, "uuid": "f6427687-4570-4783-ae7a-47724d6747b2", "value": "24576:dFuQHTko1m13Q24pCliaZIw/5FPapDojVM:dol3Q2qaj/5FPGMj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178862, "uuid": "13679dff-78dc-445a-b861-167f0f7b8168", "value": 834560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178862, "uuid": "0c61a1f5-1203-4b0d-8ba0-8474cef41f6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178862, "uuid": "53726a2c-2d23-4beb-946b-db861ff98925", "value": "PO & Contract (A-4553).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b82f4ebc-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LgoogLoader)", "timestamp": 1690212500, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212500, "uuid": "c35da32e-ffec-4a69-828e-c58a2436fb1c", "comment": "Malware payload (LgoogLoader)", "value": "79b79167999cd38863c16ba5de372081", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212500, "uuid": "e86fcc5e-8726-454c-9cbf-5f447b24acc5", "comment": "Malware payload (LgoogLoader)", "value": "ae5bf7d05d5714bf2758fd5c127f405de0c02223643a22279bcbf03fb648cd2d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212500, "uuid": "ffc55342-595b-4241-9874-8e4e368dbdf3", "comment": "Malware payload (LgoogLoader)", "value": "b3d276a972f6ed0805fe339624e68b2845d3154c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212500, "uuid": "51778dc1-7800-465e-adc2-0450f44c12ef", "comment": "Malware payload (LgoogLoader)", "value": "6ed99d18c92165aa9d4c8dad23d82d3a5f8e07b9fe8a4ab2b33ac32cca7ed00bc6528d992e3c90f9bd48528facdbfd92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LgoogLoader", "colour": "#FA0A6A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212500, "uuid": "c71ddc00-d072-43f1-ac88-f035c8071b79", "value": "T1D0C4DDE9514AF073C3278F7B16B45D0525F10D6BD3EB9AAFFA0819F2195EE92C600B60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212500, "uuid": "253aaabd-3923-44c7-9522-22c221517b30", "value": "12288:4IgQ0KaWFEEHXSz/yUToiGBYn4sBcL005M14p0UgQkDbm7PH/:4IgLK1FqnToiUYn4s0Sg0UsDbg//", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212500, "uuid": "8ddf08b6-94cc-4867-ba51-085087ee0ea9", "value": 551936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212500, "uuid": "ca7e6bf1-bb21-4e23-b715-6cfc271a7652", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212500, "uuid": "f0cde69d-16ce-4259-b191-3be5dd55e3cd", "value": "79b79167999cd38863c16ba5de372081.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42bc02f2-2a4c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690221752, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221752, "uuid": "92508dbd-e77e-42b2-904e-01471fb9973c", "comment": "Malware payload (AgentTesla)", "value": "86cc2154136836e32338bd5977833ca2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221752, "uuid": "463b800d-b1bb-4dc2-a127-1cee461f047a", "comment": "Malware payload (AgentTesla)", "value": "ae6b509114d28aedb22370f5b3c9959a3cefb31e1aa5a869ed57f5a5a3bd3dff", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221752, "uuid": "6570e0b8-2756-4496-a120-13e2c5cfbc45", "comment": "Malware payload (AgentTesla)", "value": "ff0a621cfd04706cc5c4f5ce6becbe5a0d52e4cc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221752, "uuid": "12a8fdd2-1bf6-464c-b3f3-52544c806366", "comment": "Malware payload (AgentTesla)", "value": "fcdf1508d1f82c29258d7f28059e5c8ca2e9ce5a33dd29f3c447fca72bf3845923c9c436376222950d13a96cf7551953", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221752, "uuid": "8110e167-3d7b-4f3d-9d62-93a7560c122c", "value": "T15FF423B1B591D08F771820ACDE05ED5F8215896C47BA02ACFB5E58D4938E857A0FC8FE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221752, "uuid": "f00ef281-087f-4332-8c6b-38787c7a853a", "value": "12288:Cmd3pewj8mKUBrXmCDt3kO/vYEBZgGapO/xHOgjptiuM09bJDO3YwQ:C88wj8m5BbmCNkzUBUGvVtJM09bMYwQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690221752, "uuid": "311feabd-3ca4-4d74-be04-3d146cad5be8", "value": 735139, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690221752, "uuid": "9c2afe25-0ce4-4c88-a730-f9274d463b1c", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221752, "uuid": "e9ed9d5b-649e-454d-872b-d909b0ac5056", "value": "bank detail.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8065e0f4-2a1f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690202528, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202528, "uuid": "9c7e831b-91ca-4d07-99e2-0df67fa0c018", "comment": "Malware payload (GuLoader)", "value": "a8fb246bd91d88e22d5a81de3659b351", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202528, "uuid": "885e68cd-556a-46ad-8ee3-2b061614dc8a", "comment": "Malware payload (GuLoader)", "value": "ae9f6648c124d034c969585a244ed7819bd787d640bd1561e7a6fabf6988476a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202528, "uuid": "4045e517-2888-4ecf-8e4c-c9b00b66bb46", "comment": "Malware payload (GuLoader)", "value": "52fa28b5051efed3acef695274f93b769655eb6e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690202528, "uuid": "cb1d8a9b-61c1-43a9-bd4b-b6b22b44df07", "comment": "Malware payload (GuLoader)", "value": "55968461e1cd5383748dfc0d6f0ec08f64650c6abe6e326942479e48696d66589da282be69a6b83796626bbf834559d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202528, "uuid": "700a3119-0eda-41ca-9988-cc519cee5dc2", "value": "T164A40242E69180DADC5503718C7BDD2A02F7BF3D6CF0A64E526EBA656B732D3011EA07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202528, "uuid": "83db70ad-16b7-4ae1-a31c-c5be87c13988", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202528, "uuid": "d1b4c86c-8907-4b18-992f-b2ae5fc2c6be", "value": "6144:Gp2PUgTHyu2fuy/XXz9xblb7q6juCJOLgkCyLlK6tO9ePepe2XTpAas8UHkC:58EHyu+ZbfuCqgclKQDn2j+a/Ud", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690202528, "uuid": "293af5ac-7e2f-4d54-b101-378de00dc974", "value": 456560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690202528, "uuid": "9abc6352-3619-4953-b1c6-7292f3b50c0d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690202528, "uuid": "3ffc2259-5842-4546-9073-f3a49f100b84", "value": "NOMINATION LETTER.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b3fd0a3-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178816, "uuid": "ccf9905f-69b0-4f1b-b7b6-b3750902d103", "comment": "Malware payload (AgentTesla)", "value": "615315a26673e3374dd8d0bb26d2efd9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178816, "uuid": "a2bae91b-17ec-46ab-b851-c4cb263eb91e", "comment": "Malware payload (AgentTesla)", "value": "af093bd71cb66c24a34d31d6efa125d86e6ffa89bfbfad9d20658889553e133d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178816, "uuid": "b41dc3f4-aefc-4ec8-bb66-9ed5d51a7fd5", "comment": "Malware payload (AgentTesla)", "value": "230b6c4e0c330f44984cd9e1ebd1139d309074f8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178816, "uuid": "caf40fd2-963b-4141-ab2c-da81a131cf13", "comment": "Malware payload (AgentTesla)", "value": "803a36e8cb00a58d07dcc8246931e1ccbd5dbc37f6772df44f1c68b1876df223fab25d53da68a8d8a8d3069dfb48416b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178816, "uuid": "82bceb3d-2fed-4fae-b2a0-7fe43816031c", "value": "T174F4226933696D13E0987EF48AB8D1101377A1686527C3CD8C7620992EF1BD0BF726DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178816, "uuid": "a4b7ce5f-5cf4-4633-8c06-e471a72782b1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178816, "uuid": "dafcc9e2-e5a4-4b88-9914-306bdb1fa6b9", "value": "12288:NtvJRBusy6kApSjI5yh2/Hd6c4R9IkcmQe/N2kfOGRo4F407q:3Fuuk+SjI5yM/Hd6HcvedfhoW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178816, "uuid": "21c2270d-d3d2-4c15-a4bc-6cf0dbdf7309", "value": 745472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178816, "uuid": "0bd288b1-a6c5-4450-848c-d73f81545aab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178816, "uuid": "81e9a812-ddfe-43ef-b72e-d30a3b9090dd", "value": "615315a26673e3374dd8d0bb26d2efd9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff3eb852-2a4f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690223356, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223356, "uuid": "94c020a2-f4dc-4223-ac51-69c661eb597c", "comment": "Malware payload", "value": "bc93dfbbc0cff68b379c77c7c9c76fb0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223356, "uuid": "1f0addfd-ac7b-4dd0-9e39-001c349b05a2", "comment": "Malware payload", "value": "aff9748442bda595e65103e7684e7a2dd392d6a4e8ee3c9d9cc1e075a9588ffb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223356, "uuid": "8d3a59ed-3f43-469c-9e96-21dca87d204f", "comment": "Malware payload", "value": "0965f2abaebcd973fdadac191505f5579d09d1b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223356, "uuid": "dd07d7ca-d01c-4df6-9d7d-3147dacd6b7e", "comment": "Malware payload", "value": "ff640554d80915fe84c17d6fa5f11d6960548acb6a52eb1ff07f22d135fb5efcce249429682dd5e3056b75a93e6b75e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223356, "uuid": "ce18773e-2f1d-4b2f-95c8-83f4cd18f7bc", "value": "T17A5412917A90C15BE2B207711B371A359FF6911879616F0F43A42FACBC726D25E2E3C2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223356, "uuid": "a57d1edf-b962-4a84-863e-b84a7cf67b51", "value": "6e7f9a29f2c85394521a08b9f31f6275", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223356, "uuid": "2456a72c-9e52-44d3-bd1f-4be98bb5cbb2", "value": "6144:kT4DtT0GGC1Fp3eP2BW165WUJyKwVlmS+Q/iuoTlbnTNujYrUMDSiu6:kT60Gx93065W3VlbriDltucrUMDPu6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690223356, "uuid": "e2c8b2d2-f7b5-4ef7-8c7e-43a38ee82cb5", "value": 306506, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690223356, "uuid": "3d14a7f6-708b-4a1a-afbe-78ba104d08ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223356, "uuid": "a22b2153-cd1e-46db-9567-4565d2f2357e", "value": "SecuriteInfo.com.Trojan.GenericKD.68131828.16357.14610", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61797567-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1690178424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178424, "uuid": "60d2a5fb-b871-436a-8dbe-b270c885e86f", "comment": "Malware payload (Loki)", "value": "fd0f95cb5f4c77cb9636d4d8cc15783d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178424, "uuid": "8d49def6-5795-4095-8130-a62fc4c0864c", "comment": "Malware payload (Loki)", "value": "b0504206461bb3a04bc80d299501c2d2765f097bc621a0e86e5b9e889f383287", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178424, "uuid": "1aaef22b-1ad6-4f89-93fd-b852e969068e", "comment": "Malware payload (Loki)", "value": "c67de5c7edb370a5b4e5447e2a23acb28fdb2dfb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178424, "uuid": "41b58822-308e-4108-8585-06658d81d5e9", "comment": "Malware payload (Loki)", "value": "61ad8d37118ba4441875fac988cad5711af510f271043a879bca8c7a3888b9f8905bb51beb261d15778740d3ebcd0591", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178424, "uuid": "edea57cc-4d2b-4d7c-90da-68b052ec572b", "value": "T17CE4236537AA1D03E2DD7DFA03A1C150177262192D17D3CCCEF6208A5EA5B80BF52AE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178424, "uuid": "dd76bf11-b322-4cb4-91d4-52b0f03a5ae7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178424, "uuid": "b5bca688-6507-42d3-8d3b-f9deaaaf86f5", "value": "12288:ODvJRBusyTYOxoqpTEJBNxTQni93dABd7lU9UpS0:+FugioqpTGJnABd2U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178424, "uuid": "08c4dfcb-1993-4972-b36c-5e0164420be9", "value": 672768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178424, "uuid": "d2c3e5bb-e678-4d39-b5b3-656f8f878a12", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178424, "uuid": "b440e400-06f1-476c-866f-22eba6958f42", "value": "PO 23072401291A.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7d1074d-2a42-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217760, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217760, "uuid": "2ebc9cba-8cfc-4e19-8f96-3782783d8837", "comment": "Malware payload (RedLineStealer)", "value": "437ee3959a6e2d3d6d8eff3c4934252b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217760, "uuid": "c551f3a6-89bc-4209-a7d8-f9f812363853", "comment": "Malware payload (RedLineStealer)", "value": "b05aa240978f6283818909d350f3cf1c686c324ff42452169cdaf579a4dce3e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217760, "uuid": "fdf5cc6f-447f-488c-832e-7a81ef72db54", "comment": "Malware payload (RedLineStealer)", "value": "1d3ef1ddf54a4eb54ad7182138920889df19d3ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217760, "uuid": "a255676c-b097-49a4-bc66-0a56c027effd", "comment": "Malware payload (RedLineStealer)", "value": "38deb42a356006c72cee5c59c24bdc4349cd7ffb1e1c0d887df6a76852f10ac0676f20b5263ea07a4f9a326bbd414d67", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217760, "uuid": "09d36a35-ecc5-4dd3-927e-f52b1abac568", "value": "T150840143E7E85532E8B92B701CF612C30B3A7DA44D79932B2746694B0DB36D4D93272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217760, "uuid": "5601700d-275c-4cae-91d3-ecc3a42d85ea", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217760, "uuid": "d55cfe8b-8fdf-4e15-bc8e-9409695a1ec1", "value": "12288:DMray902AbDwHHC37XeKSik6FtgE9DZD:5yePwHi37BRDVR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217760, "uuid": "91f96b61-e0aa-4bca-8973-310a18b30fb1", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217760, "uuid": "7e8d70c6-7783-4c7f-98d3-739ee0cf26af", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217760, "uuid": "2e178424-323c-4655-9ee9-aaa776a0c9aa", "value": "b05aa240978f6283818909d350f3cf1c686c324ff4245.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f7c7d14-2a16-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1690198526, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198526, "uuid": "5d4fc46a-2b95-44be-aa4d-5b79b87a144b", "comment": "Malware payload (RecordBreaker)", "value": "1f10199eb033205b4090768d65241b31", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198526, "uuid": "f7e14a97-e5ab-4fa8-b9de-d9218f059214", "comment": "Malware payload (RecordBreaker)", "value": "b067d6dee2b1f707df5046fc59f9eaaeecde74234e949983a6fd90befeacd9e3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198526, "uuid": "860f129c-26ed-45b2-bd5e-03e3bc5f9975", "comment": "Malware payload (RecordBreaker)", "value": "24b95a520e39f44911e59e7ed2c813509db3a015", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690198526, "uuid": "39376922-596c-4f1f-b4e4-c7e8a099cd1e", "comment": "Malware payload (RecordBreaker)", "value": "9f03c9bee6f50ed7102a53c53ef8658daf634a0c76274d4a211ab5e556eef88c2c757d9c30a08d1983acfa4382214d99", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198526, "uuid": "24d19c9c-e82e-4808-8e52-c2b220015d66", "value": "T16D649683C6A23D59E9278B769F2EC6E8F70DF2508F49777D1219BA2F04B0076D1A7610", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198526, "uuid": "e628d254-a794-4305-a0c5-ed89cf0535d4", "value": "4204b9f7d0ffdbe2928a3ddb092604a6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198526, "uuid": "a1f79b7a-2d97-4d6a-b65f-72fb25878193", "value": "3072:qmpLbXPLewf7Fdry+yonVxcvx3pq+HCcm6yetmU5WOTvCzS0Jkue:tLrLewfHm+r4x3pt3mde4382SL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690198526, "uuid": "f4aab706-40c8-4db4-ac37-f299c692a332", "value": 324096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690198526, "uuid": "b9e1e52d-b35e-402e-b70a-d9d2d910f6b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690198526, "uuid": "f52e9541-4294-4f20-a2d9-4a88196dacb8", "value": "1f10199eb033205b4090768d65241b31.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee4f187a-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690191116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191116, "uuid": "76e50f2e-00bd-4b3c-9241-ae7691b4c650", "comment": "Malware payload", "value": "6254ce15d3f7d1637cc7107aa589f920", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191116, "uuid": "e4b3f95b-c0e1-4146-b62e-dc1db9bcd9c3", "comment": "Malware payload", "value": "b0f80bc8e6d813f303c0d78c1475a8122f7526b00d5552e212a5db88382cf615", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191116, "uuid": "a517b370-0252-4e87-9416-2f6999d78a55", "comment": "Malware payload", "value": "f2eb4d796fd3a4f9d672ecefe9a7804cac4f3c59", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191116, "uuid": "a63df10a-62d6-4a00-8e50-7176f97b853b", "comment": "Malware payload", "value": "9ee7e96c5694c6440920d93e070838f40919823df12939111e439e3c63ff01c9a58f70800943950311c753d5594bd962", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191116, "uuid": "41e8379d-21a2-4898-9101-37e8fa765b10", "value": "T12F76D9E47291BAD20F78595DB3CF80F37C26F857F0BE5D8622950E0E8284255D9EADB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191116, "uuid": "3b9e2e41-3eee-40be-800e-4dcc36a02b8d", "value": "49152:51gbQ5J0fsm3d8sdGxELTdhLgvZxXqPfRtC:f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191116, "uuid": "22daec26-4eaf-4f26-9065-3023a9a781af", "value": 7134862, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191116, "uuid": "ba2eac83-13e0-49cf-9ea1-e602264a93d4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191116, "uuid": "993e48f2-3af2-47d1-930c-c46075e5af5f", "value": "aajhznymnsnkrtktuwtezcgmcggmhfzoetrhcwvnwvyypifrxm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a995efe4-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690211616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211616, "uuid": "82ca257a-3015-4554-abd7-20e0fdc3bd84", "comment": "Malware payload (AgentTesla)", "value": "55ca9017564f39446b5ae20a50f5577f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211616, "uuid": "2c21cac3-5a6f-40f7-913e-df9c92633a5a", "comment": "Malware payload (AgentTesla)", "value": "b193ccd7335c6ff72974c4473c7848b1a917ad0842f752752d921b2e63e90236", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211616, "uuid": "eb759845-f58e-43ce-b734-be5bf5d8fa52", "comment": "Malware payload (AgentTesla)", "value": "d0052f0e975666ca7d2d9981559e3c9da7c4a609", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211616, "uuid": "7dbade12-b33b-45e2-b265-deb32cba9bdf", "comment": "Malware payload (AgentTesla)", "value": "1d4696eb56e6e111a57782cb7880f27ffc3ce5a95023f46af215641965c89f0c69dfc0ccefa1bb51c80916299eb5dd32", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211616, "uuid": "4fa2171d-e065-46c3-958f-5380feb1866e", "value": "T10AC4C1106E9F210475B37F9A5BE824A9872B7B755B35941E308B060A07DBD94ECF0F3A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211616, "uuid": "85652a4f-5681-49fc-87ca-f113aa74eec6", "value": "3072:c5XNsn1+7HLDVZCMxzakmTWHM4dhLCUNR95MMyR4yKYbdHznXmxLJIrCsS4CYuGz:Zn+uMxzakO4rLCUNR95MMyR9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211616, "uuid": "84889792-c084-4ada-85a5-b4289a02bdea", "value": 576492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211616, "uuid": "696120c9-12f8-4407-b03d-0e94b9b56d2c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211616, "uuid": "4d9a1c0d-bdf7-435b-8e7e-793f8d448d45", "value": "CD-PO9707979.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "911815a0-2a7c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690242499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242499, "uuid": "c9e205b2-2ba4-4c6b-b3d3-cf8940d39f9f", "comment": "Malware payload", "value": "8f58feb466e29f5343af51e35d251c98", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242499, "uuid": "64ef7f25-20ef-4ecc-b148-bb122b34338d", "comment": "Malware payload", "value": "b19669ed3242b5ddfe7081fbab8198458f479d746c13d69c574d7e7bdc44bdc2", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242499, "uuid": "2ac71caf-8352-472c-ae05-10c2bea06ada", "comment": "Malware payload", "value": "9ba8733a7f9159d6f5453e405308b3a9f0686926", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690242499, "uuid": "7cb7195e-1825-4d87-96db-df53972a97e2", "comment": "Malware payload", "value": "029fd3f3f3e8113ba44a204e41ee233f88e46b33d73361ef615d02b882a966d5fab5b093c86781c1c971b79e9a1d47f2", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690242499, "uuid": "3757a4ce-64bd-4013-b584-85f2c905dec2", "value": "T1C2F4897CB5D9254B80A8B398E306F93C3E9179A5177960E6B3E4B547CD988CDEC21F20", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690242499, "uuid": "34f184da-4b65-4da4-8fb9-812885000b5d", "value": "12288:bpEDc/Szjk3m513me1p92YOCti+3eekLU+/ZO7cFtTzNCCpZv8MR:bpE4SHwmuc72YOCQJeK/ZqQtkc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690242499, "uuid": "740d6cd2-7dd9-4694-a0cd-61129aaeb8b0", "value": 738433, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690242499, "uuid": "1ba95d41-b061-422a-b0c1-d48539de5a6f", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690242499, "uuid": "dee88003-3a09-49a4-835f-be6f6b20c411", "value": "Group confirmation.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "919e0980-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690217159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217159, "uuid": "98097448-4e57-4c96-8574-16a5240a2eec", "comment": "Malware payload (Amadey)", "value": "1b9d86f36ac005843becf346190521fb", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217159, "uuid": "196592f6-2605-437e-b596-7eb37ca22a9f", "comment": "Malware payload (Amadey)", "value": "b29877eef2cbbbc095db72354a06828684a84586ab57ba4f606d997c6d3408d6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217159, "uuid": "359eedf4-3cc6-4c2e-bfb5-7790546c5fe5", "comment": "Malware payload (Amadey)", "value": "52b763cb85eacf46d4ff3ea2fa492f405455be24", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217159, "uuid": "024887c3-9747-4b79-9441-38c2f153643e", "comment": "Malware payload (Amadey)", "value": "4ac730e4cbe132ba16bb66cc1f9be353fa75bc9279d2d7ad837207459b16c8036c4d6306f9d31b52522cbb28eaf06477", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217159, "uuid": "8384ce46-ffc3-4871-8cba-3520f6b226e1", "value": "T1CF840113BAD94073D8B617B068F706830A36BC665C74932F2745A96F4CB36C5B87272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217159, "uuid": "a8978863-60a7-4c43-a1cd-f995bace1867", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217159, "uuid": "5060a9ae-bcad-42c5-82ec-cb8c7140f567", "value": "12288:mMrQy90C4yjnFLU9hHGbToahffgBYCWJ1d:CydRJQjgFYzA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217159, "uuid": "44d015fc-9e9e-424e-ba99-bd8fddd7135c", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217159, "uuid": "a50a0f0a-e407-43ef-8376-13cef8c6d03c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217159, "uuid": "f4f922bb-1db7-41f4-873d-cfc8d801cd2d", "value": "b29877eef2cbbbc095db72354a06828684a84586ab57b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3ff1258-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690188011, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188011, "uuid": "77211989-12a6-4172-8f5d-777bcd87b830", "comment": "Malware payload (SnakeKeylogger)", "value": "3fe698c910f56305c5ed060dfafbd086", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188011, "uuid": "fea3ea36-07ac-42fe-9af2-0bb0dfdff546", "comment": "Malware payload (SnakeKeylogger)", "value": "b2dcddc1c5777df047cd93bfbe626778c4fd4974a6f82f14716c8a27c7f72417", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188011, "uuid": "814b900f-af03-43ec-9ac1-bd2a6380d61b", "comment": "Malware payload (SnakeKeylogger)", "value": "50d4cd16c88e97fc685ed02c85f7cb299b8d0857", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188011, "uuid": "cca859e8-0ed7-4554-b4dd-4ea14500a774", "comment": "Malware payload (SnakeKeylogger)", "value": "ff990f245be5b2b3baf9fecbf9ea96334f1942b0484de005a758643fba674d805bfec607d02f08bbcb1db67ea55e5494", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188011, "uuid": "e144ae1e-2bb0-4adf-a669-b8cb09718aee", "value": "T110E4021137B5AB16E5B8BFF1A6A055290332A5191833D35C4EF220EB1E27F816F52ED3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188011, "uuid": "11c0bcbf-8396-4e11-8e7f-5f33f8ce4e3b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188011, "uuid": "e8e27c6e-8917-4e7d-8657-44300ad006f9", "value": "12288:FhvJRBusyNmAhVOh2x84oBHME6aPL8eugyfAIDxXDKO:HFuppOh2RoR4MIDpD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188011, "uuid": "e73056e0-7f42-43a0-97d3-9e42bf23b087", "value": 717824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188011, "uuid": "11b3b086-5e73-41ac-9d97-5b3c0e413172", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188011, "uuid": "b01c2d09-445a-4eca-8b1d-d81d0f38f656", "value": "INV 88000354.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0227c51-29e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690176489, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176489, "uuid": "577a9d4d-d8cd-49e2-88cd-fef2d26314ef", "comment": "Malware payload (Formbook)", "value": "3b67a80c8c1c46815b6adc06dc6645a9", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176489, "uuid": "c1e9922a-3c52-4c17-9167-aa6e4bcf75eb", "comment": "Malware payload (Formbook)", "value": "b36ac0986e5b05d8369211e37421daa18ee8af23bcfbd42986305bb0374d12f3", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176489, "uuid": "e7a161ca-4719-472f-a807-c71001af60bc", "comment": "Malware payload (Formbook)", "value": "aa76edcdbcb7edcca2f8d6a2b184d11a88be5a15", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176489, "uuid": "87b143f1-3a4f-476c-9e2f-6164d77f079d", "comment": "Malware payload (Formbook)", "value": "c91f121aa39e2487a66a497a213337c89ef862c4827e5e492a6681d6d43e98916fd6fda165204bced466cee8f1690ef4", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176489, "uuid": "90284fe0-958d-4f53-81ed-7e43069cf1b6", "value": "T13944231F42EC523F36C5273B891A9C37ABABBC66286852196C34547C03E1D39B0B75D7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176489, "uuid": "f5e4e0e6-371d-44d1-80e3-3d2e54904370", "value": "6144:f+K4KFkoywQBWubBMWD2G9Vr0CoWjcw2LQKsoyUGr1S/uAI:fMToyHRbeWD2XC1jcjLQKdgS/uZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690176489, "uuid": "f92352d1-597d-4979-a8ed-b4f9ba8b2652", "value": 262841, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690176489, "uuid": "b7852991-adc5-4ec2-bba9-d09d4bc64c6f", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176489, "uuid": "4efd88d1-99b9-41bf-92e4-d41da0e73a9a", "value": "RFQ # 1045981 - MAA_D Plant Project r01.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9da75db4-2a47-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1690219757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219757, "uuid": "36aa749a-e68e-437c-be4a-ac07bd5672d2", "comment": "Malware payload (DarkCloud)", "value": "aba88143cd94bee22ac746f3ffa282c7", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219757, "uuid": "441deecf-5319-4823-b0fc-e330ccd018f7", "comment": "Malware payload (DarkCloud)", "value": "b486b79e598d35b293908f445bd1c571d0a7439e548928f19c21a0d70cfcf330", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219757, "uuid": "a9d2f449-617d-4e6a-aef2-904008b9dc1d", "comment": "Malware payload (DarkCloud)", "value": "378ddf1acf1f60f0601672b9ae4a14a1a0166e7a", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219757, "uuid": "ded35c17-cd60-4138-9bb5-6aa533fe60ee", "comment": "Malware payload (DarkCloud)", "value": "38450bf708e1ac3cee9aedae0051b8a82198afdfceaae61e89366cb869b5e7b722b51a8b3bf8b4dfd7e9ec177021dd9d", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219757, "uuid": "6a2223dc-b880-44a7-a15e-228331e387e1", "value": "T1762523663BB59B54E6E8BFF852A091110372A0582837D34C4DF220DB1DA7F886F91ED7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219757, "uuid": "d9b8dc98-a66d-4bcd-a297-129348ded8f8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219757, "uuid": "626f0e68-dc45-4707-84f2-267d11fa02ca", "value": "12288:QOvJRBusyx5tOIIRwaaLGBlN6mfc7of3hdwP/cQi3pDvi4OWbDlX9hle4dDMG3GQ:TFud+KaaLaNc7c3v8ultBeuZB9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690219757, "uuid": "a2dbbd5a-9d43-4bc3-8bf7-720f5351b683", "value": 996352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690219757, "uuid": "0b42b597-8db5-404a-8f31-f0a25747bbdf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219757, "uuid": "67217b8e-66a1-4598-8c03-3c538af4deaa", "value": "__T_____.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "642e32ab-2a01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690189595, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189595, "uuid": "a560902e-729c-408c-80cc-36baeb2908ba", "comment": "Malware payload (SnakeKeylogger)", "value": "bd05b2a13f8fac2c69a33d774ee21aae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189595, "uuid": "6e21fb47-41ec-485b-a9ab-4ddf38ec8027", "comment": "Malware payload (SnakeKeylogger)", "value": "b4b849b2dd85b9d237571268c24fb9710113cdc8dc4711983cc7841bff7c2150", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189595, "uuid": "9b2b3791-8a43-41ec-b79f-3cf57a1f1ab4", "comment": "Malware payload (SnakeKeylogger)", "value": "e14dd57cbfc49176c0d7d998069a43663fcfcab7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189595, "uuid": "6938e6a5-6784-4b63-acb4-2690c102cf7b", "comment": "Malware payload (SnakeKeylogger)", "value": "be91161af218c53a05572d670cdae46374c506672c58cff84a2f35c6470ac3f92f292e435c4b9087b76c2c49dccef1be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189595, "uuid": "bdae49bd-2f63-4cd2-a89c-6169de5c1b08", "value": "T15F257FD1B150CD9AED6B0AF1AD2AA53015A37E9C54A4C10C5AAD7B573AF3342309FE0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189595, "uuid": "89fa6bbe-0651-47e3-ad17-60c40ec748b0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189595, "uuid": "c76f61cf-780e-4297-92d0-7cbad9395b9e", "value": "12288:U0vJRBusyl1PJEWu1hGQbEYjz0kkJhZJCihIc/VwWvkYaxr:ZFuXJE7E/YH4tciycdF36r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690189595, "uuid": "8660f903-27b5-468e-a610-49706e2fee04", "value": 1014784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690189595, "uuid": "58d4d438-c3a5-429d-8047-08080bfaa1b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189595, "uuid": "323036f7-8f08-4e19-be02-1f56d6ec8296", "value": "FOTO\u011eRAF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c1d4f00-2a05-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690191219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191219, "uuid": "307c91c2-f845-414d-aaf7-ead0eb13b9c9", "comment": "Malware payload (AgentTesla)", "value": "f2cb43d22337695bb278796a6920df98", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191219, "uuid": "89cac616-9d01-491f-a4a1-6e133b806cae", "comment": "Malware payload (AgentTesla)", "value": "b4b90bd0e9cc6597bdec17a317110c3dfe73a8dd5de8628ab567264d058bd786", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191219, "uuid": "c2fc87c8-a48b-4dc4-bfc7-d2908d2b7fd2", "comment": "Malware payload (AgentTesla)", "value": "f404b37c34f355f2a6635623f8046c9fb9aa7e71", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191219, "uuid": "db532aee-38b8-485e-adc2-568c71d82c58", "comment": "Malware payload (AgentTesla)", "value": "992e8a344acfb3a611e9e61f35c14b6772f2227a8987c06148969f4b1b2af53cbd999eb028fbf2e2d77a7e464e9b5c61", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191219, "uuid": "0ec374fc-c87d-4eb7-9879-d8ebc81019fe", "value": "T1D6F4125537A99B12E2B8BBF4966065140772A9453877D38C0EF130EA2E23F942F61ED3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191219, "uuid": "28f793c3-5896-4b22-ad60-f2100ec3ead0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191219, "uuid": "352bf3ac-7c51-417f-a736-6b684adf4d72", "value": "12288:nnWvJRBusyOPAewnAbBpdNrQ7qejcHwLpP49AfAZocFr2JZzVb:AFucCQNrQ7qUcQLtjf/9ZJb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191219, "uuid": "d0507785-5d1b-472a-bf31-bbc83a0295a0", "value": 758272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191219, "uuid": "4fd44ead-ac30-4ec4-b6bf-eabc2ac817b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191219, "uuid": "9a1f662e-9ba5-47c1-b9ff-23b8f9f451a8", "value": "SecuriteInfo.com.Win32.PWSX-gen.14521.5802", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74d559e6-2a38-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690213246, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213246, "uuid": "905352b1-528d-4006-af45-0ddf9f238280", "comment": "Malware payload (RedLineStealer)", "value": "ad60b53e4900f3eb51dedf255fdcd47a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213246, "uuid": "a03ca5ed-dd0c-4b01-bf66-996bfb7e927a", "comment": "Malware payload (RedLineStealer)", "value": "b4bc47d781bb4668301b62669c7394db6735b3406de256f3c7994885778f899c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213246, "uuid": "1a7c2e98-7a50-449b-980d-bc7ccc14e652", "comment": "Malware payload (RedLineStealer)", "value": "6eb7c4a43481cc20c17565f7e91df56c78b98dff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213246, "uuid": "77e6c730-72c9-4d97-bbd8-0e33308f4e0d", "comment": "Malware payload (RedLineStealer)", "value": "a853749e3a16dd44ab8c3689c3c21696716aa7e3d8c80c9224df44f96636c96632b6033f59d22d326005dcf6640e09aa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213246, "uuid": "1844c2ca-55b2-484a-b68f-0f7659d05742", "value": "T1D8840143BAE99433E8B117B098F703D31635BDE1AC78872B2745685A1CB2AD0E57173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213246, "uuid": "79eef3be-18c0-4f6a-a8fc-b9372c8d7fdd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213246, "uuid": "d03a536f-bcd7-49d8-a120-56576c2c366d", "value": "12288:bMrqy906IYNHNp3ZgOH4hHoWgBYCI02IGGLz:JyDIYdVV1zwIGGLz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690213246, "uuid": "1100fb03-e9b1-4b16-acaa-f17946ee7305", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690213246, "uuid": "d4288d5a-58f1-420f-a81e-1bb6cb3911e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213246, "uuid": "7488ecf7-8ded-45f2-b44c-726eb703c5a4", "value": "b4bc47d781bb4668301b62669c7394db6735b3406de25.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "46b489af-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690211450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211450, "uuid": "0da29aae-5458-47e8-8343-93ad1b1b2919", "comment": "Malware payload (Amadey)", "value": "f44b55374e7b26b018b5a75477aaf46e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211450, "uuid": "8b730d2b-1bfd-4c50-9a98-9aff7b4ce625", "comment": "Malware payload (Amadey)", "value": "b50e9756050929c7b6852cd1fb9ced19227f70a7e6f75532d8a7d92d222ae415", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211450, "uuid": "decef503-57fb-4761-bd90-2362175828e0", "comment": "Malware payload (Amadey)", "value": "2ca2426e521e290d4fd68ffcbbd14481ad9371e8", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211450, "uuid": "a991a107-c317-4039-88ba-08b80023aa87", "comment": "Malware payload (Amadey)", "value": "7326a0004ee9fa8de16a926c06dbe0125c5e39ad3dd968bc52ed1fcc84cdd23409ad3e0b6232faa4b8a14f175672c1a0", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211450, "uuid": "bc46f805-650e-4283-9d02-d1a887d5323b", "value": "T18754F71783F13D55E927DB729F1EC3E8760FF2608F497BAA22199A2B04B11B2D173650", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211450, "uuid": "c5592853-64d4-4eb5-864f-bf7a1a12f00d", "value": "643dfe69bb37214a28d08dd70c9d2c6e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211450, "uuid": "d6dea3b5-463d-46f4-a772-d7566d00ead5", "value": "3072:0agVJlO9Lhg4Alb2jZAUYKWxulQMV1qWBITNE4K6MGW5gp1hrYbzF1:WhO9L+qZAUyulQWNeTjMGXpLrY11", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211450, "uuid": "c7525365-b753-4061-9c58-fe028c87867e", "value": 301568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211450, "uuid": "0d9f03fe-2e4c-45a9-8586-69dcc4fe3d76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211450, "uuid": "c7d0dad3-b03b-49a7-9e13-a492520f15b0", "value": "f44b55374e7b26b018b5a75477aaf46e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eab3771d-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690210866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210866, "uuid": "a9df5566-220d-4a0a-963c-978747b90acd", "comment": "Malware payload (RedLineStealer)", "value": "06068b221790d4220a8933e7b9d3e1dc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210866, "uuid": "a6bc2e36-09d4-4031-bf12-e97ce904f7cc", "comment": "Malware payload (RedLineStealer)", "value": "b5580e8f2006273aa90d2b6b966955f1821463295bccdc1fae71e3f7880f49e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210866, "uuid": "2da99827-2cd5-404b-8e7c-bb89da315eac", "comment": "Malware payload (RedLineStealer)", "value": "5f6dca4eaafc12da964fbeaaecd22990bf4ed5dc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210866, "uuid": "e315c445-2b8c-47d1-a291-e400c77adc7e", "comment": "Malware payload (RedLineStealer)", "value": "aff49439d9e4f4e7733aead4e445fad7b7360d5fb0dfa5814b55e1f9818f7649e8986e47e9fd2339dcf164a28fb3e11e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210866, "uuid": "9840d502-3454-4bf3-bef6-7ecc1009a990", "value": "T17DA47C0792B17D52EA17DB729F1EC3F8760EF2508F497BA622199F2B14B11B2D263710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210866, "uuid": "343992e0-a179-47f7-995c-c391a6267e9a", "value": "643dfe69bb37214a28d08dd70c9d2c6e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210866, "uuid": "d8dcf2f1-6732-4e20-a188-539e3ad4d51e", "value": "6144:CYkILB1g/P9R4EZay31MGBcIeLHee2yr9cYTAiEgkixOsvLB1ETC:NkI9GRBZ5e9r9jTjkmBO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210866, "uuid": "4b2f6abf-360b-4a1f-b2ff-60057dd709aa", "value": 471552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210866, "uuid": "5f56d4c9-9e25-4507-b3df-4f2c9a964a58", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210866, "uuid": "c218afdf-496a-49f4-9461-90a2bd36dcb8", "value": "06068b221790d4220a8933e7b9d3e1dc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b76eb663-2a3a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690214216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214216, "uuid": "f0e7de74-4597-40a9-a3bd-2eb0e1609e28", "comment": "Malware payload", "value": "83e9e2a969291caf629cd546f6259140", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214216, "uuid": "c02bb090-72c7-4725-adf6-3ab1a0cda90e", "comment": "Malware payload", "value": "b573b1094c97ab4c37e66be1b4e415473bddbf4386c99742b1469c0320728897", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214216, "uuid": "73463c42-7eb1-4aa1-a50e-bfcf50527a5f", "comment": "Malware payload", "value": "f5f64e58cdafda27bf580bf58a595319840b7449", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214216, "uuid": "15b8664d-6ae0-4294-9957-ba103dccf5ce", "comment": "Malware payload", "value": "b06430ff31fd474cd11ac50030ddb626620b5670f9c381db50bd6b3b158a878be619f9493ed2c504954c0e8bd5251375", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214216, "uuid": "6350c844-ba30-4187-9767-18deac69e1e1", "value": "T18784F202FBE84063E5B56BB05DF713C31B31BCA19D38972B2646A81E1CB3690A57177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214216, "uuid": "ce27b90e-957f-443a-98d7-cc7fac9ec784", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214216, "uuid": "ced68d96-5c5f-41b4-85f0-c68d6af6f6ef", "value": "6144:K8y+bnr+Vp0yN90QE78SH/Yvm58ugKJHrP3SVZYdbTkZaWEV+rJ3jFVpK0vYx2AX:wMrhy90GSHQvm5LpPaEu3f62dY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214216, "uuid": "fae2df56-8bf6-44af-a7c2-87ea6b89ff62", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214216, "uuid": "0505f174-128d-4ad4-a3de-a3347cfcc6d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214216, "uuid": "4a6dc1c9-4efb-4565-8f9b-cf0054ce301a", "value": "83e9e2a969291caf629cd546f6259140.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e45a1f6-2a41-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690217154, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217154, "uuid": "f1e4adac-77dc-4d7e-9abf-ab1a72af16fc", "comment": "Malware payload (Amadey)", "value": "155562248415a9c2fab26d4ea4e4c306", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217154, "uuid": "e9d30124-c3b2-4131-972f-28defcf7d180", "comment": "Malware payload (Amadey)", "value": "b69cf5309cea60dfbb28b810ec00c6b00eae63de455d9d2d020c70da75ddae7c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217154, "uuid": "31bda77b-0f0f-4ddb-aa78-38a6af80bcf9", "comment": "Malware payload (Amadey)", "value": "a8922c7837225ef88f9c26c8c2aa0bc60e99b6e5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217154, "uuid": "60c6a7a1-7955-4cd5-aa12-dbe9e382822c", "comment": "Malware payload (Amadey)", "value": "bf3e70075e6fe61add31cccdaf7bf6e36a1e10250c42375b549156fa2039311482362f0a4befb77ee234adc8c7b5f0bd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217154, "uuid": "f365b32a-9c1b-4a27-ba7c-d38bb710e0d7", "value": "T1B4B41213B7E844B2C5B427B058FB16930A3A7CF18935536F3346698E5DB35D0AA3236B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217154, "uuid": "585aaecb-ad76-4a38-ad9f-c6a29f2e1e0e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217154, "uuid": "6f8b4d62-9f29-44ac-a010-315a83c23861", "value": "12288:/Mrwy90KjmH6kMTY04oLtjfvPcwB38Bhoat:Dy506kSYRopjfvTB38Bhog", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217154, "uuid": "03afb484-b38d-4780-aad7-813d19eb59e2", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217154, "uuid": "90494844-fe4c-4bce-a6cd-a5e0722bfe5d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217154, "uuid": "04977b8d-af33-44d0-a252-25d998b93a12", "value": "155562248415a9c2fab26d4ea4e4c306.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6168b81-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690191048, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191048, "uuid": "9b76e7fb-377c-4cf8-b319-5d6e978f277b", "comment": "Malware payload", "value": "6e1c96350be906bc6ba2379c6dfe9e9d", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191048, "uuid": "833182cc-13a2-4fba-8f7a-eec80c0c48fc", "comment": "Malware payload", "value": "b7274c615d8c66738ac58dd07f0a62a0f830cf6a8e015093289eb8d7ca9cfdbc", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191048, "uuid": "a10e1c29-fd20-4ded-be48-bce5e2cb2c07", "comment": "Malware payload", "value": "ce9c3f3ef2103c5e623a225263c1daa1189bff6c", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191048, "uuid": "e6d99763-688f-4010-91dd-82b77610b141", "comment": "Malware payload", "value": "3bd61145966d79536705a90ac8fd780b93ec545ecdc077500e3b1e04e069175d2c44bd7ba656587e4e3ca2de7ed206fd", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191048, "uuid": "5536497e-50c0-4c8b-a156-35fdfdd19ded", "value": "T141F3C80AAF610FBBDCAFDD3706E9060139CCA51722A93B753674D528F50E54B4AE3C68", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191048, "uuid": "673fe635-f762-49c9-833a-502b9bc2395b", "value": "1536:2tcHIkfEWWqFQPmsp0zndTHy6UCXbWdYMLP2GfHXqZgBBTDYSLIE2SkEb8nN9s3A:2tcoRWn0uhTEb24H6SrLIF/E+NkdBRq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191048, "uuid": "fdf81752-3f30-434d-a96c-c945b6c7e623", "value": 161480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191048, "uuid": "ac215f99-ebb8-42f8-87ae-5ecc4136a69f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191048, "uuid": "e17e70ff-3bce-4ecd-b1cf-5e45352ead06", "value": "cundi.mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eecad834-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1690211732, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211732, "uuid": "819998cc-f727-4000-ae7c-9c4f77404d35", "comment": "Malware payload (AveMariaRAT)", "value": "692507ead3626303656bee7eb4628196", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211732, "uuid": "0910c9e2-1d5f-44c8-950c-437e224dcd09", "comment": "Malware payload (AveMariaRAT)", "value": "b7863970a31a5cf4168868582d240a06fb9a50dfbdbab2ccaa6bf6629dfcffbb", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211732, "uuid": "58c5e20c-6761-436a-9171-3f85b3f9540d", "comment": "Malware payload (AveMariaRAT)", "value": "025e8df66892bf1392970f5073d33c5434c72c82", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211732, "uuid": "e72cf6bc-1316-4a29-841d-b62da5c42ce1", "comment": "Malware payload (AveMariaRAT)", "value": "67f871acc0b0fe5c010ce9f7f968a58776031a6a86247294646fc83416432d46cd5beb4608c84c220b8e9664983440b6", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211732, "uuid": "af9a7e80-9eef-43f2-9be8-0a7ac2b261b0", "value": "T12B510B6967246C0FF26E94D75884FC5F5A637F739CC7B40672945DD0098F0611F2B825", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211732, "uuid": "90972b4b-13c7-4837-84da-0728b0f8e0c9", "value": "48:t9mF17XxSRpnmILveKI0kZ4CKg5js+oosVGl3b3gJVc1WpLyCkjH:t9O7apnmILveKmrKuI+oosVwgRZg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211732, "uuid": "7d0e1d3a-f1ed-4dea-8e87-ecd475e6e145", "value": 2811, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211732, "uuid": "22485ae1-48d3-4144-a87b-9c123e183a41", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211732, "uuid": "93ae22a1-8ccd-4b35-b528-a7a960ade52c", "value": "INDUSTRIAS PONSA SA CATALOGUE PRICELIST JULY 2023.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eec2e8e6-29e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690176514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176514, "uuid": "3ac888d8-d2ed-4563-87c1-b4335de926ab", "comment": "Malware payload (AgentTesla)", "value": "3787a86b56838f0670576495ca6c8641", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176514, "uuid": "7d2fb3fb-e79f-4279-9b78-2975c69ab665", "comment": "Malware payload (AgentTesla)", "value": "b94e8fb9368210a1352a19f4c68e61616c6364e2c9228f0e7ede1fc01a60e32f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176514, "uuid": "48f92de0-55c0-4982-80a0-951560f8a7bd", "comment": "Malware payload (AgentTesla)", "value": "3a4d91a8b26def13832c11a54f99429c734a8211", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176514, "uuid": "b0c25b20-e8f7-4b43-b610-8b1eabec85fc", "comment": "Malware payload (AgentTesla)", "value": "790df446d5a13369e71ae62932e6cb14cbb486b67a3e1d792f85c5596e7415dae519584bd2d83a79a0dcc74d24dcb6ea", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176514, "uuid": "a53d2aee-be29-4ecc-9484-94a19fb0fd28", "value": "T1DFE433994130D21D74AFD373242A3FCA6DB90705D9FBBE4029A28275FE5F7F18999021", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176514, "uuid": "471e5bea-548b-4f1d-a332-fe6ee59f5aea", "value": "12288:79e9ZRiXvUaMAi+exJBo55pMOeV1kp6J0PeCyvPVltqztpfdcgkQt3LyezF:I9/4r425pMOs1kp6J0yVUXfdcgkQpp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690176514, "uuid": "f2a64e9a-f859-45b3-a64f-aff53e803b85", "value": 686746, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690176514, "uuid": "8c124857-e9ee-4a4c-8d1e-89ebc304e12e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176514, "uuid": "32478d7f-e47c-418f-a73d-053cfe3e1f5c", "value": "Documents.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e50e5e3a-2a58-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690227178, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690227178, "uuid": "ae166c52-4906-41c1-8af9-0b5ccdf4f690", "comment": "Malware payload", "value": "66b6cb141be15b12ebe44360d166656a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690227178, "uuid": "c05952f7-5c71-439e-ae4a-c49dfa2f448e", "comment": "Malware payload", "value": "b958a7545a164e5dc51389b078ed83e0fa5439d78cd8053b78f2dd70d67e7a58", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690227178, "uuid": "6ea7a231-4440-421c-abcd-20149ecb1430", "comment": "Malware payload", "value": "53ef7c1054bf7e09c94577ef761eb199bf488b53", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690227178, "uuid": "1c9f9963-9fcc-4541-8dff-1c5047fd0c29", "comment": "Malware payload", "value": "4845f24c84e0dd00eca090efa6822fb14a45e6f2cf8d1b43b22a9be70dd78bb2000b09dd0b4412a79f0e8146ecc74903", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690227178, "uuid": "928962bf-943b-4d47-8112-49efe7edaea1", "value": "T191C423302628A8B1DCD06E7B96C6890956FCE7379E4BD71BEBC8995C4FF111CB502B84", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690227178, "uuid": "691cf87f-9381-45a5-9284-d14cb37f7cf1", "value": "12288:+Bb6LuSd3YK5cFxYMsfZ1rGLNrjpyg6bbbdrRY4/h+OWCLR8FkknC1KSHYGHm7P2:kYuYHyCMsXrsdjpygKY45thLR8y1KSHh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690227178, "uuid": "7cdfd8e8-6c61-4605-ad5f-78fa28c0d3ee", "value": 596480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690227178, "uuid": "7e786469-db4f-465f-a5e0-7b9e6226374e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690227178, "uuid": "09309d21-cbf8-463e-b87b-43d41899afb0", "value": "SecuriteInfo.com.Variant.MSILHeracles.97730.15145.24115", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "164b1235-2a0c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690194189, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194189, "uuid": "f9ae6761-4886-4ebb-977e-c540c32b366a", "comment": "Malware payload (AgentTesla)", "value": "770a785a2c7413d02e3d87d1fe360ed5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194189, "uuid": "f065cbbf-ddac-4ca4-92af-e08b6328da47", "comment": "Malware payload (AgentTesla)", "value": "baa419c4a897ff15f323d9ba08cf6f0def0427402dcef6f905fc5ceaa2dfc93c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194189, "uuid": "1b3c4dc9-fc19-473f-90c8-113a871a0ba5", "comment": "Malware payload (AgentTesla)", "value": "6499978a728de9c3bb1a2783cb49509d70d6e3c5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194189, "uuid": "cc9e30fe-6172-447e-b8d6-48104bd45314", "comment": "Malware payload (AgentTesla)", "value": "84be1784936022722399635a6489e04ccf4c34e22a8645473f40f5aafd9afa97af2126aa48f610aead39327620c7c116", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194189, "uuid": "47fd3365-4740-4753-a26e-4e8ecc545d2a", "value": "T1FFD3A6D2C5804264FD691F34643A6E69427BBFADBDB8FA4DAC49B0627BB31C31035907", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194189, "uuid": "2a611c53-11ca-4d85-9969-8c0766568e5f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194189, "uuid": "e587a03a-2749-439d-8a75-4dc1890f62ed", "value": "1536:ygeFTY3p1ZCkWtmV3D+BmjgYhe4UErmZE47TP8hA47yAMryBULLpk+MWcIKE9VHB:yTbBpUE/hFW/Kl+a/m0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690194189, "uuid": "20ae5663-2ec1-4021-90f9-f797df4e99fe", "value": 140288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690194189, "uuid": "ccbe05f8-75f9-46a9-81f3-f40a8122adf8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194189, "uuid": "67e31a2a-56ef-4288-97b6-62b79b11696a", "value": "Fegaep4502023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9edf93d5-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1690188835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188835, "uuid": "b5c8b2de-3d28-46d5-928f-b5d620b1ab1c", "comment": "Malware payload (QuasarRAT)", "value": "eb7c04d87fa24d5c0689574115a95e95", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188835, "uuid": "999dd999-4cb3-40a7-a0c4-a520ed2c54ea", "comment": "Malware payload (QuasarRAT)", "value": "babe83482f8e7f0183669ae5b87f3341f6ffb7a769ef597825d60e4e45775935", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188835, "uuid": "fe64a33a-c4fb-4234-a58f-b41e881ab120", "comment": "Malware payload (QuasarRAT)", "value": "22cb70d140c739951a02c84cbf1dbcf34eee72a0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188835, "uuid": "12ba68b8-e1b4-44ae-9cd5-3f677fec106d", "comment": "Malware payload (QuasarRAT)", "value": "df194d24be177f802a8632d343a27342b7479c2f58793cae57e662aec542a0d5e967b1c25b95a1eadba9c6867e95ad6c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188835, "uuid": "3c258133-da41-4942-a804-976e0cf7e18e", "value": "T101845A26B3A4D93FD9FD1B36A03207141BB0DD427612E78B6A5876B82DB33864D513E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188835, "uuid": "d1650479-db96-4320-bcb1-4da6e46d47aa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188835, "uuid": "34edad5d-11c6-4143-bf19-31ca7b55e34a", "value": "6144:1bNHXf500MqXUgoveCbZUNW80n/vQtPNfpEXfTc0:xd50HgDix80vQtFfpEXfTc0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188835, "uuid": "7f4f1108-1499-429c-a0d0-1f61ac0024ea", "value": 401408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188835, "uuid": "f6826ba4-39c3-4ddb-ab2f-9b04888fb219", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188835, "uuid": "467a8112-b50e-46b3-9832-8c9ab590c334", "value": "SecurityHealthSystray_1.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb0c3823-2a76-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690240073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240073, "uuid": "68a955b4-7561-448d-bb5a-6aca975ab16f", "comment": "Malware payload", "value": "006d8814fe9e642ecb24e0185c55d533", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240073, "uuid": "257246d2-c58e-46f9-a108-726c5033b734", "comment": "Malware payload", "value": "bb1b201537a114b5de2bc8a8fe53564cd1962caa319b67015a43b27439184572", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240073, "uuid": "a6779d21-5eb7-4efa-a7fd-afc52ca9c859", "comment": "Malware payload", "value": "3bd1949b7602aa253d4fca6af46a7c90daf5dc12", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240073, "uuid": "2bf70dce-6ad7-4c42-bd22-7f55233ffe07", "comment": "Malware payload", "value": "7b2b2793cad385fe1179fe76e3cacb308c551082fa97beb03d5285a3d20362888372c5325914291a161e80fe13a63e80", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240073, "uuid": "80e5320a-f5eb-491c-af47-9c4f8c09ceb8", "value": "T1D6C633505F9A5F7E4A6C873C307F0F1D1B915FC1849DE0EA679079C3229EB82851BC6A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240073, "uuid": "075cd86a-5dca-49c5-9522-6701bd9d8c4a", "value": "49152:KiPwNeY4zGtQ+EabUYPp5Af3GMDbA4w3Po779gQVb+dm/xXUmH0y3QbtXVq2Bdk5:5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690240073, "uuid": "73f8b77b-f838-43b8-8606-920e5fc57069", "value": 12579889, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690240073, "uuid": "ebe4c73d-9db3-4acd-8caa-6fa5fc0ba52e", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240073, "uuid": "cb48ae87-9e0c-41a1-ac34-d91def2552b3", "value": "GoogleAI.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7abe2ed-2a49-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690220767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220767, "uuid": "e6780a7c-b28d-4468-b6ed-e42782a6bc9e", "comment": "Malware payload (Amadey)", "value": "cc157ad8f2fd41e87e5cb52971d74d77", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220767, "uuid": "ce730a3c-7d4e-437e-89df-5cbc284056db", "comment": "Malware payload (Amadey)", "value": "bb1b75ca2b1cf87a535caf84537badae8ea32f9565c45a8eb955002d708cf258", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220767, "uuid": "2c72e029-ddd3-43f6-aeb1-8870ef7d8650", "comment": "Malware payload (Amadey)", "value": "c4a9258d3cc5a1d26fa15351fdef0a0a48f83fd5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220767, "uuid": "90e0fea3-7374-494a-b6de-effe4362d8d2", "comment": "Malware payload (Amadey)", "value": "3d95f236c946e61998c1ed1d9ccd64f268bc4f78cd4169a84408a94b02831b3c8065fb07075c9f7350beabbad2a907f3", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220767, "uuid": "77aa9840-343a-4d79-9903-6d07dd382adc", "value": "T1B0840203A6D98032D9B567B058F617430B397C629D75837F3796A86B1CB36C8A53233B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220767, "uuid": "bb0b9dc9-2634-4bcc-8bde-93a783ecd626", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220767, "uuid": "ca25bb2c-cace-4bdc-87a2-ce30cf7c0494", "value": "12288:BMrey90UmQDIo2b6F8wJN7WgBYC7f2M1KK:/ysaJN71zrd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690220767, "uuid": "332eb871-2f0c-4405-a326-075c12182417", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690220767, "uuid": "0e326a3f-7451-4893-868d-972f26a3c36a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220767, "uuid": "275767a6-cfb1-423b-a385-8bcd7c6c13c5", "value": "cc157ad8f2fd41e87e5cb52971d74d77.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9e9179c-2a3f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690216341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216341, "uuid": "75fbf883-8638-4e59-b97d-d599c4cb291f", "comment": "Malware payload (AgentTesla)", "value": "d4e79d250876161283a2a289c799d796", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216341, "uuid": "7a37f451-6c92-4bb4-a646-a62837357b8b", "comment": "Malware payload (AgentTesla)", "value": "bbdebbc0a19b1fa14c004c43e63f1d887f113de95b44360611d32abe20d9d196", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216341, "uuid": "ed44bd3e-c6c7-45ca-b4c5-5664c02e9ed0", "comment": "Malware payload (AgentTesla)", "value": "8d44edcaf945d9576a195addeb1b1a8efb6513b6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216341, "uuid": "7dad6b9b-4fb9-4352-8b18-2012e8b54803", "comment": "Malware payload (AgentTesla)", "value": "901f57c2fbcfb793f945eb3b4e301c854862990a72f0e0e07031f9dcc1f61e4a32faae15d7e6c787ebf3474325dda653", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216341, "uuid": "390d1ef6-65b0-4b5f-b481-b15228dbfa45", "value": "T1A4C423CAF13F9F1C101F99B9904436CF68F3F3E6BAB22C766666D1918C4AD48D514A0B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216341, "uuid": "4efcf7b2-c7eb-4cbe-9da7-8331e3ac28db", "value": "12288:ToVJQNUEqJiZ+g2jlqLFZuCCEveCMydqwhcNZGqNJtpoIOgrAIE74:bNU3JiZHAlqLFSEvDMySLbJfA/8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690216341, "uuid": "2e0276ec-7887-42e9-9550-f04860e107c6", "value": 556964, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690216341, "uuid": "163d5800-3493-4a89-ba76-96af5d5232bb", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216341, "uuid": "1e5a7bcc-5fb4-4402-aaf8-6eb849491e86", "value": "SOA.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bed0227d-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690212511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212511, "uuid": "dca457b7-6e93-47d9-8714-1d3776059672", "comment": "Malware payload", "value": "9bb08d7b0d97f2935bdbfa920b7ab067", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212511, "uuid": "288a8857-33dc-4357-9eb0-5577c194d7b1", "comment": "Malware payload", "value": "bbefd7817003baeb73fdbe06224f1ee1470c79ee42eb3efb161d3b69d9a21937", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212511, "uuid": "37d66c4c-6ee8-4dbb-932a-de1837dcbdfe", "comment": "Malware payload", "value": "055e48dc6edc6c5a59203e5cf24923fed78861c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212511, "uuid": "c0a1972b-b69a-46bc-b88d-183d50214083", "comment": "Malware payload", "value": "6f1282757446a9c52cdc47d55c5069bf6b32913768099a3a38ffb0c8cf0301d199e8d0a9df3c759687443533312287f2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212511, "uuid": "c439ace4-1455-4e3d-b469-e9c9afb6ff19", "value": "T12ED5DF03B666C6F2E28967B6DDAB9C04C360DA83731FD70B788E23A555433B79C46607", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212511, "uuid": "9a6c52ed-071a-44cd-b58f-96b61dfccf98", "value": "49152:irjqkI9wbOEyCbdaveg5Q7FHo+sbC40fDWJmmZ2kVj8j3m9i:d+OKJo+shoWJZZ2kV4Yi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212511, "uuid": "ec6b3215-fe81-40ba-a8f6-b448f57e49c0", "value": 2874735, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212511, "uuid": "d57f3d85-15ac-4768-917d-104086323fb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212511, "uuid": "277a3b3e-e6e4-4219-adbd-e5dbeec55f03", "value": "9bb08d7b0d97f2935bdbfa920b7ab067.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac712d0a-2a1a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690200454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200454, "uuid": "08ae7fc8-2fda-40f4-abc5-756517454ec8", "comment": "Malware payload", "value": "535ca3e4548df0edc3e1502705a69d7c", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200454, "uuid": "dfded7e9-4c9d-4081-9050-05bde5a7c733", "comment": "Malware payload", "value": "bc609c2ffaeacdf5326cf365f653a7757b75a57ac48053a648bac6d1e8589bc4", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200454, "uuid": "bce47229-c883-4d92-a986-7be3b6966926", "comment": "Malware payload", "value": "921b1d615e9b350b266c61dca46af07b04c3db5f", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200454, "uuid": "2b1ebace-0fc4-466f-aaa8-7326516b3fb8", "comment": "Malware payload", "value": "23246e9d3ced75f5a8ec1fe12fdb2d0000f6e6dfdeb6bc526e6a5be5ff75a71e212153a7277e050484449606fb376ee2", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200454, "uuid": "e35af19e-e550-4ba0-8897-d5fd992fcf7e", "value": "T1ECD1313AC931BCD4871D360063251C5F21A8690BD3B34E78CA152CB63D72BA2EF55E8C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200454, "uuid": "ee07f8d6-725f-453e-b174-c3e2bc71a35e", "value": "96:UPtdTMRdlwZ7u0w33p3QNNBwTVWJu6ZMmvsLzp3kWTQvMP4PulREVz:UPtlMi5w3ZcXwTKMmvibQulmz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690200454, "uuid": "ec558ca4-2889-432b-bc88-e2b43075ee92", "value": 6743, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690200454, "uuid": "ca323f7d-309a-4c02-add7-c719138eeed4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200454, "uuid": "3f8e117a-3dd7-4ec3-951b-3755221da802", "value": "b0813250b3b1ddd718787da42d51a7a46bb614b730f513d1d5962dae8b97e330.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b39b8f62-2a0d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690194883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194883, "uuid": "3dcfa83b-c6df-4010-8b67-3d18d4a80ce8", "comment": "Malware payload", "value": "b17b70f6578e1cf2874db386412e6d4f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194883, "uuid": "aac616e9-8d35-4c3d-bb5e-2ec5709d0b7a", "comment": "Malware payload", "value": "bcdf70b8d085d9d7a3f08fc0117bfcde6a383e092afd95b3fcda6903f7398f0c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194883, "uuid": "d93a6c82-05c1-4b7b-88f2-eda5130c4c35", "comment": "Malware payload", "value": "10ace52bbe620d1dfcf83ac5f41e7ca7590b35f9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194883, "uuid": "5e6d4617-09a9-4a23-ab0e-21c5041ce002", "comment": "Malware payload", "value": "30a2f8aac5f9180bdef0b5fec57f1dad376cc40e936d7537a6a0d5431a3f164466302ddaa59c5c7ce0b3d6c1d0e19656", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194883, "uuid": "17c382b1-a837-4e12-8727-ac536bc8e758", "value": "T18DF3CF9CF3E6A06FDAE145FE49160C7CA7626E280211EBAA264537D74FBB3001DD1793", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194883, "uuid": "fb7fd30b-5ee7-4955-8c23-7dc5550bc58d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194883, "uuid": "145125fb-9a15-4df6-8c9f-58755ed0ac80", "value": "1536:obs0BUHQ9polbJXBrqZ6z4lPaSZz4wKqIsVByHQ9polbJXBrqZ6zRlNx1t:oUHQ9o/OgzenZbKqIoyHQ9o/Ogz9/t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690194883, "uuid": "1343d4b2-1dbf-4fad-a866-762396bbda83", "value": 162304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690194883, "uuid": "26376931-fcde-4310-8ea0-1247489cb9b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194883, "uuid": "39a2e851-d4b7-4c9d-900b-1bea0e890b48", "value": "b17b70f6578e1cf2874db386412e6d4f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5168558c-29fc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690187416, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187416, "uuid": "58d9ba2c-586c-446f-9bab-a3b7adb54b79", "comment": "Malware payload (RedLineStealer)", "value": "816076faff66eafc591d1e30ad0d9328", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187416, "uuid": "c8e5f2fe-1baa-4670-8eb9-2268012c65b0", "comment": "Malware payload (RedLineStealer)", "value": "bd91c778c4c5c9666667f5a829f288c648f7161f7c9f991adbe08d35fb55fe3e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187416, "uuid": "df501440-dceb-4b2c-9c8d-8921812f53fd", "comment": "Malware payload (RedLineStealer)", "value": "26d9c1124d1cf019c7c4313c2b337574bd1e894e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187416, "uuid": "5dd8a5f9-bace-4516-8a31-39b8faeef464", "comment": "Malware payload (RedLineStealer)", "value": "d034c601824dd79badce33a391da55ee72dc2f58a8b42891aaab25c7a664b60ddd39423d0baec9fd29b2b656905cd7ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187416, "uuid": "ca813b8e-d4b2-40b4-8aff-2fa08500943b", "value": "T1D474E12272E0C073F6A745304534C6A11BBBB862577582CF37A82B3E5E316C19EB9396", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187416, "uuid": "4008601f-7c6e-471e-b879-be410eb04a62", "value": "795d5374158688612616ccbdb5ba25ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187416, "uuid": "1ee5b9b7-a01b-439c-b1c0-e3addb38ffdb", "value": "6144:Z/kdvE9kEWBktOipHMl96umVzB1bmIBxt7:hkxMkEWIC96FzuI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690187416, "uuid": "be4cb9fb-1b11-4f64-9027-89af233135f6", "value": 356864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690187416, "uuid": "e034d15a-d064-4ec0-8f47-2e00e71a8949", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187416, "uuid": "7d292a81-ed75-45cf-b71d-4e83dc1fecdb", "value": "816076faff66eafc591d1e30ad0d9328.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41744191-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690211441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211441, "uuid": "9095680b-a82d-4419-a8c5-724e40117201", "comment": "Malware payload (Amadey)", "value": "e3fec917258dabf077d02d4cfd66873e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211441, "uuid": "fd87bcbd-05b3-4ebf-a9d7-41ad7aee0f60", "comment": "Malware payload (Amadey)", "value": "bdb8992baf17184eb345c37ca99a22dab75efba3cf71312563db18eb3ed9004d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211441, "uuid": "9cfa8f84-001b-4ba3-9ae0-0d44ca106ee6", "comment": "Malware payload (Amadey)", "value": "493ec589dd2463d86ad07880990214f7b18babde", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211441, "uuid": "74bae7b7-5936-4206-af98-9f220352f3cf", "comment": "Malware payload (Amadey)", "value": "f4f3c6078273a781ebc3dc6f6fb7bb629adac69f7d6876e9307b2ffac099bec2cf67b4a68007912f0db79789adfac311", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211441, "uuid": "ec610008-93c8-4f6b-b9ba-501019c5481f", "value": "T145840203B7E94072DAB4577058FA03D30F39BDB29978936B2355A95E0CB3A84A53173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211441, "uuid": "3bdfcd31-e1b5-444b-ab6e-bf85bc120437", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211441, "uuid": "131385e6-01c3-49cc-929f-3e0699309a4b", "value": "12288:GMr0y90jquSiDGApHWnmH8vBBwlxSv1kj5:WyCyUHWnmHeGlxSNkd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211441, "uuid": "c57270e3-c581-4dee-8e3a-0afcd60659c5", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211441, "uuid": "3ec2f69a-0fa8-4416-ae21-913cb09f4f40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211441, "uuid": "8b208ae0-5696-4e57-b8a6-a9abec0757bd", "value": "e3fec917258dabf077d02d4cfd66873e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da9ac3ba-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SparkRAT)", "timestamp": 1690203108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203108, "uuid": "418ac1b1-f4f8-4b59-9d6e-7b6c458a3871", "comment": "Malware payload (SparkRAT)", "value": "2e66189aa1b6fd345a9c13124844ebbc", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SparkRAT", "colour": "#D15709", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203108, "uuid": "e8fdb986-74f2-4d33-b9ed-b16b350292b7", "comment": "Malware payload (SparkRAT)", "value": "bdee4edbe7adf842b519a47d964e64b219700b2ba1d7faf4b899e34bd63006b7", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SparkRAT", "colour": "#D15709", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203108, "uuid": "f6d1d848-b6fa-4197-ad1f-beef1c1964ba", "comment": "Malware payload (SparkRAT)", "value": "24fca1baaad8cda35ec9ffee0fe4aee0d8ad69a4", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SparkRAT", "colour": "#D15709", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203108, "uuid": "acd6f2e9-9904-41c6-9531-9b218180f117", "comment": "Malware payload (SparkRAT)", "value": "70b1dfdb96adc085c6559cacb0cc71737fac5b1aaf4404e079aedde7215cbde083aa2696244c9376da006e4c47855513", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SparkRAT", "colour": "#D15709", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203108, "uuid": "0f4a0fb7-a29c-44b3-b72a-92bdfa570808", "value": "T10186BE55B6F844E9D0BAC135C5968A4BE7F278410B36C7CF40901AAE2F376E10D2EB76", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203108, "uuid": "9db234d8-31dd-4522-8916-03c8fe87b3d1", "value": "838dd9fbdbb409224ad0e13122a109ae", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203108, "uuid": "10ae7345-f793-4eb0-955c-32acb8b0b531", "value": "98304:4CPL/ezqAMdGUFI6wJ1cak9pnNhtxVHeI30CPFCxfM30pkN7Ij5giDHX:4gL/ezTgA1LkNH+g0zxML7mR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203108, "uuid": "726394bb-d8d0-44b5-99b3-5f0721748306", "value": 8565675, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203108, "uuid": "3e9be164-081a-4bf8-a8fb-063fa2ec9bc4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203108, "uuid": "27e2bd83-2089-4626-ab7e-f02442428862", "value": "2e66189aa1b6fd345a9c13124844ebbc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d215076c-29f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690183337, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183337, "uuid": "5f3b75de-f9e6-4cdb-a3ae-26626b2ded02", "comment": "Malware payload (AgentTesla)", "value": "f134939179796e63c8b4d2661245ae14", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183337, "uuid": "aee88aca-8487-4ef1-9353-917e71cf39c0", "comment": "Malware payload (AgentTesla)", "value": "be08d59fe9c584775010f3e124ea215090155226843d685c622e5c6b6fa3f029", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183337, "uuid": "c095bacd-4eb9-4ee0-b5b3-d31167f38c3a", "comment": "Malware payload (AgentTesla)", "value": "c56fe2dfc04549821c8515544e760f20f2533713", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183337, "uuid": "f6267fb2-781a-4a02-944b-610a99189ee7", "comment": "Malware payload (AgentTesla)", "value": "01b6296092b3ea4094c055af0335a50a606bf41463d8c3c2cdfe23112f67403c6c51c1cc3bd3ffed9acd1f4b789ed5e5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183337, "uuid": "9760b090-9d06-4d88-883a-18bd57565e13", "value": "T1CFE4239FD8B6536BA3BC30632E09D4CACDF16E0A69C5CD760573D2085346AD93BC63A4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183337, "uuid": "5f35d4ec-1336-4861-9684-74542f481a0b", "value": "12288:/7GW3POe95GWr+005ml5bghpJQAnG5YQV7e5o8aJz1+bhQz+MJoMt1rQ:jGW3Ge95+fTmAng7+9aJ1+9Qz+WltK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183337, "uuid": "d300b355-258e-46cb-bf3c-5c0af1d68a58", "value": 677293, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183337, "uuid": "a27d7ea9-dd1d-4f20-b8e3-ca3628423eae", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183337, "uuid": "d03e5b2a-bf5e-40e8-87d7-74971024b352", "value": "overdue invoices 502133 500410.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55a1790c-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690178834, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178834, "uuid": "1238f5dd-f8ce-44bb-80db-85b513772812", "comment": "Malware payload (Formbook)", "value": "26b58fd2244ac1215488d6c01cc8e120", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178834, "uuid": "1ffe4293-af03-41c6-9b50-c4571e9ebbaa", "comment": "Malware payload (Formbook)", "value": "be2475ea44f278e69a3ac0e3c4e159011d3e44fd79630ea44318c67fae703a2a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178834, "uuid": "9f92ebb6-1872-40c3-9995-4cef8816dc2d", "comment": "Malware payload (Formbook)", "value": "8bc0834c3571159b593db235af349a950818ab34", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178834, "uuid": "fe8327df-ca3a-4080-b1e5-ff84c54dc3d4", "comment": "Malware payload (Formbook)", "value": "687f8339965c40a937bd18542759143b8641c6c8612d22aa09389ae78ed815b3879331db2adfd5a6f7249a2ea3e7bb9e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178834, "uuid": "6cfabeb0-e2a3-4ef7-a766-1dd80c9e500c", "value": "T187F4239A336E5D13E2D9BCB44AA0D142237291546533C3CDCDF261851EA1FC1FE62AEB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178834, "uuid": "ba2d1321-2395-4a66-8cf7-eccb99098f57", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178834, "uuid": "36dadfb3-0b3f-4f6b-828e-4597d814766b", "value": "12288:ipvJRBusy9R8Lmlxj0KynKq8/zJmiczDokskJ6KBH0lPC6A:oFupaL2jBy2/1misUfkl1sP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178834, "uuid": "a50f22ec-a7d8-464a-90f7-9e64a60732ae", "value": 777728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178834, "uuid": "f376da96-3d0e-46e5-b43a-81b47f5eec24", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178834, "uuid": "a1b0bf91-6083-4698-b39f-fd0a6bd45f5b", "value": "Service Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03ff41a3-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690178697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178697, "uuid": "158a71d5-4b7c-429c-85c4-781e81cc971c", "comment": "Malware payload (SnakeKeylogger)", "value": "968464de1211c31c5b5ccb38e4518064", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178697, "uuid": "f2839127-712c-4bb8-b109-188b75d2c0a8", "comment": "Malware payload (SnakeKeylogger)", "value": "bf878bdaca7addc4bc5eec571e4b47f1664aeef31e7a26353578dee39598e254", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178697, "uuid": "55771fa2-cd5e-4ba2-a726-eb8172594551", "comment": "Malware payload (SnakeKeylogger)", "value": "5ab8d63c20ef2848714d6a07f53f3f9505571c36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178697, "uuid": "52645134-86e6-45d2-9ed8-93efafe0098e", "comment": "Malware payload (SnakeKeylogger)", "value": "e6b6cd056751f8076f7dbbf754b9e0fecdb5f84377c49d0efa4e0d0590706e1a6e5c5c205563b152120af79627993914", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178697, "uuid": "378375d6-82e4-4a85-a2fe-9bb77be6ab5c", "value": "T16605F0112BA54812D357A9BA4D61D03403A6AF337C26DE599CF03C9B3EF9B40AAD31D6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178697, "uuid": "d3a06eb0-7a53-40e6-9ede-e1e5dadf545c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178697, "uuid": "29a224db-b517-4f3d-a285-7dd495f5b60a", "value": "12288:aXvJRBusyon2niOrNwp1ejXGyleagkN9dkaSjCnUtmvZOf:OFukJeNwvuHbRkRCnUtm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178697, "uuid": "0214b73d-9894-4678-a079-606cb2578d4d", "value": 799744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178697, "uuid": "da1fdad6-408c-46c2-b2c7-af839efbcb51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178697, "uuid": "c541361a-b39c-4cb0-b348-1ec1c97d74c3", "value": "E-DEKONT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bbf2f6c7-29e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690178146, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178146, "uuid": "5215213e-2a30-49f5-ad4b-b804b6acf946", "comment": "Malware payload (SnakeKeylogger)", "value": "23aeba7c72e48fc924fe15557f9798ac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178146, "uuid": "31c7267f-f83f-4bd9-b8c9-3678150341ff", "comment": "Malware payload (SnakeKeylogger)", "value": "bf9c13ceedaedb3e048c1d1a0814e3b59b89d118d53dbca3c84c32ce5445625d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178146, "uuid": "29d95682-40c0-4279-9b68-fef2be0e60e4", "comment": "Malware payload (SnakeKeylogger)", "value": "8c7d80f24d052b1262310dc6a36e0f6e99377d23", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178146, "uuid": "431cffb0-0464-4791-aee7-afbdee4d74e8", "comment": "Malware payload (SnakeKeylogger)", "value": "b55a9abdaefa8b38a085023a67470bc0f8c0db619b1f5b56cea11f6f1af1fb1dd1722ffcf4364e4e659227e4ce383e73", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178146, "uuid": "b548e181-bbf3-479d-b1b0-c48d6e6fa378", "value": "T1DCD3181D2BF88800E5FF897306B16111C77AFC52192BDE1D46D2F9192B7C6908E1AFA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178146, "uuid": "a2f5d15d-2935-4ab0-af21-9be011f8fb33", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178146, "uuid": "8a0a1852-d52b-4472-9a64-0cc2094e6abd", "value": "3072:9w1/iasc0uNi3zDmRpSb7H1mcMfBINBgbY:EiLu+eSbMONab", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178146, "uuid": "81acbfab-fabf-4c5b-8591-4dc7cef115af", "value": 130560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178146, "uuid": "ab400f30-bb8f-41f4-9750-b48b2ac9a512", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178146, "uuid": "6b2d7cb7-5c18-4f58-8e9f-10fa75f0d5a3", "value": "23aeba7c72e48fc924fe15557f9798ac.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb3c402f-2a18-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690199700, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199700, "uuid": "84dd6ac1-07a3-4564-971a-e3e68ee2b1f2", "comment": "Malware payload", "value": "625734e1a494b306ed9c33f47633b490", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199700, "uuid": "bedd36ea-b8e8-4e97-8a6a-0ca2ac0d1472", "comment": "Malware payload", "value": "bfdd9f7a1a094d73ab0285ef37e5cffbcb3565512b1653e9cf6a6e7741408f3c", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199700, "uuid": "8e252461-12d2-49b2-9be8-214218954cc7", "comment": "Malware payload", "value": "94ccc79f3d2afc8a882548285ac5d92d17e81f96", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690199700, "uuid": "7abf3ea6-8579-4ee8-9403-781d54a4a7c1", "comment": "Malware payload", "value": "d2e3aeb308077de1c0f2081fadbe6e81d6c24f5433e351ab6412b07ca16db7cec0922b5f27b621668f917c19503723fd", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "certutil", "colour": "#887975", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199700, "uuid": "ea511879-ac5a-4484-a10d-890a9f98d6df", "value": "T199352AF076D077D70F75690DB3CE40B23D64B457F0EDAD86228D0E1E928429999BBEA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199700, "uuid": "dfa6c6f5-e9c0-4ed3-b5f2-cff58df3ef42", "value": "24576:PSpfx3OctEHie/kpn4TAseop33HFAH/YLDEAXWqdf88Ko4aqVC3:SZo4m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690199700, "uuid": "ad49f32e-00a8-482f-a4dd-1179592b9d85", "value": 1081922, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690199700, "uuid": "580f85bb-eda1-464e-b0bf-0e943d5a41e9", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690199700, "uuid": "18fe7c1f-8817-49df-9aa6-cc3664fe2efc", "value": "iaglexihtfeijgkzldcyrjejfxepjiryrcxhzljzeupgjpdflp", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8afaaef2-2a4b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690221443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221443, "uuid": "96cc27ff-bc26-4702-9dcb-3e7e4c505f6a", "comment": "Malware payload", "value": "437a962795a5ec17081cdce42b87c9e2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.UAC", "colour": "#865D52", "exportable": true, "hide_tag": false }, { "name": "Heracles", "colour": "#5A9737", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221443, "uuid": "b4643d5f-faeb-4039-9931-e4f4288b0603", "comment": "Malware payload", "value": "bffb966441a21d68e96c062244f70a21c0c7e36fd3b4c2136cae56676719f2ba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.UAC", "colour": "#865D52", "exportable": true, "hide_tag": false }, { "name": "Heracles", "colour": "#5A9737", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221443, "uuid": "76f1d665-d8f8-4534-8d51-f1de9b79c8d7", "comment": "Malware payload", "value": "2762bc6ff70371ad7a25b2e64092ca58b498b91b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.UAC", "colour": "#865D52", "exportable": true, "hide_tag": false }, { "name": "Heracles", "colour": "#5A9737", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690221443, "uuid": "e58a7f58-f067-4c93-bc0e-86c576630a7d", "comment": "Malware payload", "value": "30b100c45e1d1cf2e85fa858d60eee894ab67911eaea0000200ed541fc4829f923660da93cb76fe8be95a0e43a76b680", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "exploit", "colour": "#F98DCA", "exportable": true, "hide_tag": false }, { "name": "Exploit.UAC", "colour": "#865D52", "exportable": true, "hide_tag": false }, { "name": "Heracles", "colour": "#5A9737", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221443, "uuid": "03442228-a73f-4b72-b7b3-899f9a01d8a9", "value": "T1E5C4800063F84644F6F72F2569BA5865CE777D96AE39CE4D41186C8E04BEA40CDA2F33", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221443, "uuid": "df38a005-c4fd-4b4e-9451-c69cc9ba9b79", "value": "6144:gNCxKhrFoVcx+0AEddgDDgpVtZI5lZP26axHU++4bVqnpCPLKPhbfgws:gNzl+V5wqgpHZI5lB14bVACT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690221443, "uuid": "1a4c5b8b-a6cc-4ca7-924b-b8652bd257a2", "value": 568320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690221443, "uuid": "97b72e56-d4e8-4e98-b15a-97664d002483", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690221443, "uuid": "051b213d-239b-4136-a54f-177df04d4d75", "value": "Discord rat.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d893471e-2a0d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690194945, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194945, "uuid": "bf2f9ae8-50e1-49b9-be27-115cd20023d3", "comment": "Malware payload (Formbook)", "value": "e2246579529a1952f96daee4f23444f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194945, "uuid": "255882b5-f16f-4bdc-86fa-81d143d9c134", "comment": "Malware payload (Formbook)", "value": "c0bd2ff7157746e5ca7b325696c5c2d8c4258b205fe8789763d4a923e012c986", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194945, "uuid": "81e1b646-770c-4ee9-a1b4-32ad87d9ce73", "comment": "Malware payload (Formbook)", "value": "14a8ad3e6f6bd3e2a550fd2078ec5b9e45405b7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690194945, "uuid": "b83514be-179a-4262-b413-a8044f16b41b", "comment": "Malware payload (Formbook)", "value": "2a77bb73e73378c3f6eedfe92154eb8272ef9b1c331b668d7364a4148b2ac0be33ade0e19d554c6d8bf9148d92a130b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194945, "uuid": "d3a87e90-8386-4680-9af0-acc0ccc7f3ee", "value": "T162F412A137A9EF12E1B8BFF4966012280332A0555837C38C4EF520D65D66FC5AB52FE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194945, "uuid": "38625668-e23f-4092-aea1-8bb75696c4ca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194945, "uuid": "b71e19c0-1fee-400c-aa90-2db7d49fd39a", "value": "12288:Q/vJRBusygfSxzaF/i8ANrtlqknW963iDMWDYWa0NbH+4R:4FuMfSxzaI8ANikW9tMW7Hz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690194945, "uuid": "bdfe66b4-c191-416d-ba8a-d03d17d184d0", "value": 780288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690194945, "uuid": "07e05bb8-2c64-4694-9c9c-e8121a092d19", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690194945, "uuid": "ca3cf223-099b-4834-9487-28b13e7caa7c", "value": "SecuriteInfo.com.Win32.PWSX-gen.20601.30349", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed4854cd-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690211300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211300, "uuid": "6de0ce4c-158c-4c3b-a27c-4f7e98b2a4b2", "comment": "Malware payload (SnakeKeylogger)", "value": "061ac186f76ada23cd5f1e63f3d79e96", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211300, "uuid": "c96caff8-33ea-409e-86a5-262e16a37f47", "comment": "Malware payload (SnakeKeylogger)", "value": "c0c428b426807845b68963e8440d98e5e0a5833d6485315d29f4f5d4c98fc22e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211300, "uuid": "78c3dfb2-b098-4846-bd4f-664479599af5", "comment": "Malware payload (SnakeKeylogger)", "value": "01c2f17d70df75e89261d95ca9d7525572b1480d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211300, "uuid": "055c46db-2c55-42a2-bc81-e426253fe2d8", "comment": "Malware payload (SnakeKeylogger)", "value": "1525b1c506d6c96027acec18cf4b8f9a21d1fec8a111889afb2a339552383c2c1c67c4fbc17452cde5dc3017ca31f875", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211300, "uuid": "3f645b1c-29d8-4691-b8d8-07a3819ec043", "value": "T1C3E4126637B6AB12E2FDBBF55260012503B1A9642877D78C0EF530CA0D63F953E91AD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211300, "uuid": "08dea8a6-9933-4943-8fee-8389818a911a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211300, "uuid": "c7f0c09a-8e94-46cd-92e6-c7f1514df0b8", "value": "12288:jwvJRBusyY6aK4emSiH4Xz/JGQzAPH92Xu8ICOGeL2d:uFusRK4DS7Xz2FKIm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211300, "uuid": "5222eedc-e522-45d3-b61e-0ba059326bed", "value": 718336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211300, "uuid": "2d25a87e-0bd1-4ac7-b68e-e8d951fa4f4d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211300, "uuid": "e22f946b-cc5f-4921-b6d8-833cc61effd4", "value": "TKSC231059600.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65fd36b4-2a13-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690197329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197329, "uuid": "50b87b2e-1cf1-441b-80f4-dedadf29d89c", "comment": "Malware payload (AgentTesla)", "value": "61164d302be2d714b5e252c246e4d49d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197329, "uuid": "99292e52-ac1a-4622-a560-e57c0e16bd9c", "comment": "Malware payload (AgentTesla)", "value": "c0fcad9ddeff65354abef66d0d0ff63091aa7a090e7b281514956367d9bcde40", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197329, "uuid": "23fd7da0-54e7-413b-a9e6-75595067171f", "comment": "Malware payload (AgentTesla)", "value": "6c68231aa4ffddd6e623e28812c684b089c37675", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197329, "uuid": "90b0cc3c-b17d-4253-8e7d-aeb87c8a9eef", "comment": "Malware payload (AgentTesla)", "value": "22db3bcdd5c3c6e55ec82ad4180d125c4084b77b6713d635bae4438b9d76864f13686c84c7321e167be2cecd876ddac6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197329, "uuid": "9067a4d2-a16f-4ac7-a6d1-7a4bde7f6247", "value": "T1A105277239DEF886E28CD37D212EED046B6AF4129212A1DF84056EC9574BA49F447C3F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197329, "uuid": "f33fb879-1aa7-4de9-9e19-8fcf6c2de990", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197329, "uuid": "5fbdccbd-1492-45fd-8fb9-71e8c7d5d5ea", "value": "12288:36zq9GE2injp5ELH7Sj5ybEIetkmqHxt7OKjnid:GqYrKuNukpt7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690197329, "uuid": "e1e91f9e-807a-47cd-88cb-b1163cf5558f", "value": 863232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690197329, "uuid": "af602d9f-fa23-42b8-911b-c038417c1c51", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197329, "uuid": "375eb5a2-a4e5-45a2-be93-b0b3ab460c25", "value": "rQUOTEPR009583_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "236d6a33-2a11-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690196359, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196359, "uuid": "4a592982-ed73-4514-a012-42304a77d0d1", "comment": "Malware payload", "value": "5a055cdd10b1e9781a6c0940a0fa3404", "object_relation": "md5", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196359, "uuid": "5aaa979a-cd20-4915-b4db-56e631af7b4b", "comment": "Malware payload", "value": "c1290b6740600c80533b4e8f8172f15ca4b3d6d4faab96b56912782a98ac5518", "object_relation": "sha256", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196359, "uuid": "d56257bd-ed06-4b8e-8c2e-fb80a63204fe", "comment": "Malware payload", "value": "0bce9d6f000d2d42c45108ba013c9107c4254cb4", "object_relation": "sha1", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690196359, "uuid": "c303ae0b-6515-4ff8-a58a-102faadfb2b7", "comment": "Malware payload", "value": "ab3ce7e25112b16e9c1b47a41688a680da9b747c9613201477b3b4c2773d052e543a49afb18a630538d41a2311361a67", "object_relation": "sha3-384", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196359, "uuid": "c8c8dd40-c290-4329-b114-06a6f6ab1cee", "value": "T1AD528D44C1718488FC9202756D3B7E04A56B3ADB49CE76CA0B3DEF8895D592236E3DE2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196359, "uuid": "442b2072-8c70-4616-b798-e1b7472cf4f7", "value": "192:1WULiJSnUHrd9GMa4+RNSVG+1baSUnlr3LIXQlqPfpEJm7kUX:1WU+JAUrdAMZZG+1bKtL0eqPxSoN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690196359, "uuid": "2c9f654a-1856-4d73-9e48-32d58e371c74", "value": 13624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690196359, "uuid": "1e852d73-9b3d-4b04-8201-08afd360be8b", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690196359, "uuid": "0008dd25-2736-45a4-b544-56ef401ecbd9", "value": "Zahlung_Deutshe Bank_bestellung0008903749100000402800076883.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "489bb5c4-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690178812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178812, "uuid": "44c05c8f-b758-46a7-8479-700483402565", "comment": "Malware payload (Formbook)", "value": "3491394f7e0e56e25541ad3540386711", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178812, "uuid": "b3f85912-2a54-4bc4-b7a2-c4de2b98656b", "comment": "Malware payload (Formbook)", "value": "c12c8b215ea70724d05e814efd6d317d96477e8c2cb36d48be2f9b8de14b2b60", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178812, "uuid": "51cc145a-54d1-4017-8d12-6288a1c8affd", "comment": "Malware payload (Formbook)", "value": "0df5c246885a5193ce3597be79adf7be8b67c62a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178812, "uuid": "1fbf2c8b-cb2b-4566-a4b9-96563161833c", "comment": "Malware payload (Formbook)", "value": "9c30de27006a59699471d757d1f8015633b338688ead22ae1724fd490d04862f549419922964a686a1e56b3516572a14", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178812, "uuid": "af003227-5138-415d-bf97-0446758a4b50", "value": "T162F4126537A92E23F3ACBDF48694940503716A123413D3CDDEB320896EA57D0FE61AE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178812, "uuid": "9c31cba0-a9bc-41ea-ac27-f4c70402755a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178812, "uuid": "a123d9c1-7981-44f2-86f2-cec4e33c60c2", "value": "12288:bgvJRBusyQA5cx9akC/7y0yMD9gkRGHeQT24w/Lkh1si5sTPbK+vSn+X7/VVBy:uFuMfxPSy0yL841sD++S+X7/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178812, "uuid": "81f51bc2-cd87-44c8-b757-b1c5d9437787", "value": 763904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178812, "uuid": "26197ac0-3ced-4cac-9105-f6cbe0f3b2a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178812, "uuid": "a9399fd1-7469-43cc-a63b-d1a85b2b5910", "value": "PO_YNS 5933.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "adc9ade9-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1690212482, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212482, "uuid": "af993786-149b-4cae-a553-072eb1076217", "comment": "Malware payload (GCleaner)", "value": "9aed607675e8ae6b2967ebd5c4163b6d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212482, "uuid": "2ad916b4-6d69-47bf-af58-3a44158b1570", "comment": "Malware payload (GCleaner)", "value": "c18c40e0845c0ba6f062acf027aa3b1f7129c55f99ff780b3f1df06785ddd664", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212482, "uuid": "e93d3adc-347c-47e7-a1c6-91457896797c", "comment": "Malware payload (GCleaner)", "value": "5a09366d1658d3e0e2553bb0f2a5b17f5e3d65d8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212482, "uuid": "4d4d6ece-9f5f-4c5b-874a-f19552d28427", "comment": "Malware payload (GCleaner)", "value": "1bcc05dd5e29607dc8045118784d3c72c927a30c696cf2c7515b3b3b7215754eddbf70c747f7043107758b9e8bfd0a6b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212482, "uuid": "04bc754e-ec52-471b-9eb7-d9e21a9eacfa", "value": "T1E684C01362D0B832E937D6318E3AC6E4366EF5610F69769B23282A3F1D713E1D572741", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212482, "uuid": "2b2d5319-d35b-4d61-a269-5720535f7985", "value": "bda7163eeb2431f046ba687ba9a660d5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212482, "uuid": "33c68d24-a2a5-4862-a9ea-a7a8e05cecc8", "value": "6144:PVfVahD6pFpg03/IMfwY/4bPIEnv1sPieEIvrXUqWMSGhAcAA:tf8x6pc6/b4AkPIEdsPie1wqWhc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212482, "uuid": "2d84ee2c-1f0e-4e61-b435-3b21cf70ef8a", "value": 374784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212482, "uuid": "4d880a3a-dfec-4044-85c3-15fac1466856", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212482, "uuid": "d3a2b365-2c03-451d-8ff9-68ad29dcedc3", "value": "9aed607675e8ae6b2967ebd5c4163b6d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43d7f904-2a7b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690241940, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241940, "uuid": "f8d7ebab-7a36-49ea-9e40-0253208d942a", "comment": "Malware payload (AgentTesla)", "value": "8489af14cb4b3990b317499253790cff", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241940, "uuid": "7e55c835-4dde-407a-a8d9-ae24469dbe43", "comment": "Malware payload (AgentTesla)", "value": "c2e1339f4e84b13995199131887d14b7584f507215d55a6901c217ef2e97bc46", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241940, "uuid": "508a5b55-6e57-46f5-a6e7-86e309747002", "comment": "Malware payload (AgentTesla)", "value": "76cbeb5a339e702a3e51113b9dd5886b71c5a9d8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241940, "uuid": "5519a2cf-7898-4256-95e9-77369b9b1832", "comment": "Malware payload (AgentTesla)", "value": "641615b7dda3ec1ebba760355b1ac7498b76a5a26d9a4a92ca85a69f534cac7f396f834f213fab683dc121b7ce6a4793", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690241940, "uuid": "e2fd4d6e-90ec-4b67-a14f-c286ee5b2167", "value": "T1F4F2EE9D322072DFC857C072DEA82D64EA5478BB471B4207A06725EEEE6C997CF150F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690241940, "uuid": "9959d5ff-620e-474a-be1c-61813ea73cc1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690241940, "uuid": "b3389a57-dcb4-4f6c-a1ed-f14d6aca89ce", "value": "384:i53WwsXhShnHl+JtBU9wE6GNv7SCqySzT54srkGj+/PSd835srXSM:iIP2nF+JtC9T9FSCqySJXQO+/EdrXS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690241940, "uuid": "e7dedf05-da67-4362-96e0-a54deb976772", "value": 37376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690241940, "uuid": "4a7a37a8-b739-455d-838f-c879951608ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690241940, "uuid": "8971e5b8-eaa4-4169-a507-c41b3bb9e0cf", "value": "SecuriteInfo.com.Win32.PWSX-gen.5706.29402", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ac79c6d-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1690187727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187727, "uuid": "09d0a27e-a591-4f55-85a9-f9d7644ae98c", "comment": "Malware payload (AZORult)", "value": "378a116f101fb411de129d3af85bf106", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187727, "uuid": "0054ec0a-070a-4701-8e44-4b46bee00d20", "comment": "Malware payload (AZORult)", "value": "c38606758c66572a12b14f0fff37d2d708cfb7aded6fffe4516f1691f56690c6", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187727, "uuid": "14f3477d-9b6a-4356-903b-731c978b0d70", "comment": "Malware payload (AZORult)", "value": "0ff2171c509a1b38884506db5fa818fbc7fd2598", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187727, "uuid": "8bb599e3-5476-4aee-a044-cfc6450e53ce", "comment": "Malware payload (AZORult)", "value": "98837c9d2fe5a18d5377da9129ff74fab75d272e911d6db2282293831b53216202fe7e9317a8ae2bc93227b29d71e68e", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187727, "uuid": "a341f633-6367-423d-b26a-ec29c8fa318d", "value": "T17814129A7350D0B7D16A0335463D5E97ABFE9605A185EB0723805E8B7A333E3C32F252", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187727, "uuid": "3b65e9f7-d680-4e14-a19c-6908fc8e9e44", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187727, "uuid": "68bc0d2c-474c-4a5a-b762-2486631e23d9", "value": "3072:nwDijpS4DbYcr8bwSWTflo18YrJRrgNTFPjTd8gYVddfGl6IJ3yY7gemkYA:nFPe9WTfl/yRrwjC5fGlB3y0ge3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690187727, "uuid": "71387154-83fa-4119-af95-d7639a64bc97", "value": 194477, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690187727, "uuid": "faf3bee2-6b1a-45fe-bdbb-8d21250b59bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187727, "uuid": "a7fb4ed1-5d45-4b19-b0db-16d876e2ce99", "value": "RFQ644612.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df26252b-29f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690183359, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183359, "uuid": "d0dce250-586d-406f-a822-3b4806c92309", "comment": "Malware payload", "value": "433d09c1d13d189f6c2d944e035efc19", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183359, "uuid": "c231535e-8ee4-4458-a725-45b2c648fb22", "comment": "Malware payload", "value": "c4158c4984b8d48b4838cf961f77471b4ddb4c9ff7da2ebc7719829958ac582b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183359, "uuid": "87fc2e7a-8ae9-46b3-9763-00bd20a0c4b9", "comment": "Malware payload", "value": "69c3ee5e58a88115b55420c3cca3bfb5be6c6436", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183359, "uuid": "e001c0b0-2f09-495e-beb6-34f1d3f7c773", "comment": "Malware payload", "value": "758e085b83c87a405f77f0b512f33bbb84052aa79942337a320ffa25f247d215386a0ba62a94776a2e0ffc42300fb13a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183359, "uuid": "50b1113b-a99e-4767-bfb5-1bc27893fcf7", "value": "T173967C8BB8918A53C5E42637A8BE80C433675EB9978766576D04FE3C3BBE19C1E35304", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183359, "uuid": "3813dbf3-e42e-436d-99b4-72adecba5a60", "value": "98304:fa5ht9QFTMnB3R/IKeePIfAJViDMovzJPN7jIoh5gK5Owwn8lDnRE:fa5JxpJeETJwvzJF7xwn8lja", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183359, "uuid": "50a6b698-f77a-401c-b294-b3a6451b4db9", "value": 9034597, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183359, "uuid": "fae38aa1-f80d-4b4b-a4b9-9bccc02b5048", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183359, "uuid": "f0a6f494-892b-4a60-a887-4dd0e01eaf15", "value": "433d09c1d13d189f6c2d944e035efc19", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "482998ff-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211453, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211453, "uuid": "58019b23-2fca-427c-9f73-c1aef19ad421", "comment": "Malware payload (RedLineStealer)", "value": "c9e16a70570d264962eab05f5e018d2b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211453, "uuid": "2aed0275-ee7d-419d-a806-01ec105fe58a", "comment": "Malware payload (RedLineStealer)", "value": "c52613e3099f1cef0cd3bcdf1732504e56300c127fe150816bb30c845eeea620", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211453, "uuid": "23acc668-1014-4f86-a94b-b794e395c2fe", "comment": "Malware payload (RedLineStealer)", "value": "c12fb649e2d1fabb94bb02a131fc9cf18da95472", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211453, "uuid": "94dbf944-a9c1-41ea-bd47-3391f3bd61f5", "comment": "Malware payload (RedLineStealer)", "value": "1aba42da36ec1b43ab7918d236f0bef074cda26bf69eb7cf8942e5d8efea41a7796267ce19c67c00199ce680881b21c0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211453, "uuid": "67f466b7-0b49-41e0-aa94-b6d311e95286", "value": "T1CC840143BAE85537D87627706CFA02D30B35BDA1483453AB6789685F0C732D8A93277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211453, "uuid": "b2706982-c735-49f8-b2f8-2bc82d2817fc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211453, "uuid": "b01b96e7-37f2-4c12-8ff2-d615dc3e98e4", "value": "6144:K4y+bnr+Tp0yN90QELC3T1doXbYpEzEzIn8B0iD++Tox67+RAyhsuft0Sq:wMr3y90JOPzmiD+YJ7oEuftDq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211453, "uuid": "3ab98a75-8188-4997-804e-5d92c1f402ab", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211453, "uuid": "f93890a8-b018-48ba-ba23-ecf6d0cc025c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211453, "uuid": "d41c03e4-2227-4821-aa28-d259a47272d8", "value": "c52613e3099f1cef0cd3bcdf1732504e56300c127fe15.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a589f448-29c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690165224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165224, "uuid": "98524b6b-5303-4d85-96f9-4cb0ab351cd2", "comment": "Malware payload", "value": "6365639bb8dc5d1914e3e3ab0e14e235", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165224, "uuid": "4064e2fd-2518-4fb2-a88a-b0ef59b2e064", "comment": "Malware payload", "value": "c528a0ff3c23402f2e9e0e63c70019d4b5c6e62d0c6b65a36d651d4bf6446474", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165224, "uuid": "b5a223bb-db99-4c80-a944-68afa35128af", "comment": "Malware payload", "value": "a54514962154a50f94926029182256a7e7e1ee74", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690165224, "uuid": "5d43f360-0f2d-4ae9-acdb-250327d6559d", "comment": "Malware payload", "value": "61a1bc18242cd6b0c93f8f9a41bc1b2741b5d3a1f13478b1e698bdb0902f309ce3f8c11a1b0db5e9697b35748de98dba", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "stalkerware", "colour": "#D7AE0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165224, "uuid": "caefe180-82b5-472c-b33e-ceb7936f3070", "value": "T13C16F143F348992FD5B7C1360ABB0736A1964C068B43D7573A58B26C6EB7AC05F85BC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165224, "uuid": "2ea00a92-cde3-40db-b8a8-3fa7b940410f", "value": "98304:Od2D01YVe3FrHY/ScUfdenTQ9WGqo2iePdlKAqr:82UYs3xHSnvTWNo34", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690165224, "uuid": "632e48a7-7e4e-4e9c-ade1-c78cf3d91a5c", "value": 4209867, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690165224, "uuid": "0e7bf2d0-5589-430d-9a55-49971e51d6ed", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690165224, "uuid": "169ee853-a4f8-4a3f-8c93-222677b3f786", "value": ".apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c902ef20-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690212528, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212528, "uuid": "b6fa7c98-2d7e-45f4-9838-53057d8f31ce", "comment": "Malware payload (AgentTesla)", "value": "ea3bccaa995da1234bafc89c2768fce0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212528, "uuid": "d58d97e7-6647-49ea-9eda-0e4731490d8d", "comment": "Malware payload (AgentTesla)", "value": "c558594449951e47d10c610b0c328a08d69f86dc964448766cab0d69987e0000", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212528, "uuid": "58222eda-1802-4f7e-b71e-2b63549a0785", "comment": "Malware payload (AgentTesla)", "value": "774d40e8b82d5db487622ff74397765c1cfb8266", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212528, "uuid": "f0668bb4-ccde-46ea-ba15-b9eabb414088", "comment": "Malware payload (AgentTesla)", "value": "308cefd9fb5b174b8a6e081c85882ebc06a116926ccd49451b084e9d96f8d1e3c714bac10eef8ce3e8f95bfe581a6b1e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212528, "uuid": "2005eb4a-1da9-4d25-bc40-a46689df082e", "value": "T1A3C2D05C878F40A1CF416337532A9E8812FCB67EB75591B2B49C873037AEC2E05695BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212528, "uuid": "e817f845-8247-41bd-9529-30fc40147848", "value": "384:PWRbJA/q3/fig7BZav9rl1DKA+gM9XOFlq9h23qzS8fbwI8lx:PWtJUUD7zav71D5nMT23qGIex", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212528, "uuid": "2e213231-4071-49d5-8893-881f4bc53d7f", "value": 25954, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212528, "uuid": "5d3c1b1e-f4dc-4737-9a25-134f4a9595e5", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212528, "uuid": "396df956-9395-4c13-80b7-5e83e8b909a7", "value": "ea3bccaa995da1234bafc89c2768fce0.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad2722df-29c4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690163519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690163519, "uuid": "f63c9cd7-4c4e-4874-a5c8-d805e45732a7", "comment": "Malware payload", "value": "e18f4cb9c7423eeb73987a7262ed09f1", "object_relation": "md5", "Tag": [ { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690163519, "uuid": "dea46497-6deb-437b-a237-7e2c4e3d02a1", "comment": "Malware payload", "value": "c580eaf3eea342256f20b770ac7b885588592f284a669bc07b2a02047fadac96", "object_relation": "sha256", "Tag": [ { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690163519, "uuid": "80aa969f-3387-4e4f-aa78-670cc848332d", "comment": "Malware payload", "value": "0d00955ba66b84ed4e325b49937713ab375208c1", "object_relation": "sha1", "Tag": [ { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690163519, "uuid": "67384ae6-7cf2-40d9-b3c3-d66934315f5a", "comment": "Malware payload", "value": "0538aed30f967ee5e53741423a5b5ba9761e9cdd341e91b3b76a352bbd5fe7158e3d885b2c531cb176649c872d58c5b7", "object_relation": "sha3-384", "Tag": [ { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690163519, "uuid": "4d40e80c-d684-4a7d-88e2-1ed5dcbb64e1", "value": "T12CA63395E86FB2A6D24D9B9CD30952910332DD122E0CFD7A1B783CBCF52DD150E4B9A8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690163519, "uuid": "d8d40079-a06a-406c-ba71-23a5c8552389", "value": "196608:Hv0sO9ukSzC+2NzZyrIQgmjXDB1vH/pztlhy247bhLmWX4m4zfkX:q4h52NqgmjX91vBtlU24fUtm4zfkX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690163519, "uuid": "972c6bfe-f07e-4878-981c-57a01d2f6195", "value": 9737990, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690163519, "uuid": "eaeeb331-dc6f-460e-abca-9bec7e6542a4", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690163519, "uuid": "ffef6da8-6e1c-4153-8d74-72f265807479", "value": "Sales Shopify.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59b816a0-2a08-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1690192584, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690192584, "uuid": "a0556516-5151-4801-ac18-fa383dbf34dc", "comment": "Malware payload (StrelaStealer)", "value": "678da0cf59e2846307debb1557dcbbf2", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690192584, "uuid": "a18a9a51-8b86-4a4e-944b-c74fa37b8879", "comment": "Malware payload (StrelaStealer)", "value": "c58d18845d6169c9bcb4b28dcadcbdfdfb8d718ee742e068a370d39ff81bbd01", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690192584, "uuid": "d20fd7a2-e243-4813-8a34-c241661f74e5", "comment": "Malware payload (StrelaStealer)", "value": "8c8c8ad2d369ba2b51e90b8a62e06bdc481e9732", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690192584, "uuid": "96debf1c-461d-461c-96ac-d626b06d1b6e", "comment": "Malware payload (StrelaStealer)", "value": "f3ed282732238c4533b97ede2d075b2fad441689f73c0d8631670f785d9b29f6c09a3842bdc80ef24527c8e056c39583", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690192584, "uuid": "5b9250c8-18e1-4d74-9538-889ee805d5ca", "value": "T1E23519F476D077D70FB6294DB3CE41B23D54B847F0EDAE85268D0D1E928439988EAE60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690192584, "uuid": "f7ce2f67-e185-4fe7-bae2-eeea83cd3ff4", "value": "24576:PSpfx3OctEHie/kpn4TAseop33HFAH/YLDEAXWqdf88Ko4aqVCz:SZo4U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690192584, "uuid": "5ba93262-1cbd-4364-8f75-8cdc6d8689a5", "value": 1122722, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690192584, "uuid": "98f481a6-a22d-43ed-8597-ff3b75760b98", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690192584, "uuid": "d98359f5-d2e2-4508-bbea-af57db770d3e", "value": "PDF1542913427526.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97f5026b-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690211157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211157, "uuid": "8bd90d6f-a7a2-4c6d-b43e-b9537e1da5b1", "comment": "Malware payload (Amadey)", "value": "042f4f084d3eee792e1a121f81ce2be6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211157, "uuid": "5d5f83f7-8e2c-4b0a-9718-b57830575a51", "comment": "Malware payload (Amadey)", "value": "c5a0e1f7732f36c6c3b515af41f59c39807b4147342f638ab1d0ce3d6c725476", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211157, "uuid": "2f61eda0-1148-42c8-aaa4-a81611f0eea9", "comment": "Malware payload (Amadey)", "value": "4307c9d47cf506a4538cbeb59c7f7680f34d80ad", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211157, "uuid": "f70f8192-63ee-4012-b31d-ecaf532797bd", "comment": "Malware payload (Amadey)", "value": "6abfcbd5b7adb7a3b96d4daac9e8efa032a0a074552451161872460f6cb670a8d58dc64fe1c6da96d47f1edc0ccff546", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211157, "uuid": "82940106-25bb-44ad-bdd0-2359278c1041", "value": "T1A1B40253A6E9C033D8B9573158F703C30B32BCB19DB0965E2685AC6A0C73795A83977B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211157, "uuid": "119d9f04-4e93-4839-8ce5-6d8630c3ac03", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211157, "uuid": "6ee55c08-a0e9-4cae-b0a0-245d05c54df6", "value": "12288:+MrRy90qhHcDbEeiWPJfokO2yXLCsh6EZsc8:nyA4NwokOFPh6EZsf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211157, "uuid": "90fb7aca-c6fe-4910-a9b9-5ad3cc257354", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211157, "uuid": "7baa6f20-aee3-406a-b64e-422e2d486a2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211157, "uuid": "3e1142e1-1f56-413d-8d16-59faf6a3f1e8", "value": "042f4f084d3eee792e1a121f81ce2be6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92cb5390-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (FormBook)", "timestamp": 1690184090, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184090, "uuid": "a79bf3c7-4792-4f49-979a-48447e5523f6", "comment": "Malware payload (FormBook)", "value": "ba8534b97e394249fdbfed013eae852c", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184090, "uuid": "d72c4df3-592a-4cf2-9348-4a86b6498263", "comment": "Malware payload (FormBook)", "value": "c655a9035e1f9ee5d55f78511de8189130fbbebb613f34de1c1a823e2bb351a4", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184090, "uuid": "bb85cc61-99c0-4fae-87c6-f9ac0c814bd1", "comment": "Malware payload (FormBook)", "value": "fc9710660eacaba1ee5403855edf79956958d3e8", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184090, "uuid": "a6d8022c-4da4-4ad7-8912-4b94ea5b8f0e", "comment": "Malware payload (FormBook)", "value": "0f08ba64b6a1f5d5fc1f64bafbc85d98df1af648d9014270b315f801424f3df65a9f5b15985f3468eea7c3d4620270d0", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xz", "colour": "#B4E6FB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184090, "uuid": "e0fd8ab9-8217-49a0-a579-7dfa5613d08e", "value": "T1AE742309B26AE0FDFC36379C7CDE00CA6DC5105C32E01DDB9AB6875243A850BAD95A27", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184090, "uuid": "638608f6-8422-4dbc-8969-a5eb404e40a1", "value": "6144:78N/1UP/RUUYaEIjiZdVnqGRllZxwHH8UaPWYmR6Jzo3sgtl+:78NGP/RUEWVnqGRllfUcUyWN6Jzo3sgi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690184090, "uuid": "bb0c1a24-84cc-45d4-a4c1-c04d52442688", "value": 341204, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690184090, "uuid": "dce7b7d1-1e14-4cac-aa5a-cc1c3f27317d", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184090, "uuid": "bf9cdac0-2f79-4f2c-8978-de17baeac513", "value": "\u0633\u0641\u0627\u0631\u0634 \u062e\u0631\u06cc\u062f pdf.exe.xz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da919af2-29f8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690185929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185929, "uuid": "071c1daf-aeea-4b0e-89d6-73d6965a5fd1", "comment": "Malware payload (Formbook)", "value": "31332915ea2a23d649e1ccb1c15c6a1c", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185929, "uuid": "b9c50ad5-0d86-43f9-8590-ffa583476d70", "comment": "Malware payload (Formbook)", "value": "c69955cc5536c486d1e243b7d4f4e365ba043f72dcab8d202645a566615dbe75", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185929, "uuid": "b33485f5-fcee-4c7b-a91f-fa0efb4a32ec", "comment": "Malware payload (Formbook)", "value": "fd0891a653654ed62e2cf775acb0dfabbadf9e9e", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690185929, "uuid": "9d90f96e-eb09-4320-be71-1a93644eeb8a", "comment": "Malware payload (Formbook)", "value": "d022fa834e8cfb7222261b81ceaa8415ed382774016623998d90be937026f28e06bb21b2f591102b58b77dc238481902", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185929, "uuid": "0dae5b36-2d16-4de4-aa79-7db252b737bd", "value": "T1FB237C5EE78F02698F411277531A1E8996BCB23EB35151B138AC933433EDC3E46669BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185929, "uuid": "be18cf26-2fbc-425b-bf44-38b2030aefe7", "value": "768:7Fx0XaIsnPRIa4fwJMh4x622Ie432Mw8UOWOb4btSw3oY3Hv2wJc22:7f0Xvx3EMex32i32/OWxbtSwvHv2wJl2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690185929, "uuid": "f11583fd-c0a5-4738-8156-9888d7b78631", "value": 47010, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690185929, "uuid": "4e29e657-7ddd-4879-b8f7-fd7e390091d6", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690185929, "uuid": "6fe58727-611d-4dd0-92ac-6161a22ba6c9", "value": "31332915ea2a23d649e1ccb1c15c6a1c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42c5ed85-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178802, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178802, "uuid": "61de76fd-74d8-43d9-af2b-3cbba6863dcb", "comment": "Malware payload (AgentTesla)", "value": "4817a754a0934ddd74efee3363ff9de0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178802, "uuid": "41803d1c-c54f-40bd-aae4-052331b918fb", "comment": "Malware payload (AgentTesla)", "value": "c6dc183e0a2208e4a95bbed33b18f8ec0fac159bc5aab10490df7d2dd78026b4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178802, "uuid": "de415ed7-1595-4510-a855-e6cc07d78130", "comment": "Malware payload (AgentTesla)", "value": "4c3e0107c4c4a17830de8662279abdf97d95836b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178802, "uuid": "1bfb6bf8-fbc6-4c08-920b-69d9905a69b0", "comment": "Malware payload (AgentTesla)", "value": "9dec6ca343af0d6f755e1eb692e150c548761a44e8c0110a0c041b55ac57a0121085c2b93051a0bf5f95e32a194349b1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178802, "uuid": "2ec89ec9-df5c-475d-8f78-94aec51904a1", "value": "T1ED05239133AA5C03E2CAFDB942A4D55453B235122917D3CCDDB2208AAEA5F81FF119E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178802, "uuid": "35c2bfac-19d0-485b-9527-da06e85d7f26", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178802, "uuid": "dcdb4f5a-26cc-44b2-8b90-4ad3a05630bc", "value": "12288:+bvJRBusycwVMRlx7q9rQrvAbPvPQb25hBLU5UkJq1yBVUmFi6+Wbmoy:iFu4wCP7gDvPQb25vYTb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178802, "uuid": "7e7a7803-60d1-4670-8bcf-8e3cf387aea9", "value": 829440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178802, "uuid": "781ff470-8c3f-4fdd-b761-41233541830f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178802, "uuid": "a824ef48-a808-4ceb-bffe-431cd157fb97", "value": "Scan-23072023.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d8cd308-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690183974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183974, "uuid": "2a454645-77d7-4634-9f8a-9ae44a022db3", "comment": "Malware payload (AgentTesla)", "value": "b5031a3b9900afba4eb4ea374f587b47", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183974, "uuid": "4b27da4e-743e-442e-89e9-a59fed861e98", "comment": "Malware payload (AgentTesla)", "value": "c74e96e8638b99967b247d81ecb7272b44a73603dea296d9e6b9fffc7549d66c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183974, "uuid": "3959c9c4-3432-475d-8586-3d00f78e9866", "comment": "Malware payload (AgentTesla)", "value": "ec3ca152ce3dcbb17e73edbf762bc1da200e6760", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183974, "uuid": "48121c4b-9efd-4035-b6e1-62dbd37d97df", "comment": "Malware payload (AgentTesla)", "value": "aafbfe8d9dce7e90c6481be0e38cc100de10bccd6e78f5015f6cb4b51bc4c98271fa03249de573885b33d5143179441d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183974, "uuid": "fe963978-cbf8-4f0c-b43e-b422fac859c8", "value": "T1ED6412116B90D5AAE1708D3035BF6E6B06FCAE2836D4AD458B901DDDFC21DE2C70E627", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183974, "uuid": "04e2d740-1816-4f1f-adea-d089a5952db5", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183974, "uuid": "00134049-65c6-42d7-80bd-ba4a14ea7c80", "value": "6144:lVGdx6xKzuj2CsnIktypGDhuEaWXtm2DWwE/dc5aZtJY:bjj27tymhZnESP2wa+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183974, "uuid": "45bf2c29-b2b1-4848-a35d-f764dc02a2d0", "value": 319976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183974, "uuid": "517e3c53-54aa-4a36-a500-df2481a33e6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183974, "uuid": "259cee80-d31b-4e7f-af08-6afeca05f15f", "value": "\u00daJ RENDEL\u00c9S a kon-trade-t\u0151l.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe56f184-29eb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690180405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180405, "uuid": "bff83f30-8d6a-4d8c-9c7e-f10a13e31c60", "comment": "Malware payload (AgentTesla)", "value": "10d7cfe140b1d9812d8eba062e608256", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180405, "uuid": "67bcdd9a-0533-40c1-a0d2-aee44fbbb912", "comment": "Malware payload (AgentTesla)", "value": "c862a9f00f17344698bdcab4fe7465b1206382c3c77407507d79e895629f4aea", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180405, "uuid": "3eb84da5-e6a2-4064-a721-fd57bfcdc112", "comment": "Malware payload (AgentTesla)", "value": "990b9fd71b0867db5bce972e4b79bb67234122aa", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180405, "uuid": "c177d419-6cbc-4d4b-a329-712730c75ce0", "comment": "Malware payload (AgentTesla)", "value": "2bbacf35231b9c6c22d19be9b9730eecab9e7e337af525347536b30e1bfe838fb8ee555603ca854877a9c578bb6a8a69", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180405, "uuid": "d00608ad-e1fd-4457-87e7-4176507ba851", "value": "T10844123233A448ABE67307B01EB95E2BDEC1452411D4624BB7C4CFE979715E5BC8A2E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180405, "uuid": "0dd348ef-a3f2-4dab-a6ba-cfb394a338ed", "value": "ea4e67a31ace1a72683a99b80cf37830", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180405, "uuid": "7f3f648a-312f-4573-bb04-7f34020dfddf", "value": "6144:xPXJqmGNYw3H1lAPa65hMuZNQmt8wQ67BIH4/K:nqmeFlAPa65hZNQq8wQES", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180405, "uuid": "9aed62b7-09fc-4cc1-9f8a-60ff8310be57", "value": 255560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180405, "uuid": "f54247b1-6722-4b54-af2a-e9d7e9fab2b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180405, "uuid": "2c66f265-cff3-4d53-bf94-e66293276902", "value": "10d7cfe140b1d9812d8eba062e608256", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3fd9208-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690212546, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212546, "uuid": "002b50f3-281e-4d7d-9631-037a2bea57a1", "comment": "Malware payload (Formbook)", "value": "90098f1344688dd290aff40381e8e56f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212546, "uuid": "cb789aa4-2b11-4ff9-8d10-97047f5abb6b", "comment": "Malware payload (Formbook)", "value": "c8761aac733416ea826d721768139fb0cd965dd0ddb39be05874bbef5969498b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212546, "uuid": "526eaeff-4869-4d51-b74b-2589a8df30e4", "comment": "Malware payload (Formbook)", "value": "e5ba0b04ebca63b4b86217465436138e02619186", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212546, "uuid": "a5cae543-24f2-483b-bfc1-ba6de861b5fb", "comment": "Malware payload (Formbook)", "value": "8df07a09127ad06959de2da0f2793f19be7f1c8623a31f9042568631b1a7de1c29ee86d6af3f1eaeed99b1182f0e616e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212546, "uuid": "eef28409-f5ee-484f-9281-9d862f108ba7", "value": "T12BF412253779AB56D1B8BBF1D6A0500543B2A5982833E34C4DF530DB5E22FC1AB90BE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212546, "uuid": "e456f7f3-7343-4452-9d46-785e3d969793", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212546, "uuid": "b79c19e7-729c-44ca-95cb-9eba33e707ad", "value": "12288:h1vJRBusyW935rTrc+Uqv9bYxjv3TOTaXXckvLGW2FQ6ahuIle:fFuK9ZGqFUxjyMAeTne", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212546, "uuid": "5e966aa2-cb7e-40cd-877e-6704c884da8f", "value": 777216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212546, "uuid": "11994a78-cf86-4086-8c56-662e0ad546b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212546, "uuid": "996375b7-abac-4098-b6cf-d686bffdb238", "value": "90098f1344688dd290aff40381e8e56f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "292fd3a2-2a39-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690213548, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213548, "uuid": "3dd1dc91-7272-4855-8866-401747fa491f", "comment": "Malware payload (RedLineStealer)", "value": "dee993b1fbaf699d7684956289c87ec6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213548, "uuid": "633dc65a-424d-4662-b7ec-82b3978807a1", "comment": "Malware payload (RedLineStealer)", "value": "c99ca7ad0a296551cbdd72605a7a129a84121199d1467b02e9d3a8ce4b63d647", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213548, "uuid": "27cbd2e5-3383-417f-8b48-21f417f045e3", "comment": "Malware payload (RedLineStealer)", "value": "3047fa50379a4a76b575487c5334b2d55876c80d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213548, "uuid": "ad664357-55f5-4c76-a1ea-9ff6555d3d16", "comment": "Malware payload (RedLineStealer)", "value": "4885d07a1715dec92b9375675105f78b4193392bfdcb34479e913b4f84f8a28e6216b0e48ba9dc2b7491108ae5eae687", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213548, "uuid": "f5d8dbf8-0dcd-4558-b256-97bb80c0427a", "value": "T1DD840213E7D89472E8B52B7068F703D31A357D969978872F2741A95A0CB36C0A87273F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213548, "uuid": "97b9b786-c3d1-4d37-aa6e-7553a27525e3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213548, "uuid": "c4efe482-abf0-4f66-87ed-b50f736545cb", "value": "12288:RMrqy90Z9vOlYakl+bi69UgBYCst05Yk:vy6vOlY9UVz7Yk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690213548, "uuid": "07837aee-7e4d-4b5b-a2a5-66a0d20e5eb2", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690213548, "uuid": "46cb88dd-d138-40b7-861c-f906d1bd6eb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213548, "uuid": "b9c07db0-9203-46fa-a1ab-6925a2fa33ca", "value": "dee993b1fbaf699d7684956289c87ec6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75fb7d50-2a46-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690219261, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219261, "uuid": "cbd41e16-8ea0-4bb7-ae41-037f293cb752", "comment": "Malware payload (Amadey)", "value": "8d9f50dddc97c8ce2ae9115adeb783e2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219261, "uuid": "914f599b-6b86-4652-8c8d-a8766cb8019a", "comment": "Malware payload (Amadey)", "value": "c9e8906af43272de9d9ebabebfdfc83b9d195283c5fa61ddc8feeae1a3b52b62", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219261, "uuid": "95775f97-1b6f-42cd-b2f2-0771449df634", "comment": "Malware payload (Amadey)", "value": "d43e432fed0fbe3f11721b524254e62650d5dd21", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219261, "uuid": "89f4d687-e6f4-4602-85fd-8913cc0af4e4", "comment": "Malware payload (Amadey)", "value": "d2d15ffcb7d2f6947520e94dd10ac27bb3da4e0e504818fad769eb84d990c42761fc57bbd4d131252379c16ffb14ab45", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219261, "uuid": "5970b68f-6654-4817-9ceb-99827d17eb40", "value": "T17E840213E7E85072D8761B7028F646830B377DA5997843AB238B5E6B0DB3AC0A075777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219261, "uuid": "7312dbce-ef1f-4908-9724-1de6774aabb4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219261, "uuid": "eb2108ef-8594-4096-a1a5-70ade03265c8", "value": "6144:K2y+bnr+Mp0yN90QECGWGP5zmiBSMhOpHmoIOgAokQjGH+:yMrMy90kGl/hOp3okHH+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690219261, "uuid": "121c24b8-73f2-474d-b054-149efd3a44d4", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690219261, "uuid": "aecfc66b-b46a-4937-9d3d-3b14afe39e89", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219261, "uuid": "1c851c0b-e899-4126-88c8-a926aec1051e", "value": "8d9f50dddc97c8ce2ae9115adeb783e2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8aed3bbb-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690211135, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211135, "uuid": "7f25da28-5eec-429d-89fa-f3247952fd54", "comment": "Malware payload (Amadey)", "value": "7075cff066a9940d82aa2796bed452bc", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211135, "uuid": "da5ae348-b16f-44af-9582-8390e01ff7b3", "comment": "Malware payload (Amadey)", "value": "c9fb478c9ce54c6cccdcc74ee6466390384d2060f9659ef728198889ec461cc5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211135, "uuid": "e6c61969-4d88-42ea-b286-d36c6875dcad", "comment": "Malware payload (Amadey)", "value": "8180eb8eda3191b0bbdb445dda7ea3830a345f7c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211135, "uuid": "1ddcd040-8ffd-4135-9803-ff08027fb4c9", "comment": "Malware payload (Amadey)", "value": "2ec38b634c7d761608eb17738ebc0f68f820947c2647648c96b30ff7ec2932b4cfe7986d87258b2bf6fe73d778a79afd", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211135, "uuid": "899fd04c-5a8a-4224-ab45-b50c127fea9f", "value": "T10A84F153A7D88072DDB5277058FB02D30B36BC625D78836A3656A84E1CF32C4A93277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211135, "uuid": "c59fe4b6-f388-4b73-aa1a-0ec895df8e5f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211135, "uuid": "42fb0dd7-6266-4422-a174-bdc14fa6d308", "value": "6144:KOy+bnr+fp0yN90QE5InyDpBzv0sokqp1vC1po24TW8gBZ+t4JDLzKIbMfvVz:aMrny90HpBGxr+pojTPgBYCJvzKcMJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211135, "uuid": "b10d2821-5da6-4d07-adcf-74826f6a1754", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211135, "uuid": "6255bfed-f1b6-47c4-a141-fdae79b17d32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211135, "uuid": "55101205-9464-4c15-b895-e7a2e6a27d5d", "value": "7075cff066a9940d82aa2796bed452bc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7010744b-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690212379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212379, "uuid": "021667d9-e1f5-4fe7-ad81-50c49ba7426f", "comment": "Malware payload", "value": "a94b437f0e3f94d1b6427002d137d927", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212379, "uuid": "b81b4aa0-cd53-4052-ae13-dcd27803eb94", "comment": "Malware payload", "value": "ca11d0fef6aad8481e038660b5ad9b8be14614b46be2a624e630b446749d581f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212379, "uuid": "0c2f0c90-8097-47b1-b2dd-9cf7d7fe5ef1", "comment": "Malware payload", "value": "2bd679e0d49c1dec51c44f86ac935c810dd96f8b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212379, "uuid": "6c03636e-dc66-4e29-90b6-2dded7d0a82a", "comment": "Malware payload", "value": "40b0a5a8727d8b17bc8c14fc5b3a529f446726ef4f66c533b667cb9273de7888c0047c24cb277ea9e5b5cc480f43d61d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212379, "uuid": "67b6803c-93d1-4cce-9a0f-3ed5335161c4", "value": "T117C53387B6C5C0F4E8917770564B6A265EB25E3C1B1471EB7BC0B6368EBA5C3073B209", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212379, "uuid": "eb6ddf43-1b23-40e9-bf98-b7394cb05400", "value": "f6baa5eaa8231d4fe8e922a2e6d240ea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212379, "uuid": "c60a0efe-69d1-4d04-a215-1def0056eb97", "value": "49152:TL5KUwaTWL9sRQfUjL+qeszb9+0XEutvlMEcB+BEuGMtAMTHyXICnJ0sqo:TL5KQTI9CQsjL+qeG8sNvluUBFxGDn6s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212379, "uuid": "5165e179-7853-42ce-a289-46cf820ad7be", "value": 2676392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212379, "uuid": "6c8e7c36-075a-458e-968c-72370b42a2a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212379, "uuid": "7042f977-dd8b-486d-8691-ca174e26fea0", "value": "a94b437f0e3f94d1b6427002d137d927.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42edbdc4-2a50-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690223470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223470, "uuid": "872d9b32-2bf2-4fc8-81db-127399a01d44", "comment": "Malware payload (Amadey)", "value": "b7d7375159cfb1023d0b030673cb2dd9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223470, "uuid": "50d09a7f-71c2-4e09-b45f-d416f0bafbb6", "comment": "Malware payload (Amadey)", "value": "ca31fe4883da26936cd6bb7981347589ee0f4463716d7c7c1694ebac3db5ae2b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223470, "uuid": "ccf6c706-9cb8-421f-803d-cef8ef87ffdf", "comment": "Malware payload (Amadey)", "value": "b47e88ed98310512e0df60f0556fe7d44be7bc43", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223470, "uuid": "12ba1029-c2d9-466b-84a6-533f3329a1f3", "comment": "Malware payload (Amadey)", "value": "3a557fe4f624b9e91d291758c11ae7742f2a23913091ca312e4c11e5dda24e3cbc147a843cf54f96bcb2a93e0f0f1b9b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223470, "uuid": "58acfe17-237d-444d-81e2-071ada5afb69", "value": "T12E840102F7D98432EDB427B01CF607830B35BDA1AC78537B2786995A0DB26E4A47173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223470, "uuid": "c80fb95c-e695-4dcd-96e9-67d5877e5cc6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223470, "uuid": "29cce621-3bb7-424f-9e71-ba0450de5446", "value": "6144:KBy+bnr+op0yN90QElbW4ijRHY6C0ZZziW4gOQSOkfMSnEIgBZ+t4lDWvcYiFn7b:vMrIy90K9j1iW4bN/gBYClkAR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690223470, "uuid": "43f9756f-1a07-4f6c-952f-af9b9615d3bc", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690223470, "uuid": "8024a03e-b29d-41d4-90ef-2d91c36183c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223470, "uuid": "30aef822-71bc-4d53-a5d8-bf744fbdc0ba", "value": "b7d7375159cfb1023d0b030673cb2dd9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fe13649-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690188810, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188810, "uuid": "3fb5839c-032f-40cf-9399-abaf120bc402", "comment": "Malware payload (XWorm)", "value": "880bbdcc5b810bddd7b0abbda2c4efed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188810, "uuid": "b496ec3e-1436-46c6-8c03-6491352a790f", "comment": "Malware payload (XWorm)", "value": "ca5fa5b9b8550bda2e2b04a007d710c10aff654b2c24aab0aa2b5bbf67eaabb2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188810, "uuid": "47b3f26c-608a-4eb0-a23f-2fd61db728c1", "comment": "Malware payload (XWorm)", "value": "37894f80e216e04e0779c35d9c8e0be651df3524", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188810, "uuid": "d0aa9f3f-ebbf-483a-af56-53bf52d96d4b", "comment": "Malware payload (XWorm)", "value": "d85331b6faac6c2346e96b12147fdfddc563f7e6ccc9fbb4cd2851a4731e801565b3756b5469dd8c8baea232d41466b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188810, "uuid": "6b7691ea-8cff-4086-8a16-8c1cb1a7614d", "value": "T115E25B487BE18322D5FE5FF52DB2E1050275E5078A23DB9F1CDC89AA7B636C246013E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188810, "uuid": "8cbb226f-4021-473a-b271-33d9abebec74", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188810, "uuid": "eb981e6e-80ed-412e-8b17-b6f82bcb765e", "value": "384:v4sYMqC1y0O9/89I3/qjk8LlMwDs2ETIi9FR+gtFqBLTiZw/WNCvK9IkVuT7pxOS:UC95/ldeP9FZFr9Rk7/Ojhl/3vW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188810, "uuid": "ba5e21e7-d262-4920-90e8-4420457e2f1a", "value": 32256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188810, "uuid": "974117c0-6ab5-456a-92a1-52c92eca17f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188810, "uuid": "7ab03cbc-1996-4077-8857-9cc3b65ab6d1", "value": "LastTest.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "057d8a45-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690211341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211341, "uuid": "a1944471-b20f-4adf-b5c9-a9d6b3f8b60c", "comment": "Malware payload", "value": "c7feee4698e4d22fead87c243d9cb8ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211341, "uuid": "9683796a-851a-4f31-ae28-6f9736c8d7ac", "comment": "Malware payload", "value": "caa7643ffed1f6042896a2df3c799613bd323193fdfb8da5683832e369494da7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211341, "uuid": "23f06b1a-696e-444e-add1-0970027ec2ab", "comment": "Malware payload", "value": "c3e7b4fe28519adc5f7a8924ced7b5c25a8f034f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211341, "uuid": "51c56c69-c3d1-4e99-b14d-a22772a82ff7", "comment": "Malware payload", "value": "49a1538eaca4ffdf0573a2ced2ee7432ae43c0cd1ee403a7a27872d371a576f2316121f971a7cd17a63d7a613b7ec671", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211341, "uuid": "7dfb1c0d-1555-4cf2-8f0e-8148d2975ab7", "value": "T1C836332A5C36D489D7CADDB9D2E4803C19298FFE5E00A843C6387D5DBAF5785313AA43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211341, "uuid": "1d91f091-781b-48c0-a3ab-ea30436024cc", "value": "a94549878c259a0f21633bf9ee3fa800", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211341, "uuid": "92127f5f-47b0-4dcd-9275-0fcb24a66b90", "value": "49152:3X7rf/f93D7jDwRpQF5AbLB/1eY+1K1BKbkKjWd2rMei6B:n7bVLD8pm5A3PeY+4sbkzdQPB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211341, "uuid": "972a3fb5-6655-48b3-8b8c-bce8a01a509a", "value": 5186895, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211341, "uuid": "946cbe2e-255e-4609-a12f-ba48590de9b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211341, "uuid": "d91a0741-905a-4b4a-8a24-4e466c4adc78", "value": "c7feee4698e4d22fead87c243d9cb8ad.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc199abb-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1690178683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178683, "uuid": "83e57214-69cd-4d0e-8af4-f026ca2f57f4", "comment": "Malware payload (Loki)", "value": "58c3dfafa8e9a07c4bb8db72416893df", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178683, "uuid": "76f972ca-807e-469d-bdf7-6a1f76877739", "comment": "Malware payload (Loki)", "value": "cabcb0bfd5b86be43f98e9ea8dcb92e8ef87d1c98e326b2effa2d39482bb882a", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178683, "uuid": "2e91d41f-addd-45e2-905a-735d2e296b9e", "comment": "Malware payload (Loki)", "value": "99280e017f7a13f9574edc7967404f2c9dff1505", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178683, "uuid": "2e3741f1-542a-41d2-885c-69398804dd0a", "comment": "Malware payload (Loki)", "value": "e3e4022fda57ec488ffa9008a0db700985c5acf804dd78ca13b60cbd84381519ff17000a7f4d242afc2a9cc192965089", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178683, "uuid": "637b9ae3-564d-492e-87d6-3fd233134665", "value": "T18AE412A9372A5D13E1AABDB89694210613B592243D23D3DECCF620C95EA17C1FF027D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178683, "uuid": "939bd972-12e7-4b2c-a813-4586f049f8ee", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178683, "uuid": "914ca6b2-8c3e-4bcb-ad11-de0e99a67d7c", "value": "12288:MEevJRBusyXxuqPpgLc9JpIQEzR5Jj0Arh9bp/Q7XdRd/en:SFuVuqPpgYkzjxZlp4jdRde", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178683, "uuid": "43061d69-7dec-4f28-a8a5-e2b6beb08091", "value": 671744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178683, "uuid": "7c59a534-9342-4563-b415-8e103535a6d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178683, "uuid": "92700f53-1766-4213-b8da-9690e9c3bdb0", "value": "DHL Invoice_#UTJU11GTKE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58e6ca5d-29ea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690179698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179698, "uuid": "47f395de-1e8d-42f6-9e9c-967730d1dc51", "comment": "Malware payload (Formbook)", "value": "7ce31d9618954e00c6bec70b3e78aaea", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179698, "uuid": "8fc21129-6518-4030-9ad6-72a4974f30d4", "comment": "Malware payload (Formbook)", "value": "cb910d17f1b31ab087fec9438c917841c52c7533f08ac77be731a0ff595833cf", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179698, "uuid": "638657fd-079e-471f-849b-926717e13e1b", "comment": "Malware payload (Formbook)", "value": "8417f713e374b93a692e094f07bc72c8eea70a50", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179698, "uuid": "5dfc8b1f-02dd-4561-ab0d-b2f47370c942", "comment": "Malware payload (Formbook)", "value": "3dd608de67cad06b586f20a6af2efd78d83dfbd4687c25ffdbcfeb877491a7563efc8e7a0d715032e4a086d0630c6b23", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179698, "uuid": "c7819e93-0aeb-4ec9-b8f0-13426a898aae", "value": "T113328D3A6BC42C7ED31710B9A89955D4F6A438C3722A5D4F7A31F924C6B92CF6B003E4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179698, "uuid": "48b80aad-0c44-4b9d-8aa5-106b8db90246", "value": "192:8wya0NLkrCQzWl3ARgZVPCK44AG9xXSJ+Ej7XRJYLrKwX0KwllJ6yWYgYcWebniq:8wyXLkrCQzWl3ANK4499xXSJf7XRJYLh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690179698, "uuid": "d0ab9318-c87d-425f-8c3b-50437495a074", "value": 11082, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690179698, "uuid": "90081ddb-7f1c-4a94-a7a0-c3cc9c80a0ae", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179698, "uuid": "35a6e72a-b6c2-4051-a818-6e865628ca1f", "value": "PNALO05145 PI1_221102277.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6df9d47-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690188016, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188016, "uuid": "ce00fec8-4e50-44f7-b01e-3ecbad81be6b", "comment": "Malware payload (AgentTesla)", "value": "c27138c19c5ac75d667d943691b0042a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188016, "uuid": "87d4474b-a6da-49eb-bb83-3bb66c57a325", "comment": "Malware payload (AgentTesla)", "value": "cba2f2c29dff2ed1b515c1dc0e157b4f84727a6c55993dd3b124e581a6a11c60", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188016, "uuid": "f93672b7-ccae-4c6f-9431-e68dc3e029a9", "comment": "Malware payload (AgentTesla)", "value": "2127a684dc92aebb3da5535269a692a13aa084da", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188016, "uuid": "7271bff9-1e39-46df-8c04-2deda6879cfe", "comment": "Malware payload (AgentTesla)", "value": "b60245c9f748f45d19c5ca8900e86563b6b6724c1a8b4cf7e1378195e7614e7f29107fd097c96d3d1db3aed6e0ba05da", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188016, "uuid": "b34effed-1d81-44ec-9794-371800723d95", "value": "T16FF41221377A9B02E6B47BF19174602503B2A1992837D38C4EF230D61D67BD5AE82FD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188016, "uuid": "25a9da5f-c2b3-4a40-92c8-61c9796fb5b0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188016, "uuid": "d0549353-cdd0-4e22-9d90-e022ce4a474d", "value": "12288:AMvJRBusyyuAb01N9j8786ryqxzRHxnxdfS+NV2avV:VFu2B0b9b6ryqx3J2a9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188016, "uuid": "eea7a506-0a72-45e1-9bad-e0480fe09da1", "value": 761856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188016, "uuid": "f266d898-814f-4288-960e-724d774760ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188016, "uuid": "dbda8abb-6017-41f9-b2be-5d16fc6e8122", "value": "219349285-132125-sanlccjavap0004.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b9b9e5c-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178844, "uuid": "a6a1920e-49fe-4e48-9481-bd64c4203b97", "comment": "Malware payload (AgentTesla)", "value": "5db6e798c2c8d84ebb27c4a06071d547", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178844, "uuid": "ad15fb2a-36c1-49a9-9e34-17349a3456c1", "comment": "Malware payload (AgentTesla)", "value": "cc8a067e19c40815e99543a5728c7c12fc2f1a5c64f0a09bfa2504574fcd9a91", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178844, "uuid": "9b79aea0-0b07-4d84-a34c-d4a8717e77f6", "comment": "Malware payload (AgentTesla)", "value": "a98204ba281bf8149b56d0fc8051654179c2ccda", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178844, "uuid": "140e0d48-6356-4e1e-9e46-74e6d657dd88", "comment": "Malware payload (AgentTesla)", "value": "f5fbfe2ca6a8af0cd6f8b5faa054b97b3d3107f644e98b9fbb8e0177de04b325ef357a30b4f9d55beca0a51a30ce67ef", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178844, "uuid": "431ce520-7fbc-49e7-b4c7-e5069c1814e1", "value": "T1CCF423A537B56C33F2597CB541B8B0041373A1946927D3DECDB521881EA2BC0BFA25EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178844, "uuid": "34ddfee0-400e-4555-a56d-f8d5969e27f5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178844, "uuid": "109f0304-4f74-450d-b2a7-a337aef7dcbd", "value": "12288:+svJRBusy2JCka39CiPnJhkJtuFLO0+fWdDDjVKdIB:HFu6skaEixhk/FWdTVKdI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178844, "uuid": "4466e519-415e-495e-b9f9-eae4f09b6776", "value": 743936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178844, "uuid": "e28698e5-dd6d-4a71-abd3-ebeea6ee774e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178844, "uuid": "949fd3f6-d8ae-4603-a6ed-03bb3e9d7522", "value": "Request For QuoteTianhui-Bulk-07-23-23-CPBU00712A23 & CPXD50013PACT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cce8715-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690188805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188805, "uuid": "aaf272b4-7ee0-469e-8db2-c3887ba096cc", "comment": "Malware payload (XWorm)", "value": "88d8edc589e9e439dd1946b03614cceb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188805, "uuid": "3601bd0c-ab50-41ea-a66c-92a3d65bada2", "comment": "Malware payload (XWorm)", "value": "ccd4f31d9788b7e42092781ff45454adbb8986bf7dabf52a2814a3e6fafa4d2f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188805, "uuid": "c48907e0-0440-4c1a-aeec-dd1a2a5332de", "comment": "Malware payload (XWorm)", "value": "4da4ccc8af9b76d8b0e54aacf611437621641d21", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188805, "uuid": "241d5981-b076-4ac0-932f-5fa87dc37478", "comment": "Malware payload (XWorm)", "value": "846ba30949d3f108a5a0858898aa930d7bf6af5bb7eb8ff84650d2ce5d311827c096a3b71b28e1bb2b86cd91e2cb7f38", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188805, "uuid": "f95af04b-aa3e-4fba-8fb7-b0c825820a83", "value": "T13B93E12529EB109DF3A39FB11FC8F8FF89AAE673151970F6204247468721E84DD52B36", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188805, "uuid": "dabcce09-4bbd-4952-bb5f-3cce424335da", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188805, "uuid": "bd7d2437-8d93-4f38-b424-35c876e62436", "value": "1536:DeEKJtvT2+/D4uWBsKmLVFxnlBDdq2Tk7VSe:DmXvbkuWZ6ZBwT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188805, "uuid": "cf77e808-0ceb-41e0-be39-18e9e0ac5d42", "value": 92672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188805, "uuid": "71791e87-35e6-4597-94c5-b5ac280dd32e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188805, "uuid": "1b356bb1-ed05-4678-a5a6-7c7cdf0870f0", "value": "CryptedTest.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d796f8c6-29f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690183776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183776, "uuid": "45369be1-2330-40a1-b121-6414774da0d7", "comment": "Malware payload (Formbook)", "value": "954fb4244b1d939569a961ccd3b1ba26", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183776, "uuid": "de7e8b16-badc-4e04-aedc-b3f0a21c4f8d", "comment": "Malware payload (Formbook)", "value": "cdd6cf1a2efa0b65dc1f2beef48867ab945d99bc0b90443d9947fc8c889d6aba", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183776, "uuid": "072b6321-5b14-4ada-a87e-87d0f3fac467", "comment": "Malware payload (Formbook)", "value": "d8f972cee06b144a6538bb89a2b6d28486ada1f2", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183776, "uuid": "907c5166-f6b2-47f5-b289-49a90ed63b71", "comment": "Malware payload (Formbook)", "value": "e57774dc2a8272f038d72cb4888f0b8f82ce3b77034e02cf0b03c61d4c809a9fdaff711a4235419e194dea43bf678a77", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "saudi aramco", "colour": "#695059", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183776, "uuid": "e7d35c57-1062-4def-b7ee-e076ad804be3", "value": "T198B221EF7B87D73809E32540F93823A5D61C8047667DF530BF98C5DA8FA25149AE62B0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183776, "uuid": "8f05d12f-1364-48bc-b587-a2c07f7d9388", "value": "768:MZ60gZOxMlsipYnUAO5XzLofvM3TCzflTsV+xmJRwZd7Q3Zo:MZJGUsjCb1sV+xmJRwZd7QJo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183776, "uuid": "61583d70-4b3f-4ee9-bb79-67f4907936b4", "value": 25316, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183776, "uuid": "c4b582a9-00c0-4c68-a0dc-aade76ccc98f", "value": "text/x-asm", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183776, "uuid": "44079f46-9c52-4783-b1bc-a962eddc4227", "value": "PROJECT- SAUDI ARAMCO DRAWING AND SPECS.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29aa75a5-2a06-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690191645, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191645, "uuid": "a3005313-b37d-4f7a-a4eb-f655378088b6", "comment": "Malware payload (RemcosRAT)", "value": "7508e1be2da5b290424f893d5133e4ed", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191645, "uuid": "fdd6bb2a-ffdc-46d9-a34b-8f6cb4c28a11", "comment": "Malware payload (RemcosRAT)", "value": "cfc48dfa8aa74b169189104a5f606cb6738fac9828808dfb1e64cbbd3564f10d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191645, "uuid": "bdfa5566-6be2-4a96-8caf-93320d561d0e", "comment": "Malware payload (RemcosRAT)", "value": "42d38477d238f5df97b03f14f99425db17fa526d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191645, "uuid": "97768d74-076f-41ac-8c78-8fa5632ae65f", "comment": "Malware payload (RemcosRAT)", "value": "a9059b275c3bfec0a720c0af99687e3497cb1f31425ad4f0996a4fcfb3ffb984e0a8c9c576775183198038a31883049a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191645, "uuid": "82bce86e-2203-440d-b23d-50effb01aa5e", "value": "T15FB412C83690B5CFC4AFD53A8ABC0C54A72060BB6747D157E82356ADDB0D54BEE091B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191645, "uuid": "2faa93b3-d58a-47dc-967d-f736c4a3faf8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191645, "uuid": "bed97beb-44f1-4faa-bd9a-e2a7b22abf83", "value": "12288:KlPLeUUExXxIRYS+RmiVDK2yOe+FDYmaPLVO03:KlPLeWxhIRlav/oO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191645, "uuid": "b71f2ef2-ac95-497b-a29c-a365930a1938", "value": 515584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191645, "uuid": "a398b2dd-8a4f-46c9-b426-5444841c50b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191645, "uuid": "c0d35bdb-7c90-43c4-b44b-66c4ad915a31", "value": "7508e1be2da5b290424f893d5133e4ed", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b117e4c-2a14-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690197821, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197821, "uuid": "cd870dac-0136-44de-8ff8-c0dd4c5e14d8", "comment": "Malware payload (AgentTesla)", "value": "1bf5ba7310f25e26a972b4bcc2d8f65c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197821, "uuid": "e00b5e6e-db21-4166-950c-9788f7d5b46a", "comment": "Malware payload (AgentTesla)", "value": "d06d8336cb3b9b003ec379840d6ab5918edee1eaa028feee542ac41a593f3b2c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197821, "uuid": "573392aa-2825-4bab-8cde-ccc1687bde36", "comment": "Malware payload (AgentTesla)", "value": "b63eb88eaf9e1106e6f3f1e01ac5c8d2934f2791", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690197821, "uuid": "dfb6e7aa-a936-4024-98d7-c69bb89c2c3d", "comment": "Malware payload (AgentTesla)", "value": "baeb0471ea06797a356d70da1018c4b24463479368b47a548f2a72654bc9780cb06fc8f675f2234fdd76ebf69272d00f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197821, "uuid": "195a74ad-0142-4145-92b8-1f5da12a79fb", "value": "T1B5F4230532289D33D5BA6AF28D60D02517B032453123E7DD8C7261DB2DABB87BA51FE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197821, "uuid": "2e00cb35-6d7a-4f03-849a-5d63e4531829", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197821, "uuid": "c2fca257-8c21-4c45-8b36-fe8e9c0b2b26", "value": "12288:9Wc/bUYIsYolnY+xFS8PovhIL4zVo5eX0pJM0fhLQsn+feR8VTOHVLA5Pqx19HHn:oiXrYo/k8PDCVo5eXqH0sn++8VTOJA5M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690197821, "uuid": "96f519be-ee4e-477d-83bb-4a836d8c5796", "value": 771072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690197821, "uuid": "7f0eeff1-9174-4da5-8d35-58a75d3726f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690197821, "uuid": "34549620-d0f0-4592-8078-6431789ece33", "value": "z42tm7AZo98r8gdDUO.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d405c2a1-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690178616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178616, "uuid": "f572f0be-a1a8-412b-b310-cdf87b5bd0eb", "comment": "Malware payload (GuLoader)", "value": "e81e0b18dd2ecbce58d2b6aac0620a33", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178616, "uuid": "666e0e7e-d63c-48ec-8ebe-9f7970d90bab", "comment": "Malware payload (GuLoader)", "value": "d0ad0674d5f1467d7e631280a386b96e593696d793cab95b23eb8d9cbebe2529", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178616, "uuid": "d5a17ab7-819a-4c39-855f-7e8419b962d5", "comment": "Malware payload (GuLoader)", "value": "eac95400656626a52707500cb51715a1464ef7cc", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178616, "uuid": "6479f2c6-64b0-4b16-b0bf-0150ca230b06", "comment": "Malware payload (GuLoader)", "value": "98c0df9884ce7bc65a4fd3686995b084d3eb37eceaae079153cd178a195d3634c80a1aaacf2eb9cc1b3cdc3392389bc7", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178616, "uuid": "ac13f96c-844e-4eab-b1cf-fc4a5ad9144c", "value": "T11865F0039804CB83C41D83F97E535EE90F5A7F09E9957DEB10663F8B3971B22198A16E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178616, "uuid": "f985023f-4fae-4f22-8af1-68010d18a276", "value": "24576:a5u9VNZylw6VyOZyPw6VqViNhuuvvt7R5ibbGlPsNFIiuzln+HabU/Do:a5uPR6VyYv6VCiNhv3tl5mbGSFIi2mo9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178616, "uuid": "f676ebfa-fbfd-4541-bcc4-5583329bcec8", "value": 1500672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178616, "uuid": "0bb306e9-657a-4ef5-84c7-74275be113c0", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178616, "uuid": "57629219-655d-4e17-9ee6-f06030e938dc", "value": "Order_specifications.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aae12eae-2a7a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690241683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241683, "uuid": "708df811-4822-47dd-aff1-fae47e31bd9f", "comment": "Malware payload", "value": "15f48d1a0942da1ac76fff105a3185dd", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241683, "uuid": "f2cc08de-8332-49f4-a23b-3a51c003ba72", "comment": "Malware payload", "value": "d12e1df98b5ba6953a9930f1562e9e8f2809713c06239b3b4d6e9e6a9369575b", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241683, "uuid": "86e9f167-8628-4836-8d1e-c1e7a2ceaf09", "comment": "Malware payload", "value": "82df7a1b6595b29a7129202e70ebc4eb4faa18c4", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690241683, "uuid": "4d05d84a-0483-4077-aaf3-e19587d0915d", "comment": "Malware payload", "value": "506e548acfa56d313e6b2427c626d9d0b6f2bb66f7214fbc3f622eae48320eaf4ecbe84249d587f95340cfcc0f849491", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "closen-kozow-com", "colour": "#EE8207", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690241683, "uuid": "583895f1-ec58-43bf-b4fc-eb71eaadb545", "value": "T1C6B4F1347B5893EE91D7E131DB27F85DAB203F7E9818B7AA73C61BD7429D910A842130", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690241683, "uuid": "e5b87309-1d34-46f3-a38b-af3cd7995245", "value": "12288:vnpvkrc0s+vZlQC6zlunsWi2VNdOB6qJ8gMAZhled:vpsY0PzQhInNBNdOQgtA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690241683, "uuid": "78587b13-a743-4641-9c70-c1fe1f2bbf6b", "value": 512835, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690241683, "uuid": "f484af4a-5f13-4058-be29-ca276b85ad4e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690241683, "uuid": "491178bb-ae6a-4dd0-ab7a-cc191a0fe900", "value": "UPDATED ROOMING LIST.7z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a86be3ef-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690211614, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211614, "uuid": "041969af-3610-4b2c-90ef-1819273b1afd", "comment": "Malware payload (AgentTesla)", "value": "814785163f535e1427f2d748f2385320", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211614, "uuid": "2f9c2503-a0ec-4864-b9b7-b39414f51bf1", "comment": "Malware payload (AgentTesla)", "value": "d154784bed48b36890a816c7d508b317dbc6b506c5c5726389611b9e142c020d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211614, "uuid": "2ef5acf9-f868-487a-b6de-0fe70b6a2e7b", "comment": "Malware payload (AgentTesla)", "value": "32096c6bfb8597f3db1c8b22df721ddac0a954ef", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211614, "uuid": "a790eb8e-bdf8-4f53-9a36-dafb38017ed0", "comment": "Malware payload (AgentTesla)", "value": "c7128ae71dcf507e5a83f1114cbe0453cc914b4642301153a79137e690763ced78a9191135578b79a63913980ecbb623", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211614, "uuid": "85aaf017-6b27-4b86-9c4f-cb9dcde9c925", "value": "T1A8D434116EDF100479B3BE9957E834A60B7B7B712A39C01E619E140917EBCC0EDA4F7A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211614, "uuid": "65e3d8d5-dfe1-4994-b5fe-c5c671f0c610", "value": "3072:c5XNsn1+7HLDVZGMxzakgTTvLnM49BLi0Nx95MsyR4yIYbdHznXmxLJIrCsS4CYz:Zn+qMxzakV4rLi0Nx95MsyR7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211614, "uuid": "96a4cf63-e950-4939-a24e-4d9499cbe30d", "value": 600106, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211614, "uuid": "50b1f6c1-f432-4a8b-b370-a4f523823ccf", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211614, "uuid": "3455e541-9c9a-4a5c-9f7e-f7d715907bb8", "value": "CD09598534.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "031a430d-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CryptOne)", "timestamp": 1690212196, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212196, "uuid": "6a0606e3-afae-4209-b1a2-8e323dd6cef0", "comment": "Malware payload (CryptOne)", "value": "c22b20974498e9db3dfbd94ac5375058", "object_relation": "md5", "Tag": [ { "name": "CryptOne", "colour": "#62260A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212196, "uuid": "53f1764d-58f8-4cd0-a827-614766e3855b", "comment": "Malware payload (CryptOne)", "value": "d1f832dc7b20055b7ac1f2b31e7127654eb70dcb5249ec8aa1180150efc16321", "object_relation": "sha256", "Tag": [ { "name": "CryptOne", "colour": "#62260A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212196, "uuid": "30ffdf85-3009-482c-86e1-53c55153c313", "comment": "Malware payload (CryptOne)", "value": "f945331ba98379848e9fcc4fbb1f591391edf028", "object_relation": "sha1", "Tag": [ { "name": "CryptOne", "colour": "#62260A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212196, "uuid": "af60ede7-3b01-414f-8290-8976f87a3ace", "comment": "Malware payload (CryptOne)", "value": "5eec4c1dbe45194833187471329afb965ea26bb70a235affe57f690d0f3c7b922b89f29187bdbaa6a6800df0fada6ddb", "object_relation": "sha3-384", "Tag": [ { "name": "CryptOne", "colour": "#62260A", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212196, "uuid": "3abab8ef-3c59-4baa-aa48-7f269c6c7b48", "value": "T13285230336C544B2C1635E321FA5AB31A57DB9704F54CACF53C1AC9EED60AC1AB31BA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212196, "uuid": "7d3bf4ea-12bc-4626-a4ea-da82540fdb60", "value": "0e806fd55a4f41060c8e206a25d6875a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212196, "uuid": "924a1995-d878-4b22-8ab1-f7f3260525ea", "value": "49152:2fWhNaBfJXAE3JnOnpiMI30hLWgF2b9s3JDlQUp:2fWhNaBfKEFOnpiMy0hLn0GZmUp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212196, "uuid": "7e47a445-e24f-4e36-8de5-7207f7e6700b", "value": 1790575, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212196, "uuid": "7bbcac40-8c88-424f-9d32-fda27ae21618", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212196, "uuid": "d5129fa8-5540-414e-bc80-15c1e6d76bc2", "value": "c22b20974498e9db3dfbd94ac5375058.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da6eb600-2a40-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690216852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216852, "uuid": "f506ce51-9f79-4b3a-8375-61c38886bb52", "comment": "Malware payload (RedLineStealer)", "value": "253ec732cfedd6a8957e2d78dff3e0b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216852, "uuid": "2d5e11d8-a1b8-4d1b-a93a-6c33010f96db", "comment": "Malware payload (RedLineStealer)", "value": "d38ebded167e18fcca38e50d9161e679046b51be9c9b80eeb51250571f9d2f86", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216852, "uuid": "a8b07114-c3c7-4098-93c6-f9b9ec791942", "comment": "Malware payload (RedLineStealer)", "value": "0c1c64af1700da5482b2ff7c7fb984487a8cc059", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216852, "uuid": "f00acb17-8444-4179-b79c-e4b9db301cae", "comment": "Malware payload (RedLineStealer)", "value": "e1804861196bd232163dc64bf8baf0adb96a78853c0c9805a08243bb39f851bbd4cc92c7702accf95848f6accaabdbbc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216852, "uuid": "59b82742-70c3-4e10-8e1e-b26634ddc31b", "value": "T1C6B40203EAE89432D9F15BB058FA13D7063A7DF24978836B6745DD4A18F29C4AD3132B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216852, "uuid": "ee366fbc-2f7e-4d8b-b302-c7a394db53bf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216852, "uuid": "8c908f97-1a4d-41d6-abb6-6f71b2c81e9e", "value": "12288:lMr+y90Z4Xs0IUhQ3B3/s5YFEA5caSy5S:HyQ4c0LhQ3leYVoX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690216852, "uuid": "fab91a00-850a-4d31-95a7-2124ec004930", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690216852, "uuid": "90703bf1-8481-43f4-b912-31ff8a7d30c1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216852, "uuid": "26b59ef3-c247-405b-bbe6-c7e106aec82c", "value": "253ec732cfedd6a8957e2d78dff3e0b4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a86363ff-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1690188851, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188851, "uuid": "a2c34ff1-4a82-4ee8-a88b-ae343e4ce18e", "comment": "Malware payload (XWorm)", "value": "42fdd0a7452f0f0ce0c322154edc3b18", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188851, "uuid": "ee2637de-2a72-4500-96ba-5f72e26f0fc2", "comment": "Malware payload (XWorm)", "value": "d3ff7f62d25a5ca1a1e1ced75ac12ecc587056f111ab0c619496d63907e95410", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188851, "uuid": "a737f742-16d5-4cb7-87a6-403a1b270076", "comment": "Malware payload (XWorm)", "value": "54a4e539b66c079b28e68357c3e7228f69dbbe39", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188851, "uuid": "34d669a3-3880-4f8a-bd3a-cd614d1c9df0", "comment": "Malware payload (XWorm)", "value": "e0568ccc9b13ee0eea1ca5e516791c24bf1c56b4564f5c8d8cf66d810ca9af5fbd61a42e4264448c33438df7a45f1782", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Ransomware", "colour": "#D117B6", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188851, "uuid": "2077a433-0501-4a30-ad58-c1578e8f39f8", "value": "T152E24A487BE48332D6EE5FF57DB2D1050279E4178913DB9F1CD88AAA7B636C246013E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188851, "uuid": "46426dad-7757-4244-b66f-b4bca9011dbb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188851, "uuid": "649b3c9a-b503-4a3b-a09a-db3447f7ce2e", "value": "384:YuTNqCr4TOXqMkc7qiPRr49hL5DwDs2ETIiMoR+gtFqBLTiZw/WNCvK9IkVu7xOF:xk2lUD5UePMoZFr9RyOjh2/7vi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188851, "uuid": "8e246310-bbf6-4f07-991d-c7586ecc5ee4", "value": 32256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188851, "uuid": "24bd8646-fd6e-429d-9ed9-2fc50d54e20c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188851, "uuid": "ba2b0f1f-72d8-4618-8cee-a880d4fc276a", "value": "TestClinets.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b92cb61-2a3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690214465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214465, "uuid": "26c5dec9-9853-4b92-8f04-a565cb12d877", "comment": "Malware payload (RedLineStealer)", "value": "2cff497d9d3bde3f22119c51e8887352", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214465, "uuid": "35e269b0-bc28-407c-8a91-3b48b9f34c9c", "comment": "Malware payload (RedLineStealer)", "value": "d4489fb85595651351a1b8840b3ebe4c4b7335d63760dcb300c1678188213f5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214465, "uuid": "35061a85-b5b6-4ca3-892f-f25bbefbd90f", "comment": "Malware payload (RedLineStealer)", "value": "32de7136dfe17bf8a77956f98df1fce4e2db8e5c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214465, "uuid": "3a3a2ca2-6e3b-4634-965c-164415c07edd", "comment": "Malware payload (RedLineStealer)", "value": "9a2550a064c44acacd37a56684bc80eb9f724f9b76fad925b8343111dcbd5f7ce15dd6bfd6114a5ea86e1708ac9a7239", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214465, "uuid": "43a4063d-7de4-4db9-ae15-0a8095a4338c", "value": "T1FAB41253F3E85477DDB427B06CF30BA32B397CA51C748727238A199A4CB22D5A53136A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214465, "uuid": "b8b7d529-a365-4722-ba03-e761a5975c58", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214465, "uuid": "b3217ac3-c320-4cf1-89f2-96c3a42ce1ec", "value": "12288:TMrRy90pty9Ip++HbIvHJ4oCP/09tubLZWVJrIAU8OFMB+fZz:uyMtyobbCHJA8OJW30KIMB6z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214465, "uuid": "35434c5c-979e-4063-8768-e9f853253937", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214465, "uuid": "bb80d2d2-63b7-4b38-b86d-93d982d7be63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214465, "uuid": "fc684ea4-75b0-41b1-9f7c-4f5ecc56eaa1", "value": "2cff497d9d3bde3f22119c51e8887352.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e20f5ad6-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1690211281, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211281, "uuid": "b2a9ca5a-3503-49d2-bfc1-e2268e95d1c9", "comment": "Malware payload (AveMariaRAT)", "value": "187e99eeab28f5248d8c8cb7c6551de1", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211281, "uuid": "eee4ad92-51b0-4839-9b9d-6e3dc9245258", "comment": "Malware payload (AveMariaRAT)", "value": "d4da8b34dee9f3e9cbea64a7818cf7d54eef000a8f59675ceb833593139146ee", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211281, "uuid": "00aa129b-de67-4210-b39a-ef2d16a64046", "comment": "Malware payload (AveMariaRAT)", "value": "659a5f902462829ffa97494017b45b69231be190", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211281, "uuid": "c459ba5a-4b33-4889-aac2-df0fbfbf56ef", "comment": "Malware payload (AveMariaRAT)", "value": "510a119e319ef95453aaa646a170aa4636b7ef1ccaa460bce19d488628e7011f175cc23fc870134b01c3cacdf411b388", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211281, "uuid": "468dc544-e2e9-404c-8990-d0bed7d01c08", "value": "T10D24015D4BE87035CDBE02B19DB7BA0A87316BA3D00ADE2774C90126BF53A61FD121D6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211281, "uuid": "959e2f7e-dba3-4c78-83e7-e7de4ff3706b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211281, "uuid": "3af6fd1f-3634-4f6e-ab05-ef534f054a35", "value": "3072:7WOLRveLpmUPgXFIB3X2/8Ic930rmcWIOa1GXto:iOLRvUzupUIc930rm4L1ot", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211281, "uuid": "b89de676-38c5-417d-84d0-34a7a24d3989", "value": 215040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211281, "uuid": "a88bab2b-2459-4a55-9a1b-a11d1fa22888", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211281, "uuid": "4df1c4d3-3fbd-4799-a0ac-c6a2cae738fb", "value": "rPO_87643445672023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2a0178b-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690188841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188841, "uuid": "92a6d5ee-cd60-4e85-8840-059064aa84e8", "comment": "Malware payload (Formbook)", "value": "553048b8992861dbdc782dce9c048dfb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188841, "uuid": "392a8a80-3792-4736-92cc-d33b5bc39e4e", "comment": "Malware payload (Formbook)", "value": "d4fd5309eea061a1df9817de40618e01fa4d836c3a0f5daca5e969d78739e76c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188841, "uuid": "fad49184-eb0f-417f-b9c2-ac955685b5c3", "comment": "Malware payload (Formbook)", "value": "f81f0e3b23fd1a8d6633f8c37e3f4f8109c6d776", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188841, "uuid": "8fa11228-f6e7-40f1-837b-9db890203f8c", "comment": "Malware payload (Formbook)", "value": "c8a52e4bc9e77f1281d6ec60bdf93ffd4d3a94020fb33226795693eb43b0e50e99e6e407eaa6d9fc5f4200ebf2a4752e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188841, "uuid": "5d10fe8f-f6ec-44b5-b283-eb953d4db29f", "value": "T105B3AE5C77E0846DDCFE4AB108B163519A34EE137423CE1B34C63A466EF3B898E526E5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188841, "uuid": "57b722cf-4dd2-48fd-b832-f5f8328a2dbd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188841, "uuid": "2bf557af-b8d5-4bbd-8513-4b1e3498a376", "value": "3072:hN8qkUj87x/cbXSsfGQDFOIimXf6uegggggE7fqSRx:GHx/cbffv1XfTc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188841, "uuid": "0a5c8fae-3e94-4b56-8e4f-d9b92963fe65", "value": 116736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188841, "uuid": "f9ddc5d6-ec90-4238-b2b5-8f053a807c42", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188841, "uuid": "00b6fb0a-cea0-43a5-b203-c25d4f14ba82", "value": "SecurityHealthSystray_2.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa3eddae-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Vidar)", "timestamp": 1690210893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210893, "uuid": "6b98ab3b-847d-4bd3-9e6d-883d21ff8878", "comment": "Malware payload (Vidar)", "value": "e9c0a301881afbb741815a13cc5cda9e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210893, "uuid": "7356d6be-a5ed-450b-a127-e30c99e4ce71", "comment": "Malware payload (Vidar)", "value": "d50054c0868e4a89b232c9741e1cb699bbf6edd4021127257f50c8b7b5fc1bcc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210893, "uuid": "a39de508-9480-43ae-84c8-fdeb4baffdac", "comment": "Malware payload (Vidar)", "value": "536bdccd1bbe6e002f70b207dc8b80daf7a91ca7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210893, "uuid": "a1721141-20f6-47fa-b92e-4c36aadc1133", "comment": "Malware payload (Vidar)", "value": "8b6a18d64acd751532c0d38dd07c8b7117677be2ef9db0153c94045f4af8e7638695a7628641bd2df614239cdffca04b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210893, "uuid": "162a4552-e9fc-4a16-b6ed-079e2f5a405c", "value": "T193C533A3A205C14DC0D6FFB60B77D761C33CFDA62C549A60EE8D9287603A9163E0E1D6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210893, "uuid": "a0ee0055-1897-4ad6-b21c-94c09c7ef925", "value": "4328f7206db519cd4e82283211d98e83", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210893, "uuid": "4e807f30-9638-4521-9ff3-a26995ae7341", "value": "49152:4ImtP7SYFL/kWmzfXXtraU9msh8LSD4JkONlIuAgyN30HV7uCulhT5/NHf:4IwP7vbmzPXtp3MfvHB5uCcV/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210893, "uuid": "a4903ea1-8e92-48e6-9685-eb36bd2c7d43", "value": 2664632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210893, "uuid": "927a5ea0-cabb-419b-aa4b-91542dd9db6e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210893, "uuid": "cc835b95-90d9-426f-abca-94af0d124458", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d88611d-2a52-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690224373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224373, "uuid": "0e0cada1-333d-45f1-a54e-669cf06826ca", "comment": "Malware payload (RedLineStealer)", "value": "ccc2e35bf89617451de44e58541caebf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224373, "uuid": "cfcddc89-8a47-4a7d-b943-7bef72d4533e", "comment": "Malware payload (RedLineStealer)", "value": "d5959835f49e857df7464a105909b237768ba59b9d8d9629ee966a45defbc4db", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224373, "uuid": "7f8121f6-bb26-4a32-8e08-cc3379fa30a4", "comment": "Malware payload (RedLineStealer)", "value": "b7048d8dbe72e1a42279a46cae3721e47c3e3016", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224373, "uuid": "d325bafe-9e08-4ba2-96e4-23b800a767ed", "comment": "Malware payload (RedLineStealer)", "value": "901b37c24af6a1d7e6ec86168046b350c2c19b2a1c3ac4bcb0da1464a8c1ff33e50215c767f8f9e5241b12d6d8d09fd2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224373, "uuid": "51e15ffc-514c-4ba8-9fd0-12733fe7629f", "value": "T125B41202A7E98433EDB107701CFB06D31F36BC61AE79636B2685681B0CB3585A53977B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224373, "uuid": "4ec87d56-9b2d-46eb-9c82-d8bc863da5dd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224373, "uuid": "6967bdf3-6d3d-4439-a281-46a6f6ab7480", "value": "12288:fMrdy90aZ61PFtI+jzJHBz9T/erbAWE+TT9tYxD:ayvw13NjzJHv/s/XIxD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690224373, "uuid": "278735b2-e1d6-4ef4-8b99-c306e3e341b6", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690224373, "uuid": "f1394f41-4727-4d76-9154-b10788b3027e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224373, "uuid": "ac4365f8-cea2-4705-a0e6-118c8ee4a213", "value": "ccc2e35bf89617451de44e58541caebf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4281694-2a3a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1690214211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214211, "uuid": "768fd4e2-afff-42be-88ab-6a907fdbe22d", "comment": "Malware payload (LummaStealer)", "value": "16f2d0aa122b49bd7f7ca17eb28e5df5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214211, "uuid": "e2ee7313-ef86-4d99-bb14-b477f6f88205", "comment": "Malware payload (LummaStealer)", "value": "d5998de73a2e6ac2fafe81270e33b6a9fd8cef605cb56603456029b8b598c077", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214211, "uuid": "2ed41eb0-6b71-4ae6-a3fd-7661d70e15dd", "comment": "Malware payload (LummaStealer)", "value": "ade62b2a58d4aa6972283cd000a51fe3ff0885e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214211, "uuid": "5fc500f3-90d2-4c0f-b24e-b9c6081d0805", "comment": "Malware payload (LummaStealer)", "value": "e02528e80820c7c12f247d91baa05df099f963f12159599c987b3cf3c4462317f787ab1244d44ebf8f52bd193b266bbf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214211, "uuid": "0a2a45d2-62d8-4e28-90fa-b36e7fabd7b6", "value": "T13884AE04B9C2C0F2D46355320DA4F7BA5F397A31DA21CECFEBC41D6A8A327C1961665E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214211, "uuid": "7369c3ee-56f9-459f-a391-a492a703dc9a", "value": "67ce5c1f8081cdf08e5f30c58a340ff6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214211, "uuid": "163f963a-643b-4fdd-b2db-053776b8da58", "value": "12288:alJxRPSvnEVL9MtT6Mgzwni786xNPB8bKbb:altSS9M56Mgz3BxNZt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214211, "uuid": "eb1d2d27-08f1-414d-a64c-f5fe417d63fe", "value": 400896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214211, "uuid": "2bda8d58-3315-450b-b38f-95b78b8cc2b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214211, "uuid": "8b9a576a-b6f7-4882-886c-71e4e6a80b06", "value": "16f2d0aa122b49bd7f7ca17eb28e5df5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea78cc26-2a1c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ParallaxRAT)", "timestamp": 1690201417, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201417, "uuid": "7e4db7c9-14dd-4301-9794-440d6ca50606", "comment": "Malware payload (ParallaxRAT)", "value": "14c6712f819d8b7de02df79a5168637a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201417, "uuid": "0774a2b4-4efe-490f-aae9-8183ad034fde", "comment": "Malware payload (ParallaxRAT)", "value": "d5df840c5011f30ec58eedfedadcbac88c61c63b024404f3d36dfe35cc638809", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201417, "uuid": "e51f33a6-ef3d-44f7-8ac6-a72c57429732", "comment": "Malware payload (ParallaxRAT)", "value": "3d71a3d3a18f6e5a51bbbed5224416b319a6ef19", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690201417, "uuid": "ba886f71-03d0-442a-8675-09b0b3796502", "comment": "Malware payload (ParallaxRAT)", "value": "8152b5761a148a6ef21dd876ea083637ca136db2abe6a58662bb13df254dba883d34855b5f663ac68e952d2213bc16bc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201417, "uuid": "b90b2510-6d2c-452b-b56c-d503eaee034d", "value": "T1757533568AB86224EF039DF23954496E8230E89F663237752425E3C37FB2F1F1D64366", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201417, "uuid": "360c7b98-2cf2-4f28-8b25-57074fc20bd4", "value": "dfc6dbbcea4beda15dcbddfb77d26fc5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201417, "uuid": "a67ad5c2-710a-4c60-8a46-43e7c9ed5c63", "value": "49152:6yKWunjPaAhtT0CDIvgrjJbR6orAgwhDS0c6J:6UImAhl0SlMTRX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690201417, "uuid": "c4f13a3d-8655-43b1-9163-208615d9d68e", "value": 1691840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690201417, "uuid": "82988eac-4612-472b-9475-9114d1a9be82", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690201417, "uuid": "6251eb2b-3b10-4d27-bb41-11fec713fb57", "value": "d5df840c5011f30ec58eedfedadcbac88c61c63b024404f3d36dfe35cc638809.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8f5ecd0-2a42-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217762, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217762, "uuid": "8072b257-ece9-4263-8521-cd65665ceadc", "comment": "Malware payload (RedLineStealer)", "value": "a48313c02dcd7e09c4442b7751cad20f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217762, "uuid": "50316bce-2949-4bf9-9f8b-7e2244322bd1", "comment": "Malware payload (RedLineStealer)", "value": "d6925bb302c03e767319a1fd56313425e20f331e97e6a14e3d8444b0bca76b9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217762, "uuid": "4e1265c4-a275-4b61-a95c-e3876d8a6e0f", "comment": "Malware payload (RedLineStealer)", "value": "082ffdc5850b8fe47ade43b8ec645b08ecc96745", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217762, "uuid": "f3a30fa2-0d32-4893-840e-483381f799ce", "comment": "Malware payload (RedLineStealer)", "value": "d022f3d36838de3490ca5089eda79f3bb92033c32fea60da9314a6eac414c70ba03f2d4f40d722f7fccd05e55159d6c2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217762, "uuid": "1d2dbf9b-eeb3-47a4-826d-b3e5701f607e", "value": "T15A84F25377E95532E9B5577018FB13C31B3ABCA2C87583AA1395990A1CB36C0E93273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217762, "uuid": "7984ba95-42ed-471a-822a-1cef7ea510b1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217762, "uuid": "b4dadd26-da6d-406c-aacd-38eaf65dd084", "value": "12288:bMr8y900gVGYp4/FTeTJlFPHMq2WR5kxvM:ryvgVGYAeTJlZ22cM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217762, "uuid": "25130bb8-e13f-4dc3-ba75-34d738dc1aca", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217762, "uuid": "5edcae6f-d41c-46a5-9060-047b122008e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217762, "uuid": "34e05a2d-306b-40e1-8b52-e1a90ebf7839", "value": "d6925bb302c03e767319a1fd56313425e20f331e97e6a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4dadac7-2a3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690214615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214615, "uuid": "998ea8fa-1449-4496-823d-a6a596cbac1b", "comment": "Malware payload (Amadey)", "value": "358ddcec1819198ecad04ef86899feaa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214615, "uuid": "19094dfa-b29a-4637-9f05-4ca25b7bcb76", "comment": "Malware payload (Amadey)", "value": "d6ee6168d2f6c316601b151aa6a16d8b3fda4bbefd046a93a5c336bd47f75d16", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214615, "uuid": "a530b39b-4984-48e3-a2d9-8e6cced27cbe", "comment": "Malware payload (Amadey)", "value": "478cc105d928665b40aa32a2923c98dbf332b2bd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214615, "uuid": "d4cab320-5b26-431d-beb8-bfd89919a781", "comment": "Malware payload (Amadey)", "value": "0ff04536cf3a2be77a55ce9d8e1eb0e446316e71f40b20f10db9d018381a201f1d97e8aa7a46f3294350d201f29d9cc6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214615, "uuid": "8d63f867-0702-4c25-a194-885f20011885", "value": "T1B1936B1030D2C071D97E55351878EAB68B7CB914CFE08EEF27551A7A8E702D1AE32D3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214615, "uuid": "a3df99c5-9501-4bb2-bac3-c47b2cae9805", "value": "52982bbab8b9d5eafbb4ec438626f86a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214615, "uuid": "0fab75cd-2170-4ade-8401-ceaf0a3219c6", "value": "1536:ro4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUCWHaB89p:roUCWbBNpplToUs1uNhj25LJUxaB89p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214615, "uuid": "6841626e-eee9-4cce-a3c3-399bd71a7072", "value": 91136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214615, "uuid": "6cab887a-5d87-4035-adc9-26d03fe3c813", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214615, "uuid": "c49e702a-f0cc-4e27-8f78-15c6a87e1406", "value": "358ddcec1819198ecad04ef86899feaa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1316e79-2a3b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690214609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214609, "uuid": "56fa79dc-1dfb-4298-9f74-bc45c7d43188", "comment": "Malware payload (GuLoader)", "value": "41518baa70e3ef0a44e6815913b89c86", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214609, "uuid": "16f9eb3d-2678-42d4-b199-ce0f0769abe8", "comment": "Malware payload (GuLoader)", "value": "d70420ee594c359a3c438310e98730a185fe7032bbffb3e0f28294218d1297ea", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214609, "uuid": "f2f03716-267a-49d4-85b5-36328ae4dd74", "comment": "Malware payload (GuLoader)", "value": "2581d5c6767ea0d458657d13e466383e883ab464", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214609, "uuid": "0e966b60-1fce-43fe-a359-7f997dde0ace", "comment": "Malware payload (GuLoader)", "value": "deaa7457d6ad59e3b64740294e1c2e5a9e5d3bd0906ff742d8b485208f7afd44fa579dd06a7bb9451d2038836b5af5e8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214609, "uuid": "15aa1faf-0312-4877-8bf6-c06af225135a", "value": "T14F0413932BD0E5E7D92A43B107352A6B6FF8EA091585924747C53F1F3C17992CB2E2C1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214609, "uuid": "ea163326-c89a-4e4c-9881-b533314d62e2", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214609, "uuid": "62c1a382-fa10-4f14-946a-118ed0ac0d85", "value": "3072:nwDijpS4DbYcr8bpBHNegLDlv7KSg1DZ4jcf2AuXUEwlZl0ZTfhjIJ3yY7wJ+emi:nFPeNDle14wz/fl+TfQ3y0S+e/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214609, "uuid": "f1a50cb5-3302-4df6-bd45-c1965b704c69", "value": 184372, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214609, "uuid": "c11f70ad-647c-411b-a069-1ce3b2a865cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214609, "uuid": "b68096ca-33f6-42e2-8e1c-401393a710e9", "value": "41518baa70e3ef0a44e6815913b89c86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5fbe001-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690188015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188015, "uuid": "84f255ae-f64d-45de-9644-3cf2f6b37e76", "comment": "Malware payload (RedLineStealer)", "value": "2028eca34628b965963ec8594d98e63c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188015, "uuid": "87cf0c04-c21d-4ad5-9f3d-54ec6689e10b", "comment": "Malware payload (RedLineStealer)", "value": "d729259da24021bd2ae9efbf7a9951febfc2ce0ffda9222c27c0e28c59198713", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188015, "uuid": "26b7efea-def5-4410-9ce5-a43b4116fb4f", "comment": "Malware payload (RedLineStealer)", "value": "77d6e28e523c8f0b903ae380e976f0e501968e4f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188015, "uuid": "fa184b3d-b6de-4b53-8389-c091078f9dc2", "comment": "Malware payload (RedLineStealer)", "value": "2066e3193c0a1904a9ca4af31c4a066c5f50bccb9952ddabb9ba25f19c59da847035d6e94157ab6ef6138c9eb7f6cea8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188015, "uuid": "0b8b385f-2b77-459c-96e0-43e847636b69", "value": "T11974E02232E0C072E5B746301970C6A56E7FBC72A77991CB33942A7E5E613C1AF75362", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188015, "uuid": "fdc9aacd-84be-4f42-989d-190bb58fffde", "value": "795d5374158688612616ccbdb5ba25ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188015, "uuid": "6ac8a44d-5e87-41d9-85da-509de3855719", "value": "6144:94WsavGX4G5OzUt14OfBzNd4M+lpzGzNmCbufF97:iWsys4G5pt1DNd4r1aNmKufF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188015, "uuid": "23d5fea3-3ac4-4f86-bea9-2b3e542f8d4f", "value": 356864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188015, "uuid": "48527716-a4c1-402b-b999-30a4fe6260db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188015, "uuid": "b7f0fb61-6fc0-40ac-ba57-6533aaa80151", "value": "2028eca34628b965963ec8594d98e63c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f42cd5de-2a31-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690210453, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210453, "uuid": "68ee4e45-03d7-4203-84d1-d087fd3bbe4b", "comment": "Malware payload", "value": "83763d0f98800684cbd90c66139b4ffd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210453, "uuid": "ff49ae56-2495-40f3-b679-d7d4dcf66904", "comment": "Malware payload", "value": "d7d78715c80127c89407e65406050532afd21ae26d6f05f78a85e0b1982959de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210453, "uuid": "2b778ae7-cd56-4ddc-bc3a-9589b2282567", "comment": "Malware payload", "value": "4f7e153ee9745611f507dc8386e677138855f5ff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210453, "uuid": "1e4bc438-dfe6-449f-a08f-74e92cafc81e", "comment": "Malware payload", "value": "f51e76d0e31bdfb23d7b02f281bdad4b6c9542cea31867d66f2cd60be1fc8c1118a3dc7575befca2aea935672c66ec4c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210453, "uuid": "b544f266-8dd1-4cfc-a7e1-985d13244ca5", "value": "T114359D1134C18037DA7331320A69F7BA8ABEB4301B6556EF57D81A7E9F746C06B3225B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210453, "uuid": "79dc31f2-ff65-4721-b509-e4186cfa3eea", "value": "5e578152bf1938f5f17887dffe711f49", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210453, "uuid": "78725402-1714-4b77-8939-ea51e7820d2c", "value": "12288:GPusgC6K5UgaRwON8EcdjNY7ebb7nYnCZm+/Msuh4W9p+qzPO:Ge3K5UgaRwON8FdjNYeHnYnOMw+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210453, "uuid": "9cdafe7e-4f16-4a8c-9b4e-33cf7dc4082e", "value": 1117696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210453, "uuid": "3e2c2456-c27f-4d15-9561-d9cd1625e445", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210453, "uuid": "117add0a-a981-4d05-ad71-0ee16187c526", "value": "83763d0f98800684cbd90c66139b4ffd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "898ed647-2a48-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690220152, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220152, "uuid": "1d106a02-a368-4a73-8f07-eee05bc3f03f", "comment": "Malware payload (AgentTesla)", "value": "fc0591d96cf5aba99f71d4a7b4e4b697", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220152, "uuid": "101ae065-12ad-4cac-b312-d22ff81c80f6", "comment": "Malware payload (AgentTesla)", "value": "d975b68c91c59dddb7b6777f6f2f78300ddd9be5c51f483994ea26106839a017", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220152, "uuid": "1bf52807-d9c8-4d74-be12-bf6bbb95a6ab", "comment": "Malware payload (AgentTesla)", "value": "a85336a9d3bf3a5512bd7a99f06f65ac63c3e67d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690220152, "uuid": "24729448-bdbe-4771-8e12-6711159253a4", "comment": "Malware payload (AgentTesla)", "value": "f5c840f0c6b618dfef5c79955599ec492760530369368e03e3665437300cfafc557dab8cac5af5ccba30e2833be353c8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220152, "uuid": "1699be1d-0619-430f-89a9-d057209eb1a3", "value": "T1A5F412643BB9AB12E6F87FF0456092180371A9992823D78C4DF130DB1D67F85AF81AD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220152, "uuid": "b5c32080-ca46-443d-bd5b-f69e48ad00e8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220152, "uuid": "2878221a-224d-44ec-a3ec-55694725df22", "value": "12288:U7vJRBusyVqiu42bMS4ZMTaO0N/8V7zWhd+67FgzcaHi/:AFuJVrVSOy2iXWhdVA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690220152, "uuid": "4e78d2b5-3ae5-4c6d-b902-43ef5ff7786e", "value": 756224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690220152, "uuid": "286b88ba-d71d-46a2-ade6-00eec1b1cbf6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690220152, "uuid": "4907d85f-fab1-4c82-bd25-e03dc541fc1b", "value": "cuenta bancaria.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43d1d88f-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211445, "uuid": "7061a9ea-2c2c-46e3-9642-96a61c57938c", "comment": "Malware payload (RedLineStealer)", "value": "4cd679573a92bb125e9b784178bbc940", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211445, "uuid": "7530e57c-d8e0-49da-9596-708541193ddb", "comment": "Malware payload (RedLineStealer)", "value": "d99a62f090eb0c90a12c0965ef481931940994fa8e0018bfc0f1da551e6d2291", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211445, "uuid": "32201cf8-7c05-4a6a-bd72-b0cfc3386523", "comment": "Malware payload (RedLineStealer)", "value": "03166c05332c90fc447d721bc043c70f529e9f7d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211445, "uuid": "2f45683e-23ff-4936-87db-ed766150fda0", "comment": "Malware payload (RedLineStealer)", "value": "efcecbd34a0be5b74221c86eb0663c6ede1948a403df86369fe57dbfffb35f8440d6cca3c8a6d011b601a00b6718909b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211445, "uuid": "25452f32-1c75-4ab2-9611-1491e512407d", "value": "T1E9840113B6E99072EE7127B05CFA02931B357CB05DB8426723865D5F0DB3A80A975B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211445, "uuid": "5de4d0ab-b7ef-44b3-8b80-82b025133433", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211445, "uuid": "014082ef-1554-42c5-a4fa-ca8dcba4308f", "value": "6144:Khy+bnr+op0yN90QEnynReccA/TduM0ENWrPVQGlXvZT2xnHXHPmgn3BHfLyG4lq:PMrAy90Mnp9WrPZT2xn3HhBjDUq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211445, "uuid": "6267aa47-9b25-44e2-b718-08d0b6351b37", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211445, "uuid": "c8ebb5e0-5ada-46af-9475-f4e1b26423dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211445, "uuid": "8d4531cf-e363-4618-b2e9-ada58f29aa2b", "value": "d99a62f090eb0c90a12c0965ef481931940994fa8e001.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3341818-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690210854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210854, "uuid": "efbd7d63-51e0-42a7-b62d-8420516ac143", "comment": "Malware payload (Amadey)", "value": "09e650dff1b921824f53ca721662c1be", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210854, "uuid": "4c3794fa-7d0e-4094-bbde-f9249d782d77", "comment": "Malware payload (Amadey)", "value": "da41973ff7567edf2caad28da365f6654c5c71352dd1577adc144256e704d787", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210854, "uuid": "ae36d169-8ca0-4e2a-8560-126f15434996", "comment": "Malware payload (Amadey)", "value": "9f7c429ad2d5850a3591b52001c1fd6622c4624f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210854, "uuid": "2a667b48-c360-4e37-81dd-efd2b4468c3a", "comment": "Malware payload (Amadey)", "value": "8e27c5b57646da7d496ead65d7aaa5732e268efede0c505f2112c1afe4af7b4222958647a343bdc68d00c23bbd2606f3", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210854, "uuid": "9ce01891-bfc5-4901-b362-64faeb1c83d0", "value": "T101B40212E7DCC077E8B527705CF64B870E35BCB1AD78935B2742486A0CB2655A932B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210854, "uuid": "274b7fb9-afb4-48a1-a94b-61ffe7319a72", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210854, "uuid": "e41241ea-2077-435d-8fe2-c71db7c69572", "value": "12288:pMrJy90dE6WrgFnsJ2/fUpzFFYM9qecQdjxI+6QsEg3pdssA:AyaWaK2cRFYSzc0xTJMZdC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210854, "uuid": "111cc3b4-6cb9-4373-abcd-2a3ea1413aba", "value": 527360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210854, "uuid": "e2350aff-551e-43cf-b8d3-02fd4e88d679", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210854, "uuid": "e8ef60db-c96f-4bbd-8540-1a217a65dcb5", "value": "09e650dff1b921824f53ca721662c1be.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3f4666f-29d1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CustomerLoader)", "timestamp": 1690169221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169221, "uuid": "a1605a50-eec8-4f05-a735-10c02a427dbf", "comment": "Malware payload (CustomerLoader)", "value": "48a074a5009cc07ede6b9107898630fc", "object_relation": "md5", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169221, "uuid": "ec7bf069-8c3d-401a-8856-bc51b180c200", "comment": "Malware payload (CustomerLoader)", "value": "da9e775854e2b7d59208e61327f77b16f63c33be746a47e464670192fd8beb38", "object_relation": "sha256", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169221, "uuid": "3f1bd1b3-e5ea-4aee-8fc1-4b11a7d0e541", "comment": "Malware payload (CustomerLoader)", "value": "b872c303b963eed76ab2300e0d6accb10954e0f2", "object_relation": "sha1", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690169221, "uuid": "872d8a2a-01bd-455e-a6d2-1fbf2b08f604", "comment": "Malware payload (CustomerLoader)", "value": "1c6785c9562927fbd1913b19e495548d40444e0420667d4b18deb6675205c18628b7b554a86622e8f4b71dd763b9e73e", "object_relation": "sha3-384", "Tag": [ { "name": "CustomerLoader", "colour": "#57A5C4", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169221, "uuid": "1c8c766b-7cf5-4002-9a5f-a3be90f66f7f", "value": "T1DC13D21AE79F1265CF4103B3661B1A99AABDB33EF2115561346C833433DDC7E0266ABC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169221, "uuid": "bc44b888-08bc-4881-ae40-67777f5df85d", "value": "768:kFx0XaIsnPRIa4fwJM6diZrl5uxgpMYjtUeMgO/BA3zLq:kf0Xvx3EM93uxlel0q3zLq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690169221, "uuid": "022a0f6b-dc76-4c6c-bee8-a76c1d10bc4d", "value": 44369, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690169221, "uuid": "bffea02e-86fd-4ebc-a12b-3dad8790583b", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690169221, "uuid": "0f7f6b53-ecad-4542-92d9-28acfa3c60e3", "value": "SecuriteInfo.com.Exploit.RTF-ObfsObjDat.Gen.31586.19075", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14f1674c-2a63-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690231553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690231553, "uuid": "5e1314c0-3286-45d0-bdcd-8a8777a35bbf", "comment": "Malware payload", "value": "c7edf7625b2366f01b4d40d41564ff66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690231553, "uuid": "f4888011-c4c4-430b-a0c1-f4c3f5180119", "comment": "Malware payload", "value": "db52d11ac4d0ed5f18ad60812c3df5b3f2a17cecf0d430e1fc77b492e8abdf30", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690231553, "uuid": "7f3c0ffe-585e-4fe4-9ebb-b4d0c9691c7f", "comment": "Malware payload", "value": "0347c607cd5d88eda509e9297ad07613d0f33003", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690231553, "uuid": "d1490f61-49cc-41ad-91e7-fbae85bfb82d", "comment": "Malware payload", "value": "6faf6827c513b64db432eb7f532a7d60f42eab85e2959499272c256e416f94d3977b545596e57ae709f60cac8e483505", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690231553, "uuid": "0c15a368-9d9b-4543-ab42-956d87e86f77", "value": "T1CEF52322BBC581F3C9631D334F71A7A7997DF4200B61C9CF67C448AD9E612C16A3176A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690231553, "uuid": "e0e503b7-371d-4a8a-a303-1bddce96e247", "value": "30d1665d4c796f53fba13defcdef7cf1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690231553, "uuid": "36ac5586-65ce-400d-9c38-8ca6114e5aaf", "value": "49152:kWhlYLBfJXAE3f9/iuhkcJRFD6FWxEQkGCYjLmIwT956IcaC4L7HAHMSuPMuhtm7:kWhl4BfKEFqG8ogojLmh/pLIYMuUX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690231553, "uuid": "6e04df5e-885f-429c-a5ed-80b54754c944", "value": 3324088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690231553, "uuid": "6a9fda86-d44a-4ca0-a206-357e9f87219b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690231553, "uuid": "66dcd4c2-b4e2-4092-b501-749dbcb504da", "value": "WinRAR.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cac84aed-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690178601, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178601, "uuid": "effd2caf-98bd-4103-ae6c-39be6eb6257a", "comment": "Malware payload", "value": "2e72459d0c5413b519e578884dab6eed", "object_relation": "md5", "Tag": [ { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178601, "uuid": "ac401a50-611d-4e11-aee7-0161df837743", "comment": "Malware payload", "value": "db9b4508af866167280ef5db74f39f9243862f223f49a6e40b3711d949e3632f", "object_relation": "sha256", "Tag": [ { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178601, "uuid": "e83b82e5-3eb0-4552-9ecb-d7f3c4ca0b81", "comment": "Malware payload", "value": "c73755b2c8bc1bb9c49d3d39e02710080b960810", "object_relation": "sha1", "Tag": [ { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178601, "uuid": "1a67696f-8d7d-4022-99f7-2747243adad8", "comment": "Malware payload", "value": "41eb312630def279a932928af3a432257d99d2e2d0fe3de1d39b1b54ac3237b51a65548221a815b86238cd34d9bd3bf3", "object_relation": "sha3-384", "Tag": [ { "name": "xlsm", "colour": "#6BFEB7", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178601, "uuid": "6fcef05c-767d-4190-8fac-f160c1086491", "value": "T1C013E0ACDF8D8918DA5F9076580F78D282959D9182D1DF871FACE20E5189CC0132BFAF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178601, "uuid": "724a186e-9834-4db4-abc3-69f26f4b79ab", "value": "768:4PvDAmvCssn5BmBIJYfTH+niSpOvDHTVv+nWJFFiKk/f3qtRdzRRF+no/T:cvfvCTrmG1BmTTVv+mFFi3//qPdRGo/T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178601, "uuid": "61abeb5a-9935-4a28-9329-cb3587715f9b", "value": 43213, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178601, "uuid": "4c0ff4e9-cc98-4714-a3a2-7258b211d085", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178601, "uuid": "3034dbf6-f313-47ee-9422-89588b49f762", "value": "Purchase Order 2152003892.xlsm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d9d74c5-2a27-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GCleaner)", "timestamp": 1690205771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205771, "uuid": "a5ec24bb-02bb-4746-a01c-6ae825a97322", "comment": "Malware payload (GCleaner)", "value": "33194ec38455af12d388e7e29a1da507", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205771, "uuid": "9920a600-e8ff-4d23-b180-51a4132d0af5", "comment": "Malware payload (GCleaner)", "value": "dbce465600f880bdff8e64742a1728049bf44ffe7c7aec9f605e87ab859921df", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205771, "uuid": "43152fcf-b05e-4271-af59-a02093058b51", "comment": "Malware payload (GCleaner)", "value": "a0965bb012cfc29eea10d39bc08373e3a0977a12", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690205771, "uuid": "beca5e13-56a2-4cfb-bbb4-61ea8ac46af1", "comment": "Malware payload (GCleaner)", "value": "504c1bc805ef268eb0dc596a2c727c2986a9e20c6d27219f4b9f20cb21094c6008eca99295af59ff906a22772dbd0994", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205771, "uuid": "309697ea-ee11-4870-87b9-de695278e0c9", "value": "T1DF4533A14595963FC065FD388E3B01064A776E71AC3ABEC4765CFC0D1FBB1928B89326", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205771, "uuid": "67feb4d5-5a67-43d2-a1f9-a3e9384860ca", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205771, "uuid": "71253763-c399-4b4f-a097-f7db821d343a", "value": "24576:D2l+YCojuNLa097e6CpHQr6r/Fx7OPDvCXdnkdeVpHNMTja2Mh9GxanV:D2TCoSNLVqNRBbFFOPDaXx1yMhMxOV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690205771, "uuid": "143541f4-dc9b-4980-b2af-bdf6a9cc7fd6", "value": 1201222, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690205771, "uuid": "2b06d224-9364-468d-8f5e-d01d68fa464f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690205771, "uuid": "3c574618-5c75-4888-b475-ea849c542622", "value": "33194ec38455af12d388e7e29a1da507", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "771cb27b-2a46-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690219262, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219262, "uuid": "73b61a17-1b41-4e72-bbc8-3e883dbfeb30", "comment": "Malware payload (Amadey)", "value": "d380f859c6bf2570604bc4071f6d4083", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219262, "uuid": "2488b26b-ed95-43bc-b258-c53828c5004b", "comment": "Malware payload (Amadey)", "value": "dbee3029a2be92e7cc94349d0ee915185ce8591bb54385d69dfd8792047b8bdf", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219262, "uuid": "e4ccc395-e79a-4825-aa2c-2029981e7306", "comment": "Malware payload (Amadey)", "value": "ba6a77948ff281fd2d40bfc1f64b2a54e49ab38a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219262, "uuid": "fc7833ca-29cb-44a8-bf21-8bf59147b78f", "comment": "Malware payload (Amadey)", "value": "a0f48ef539eaa0432830a7b0a6fee0e51cdcb72f8fd2c90668f212d3c20149174ebe3a62461ec1e88613c72bdad981c1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219262, "uuid": "7d9ea9a5-f521-4e13-8230-29a31437f651", "value": "T13AB4124AA7E88173E4B5577028F617D31F36BCA09974836627466C4E0CB3AD4E8B077B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219262, "uuid": "87da59d7-2b09-422a-9722-60e7dd1c827d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219262, "uuid": "f8b3a761-236c-456c-af1f-e56bfb7a66a6", "value": "12288:RMrry90SBR+oLGHOOiHGpwCZQr7Cuzu+mw3L7L1m:2yPAPOerZQr7Fl3nZm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690219262, "uuid": "4b7fc3ea-565d-4d34-8f34-5e0eed0e0118", "value": 526336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690219262, "uuid": "f3e1ead0-fdc9-40c0-86d0-6ff40bcba178", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219262, "uuid": "c37d1d64-c0e7-49eb-bfcb-c0d0df7111bb", "value": "d380f859c6bf2570604bc4071f6d4083.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1d53ed1-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178612, "uuid": "e8963739-c3c2-4a4e-a05d-733b9de25642", "comment": "Malware payload (AgentTesla)", "value": "848de3a441d6357e77bbab35e2ace7b7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178612, "uuid": "9b5ac05d-0456-4a8e-849a-1c546d8c4e6f", "comment": "Malware payload (AgentTesla)", "value": "dce8dfa0fb0baeafb31cb8072e1f9421919a796f013d5dca81ab0697206a9762", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178612, "uuid": "e63686e6-dd0d-44bc-afbd-744573d74bd5", "comment": "Malware payload (AgentTesla)", "value": "3ac2d7b83ab47847e442ea89662ec3924354c27b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178612, "uuid": "b392aad1-11d7-449a-99d1-981d340114e2", "comment": "Malware payload (AgentTesla)", "value": "cb70c74d103ffc6a029bc1b18128b6413f6db8903023fd5a1d78a2fc907a4a8ca1f49cf7fe40aa7120361612f0db6b56", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178612, "uuid": "a8a5ba8a-e23b-4405-b704-91c3848b99b7", "value": "T1FCF4136A375B8D13D25CBDB54EA8D00423B171A43827E7DE9DF210891ED1BC0BE626D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178612, "uuid": "ae05d8bc-5c3f-4f2a-be68-17da258f7a08", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178612, "uuid": "3387d3ea-7e9c-4609-995d-6a7d178228df", "value": "12288:lQvJRBusyRpa/eNUGDpF3n+g1AjE3jT146gSRkGkULEZ2mbq:gFu3aWN/PX+g1AjE3jT146TmGbEZFb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178612, "uuid": "1805bfc3-a3ad-4aa7-9dc1-a36f1ef6e87a", "value": 744448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178612, "uuid": "f15efc48-9b81-4bec-80ab-586cbf260e73", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178612, "uuid": "cfee10a6-27eb-4aa9-a63e-bc1ee1136985", "value": "Request for qoutation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96bb151a-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690211155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211155, "uuid": "eb8f18c5-821e-4f54-a107-fc0cd0232d80", "comment": "Malware payload (Amadey)", "value": "ab1aab1b0092a44b557f9702d280eea8", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211155, "uuid": "f0b39f4b-7ccb-43ec-8e1f-10479fd48441", "comment": "Malware payload (Amadey)", "value": "df0928765104bf106d2c79351b90b04cc1ca7c2e4ac3ef27767aede524645bb3", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211155, "uuid": "78e10871-7a8b-4dce-8628-5e815781f0fc", "comment": "Malware payload (Amadey)", "value": "ad048121f845c56f6fdb516b54ec182f2ab64c65", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211155, "uuid": "cc1d6653-4892-4df7-b6b8-e4ba41481ed8", "comment": "Malware payload (Amadey)", "value": "af47ad13600da15e1cebc4c2084a6b4adbd5982aef12837bb39494268b4da9c1d438b346a7b1978416ed31b3da87aae6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211155, "uuid": "0ad9ad0f-ac0a-4f58-8ccb-bc0d01e20259", "value": "T1002408557812C032D56061762DB5BFF2C59DA828ABB049DB7B800F77DA112F73A70E3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211155, "uuid": "dbf3c639-4aab-465a-aa10-67e53c33ae08", "value": "698e68059e2b8538f873da69a2766d48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211155, "uuid": "1bcfb313-915f-4ed9-80cd-4f4875e9e10e", "value": "3072:3vtV3ROZ6RDwrR3wMUzUVwQ3rInyRnIvPak3hhiHFSbuZhuNcZVKBzqm8LHIkbGB:ftV3euVz6rKyS3yHFHhuNcPKpwU+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211155, "uuid": "da8a304a-4f95-4024-821f-e1ea45dac60c", "value": 228920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211155, "uuid": "45904984-01e6-49e7-875a-47291f72bb41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211155, "uuid": "4474bbe6-c712-4a49-97b9-b06de5e59f7f", "value": "ab1aab1b0092a44b557f9702d280eea8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e77110ae-2a37-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690213008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213008, "uuid": "30be9495-49c5-4e15-b2d1-ee8e4b0bc87d", "comment": "Malware payload", "value": "8b88861d583297d51d155f3950ecd899", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213008, "uuid": "1ef3aace-8b45-4a1b-aa5f-7a048cea68ea", "comment": "Malware payload", "value": "dfc8ef172e2bc477304e7c7e6486b33e3c699a7b8e42d0243c5c14d5c651f780", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213008, "uuid": "75137b80-f1d5-4594-afd6-67ad5ac8a2c5", "comment": "Malware payload", "value": "53c0b8156b15f6a6e7e5bd9d459502f3c9cb9683", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213008, "uuid": "e3a6d19e-5f78-48f4-8d65-22bb8314cf68", "comment": "Malware payload", "value": "708fb26bf1d6c636ede53e3c8404f91f4dbd2ab94062b7970df2758b0056e209f308913eaa49d29698cc8fba349735da", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213008, "uuid": "e4720e12-19ee-4508-9b06-d574e1a7575d", "value": "T15236021AB9648C64D593D4331014D6A39205D68EBA18DFCF23B01D0AFEF55EB8B12BED", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213008, "uuid": "654e2559-3487-4b96-94bd-40430807a910", "value": "c6e51dda1622035b42b177c9afe67c30", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213008, "uuid": "9d2997b8-4378-405e-9d05-8750be38e30e", "value": "98304:Qq21KaNjf5rBIZU86Ch3/NCFBdkPo3Tsy1y6Ifgk31fTmU3Gt2U6cjlWt2:e1DNr558bhV8dkwDsb6M31fyU3Gt2UlZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690213008, "uuid": "42c62d58-7269-489f-8946-f29fa87511bd", "value": 5077476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690213008, "uuid": "16efa6b1-fa62-47ec-9d45-5940f123f163", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213008, "uuid": "d0608cfb-2ee0-47a9-bfaf-8470731b5f93", "value": "8b88861d583297d51d155f3950ecd899.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d72fc9a-2a38-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690213260, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213260, "uuid": "7baca1e3-54e6-451f-8e79-efe3c9d5807b", "comment": "Malware payload (RedLineStealer)", "value": "16acc22694ecfcc716e627c9ac16e0ee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213260, "uuid": "345f7cca-03c5-4737-81b6-1f10846b864b", "comment": "Malware payload (RedLineStealer)", "value": "e00e2ca8f12e507e65af3a0f955e168a1a3176477281a44f1e84c17ff30b679d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213260, "uuid": "18c2309f-46ee-48aa-9bfc-4194575beeec", "comment": "Malware payload (RedLineStealer)", "value": "36c4ffa86b2c9b84366c070b724fc2e045464861", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690213260, "uuid": "2ab0eb83-176d-4d62-97e5-550f316d0d92", "comment": "Malware payload (RedLineStealer)", "value": "e09ae8ef665aae2c803715801d32761d0dbb0482fb4fda3a068e624ba20165943bae0ab462e53634fc28c231f5c71c69", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213260, "uuid": "1de18c24-5641-44a1-a9e8-b0b1f57f5d4a", "value": "T1AF840283EAE85433D9F42B70A9F703D31A3A7CA64938935B135A985E1C735D0A53137B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213260, "uuid": "9cdc7f8b-d4ea-4762-94ab-aaac07d23daf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213260, "uuid": "881f66b6-799c-4f7b-9aee-d464128bb1f3", "value": "6144:KAy+bnr+9p0yN90QE9sdj6Ys9YmzXpa60OTyUkJGu1yAJaooiq/jU:8Mrxy90vs1yYCXpV0OTypVaotn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690213260, "uuid": "df14df5f-333f-4b10-ad3d-1181b3b6aafd", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690213260, "uuid": "72e81093-073b-4f4b-9ecb-b3548a4028f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690213260, "uuid": "516e78de-7016-4508-a24e-99276a19ca7f", "value": "e00e2ca8f12e507e65af3a0f955e168a1a3176477281a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ac834af-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690211350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211350, "uuid": "138f4645-ee4e-42f2-ab1e-14c95c946ee1", "comment": "Malware payload", "value": "e96135f0915bc55ccfd39e55b78d1bb0", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211350, "uuid": "516f0a50-0b00-471f-8af3-300fd1b90751", "comment": "Malware payload", "value": "e0d45b5eae5f677bbd3be2bf0898ff166cc729307ffe14a743353c5632866ba9", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211350, "uuid": "5804a097-2bc4-4734-9e74-2ffd8a799a01", "comment": "Malware payload", "value": "823abf2adef89f261492cc4fe4e7dc2ff4f9aea5", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211350, "uuid": "6cb8ba09-7fb0-41ae-ad49-6a42f30ccc17", "comment": "Malware payload", "value": "87e8ae391121b7ca54e4fc77642bb6954f82467f800ec78faa36921e7351b3e174ce2df3f41fda3cf102f3cea92dc8ce", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211350, "uuid": "3ac4ebd2-19a4-4175-a2cd-f5ef5f52ea0d", "value": "T1BB75F103B8159F87C41C83F87E7329D90F1A6F09E895A9DB10133FAB3B71A62595B21D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211350, "uuid": "ef2caef8-fa15-497f-a44a-16da7839e1d9", "value": "24576:xZu9VNZylw6VCOZyjw6VOViNhuuvvt02onoPbXQwcgZffbL5P5wKx:xZuPR6VCY36VmiNhv3tFBXXcqLl55", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211350, "uuid": "c728b072-7cc6-416f-863b-e4c45f10bacd", "value": 1623040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211350, "uuid": "94598339-e566-4e63-8872-112cea61d9fb", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211350, "uuid": "8074d512-b8ff-4d2c-a82a-fa58c805a0c8", "value": "ORDER_ENQUIRY.xla", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a260fe43-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690203014, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203014, "uuid": "46739ec2-5c61-463d-85c3-0615db0a02f3", "comment": "Malware payload (RedLineStealer)", "value": "5f2e3a1eaf13eba62d9160db940348ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203014, "uuid": "4f3e819d-afe0-4e8a-9b5a-aed2f635ad89", "comment": "Malware payload (RedLineStealer)", "value": "e1d8649ed45d3487ed75f3b56fc06e63a409162c528eaf378bff7c294b7e7bfb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203014, "uuid": "c53bdde4-651a-4f71-b7ce-a217d9faf34f", "comment": "Malware payload (RedLineStealer)", "value": "68ef07fceac0a4363c17a9d517bad36d2667082f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203014, "uuid": "d1c28d1f-c586-4593-bd65-5b6bfb62af75", "comment": "Malware payload (RedLineStealer)", "value": "b2f4348aff584dd57c790f1aed33e7ee2fb8869391a6c8f303a22d5f67052b6361255630dae146649f769f38ed9c9cbd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203014, "uuid": "af875d7a-2ded-4fa8-be53-ecb169ed1d06", "value": "T1E784290792B13D57E917DB728E1EC3E8761EF2608F5D7BA6D2199A2B04B10B2D273710", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203014, "uuid": "c087db1d-3135-4cf5-afd9-6b5ba33b8d5d", "value": "266fc9b95dac31574046704a6db5e3eb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203014, "uuid": "6b84b9a5-4d60-4549-b279-9070ad6050af", "value": "6144:xbLXomMHHQRBixvYmDJIebC3xtqeimntLT11:BTomMHeUvYiIeVei0T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203014, "uuid": "645f45cb-70c4-45a1-923d-26222b8e8164", "value": 377344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203014, "uuid": "e305c413-a00c-484b-ae30-acc27607d3f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203014, "uuid": "1d90fe46-1b73-4b2d-9907-4d5124892a55", "value": "5f2e3a1eaf13eba62d9160db940348ad.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6b7e516-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690210860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210860, "uuid": "c9bd5736-51cf-4a4c-8aa5-bd5f15ed5a16", "comment": "Malware payload (RedLineStealer)", "value": "613fe8a9b599fa77fdbad0ec34cdf44d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210860, "uuid": "4e3da717-f422-4d88-a280-c962070b0449", "comment": "Malware payload (RedLineStealer)", "value": "e265fa415bed805a8437a03e90f326547bb2ed1ece88dcba96df0b3c9398d9b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210860, "uuid": "df6dca70-f4ad-4061-901f-ad6beec1bd48", "comment": "Malware payload (RedLineStealer)", "value": "aba99efbb3e63420d46b5ff55caafe5634830a8c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210860, "uuid": "128d39f1-6836-4ff3-94a4-ba6b16d104b2", "comment": "Malware payload (RedLineStealer)", "value": "2701c9d2bb35824ec7e9caa1de01e82c7b3b30203782ea31b6a6f6d78a5b2b34d176b58552be5244dab7b217b70f1e7b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210860, "uuid": "e85db2a7-f587-4b55-bd22-38be5f80aed5", "value": "T1F6840103EAE99033D87467B058F712D30A3A7CB19978976B3B455D5E0CB26C4A93273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210860, "uuid": "ec7796fd-ab57-4fc4-856d-592c60b26910", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210860, "uuid": "755e7646-682e-40c0-b81a-dc33b1501a79", "value": "6144:K2y+bnr+gp0yN90QEwZXbzXAiuNKMXUNzwiZvNNqq30VUYLhSreJpIkix2mBWklY:2Mr4y90WAgsiZvS7VUyS9xUC8z8U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210860, "uuid": "04d61562-1fa6-4303-bc1a-26ed0a308f17", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210860, "uuid": "52f779c3-0579-4105-b34a-9c1f656db639", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210860, "uuid": "f455e83e-748d-45b3-8954-153b129f095e", "value": "613fe8a9b599fa77fdbad0ec34cdf44d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9661f0ac-29f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690183667, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183667, "uuid": "5510906a-dc65-4b8a-8c31-dd793c092931", "comment": "Malware payload", "value": "2cae079910ac7b3d7ab40444d4b52526", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183667, "uuid": "ffc5af5e-6e3f-4706-b7c7-3a32d6eac917", "comment": "Malware payload", "value": "e2a23b14221af2eddd9b0c87260fe96647d482a67d966162b7882428ad13ca59", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183667, "uuid": "dd67dd0a-feee-4bc8-bd49-1285afdc8ed7", "comment": "Malware payload", "value": "8ea071ff850cc350f8528b6821841ec678f9a7df", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183667, "uuid": "f97cc96a-207d-4d11-8d26-a100e7b7cb0b", "comment": "Malware payload", "value": "fd3a4ca6c889b6da20f62061267ed9664f59d1640d3abbef9b29a15ef88e5f7013e372f5c349cd9551a6eb10b58cc5a5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183667, "uuid": "c63d441d-eeb7-43eb-b4bc-8afcce24bcb5", "value": "T1C7968D8BB8918A57C1E42637A8BE80C433675EB9978766576D04FE3C3BBE19C1E35304", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183667, "uuid": "9f096cf8-e0a6-49b9-affc-73f8560aa6f4", "value": "98304:R3oO03kmzj3pEpixeNoD3D+nugKpQaJdTETtvN:R3o53SxNobqugKpNQTpN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183667, "uuid": "44e74ec7-2e1c-4c89-9ee5-980fb4ea1d14", "value": 9034083, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183667, "uuid": "b378d2ac-ea99-495b-a466-f3806ea1b4e7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183667, "uuid": "52438d1e-959c-4af0-8cfb-9bf5d63e56bc", "value": "2cae079910ac7b3d7ab40444d4b52526", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de026b22-2a2d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690208698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208698, "uuid": "2f05344c-d9e8-4b5a-bf11-16e6c1dd5581", "comment": "Malware payload", "value": "1474ec2ccd764ed8927b5b0dda00d42f", "object_relation": "md5", "Tag": [ { "name": "disdroth", "colour": "#C225B5", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208698, "uuid": "5c454959-fedf-46ce-8e67-f9b57a94bb6d", "comment": "Malware payload", "value": "e2b91f140465aa41b751bb43af092198a64c165c0542030b43df611ef0374303", "object_relation": "sha256", "Tag": [ { "name": "disdroth", "colour": "#C225B5", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208698, "uuid": "977637ad-d360-48ba-9480-b1faa8c1ca51", "comment": "Malware payload", "value": "bfe0333ae020daa280c1e9748d5dee262bfc588b", "object_relation": "sha1", "Tag": [ { "name": "disdroth", "colour": "#C225B5", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690208698, "uuid": "b7f99b37-a9ea-43f2-b9fb-24ccc73c4a66", "comment": "Malware payload", "value": "e647d13feb33cb10c957718cb375ac2eefc5e22de423d311fb514d6872309e6e1d4dd9eabb0ad490e576dea8a7b2e77f", "object_relation": "sha3-384", "Tag": [ { "name": "disdroth", "colour": "#C225B5", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208698, "uuid": "47c1dc24-aaee-41cd-81be-cbfde7288b29", "value": "T1B5354C3033B9821DD86F077C583259C567B6B6977B58C72F2488269CDDA37138F226A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208698, "uuid": "61e066d6-5d46-4da5-90c2-39bf5c4c422e", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208698, "uuid": "ce840a27-b28a-4537-97e8-f9637606f885", "value": "24576:9ogPX+YkPrSpfj3DcXv/c+kE8IAQ14rRD4xfAUC0BNAh:j/5k03DcXv/LkE8IAQ1dB+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690208698, "uuid": "906c2edd-536a-4b65-98ea-65cb90ee6bdc", "value": 1140224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690208698, "uuid": "a18ce0cf-ea1c-49a5-9a1c-7189cfe76f55", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690208698, "uuid": "37eb91df-be11-48fb-ba7b-12eaf0fbaa4d", "value": "ShareX.HelpersLib.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e512166b-29e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690176497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176497, "uuid": "94b9d071-b9ec-4c89-a488-8b1a1bf0c9e0", "comment": "Malware payload (Formbook)", "value": "9c3d4b7212346087b086983c4566547d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176497, "uuid": "379f60c2-d270-4c3f-b6b8-7b8db0fa2b92", "comment": "Malware payload (Formbook)", "value": "e30ffd629a507dd61beb41fb6988ceb6e2f7d311e3f289c66eea2c80a83b20d0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176497, "uuid": "98c941ad-8ec0-4a05-b614-55f387a66e5c", "comment": "Malware payload (Formbook)", "value": "2e9d25fd3b650d90efe58d6df94a7263b747b3da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690176497, "uuid": "bf8d6d89-b078-4a5f-9d60-0ce2d804abbc", "comment": "Malware payload (Formbook)", "value": "5b4c0c1a2717b939b6d8563d67681f36302a89f7c1800e01a52a888ff5dde704e329218a6308435daea1956239a11404", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176497, "uuid": "b05ecd7b-b670-427a-86b7-9b3cfe14aefd", "value": "T10054120C73B0C17BC9B186B44E3B1B43A7CAD9250075B74F53B19AACBD166C2991F394", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176497, "uuid": "60178115-cad9-4239-b1f9-107841d3da3b", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176497, "uuid": "491c5712-803c-4064-8ab4-e5121a0a9165", "value": "6144:/Ya64pAdSb8XIRriW2y2vVKd6UbKJW7Q8tiJLb4vZPb7cNDpY5s3:/YmpLb84O2oKhbgWPtM4vZHclpY5s3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690176497, "uuid": "3753aa4e-4f56-4425-8fa2-dcd1c55fbd63", "value": 278730, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690176497, "uuid": "ac708941-026a-4ab4-a238-afddabc04699", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690176497, "uuid": "bd7ff7e7-6f2a-43a9-807a-59d8539c3b4b", "value": "RFQ # 1045981 - MAA_D Plant Project r01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8a33b53-2a3e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690215990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215990, "uuid": "db906a4d-8176-44ab-95a5-faf339bb3da7", "comment": "Malware payload (Formbook)", "value": "19c737db9110838205dc342887db6fa6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215990, "uuid": "2b670867-bdb1-4cde-9d3a-b8fe8d5cc35b", "comment": "Malware payload (Formbook)", "value": "e325cd7917bb15d2b08a1028083d1bcdbfe46cc42e272f603382cfc30ff2dd10", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215990, "uuid": "2d148db9-a85e-4abb-a2ab-bc51019a632b", "comment": "Malware payload (Formbook)", "value": "90af87ecd8754f15ffc15375006fff0184a81a62", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690215990, "uuid": "627731a2-52f3-4957-b367-6464f99d35ff", "comment": "Malware payload (Formbook)", "value": "7f03aa8c43acf229f73df479270b7fbd5954188cfe8d9e9d4ab7e0ab382e77cacbf3cbdb5a81b9b101c93cf0ef3cb3fd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215990, "uuid": "e846ad33-a25c-4cfd-8123-558f104c2839", "value": "T1FF4412306268C99BE6E34B317D3653268FFB69215DB69A0B17105F087F73306990E7A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215990, "uuid": "dcd7996c-d84a-4a2e-843c-4dd664a8f96c", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215990, "uuid": "11af40de-62a4-46fc-bf9f-64e2dc13e590", "value": "6144:/Ya69T0ZVHIDo7iG0x+0wUkapBDDE9XyhvU7KI+n8AAzkSqL:/YvfoiG0XwTapBDDuXyq7K9BUkS2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690215990, "uuid": "8ffc7cc8-696e-4aaf-a1f4-3accfb1564ca", "value": 278528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690215990, "uuid": "89dc8928-6d96-4eb7-9dd3-01fec1ee5686", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690215990, "uuid": "46cc7b85-75b8-4fdb-8c47-2462feada813", "value": "Purchase Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74a8a7f7-29ef-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690181892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181892, "uuid": "f3eee583-46bd-4d50-88a1-1b19607d1fa7", "comment": "Malware payload (AgentTesla)", "value": "762dbe123e50a572a712d62bed017360", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181892, "uuid": "1ba1e445-1d2d-41f3-8050-a56b44a6116f", "comment": "Malware payload (AgentTesla)", "value": "e423db73644b177ac6bbe3445932e8d23ed5835b058af257277d73bf0ef9080f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181892, "uuid": "8e850351-f365-41d9-89d8-efaf427896b9", "comment": "Malware payload (AgentTesla)", "value": "b26b0ee27a29531bc6868a10bbb8a2bc13b1b93f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690181892, "uuid": "2c579eba-448c-4826-bbe6-a6da80a4bc2d", "comment": "Malware payload (AgentTesla)", "value": "be3a80e142e4d88276eb1b9d923d9d65552c75f4b3fca4b03fbab5051278c44cb093aa9780da11ce642d164a942ccfb3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690181892, "uuid": "b5be4710-6397-49e4-8ccf-26e1b962175f", "value": "T1D2E28F1AE79F02A88F911277271B1E89A6BDB23EF3505571785C833433DDC2E42666BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690181892, "uuid": "10f4840b-7c1e-4489-a6a2-b87ffb13d9b8", "value": "768:CFx0XaIsnPRIa4fwJMszRm6TdJIBjeM40WosNCQV5SV:Cf0Xvx3EMsVdqj54NosNCj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690181892, "uuid": "167511a0-aaa9-4cf5-a462-68ec6c1113c9", "value": 34179, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690181892, "uuid": "a9f22656-8a87-4b8a-b52b-eb651f5fbe34", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690181892, "uuid": "698fefa7-6a56-427d-8c6f-fbf112f8d5d5", "value": "762dbe123e50a572a712d62bed017360.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92f6ecc3-29f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690183661, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183661, "uuid": "621b37ec-1692-43a6-b6ca-dc4a52b01601", "comment": "Malware payload", "value": "2bc9c84fb1ef324ffe7a9c9c7ed70fd1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183661, "uuid": "e68d435d-19f4-4ab7-8092-faec0c9f55c2", "comment": "Malware payload", "value": "e4a9cf9fb2bc833f4347a94665d2b930944f34888377b65cf2cf9e217f20e5e7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183661, "uuid": "90521650-eaf2-4238-8862-18bc0e7d35da", "comment": "Malware payload", "value": "d45a1149ea37d62f3f4924abf1d351330014d536", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183661, "uuid": "8dde96c4-2960-4dc6-b27d-f726c5a0d405", "comment": "Malware payload", "value": "39be9adbda0e663a27f4c725ddc1de36fcc2e3d79b248f912fd84f47eb208cdd190594ea270d92731df1b8898d099605", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183661, "uuid": "3caffb62-e93c-4b4b-a772-b70d41efb843", "value": "T1EAA66B437B18EB1EC724113448B2CA946739AC4545DAA517B399F30EB9F10AC6E6FEF0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183661, "uuid": "af2fe9ee-d7e6-4fc2-99df-b228d981113c", "value": "98304:adTAWQd7HPfPB6BdL60l1LNyHgNTdLMrMB9C:/WQdLHPadTl9uMnC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183661, "uuid": "b3972e38-2c92-4c1e-8c82-9535fd89f988", "value": 9812342, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183661, "uuid": "1c630c6d-1f25-4f5e-b9e5-64753956ff1f", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183661, "uuid": "063c6d24-3fe5-4ed3-92ed-2823fb5c6a25", "value": "2bc9c84fb1ef324ffe7a9c9c7ed70fd1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d000d4f-29eb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1690180000, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180000, "uuid": "ebf55461-d6dc-4f90-8145-bd6e2a53ee46", "comment": "Malware payload (StrelaStealer)", "value": "95bf323526b5725728c8bdd27f873ba0", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180000, "uuid": "acee6455-183c-41c8-9419-4a4e18553c07", "comment": "Malware payload (StrelaStealer)", "value": "e50f79c0eff119b169d5deaa1f40f45e326f21f1133feed041b255cf3f092d0f", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180000, "uuid": "5f5c4277-0ac0-4242-900d-43ade7ff5424", "comment": "Malware payload (StrelaStealer)", "value": "84567f6c0c52e61bcef396e25b91a8df0daf0ea0", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180000, "uuid": "dcead22e-4926-4765-b5a5-6aeab9a18561", "comment": "Malware payload (StrelaStealer)", "value": "511c0045c1bb86962125652ce8469b48d5856cd1ee49c7fe8249f52769086134b5e331f8b37203d93e02a7521941a4c0", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180000, "uuid": "5cd0a7bc-cdec-499d-ba90-1adc7b097d49", "value": "T14B252AF476E07BD30F75291DB3CF80B27C64B457F4EDED8622C90E1E928429998A6D60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180000, "uuid": "c89d62b5-1e11-4187-ac39-ac56a6f48039", "value": "24576:gK6NvB3f39v76xTo+4yKOxNwPeJY/mbGI8lGxcd33TFelSl7:gJLicTFelSl7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180000, "uuid": "20577ce6-216f-4c45-9563-5b9de2b364df", "value": 993518, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180000, "uuid": "65aa6dcf-4aa3-45d8-9b22-8ef416bfd77a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180000, "uuid": "94ba83ea-0ec7-4474-9c15-555de45391d7", "value": "PDF40220371238.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "265b2914-2a4e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690222563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222563, "uuid": "eee06f33-8739-411e-8cea-8b95bc19439d", "comment": "Malware payload (Amadey)", "value": "cf9c9c3c9a55e55e964f0554c5649b7b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222563, "uuid": "54ecbd31-d2e0-4c3c-980f-07d74976aae8", "comment": "Malware payload (Amadey)", "value": "e51209992d30462870d1eb59e33ab44430a6c4e798420f2245267b6f7bad122a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222563, "uuid": "94fe42ac-cab3-4756-9232-5970fbd6dd7d", "comment": "Malware payload (Amadey)", "value": "190aab6914857e24ef63e3baf8ca04166e20db2f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690222563, "uuid": "1f4182d1-b7ea-48c5-9c2f-119bf60b7871", "comment": "Malware payload (Amadey)", "value": "f901cefc3fe3a8bd0b887327e2383636a572ef41a3331d792d284df9a906c503a40d036350c062143b92dd12bec91e17", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222563, "uuid": "174fe6c6-89d9-4522-b4b2-0b7db37df692", "value": "T1BF840112A7E88032D9B427B09CF606930B39BD618D7D576B2786E82E1CB35D4E43176F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222563, "uuid": "3a74582c-1a55-4ba7-aac5-16b4f355c0b5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222563, "uuid": "7afc915e-2694-48e2-8226-f0b798220fd1", "value": "12288:KMrSy90tz481EOxYtB6ugBYCj/HGFBnzDz:MySMztEzLiBnXz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690222563, "uuid": "ffaa4d7d-4569-439f-98be-e73bdee62dea", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690222563, "uuid": "7a9b4563-2158-488e-a1cf-b78d803bf0a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690222563, "uuid": "22e7047c-be29-4202-be51-9cade2052dfa", "value": "e51209992d30462870d1eb59e33ab44430a6c4e798420.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "441614d6-2a50-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690223472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223472, "uuid": "638da773-f512-47d5-b46c-b97192444566", "comment": "Malware payload (RedLineStealer)", "value": "4bed0dee2597b24427c89ae0febda360", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223472, "uuid": "eabd3164-f7b0-4f67-9758-364787bb68f1", "comment": "Malware payload (RedLineStealer)", "value": "e5190374ed5cc175f77d8a2806c9df7c9e01481f7555ae7b51346fb0a6d96001", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223472, "uuid": "eeb32d4e-2744-40c0-b49a-3a5f4b83544a", "comment": "Malware payload (RedLineStealer)", "value": "f72a951a8212f1019c16aa845471f62bca21593f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690223472, "uuid": "319b2f7d-e885-4313-a83c-017ea8f4b80b", "comment": "Malware payload (RedLineStealer)", "value": "ab6c0d4e1a9b67161fa692071fa339549b12805cf18162125a4527ccaf5d7adb919956631f8fcb3d63486aacadd66018", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223472, "uuid": "6a3416a5-6306-4028-8971-51a13025f834", "value": "T189840153B7ED4172EDB127B048F712D31A367DA59974926B3386A84E1C73A84E83433B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223472, "uuid": "3011226c-a606-4654-a291-66072263a5b7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223472, "uuid": "f564def8-7edb-4a4b-9c00-fa7dab39f404", "value": "6144:Ksy+bnr+3Kp0yN90QE/QzbHPWOT8dDMtRC64f1916KL/LT8TqTaf:UMrAry90B0jP1XRI91DzyJf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690223472, "uuid": "2b7b0547-a2a9-4112-ba2a-9ed696802fca", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690223472, "uuid": "63ee954e-d76c-4764-92db-f79296f43d2a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690223472, "uuid": "6a607ae0-e2a3-47ab-89c7-eb5eeb7aee58", "value": "e5190374ed5cc175f77d8a2806c9df7c9e01481f7555a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed393a25-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178658, "uuid": "7f51082a-c838-4f1b-b76f-ba38108ba908", "comment": "Malware payload (AgentTesla)", "value": "bd312625b12c51b9b43b63626fc3e2d9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178658, "uuid": "ca8d4551-51ba-49a1-924d-c59b66e21add", "comment": "Malware payload (AgentTesla)", "value": "e5422aab2b092de22741f596fef6ec85bb285f9ddee4efd3b1e5a165f7bddbaa", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178658, "uuid": "2570c9a5-b2b9-4ed2-9244-e4e97e4a06d6", "comment": "Malware payload (AgentTesla)", "value": "d0eb5ca3ebf499647bc1d36e2dd5475bbafeb5a8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178658, "uuid": "4d2ff1e2-2214-4f13-852e-e6fea5f5076e", "comment": "Malware payload (AgentTesla)", "value": "d8e4e275f2e6ec6b14bd5d058330e97021559f80561940da7844a0c46c046ebf688ce4f5aefdb3017e574cc664e961e8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "Halkbank", "colour": "#2FBAE3", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178658, "uuid": "7b9b1214-05ba-4543-a0ed-8d57eea4f6ff", "value": "T1B905221637596E23F1DCBDF44AA0986113B655917027C3DEDEB20189AEE2B80FF218D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178658, "uuid": "d780dd15-c736-43af-a3bc-31965b28e2a5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178658, "uuid": "254e21cb-6dcc-472f-a28b-a27528a1056e", "value": "12288:mZvJRBusykXFmATPMXVw9xbA+GyAI84ioERNR81TzBc:oFuw4yMlw9KhyadoEnUzB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178658, "uuid": "e8f3d6b4-a14c-4986-871b-f9e9605ec040", "value": 828928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178658, "uuid": "b57bde1c-a0f2-4045-9ee0-bc0dafdbc65b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178658, "uuid": "d8d8a390-d767-4f88-b5cd-fd15ee18e141", "value": "Halkbank_Ekstre_20230723_080713_458894.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f33f04e-29f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690184084, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184084, "uuid": "902f095c-a7a2-496e-be16-828b7e2efb69", "comment": "Malware payload (Formbook)", "value": "ba5b5793f7b2f43e7b1c70ada9e926ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184084, "uuid": "b4d1e78d-1dec-4929-ba8e-06665cdea8ea", "comment": "Malware payload (Formbook)", "value": "e83d65ee23f397269dd89a621fba51c803ea65652d22679fe6e6dcdc16e798c5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184084, "uuid": "ceeeb042-bd82-4482-a210-34b778c3dc38", "comment": "Malware payload (Formbook)", "value": "47a170ba23b45e5f4fa5b7c4995c0dfde8891ab3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690184084, "uuid": "f1f2a7b8-83db-407d-a510-de23d3a478d8", "comment": "Malware payload (Formbook)", "value": "f394064fa5de059a21e26f8a27e3d896be6f33456aa0d5ae7a3a5d6ec044534c658ea831d2bc736edda9bf9a7f57aa47", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184084, "uuid": "f943d271-9fdb-4843-ab12-80d36c43842e", "value": "T1BA059E61B261C577E1736E34CC2A976994687F60293C200AAAD63C9DFF773927C281C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184084, "uuid": "50d0a233-4123-4f99-9567-15843ebc307c", "value": "da21ccc93f3893853ed8366aca50ca61", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184084, "uuid": "f90da1b6-943c-4f49-8ab6-bb8e84a6e269", "value": "24576:rk/A25GoqxIJs7ks3XJrPz6cDCnvMuqv9:rKAKGj7ks35rPmaCnvMTv9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690184084, "uuid": "7fe864e4-e0a8-434c-8b27-dacdf63416d0", "value": 808960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690184084, "uuid": "bc9ca3e9-ac80-4f16-ac2a-853b9eca09f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690184084, "uuid": "826605a3-e561-4ac7-bac1-e6465cbae43b", "value": "\u0633\u0641\u0627\u0631\u0634 \u062e\u0631\u06cc\u062f pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4618b9ef-2a1b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690200712, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200712, "uuid": "084e9001-4a86-4435-917f-2812ec3bafc7", "comment": "Malware payload (GuLoader)", "value": "72817dac5051c35f41149067d8e94327", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200712, "uuid": "820c0262-6b1a-4e1b-8322-fd32ca7bb96c", "comment": "Malware payload (GuLoader)", "value": "e89b7fc9e69c109cebcb95fdcc42880fd35f4252170ec83a80aee860c366fc86", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200712, "uuid": "d5601bd0-1b80-4066-b9c2-42d20451cb9a", "comment": "Malware payload (GuLoader)", "value": "7e7d287331c3d323c815264d79a9f0be021b516e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200712, "uuid": "57d5e480-9b2f-4d81-af7e-704bee91ee33", "comment": "Malware payload (GuLoader)", "value": "06b66d37781ddd378f16d15685cb637f1f483723a27d711a06d866a8f557e8da27d21e5548fe905bfa532b0c2fa27aad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200712, "uuid": "2d17b93f-2503-4f49-bc9b-a55f3f7be35d", "value": "T180140202B6D0D677E16C0B718B725F73ABFEC505228516DB67C02B4B7A235D0862F29B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200712, "uuid": "8418c70d-76de-42fe-afe3-2b718af3c160", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200712, "uuid": "db1ad271-aed2-4203-8630-114f4b62e522", "value": "3072:nwDijpS4DbYcr8bmX91bWLOOVNUapZtWztcbP2udzkhrkopsIl3uuT7KWQIJ3yYR:nFPemXzcAaRWWTehrFpsIl+8X3y0Uen", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690200712, "uuid": "849f1ef3-9c25-4f8a-ab11-31538b134fed", "value": 192696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690200712, "uuid": "33d26b6e-1afc-4f2e-9277-187c5cdd9177", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200712, "uuid": "d889dc27-f3e2-440c-a2bc-30cd8e37924f", "value": "Ziraat Bankasi Swift Mesaji.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4155b093-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690210582, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210582, "uuid": "af01df81-6035-4054-9308-6905d4cd5361", "comment": "Malware payload", "value": "3831ea2c586ca14a08239ab1b5094bae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210582, "uuid": "21be3b60-2866-47f4-87c2-34abc3b487d1", "comment": "Malware payload", "value": "e986e9278d2f1e579bf821ae8e0fc012c689d63238adec675a67bf060a264e99", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210582, "uuid": "2dc78655-9e1f-4d64-89f9-74806422f2c1", "comment": "Malware payload", "value": "1cf13e7c89585d2c5f33813bc618e371504d6628", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210582, "uuid": "b346bf96-8bce-4945-bb09-eb43b813a5a7", "comment": "Malware payload", "value": "234f6be82fe71c90cd82ce4fa5ff0e2368dda573078bc9f529f9587397b2d2c39524a893d39ed3774c407d140438fce0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210582, "uuid": "c35264e8-4d7b-448d-8bba-c95f7de9f0b6", "value": "T163344C0672A5CF51D74589B6C0D35124A3FAA5476772EB0B7A4412E12E033EBFC8E78E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210582, "uuid": "9bb61727-73ee-4070-b2f8-a7e890440eab", "value": "6144:FnLHhBv1TPQSrgbrukmUFHwYhuLIl4WQDhq:FLhBv1TP6PukfyYheaQA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210582, "uuid": "610a1118-5c94-45f4-9ecf-6cbaa0ce2255", "value": 249856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210582, "uuid": "da0e01cc-d33f-4e7a-9918-3a2450aa3a5f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210582, "uuid": "b34130c9-8507-4cf5-b4dd-4ee9d3561f79", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "446ba598-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690178805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178805, "uuid": "06493a7c-8e4e-4b9c-89b0-93040029670d", "comment": "Malware payload (Formbook)", "value": "8c01c5495ca0e4f5743fd6455830e2a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178805, "uuid": "0d01b05d-ebc4-4926-a096-5e091e27e52d", "comment": "Malware payload (Formbook)", "value": "e99e6625b738c7c270fea262c29bccbd80989649e7b8408036dadce6535f253a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178805, "uuid": "bbf85257-cc67-46d9-975d-91c80c58db45", "comment": "Malware payload (Formbook)", "value": "e5d1ee9aa6e059c7200d55550054c35ba1412cca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178805, "uuid": "1e6cfa45-2365-4bed-be94-eb842e04e8f8", "comment": "Malware payload (Formbook)", "value": "9564ddfda3767d0d8a3443b49c1f7574f980864735218313ada183159fcf5ce63b0f55d947594d171d7cfd4f240bab25", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178805, "uuid": "83a7388f-ee1d-4975-a6a6-62fc696d45d0", "value": "T110F422623BAD9E03E6ADFCF4C6A091154332A9981437C3C88D7360857DA17D1BF626E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178805, "uuid": "5bb4f59d-432a-4580-993d-93ecbd2b043c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178805, "uuid": "6f6f58f0-245a-49e3-99db-ad5874c5063a", "value": "12288:C1vJRBusyyQ/ENGQmlSW4PMdxoSwkSVCjGXPG/sqbqhYeP3yhluuZ:QFuviGQgjgSwkSVCKqqYeP3Vu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178805, "uuid": "af5668a4-0940-47a2-9c72-842e3ea3b5bd", "value": 763392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178805, "uuid": "75d39120-8428-4e6d-bfc7-f1edc40c35e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178805, "uuid": "67c1188c-a2fe-46f0-86c2-df4f464425cd", "value": "New PO_4036041664.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3721dfc2-2a03-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1690190379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190379, "uuid": "cc522364-04ce-4e25-a444-1d49f52a8b43", "comment": "Malware payload (StrelaStealer)", "value": "efd73c1b451841209255acc1331f3113", "object_relation": "md5", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190379, "uuid": "9c2ec61f-6af0-455e-9dfe-14e13cb53dc0", "comment": "Malware payload (StrelaStealer)", "value": "ebea3e7556367596904c1b729297608a376ce546950d98a8acb88ea9ddcb1f13", "object_relation": "sha256", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190379, "uuid": "3fa22d18-c117-4f73-a8d6-0b24f39d7e57", "comment": "Malware payload (StrelaStealer)", "value": "0ad625265386261f4debcae84031516775d27ac5", "object_relation": "sha1", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190379, "uuid": "f2386b5d-e522-43f0-827a-c5e2d3f39417", "comment": "Malware payload (StrelaStealer)", "value": "34c6b98361acbc3ac34b503e8743f2b4fa6d01057ed2fa7156217396d972fc4978db09268ebcaa758a0687c7f10b8a0d", "object_relation": "sha3-384", "Tag": [ { "name": "91-215-85-209", "colour": "#7A8506", "exportable": true, "hide_tag": false }, { "name": "findstr hh", "colour": "#FA59BE", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190379, "uuid": "c08c6d7e-4b9e-4089-9ef2-36356a4c2c72", "value": "T1FA76D9E47291BAD20F78595DB3CF80F37C26F857F0BE5D8622950E0E8284255D9EADB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190379, "uuid": "4b772ffa-5130-4316-94bc-41ee9e832362", "value": "49152:y1gbQ5J0fsm3d8sdGxELTdhLgvZxXqPfRtg:q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690190379, "uuid": "8bfd13e2-9a61-40b7-b3fe-8f444165b068", "value": 7175662, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690190379, "uuid": "ca46465f-e627-45b4-9f47-a7eca0fccf54", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190379, "uuid": "a5ac69f2-205c-4cc5-bc9d-3152822064db", "value": "PDF31851986822686.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2737b59a-29ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690180474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180474, "uuid": "8e92629e-c133-4ea6-9832-103b0085fed4", "comment": "Malware payload", "value": "e1b6a449931eb9ccc2201fdcb777686f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180474, "uuid": "35bdf2ff-c28e-48ee-86f9-c149d1a693aa", "comment": "Malware payload", "value": "ec16649216920ccbf33c8b975060bdddab4c51afd2411ea8d75fff7bba827864", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180474, "uuid": "25ae80b0-cf87-4258-92d4-01b28adb6a8f", "comment": "Malware payload", "value": "e548801122c4a402fc65aefa233130f4a6c5f2b6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180474, "uuid": "4fa07c4c-c331-49c4-94ed-b856af653fb8", "comment": "Malware payload", "value": "24361d9365236edda8c35a7e46744bf7fa511b386cbdf30a9193e58ca197070b41948aa84a65762d3eb72be78f338f59", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180474, "uuid": "83414f46-1118-487d-8285-6383d8259513", "value": "T1A3335C447660C0B3DAAB023869A98A220A7F7C635BF480973FE9478D5DB15D17B3D363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180474, "uuid": "0f29ddab-95b9-47d6-b214-21b351151d8e", "value": "7eb17c54ee1d1987b0134a9ec86afc33", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180474, "uuid": "63b5fe5d-a758-4366-bca6-c99d7ab5a718", "value": "768:M+4T4yju3Ume3noLHSclB0bYc5EyHWqNKhsQymdj6TtByJUVseU:/a4yiFuobS6BAEQk6TtBts", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180474, "uuid": "cb99bc33-26f8-40b2-80fb-b5c574ce135b", "value": 50176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180474, "uuid": "af481d5a-f318-4caf-9dec-1367ae26a83c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180474, "uuid": "8ec4ea0f-f46f-48fa-b7a0-6a1cdbf1b6bf", "value": "SecuriteInfo.com.Win32.PWSX-gen.22797.15133", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ef0c42e-2a1b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Babadeda)", "timestamp": 1690200727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200727, "uuid": "759a4eb1-2658-424b-8d6f-1f883b6a5915", "comment": "Malware payload (Babadeda)", "value": "cb2d57649b7bba12e9589a2b422a8afc", "object_relation": "md5", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200727, "uuid": "de03cd8a-ef9a-497b-aa03-d540cb4ec5ba", "comment": "Malware payload (Babadeda)", "value": "ec1f605af73a6c8023ec3d65742fc5342a18ecbf28109c547205571845b791f6", "object_relation": "sha256", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200727, "uuid": "33ff46b4-6fa1-4b69-88ca-3bd9e08b3d1d", "comment": "Malware payload (Babadeda)", "value": "0c6280551a2685b65453322e290cc3aaf020b06a", "object_relation": "sha1", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690200727, "uuid": "12b88835-2d47-46f8-9e7a-76ff3d910886", "comment": "Malware payload (Babadeda)", "value": "262211e2d95ed167f1a2c6361c9ecba228d0f311ad24b6dba3d19f2cc8354dfed2fdec6aed31ef42a541c9ad12b5dc05", "object_relation": "sha3-384", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200727, "uuid": "28ce51be-c48a-41c3-9839-fb4ecf8c493a", "value": "T1F7936C41F3E241F7E9F10A3100A6712FA73666249724E8DBC34C3D829953AD5AA7D3F9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200727, "uuid": "109ea993-568a-4fc9-95af-377ae47dc778", "value": "5877688b4859ffd051f6be3b8e0cd533", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200727, "uuid": "fabc0c72-7713-4eb1-b20e-deb3e1011283", "value": "1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf2x6OT:fq6+ouCpk2mpcWJ0r+QNTBf2j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690200727, "uuid": "30665aa6-da00-4147-9bb0-d7bbb9e852ae", "value": 89088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690200727, "uuid": "3d94115b-5ab6-4e90-b464-33ba426a7a5f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690200727, "uuid": "86cf3a7a-8844-4581-a785-82a61c796b73", "value": "vt_ec1f605af73a6c8023ec3d65742fc5342a18ecbf28109c547205571845b791f6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1f8895b-2a32-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1690210852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210852, "uuid": "1dd1e8e0-371f-4d03-afb8-5fc30cac6946", "comment": "Malware payload (Amadey)", "value": "285060866a8877b191977c404d899460", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210852, "uuid": "8b31c2e0-04fc-4315-992e-76c99ddc0a19", "comment": "Malware payload (Amadey)", "value": "ec9035b9bf489866b184af0b0c88f1600150ac8d9395dbf172942d6618cee54f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210852, "uuid": "3affa113-d640-4164-b539-62ee434bb542", "comment": "Malware payload (Amadey)", "value": "999a15e6d20a9fb725115115b57639d5935b9367", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690210852, "uuid": "dd2da480-4306-406f-bb33-5fa18ce2fac7", "comment": "Malware payload (Amadey)", "value": "aada4e0a8de6905b635d79c01791ee2c6a1834aa79eeb2808b19e4ec82e4984ba02b336eea34e31d5f638045579ba02e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210852, "uuid": "81e99f89-2b8d-49db-b3f0-bed729c097e6", "value": "T177B41212B6E854B3DDF2277098FA0A830E36BC921D74536A3785B95F1C726C0A53673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210852, "uuid": "52ef98b0-9b2b-4971-9b49-716a280ab34c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210852, "uuid": "14ee762c-d2e9-4823-b7e2-2148af10a414", "value": "12288:kMr0y90n0reKAHbAodAsIIiyuiGzZgGrEZSFahqfV5QLzc:gyVWFmkDuBzTE56fP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690210852, "uuid": "8bef1e53-a542-4430-9a63-24f5471ff710", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690210852, "uuid": "57deb0a0-1375-4996-8687-77381fe3e0aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690210852, "uuid": "caeae89a-af91-46d2-ad00-882031608085", "value": "285060866a8877b191977c404d899460.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acae90ce-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690187999, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187999, "uuid": "7baa5a27-c70e-4dcf-acb3-2be31946280b", "comment": "Malware payload (Formbook)", "value": "e0c2a2551c3eb5c944b73d39bb7d13b5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187999, "uuid": "6f5c3939-004c-4a1a-a6d2-51d5a87d0575", "comment": "Malware payload (Formbook)", "value": "ee89d22c597178daeea41330edb19ab7e0a2b0197d1d640440966cde25eeb7ed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187999, "uuid": "90af6bd3-a84d-4e72-9de1-65ba05b6d10d", "comment": "Malware payload (Formbook)", "value": "026a72165fbb163426536258e1cdbc4b3f01ca8a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187999, "uuid": "bb79addf-e42e-4c90-903b-bff1d66e5872", "comment": "Malware payload (Formbook)", "value": "2caf7c66e9dcf3371e1294284d26341bfe875d3b95388df9a9f6503b879a7114405aed701f4ba31e3e8ae3b42568037d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187999, "uuid": "65ef598e-9a20-402f-8a68-ae8e5dec2b80", "value": "T1A1051251377AAF55D5B8BFF49290652903B1A68A2823D38C4DF120DA0D32FC46F92BD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187999, "uuid": "0932be65-b115-4e5e-962c-be7713ba4725", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187999, "uuid": "37cebbb0-36b0-431c-be76-a69048e79b5d", "value": "12288:ZcvJRBusy8Cx5KmNPhRj1WPKlwpuJdUOSwqn6qs+nNyBDHRuhMEw:AFutGmJhRxWClD2OSmoneRuhMEw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690187999, "uuid": "92a18b0d-3076-45e5-bfa9-0aab812a2bde", "value": 806400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690187999, "uuid": "e74a82ac-b3db-4a8b-afdf-ef904d9c8534", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187999, "uuid": "932a28ec-4533-4c23-9573-fb3a65996351", "value": "Enquiry No. 1000341492.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fe9e65b-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1690211358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211358, "uuid": "1950a09f-b5cc-4745-9ee1-092ed1f722b9", "comment": "Malware payload (AZORult)", "value": "53b39dfec158c27e856a1c2d7e478e87", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211358, "uuid": "efdaa806-4316-453d-ad2e-ade685958859", "comment": "Malware payload (AZORult)", "value": "ef15b219a909b033bb058a454e9348a5005802a91c47f3ede32ccb8b256b1196", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211358, "uuid": "f4381912-8f94-40cd-99ed-ed1a700c23ab", "comment": "Malware payload (AZORult)", "value": "11c9678a529a199731fcfdd88d3295a6c335f91b", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211358, "uuid": "c38d1ed5-beba-4c85-83cb-28005118a20a", "comment": "Malware payload (AZORult)", "value": "92ef6a45ea6e0f38531d6388d5cbc53daa0384d732bedf7d68609d77e755b20f5282cd6611c5edfe37ce51d2c07eff1f", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211358, "uuid": "4563e912-3ca0-430c-95af-0e2cce49b80c", "value": "T133052210B7C88D99C88347B4B9B7BB8E101EBD613AE5F4C33153BB6A2475F3B9126251", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211358, "uuid": "5803f659-ad3f-4d7e-9697-e13be935ae6e", "value": "24576:iWQmmav30xRu9VDu9V2JT8/NWOe6UYSsQ:nQmmQ30PuruUGNE6c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211358, "uuid": "b17d59f4-288e-476f-9517-85f9504bc064", "value": 871936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211358, "uuid": "35bd6e77-cc1d-40ef-a65c-d2c72c566575", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211358, "uuid": "5a61534c-e212-4309-a30b-27baad62ff79", "value": "DRAFT SOA 2023.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "611ed79f-2a01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1690189590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189590, "uuid": "6dae3847-817c-4e5f-b263-e3fb09aef13b", "comment": "Malware payload (SnakeKeylogger)", "value": "a4a97351978c1166898fee27719ab01b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189590, "uuid": "56ea7c27-c4ae-4ce7-9572-07630f30bb6a", "comment": "Malware payload (SnakeKeylogger)", "value": "ef634f411178f4e4b177515d80dd363158a73004da3229b07789d696d7c8dea8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189590, "uuid": "48f68050-3dcd-42a9-bfd3-88ea17700bd3", "comment": "Malware payload (SnakeKeylogger)", "value": "34f187b6af07aac2607199cd2ee93b14af226743", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690189590, "uuid": "fba30054-c20a-40ab-a44d-d6cb3640a807", "comment": "Malware payload (SnakeKeylogger)", "value": "08f24ba6934b506d4837eb598980d7196184ddc1ddbc698ceefbf64af0de9455ebc4c1d98cd575f55c6834b43b5a65e1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189590, "uuid": "2d856deb-bbb4-448b-8d72-3592933348c9", "value": "T177051703BA5B86B2DB8D13F6D19A0D168771C693335BD70B7A8E23A91803777BC84617", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189590, "uuid": "92f60c3c-a0a8-4a31-9ba7-b3bc5b122496", "value": "12288:DZy5Acbp9xYYCf2J0ZNLLneLzysJTHAi86cQzkIZXUS+gqRMeCBNU:qAUyj2SZJLneLGsGHIZX7p3eCBNU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690189590, "uuid": "97b6a09f-ff32-4a72-b981-7da0a91d292a", "value": 806912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690189590, "uuid": "7831dfb4-9820-48a3-ab1b-5097a053fd9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690189590, "uuid": "f9f1c808-558a-4704-88f7-38f437c2c716", "value": "Kfndfdrf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "933cbce8-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211149, "uuid": "970fc364-8632-4163-8f1f-2f054c960760", "comment": "Malware payload (RedLineStealer)", "value": "418fc764dacaf3c1a3ad6b1af4dbca6d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211149, "uuid": "279171d9-7a67-4c10-af5b-4eb67ac88f15", "comment": "Malware payload (RedLineStealer)", "value": "ef6d8ab5d7fe8ebbb8335c0411ab527c8acc7bb8a12506c3a7738d1892c9d9f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211149, "uuid": "baa8f289-911b-4558-9733-e5547f6a3705", "comment": "Malware payload (RedLineStealer)", "value": "c6551250dbe1ab2ec11d966f327a78c8bcf31c16", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211149, "uuid": "bb578600-312c-4e03-8d63-be0fc1645a1e", "comment": "Malware payload (RedLineStealer)", "value": "4d4574e32d7b333f9a9ac524afb3f44bc08212a168d5a36d20d0580030b0c0677ad9960d9e2a827e24dd12d81a3d6ac4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211149, "uuid": "90843b66-f56d-4f8a-9cb6-4f72d3846fac", "value": "T1F5840113E7D59032D8F5277068F607831B36BC629D34933B2346A92B5DB36D1A87236B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211149, "uuid": "bb689894-e376-4b28-afd7-308126524fe8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211149, "uuid": "ba9d701d-ed7f-4526-a10b-a4200440d189", "value": "6144:KEy+bnr+qp0yN90QEQ2GIut5T26ErN5dvA0R3pygBZ+t4iDa48h:MMrOy90mjhE57R3wgBYCiX8h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211149, "uuid": "83b95252-7fd7-4e23-87a4-4c89817ef890", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211149, "uuid": "de4c1dfe-3471-4136-9c48-ab59f787d0a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211149, "uuid": "bf99a918-7ba4-45a6-9c97-f60805971cc1", "value": "418fc764dacaf3c1a3ad6b1af4dbca6d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26f630ef-2a06-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690191640, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191640, "uuid": "5b709793-0a7f-4cc3-a329-d0252c45e2db", "comment": "Malware payload (Formbook)", "value": "68c43b3ca349cc9a76a0a0d52be2e53f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191640, "uuid": "6c1e32eb-90f8-4892-89a9-c3fc08cae65b", "comment": "Malware payload (Formbook)", "value": "eff9bbf602fab34b0fe063fb3595ef374fdeb30670db2eb04237a921f03ed47d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191640, "uuid": "19b468ec-8fd0-4ae3-a0ac-8017e692371c", "comment": "Malware payload (Formbook)", "value": "1dd8bb9ce6d321302cb5a5f5d83ddf9fba4a7edd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690191640, "uuid": "9add0fe6-3d60-4f9f-809c-42de11be703d", "comment": "Malware payload (Formbook)", "value": "7db736573e6856b7c841b52456660c013e6491de8c803df9ab25bb9382be747c801ab3b566e0b822d7ce054644b312aa", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191640, "uuid": "bdb8db0b-6e44-41df-adc4-47939bcb9eed", "value": "T158F4026437B6AB41E1B8BFF5956056150332A0252833D34C4EF630DA2E63F85AF92BD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191640, "uuid": "076187e9-2320-4c3f-afe2-6f8fb7545c13", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191640, "uuid": "e2af68b2-7d6f-471d-9309-db75ce96a474", "value": "12288:r5vJRBusyg5voG1vdKx5yb1+MCyoKhnl1fRIRDmTD4BUrLUJevU:FFuMusC0eFcnlxRIlmnwevU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690191640, "uuid": "6d7bca8f-4952-49ff-a01a-4283af8f2834", "value": 793600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690191640, "uuid": "703344fa-accf-4a0b-8d9d-22c90f847b91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690191640, "uuid": "d73a2048-f1aa-4176-bc12-59ca55f54b8e", "value": "68c43b3ca349cc9a76a0a0d52be2e53f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "133847bf-2a53-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690224678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224678, "uuid": "a4f6e181-8ba7-4d57-9ead-7974eb25bcc8", "comment": "Malware payload (RedLineStealer)", "value": "18b118afd64295b57f58479efbf36da3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224678, "uuid": "035fc62e-2650-4261-babd-460803d30ba8", "comment": "Malware payload (RedLineStealer)", "value": "f019fca8a2998f6982360d6041449ece48a475750008a5bb3469a84270b07570", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224678, "uuid": "b642a08a-56d3-4908-87ff-3f04ee6b3d7b", "comment": "Malware payload (RedLineStealer)", "value": "b2868342cfd43bddbb8df6a628605315572e200c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690224678, "uuid": "4bcd9abc-6054-4cae-8b2f-81dd90387a30", "comment": "Malware payload (RedLineStealer)", "value": "e243a2b1b2827dac66b7c3f8471129218cafe38b99fced5e25226d15d2163bfc5ef1733d52220c6d92c088760f8fc64c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224678, "uuid": "19ec3584-f558-4505-8b7b-1771edaa00c8", "value": "T162840203B7E98072D9762BF05DFA02C70E367DA14C74936B2345A86E18B26C4E97573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224678, "uuid": "ee2c38dc-83a4-46c2-a891-4a17cd7cacb3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224678, "uuid": "1cbd3dbd-1fe7-4d8e-9863-56fb5322cb60", "value": "12288:MMrjy90IuPgDdx7RxdJzSqUYZ4dyIu4c3W:nyQOx7RxdJzggW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690224678, "uuid": "efa10b0d-78df-4717-9a5d-990b672a3528", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690224678, "uuid": "14539c8b-0fcc-403e-9f02-b8dae1f15a39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690224678, "uuid": "3209405d-54f3-49b5-96e7-05ea82fa4486", "value": "18b118afd64295b57f58479efbf36da3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f6d0cbb-29ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690180998, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180998, "uuid": "fdfe9531-553c-4fb8-b2e5-2906add4084d", "comment": "Malware payload", "value": "0c246cdace946c408f57a234b4a0522d", "object_relation": "md5", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180998, "uuid": "dd444ee9-b932-4148-9377-f0b18a711c7d", "comment": "Malware payload", "value": "f041f16194781f66a5e1095cc1df868a4e9e27903fac0fcec7e3e2e7d92c07b3", "object_relation": "sha256", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180998, "uuid": "27c1391e-30e1-4e4d-9fe0-ee9c78e000cc", "comment": "Malware payload", "value": "774b3491b635652974815302893da5eab89a237c", "object_relation": "sha1", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690180998, "uuid": "e7f08ac4-7395-4336-a4ae-560e9a90c148", "comment": "Malware payload", "value": "9f395fe52ee4059b483e649df20cc45023199e7d5106d3dbcb22b1a047255d683af6f5bb6122b633358db6697752d264", "object_relation": "sha3-384", "Tag": [ { "name": "asar", "colour": "#AC5602", "exportable": true, "hide_tag": false }, { "name": "StealerElectrum", "colour": "#688E07", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180998, "uuid": "dad6a20a-32ff-4b75-9dfd-7485f2947342", "value": "T1E9478D1265F25533525352B70A8F4042BA35901B3918A954B8CCD3ACAF89F3DF2F7FA9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180998, "uuid": "63966b46-98c6-4deb-bb8a-5f933aa088a6", "value": "98304:ZS+kOaTA4s4QE4EUUKqhCTOi8sQrZwwpxTbG9tIagImnkiold7GfbJLljZF+3J06:uEkUUKFB91gImMMxlY3Cg51f", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690180998, "uuid": "597e6462-53c3-4e01-a5cc-340ee3a5360a", "value": 24907317, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690180998, "uuid": "3180b3e0-60f9-4307-8c19-35a06f905414", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690180998, "uuid": "bb95e396-12e8-4216-9ccf-d49d127d2117", "value": "app (3).asar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0bf8acc6-2a36-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1690212211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212211, "uuid": "d45a5a66-f5c8-4d0a-a9aa-daabe3b5195d", "comment": "Malware payload (AveMariaRAT)", "value": "bf2c222c28c764c0c90ee83e32363dec", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212211, "uuid": "8cf46c7c-7366-4880-a982-ce9b9e461db5", "comment": "Malware payload (AveMariaRAT)", "value": "f11effedd26a33c4be549c3d28e0cc01b576095c586322c1f187e2b933b9443e", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212211, "uuid": "009b6983-a861-4da7-8f1f-4c0b895be66b", "comment": "Malware payload (AveMariaRAT)", "value": "c25e2f96544a515e3609488e3d8042be243099c6", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212211, "uuid": "a2c135b0-b95e-45b6-8137-6947f15a62ae", "comment": "Malware payload (AveMariaRAT)", "value": "1fda75253a7813dfe71f14b381bf1494df8cc9371c471093469aed8e583db1c6f88b71e8c5493868d58950ac3e3f0356", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212211, "uuid": "c1c0d15d-581c-4000-be79-06cc9e24e4ed", "value": "T112F412613BB99B52E5B87FF991A0601403B2B4582827D34C4DF520EB2E77F80AE51BD7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212211, "uuid": "ea2f2354-6bbb-4302-a7d3-7dd49ff50e99", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212211, "uuid": "eacafd52-f2af-4e4f-b8c3-bdcdcebb3535", "value": "12288:eRvJRBusyLcAi2IBcBWY3fOXpfnKieeFp0xrzohDWm3HKyI:IFufch245Q2XhKiJAiDWm3NI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212211, "uuid": "3306f61e-19c8-47f9-be08-368ebb736cc9", "value": 733696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212211, "uuid": "ed910fe8-b4d7-4128-aca8-8e9c91e70a42", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212211, "uuid": "d41a0f77-406e-4a7a-a41d-813164a30b45", "value": "bf2c222c28c764c0c90ee83e32363dec.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "233ce864-29fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690187768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187768, "uuid": "87be3e84-e07f-42ae-be83-f6dee41380e7", "comment": "Malware payload", "value": "a2915bfe5868ab0d515d7246c2df3aef", "object_relation": "md5", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187768, "uuid": "2808d38f-cf06-4be9-afc8-4a158424a090", "comment": "Malware payload", "value": "f1435f9c998f6b65ded3c5ee5d920747e3f872cd08e301d85798df9190bb5117", "object_relation": "sha256", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187768, "uuid": "a6298619-6274-4535-8c9f-0512228bd96a", "comment": "Malware payload", "value": "31b29ae07e435927d0f6b4aabe29cac11f64f1b2", "object_relation": "sha1", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690187768, "uuid": "b2054886-6ca6-4e56-9435-157ec5a43869", "comment": "Malware payload", "value": "f9cdea10b99f0a5f31028e5249fb495ca54acdbd6cb98a5a197d811a41448e3334dca3d46ff709f083e378fd10f1747f", "object_relation": "sha3-384", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187768, "uuid": "f5dc2b10-19d8-4df3-865a-8170bb06b36e", "value": "T18FE5BE11AB12DE5AE7D82B36A063555F8A30D6223727B75F5BBD01343C933B82D423DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187768, "uuid": "c8873792-b9b0-48d5-8421-25d901538b14", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187768, "uuid": "a6ee4a14-6fdc-4b9a-b988-0b7cef3adce1", "value": "49152:+HuV5nMfUQVSA2wvMoDLlqNIWaERfXn/YvKnSbHwiJLr9:kCAELwLMNpaERPLnS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690187768, "uuid": "b2a068de-39e1-4a68-80ea-0e4a1739425f", "value": 3252736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690187768, "uuid": "920ec4a8-a83e-494b-b1eb-8ecbaaafe545", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690187768, "uuid": "66e8d97e-16f5-4c08-9f6b-5fbf9d2c0b6c", "value": "1690187767dd7323f68c37ff33d929a51a3f488b319bc704da36f417d03a159ce327170b34861.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f438aa8b-2a3e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690216036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216036, "uuid": "b0e1b757-94d1-4db0-9bfb-fdc81555058b", "comment": "Malware payload (Formbook)", "value": "0c9b148a4629ded82eecf7f6cf097ba1", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216036, "uuid": "e0d04922-c857-47c8-aa2f-6175f245dd34", "comment": "Malware payload (Formbook)", "value": "f1995b8e4612c989c8f03029af843ca2f9aaa8f1d94175fcaf673a840a3cf4d7", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216036, "uuid": "27277cb3-cd2f-4b48-a421-5a80126eab14", "comment": "Malware payload (Formbook)", "value": "9ddec58b88f8622b0e3a92a36053776429019b82", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690216036, "uuid": "d8fd1729-ac92-4804-af63-02cac09b7d56", "comment": "Malware payload (Formbook)", "value": "be7470add133a76b1e09dd300e4ecf58b27ae40e480078b925985f482c3daf80c6a4e9f103b47fe686712774fb04b3c8", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216036, "uuid": "c55054a6-b9b4-406d-9f42-ed8d1348a8b8", "value": "T13144231BB9D56C6BA2D3E454D828D29BB53B2C4FA64B301B00F74D0A2E36A95C0ECC1D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216036, "uuid": "2c53fdc1-6c02-4fad-a83b-6282abec176d", "value": "6144:Mybf79wznBJeaecPt4py6K+5t10umXUf5jhMusOKNKFKyM6Pl:HL79GnzJ4sRM8WRhMcFlM69", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690216036, "uuid": "bf0e24cb-8780-4db3-92d4-064d5cbcaca3", "value": 262672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690216036, "uuid": "af08bbc1-7581-4499-8297-c4d9d4eebc46", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690216036, "uuid": "eb7184bb-20a8-4667-875e-187ff07f94d7", "value": "Document.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4de3503-2a76-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690239982, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690239982, "uuid": "92eb7106-4b1e-4a10-94e7-0352edd9f1f7", "comment": "Malware payload", "value": "6da3a2941f711ea9cc2b4c1f87b69ff2", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690239982, "uuid": "6a108090-6982-41ee-854e-6e353f1f4daf", "comment": "Malware payload", "value": "f1fa707485e7fea56b77f2cf3c060e6df0313d4862587040d38896a8dc5ecd96", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690239982, "uuid": "a04fbf2a-7965-47f7-baea-b8ab47bbf2cf", "comment": "Malware payload", "value": "912819b7edc5a20e8100f63e75fadedfed4b09dc", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690239982, "uuid": "c2346e51-86f1-4c7f-92a6-78d134fd2a3a", "comment": "Malware payload", "value": "7cdcba5102a3bc9305a1a6641e9c62b3ba3087376e8d3223bd05c77229438d3e6577a7994544145eb7246115a8f26354", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-999", "colour": "#5DEE89", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690239982, "uuid": "8f0b5a86-6b30-41f5-8453-677678003286", "value": "T14EA6333A8C8B75079175AA2A09903321E3E5CF0AB6AF78C536D37D395225C3C5BF34A5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690239982, "uuid": "914a3d11-12f6-4f41-aab6-8e967aacdfe5", "value": "196608:30Gq3BGlnt5smbIXJlh/F3OhVSxYrelPie2S80jkbuhj9sGciGFF1iAqq:30Gq3BGZbIN/F+jSxYNYT9sGci6zX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690239982, "uuid": "83c40c2e-f552-4e2d-8bfc-4a4a7d09973b", "value": 9737980, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690239982, "uuid": "dff60480-f0ab-41dc-923a-85349c168bd7", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690239982, "uuid": "6abbcf4f-b755-46fe-8d0f-4266addb46aa", "value": "GoogleAI.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cc41da8-2a04-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690190818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190818, "uuid": "b383ed63-27c3-45df-a15f-83ac3c839268", "comment": "Malware payload (GuLoader)", "value": "d1730c8fc67482c13383f58121e6f220", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190818, "uuid": "18a13be1-2559-4947-a00d-7ec26a8ae302", "comment": "Malware payload (GuLoader)", "value": "f2afef679c33cc2ce9579bb1b02c6c94bba3f30348bf9ec6c8cbe27fbfe342e0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190818, "uuid": "e569314f-4cd1-4248-8fe4-e5cf16352171", "comment": "Malware payload (GuLoader)", "value": "707943118105295b57c0b797dd518ddb710cde3f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690190818, "uuid": "9f8cf903-b61d-4a78-b621-c87dc1b6cff0", "comment": "Malware payload (GuLoader)", "value": "07ca2c1bb44b8012abfed52ae0ffe347666d69f314c52f0bd6704aea2f4ec2d25b8b38eca9f93ed5c9fd5a7d45466749", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190818, "uuid": "d183611e-e95c-445d-84db-27229c2167a0", "value": "T1DB846B4DE363ECE9FA660379257158263F41AC1E60D9295D228DF7263C3621240ABDFF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190818, "uuid": "f7acaea8-4a9e-49f3-b3cd-e33e63794301", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190818, "uuid": "e91108fc-f3db-496c-9f58-0dea82093d77", "value": "6144:ywq3NpoucqmKXBTZN02RQNhatw28cfFHOVf7:yzkppKXBTZWMQNharXHEf7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690190818, "uuid": "cb1a79b4-8230-4fdb-a8c9-b73ba183eea8", "value": 377447, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690190818, "uuid": "b44d560a-5caf-499a-b978-5ac3ad263b0c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690190818, "uuid": "f14c1f98-8321-46ab-96e7-8bf8de6b9b49", "value": "Purchase order from NIKKON Holdings Co Ltd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90db99ff-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211145, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211145, "uuid": "8397da2a-5ee5-4209-86f3-19a030351d18", "comment": "Malware payload (RedLineStealer)", "value": "1ba14521bb25f933b9baf7eaf6551f81", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211145, "uuid": "4366e0e3-7c0e-4823-86fd-5c7c3b97b16b", "comment": "Malware payload (RedLineStealer)", "value": "f30fe0b10b15d22069e449604cacb874c6b39fbf857d217f084d48490023dcb4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211145, "uuid": "f993e6f8-6448-457e-abbe-bddb312c2fca", "comment": "Malware payload (RedLineStealer)", "value": "788d2bf906dc183a42237201cfa9801a76ce0710", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211145, "uuid": "9ce96ab1-f903-49bc-a95c-59b58a109da9", "comment": "Malware payload (RedLineStealer)", "value": "b256c021b89c52724585563126415f9820f96dd2e0972bccb6293797c30211b6b80b797291e631bbc55f5d1072af9f7b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211145, "uuid": "8f85d14a-c5a3-43c6-ae57-11e8b4893cf7", "value": "T16D840142B7D88032D8B527B058F712930B35BDA1AD79436B3385BC9A2C736D0A97177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211145, "uuid": "b305b058-385d-488c-8051-fa8fc609111c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211145, "uuid": "78eb309c-77f4-4d23-a979-3efc16488d0f", "value": "6144:Kny+bnr+Kp0yN90QET6ZWNFRHYaAdZTXZIJFC/j5UMUSPgBZ+t49DeiIhxaEAo:ZMrSy901xpAdtX+wUzSPgBYC9FtEN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211145, "uuid": "4e33ae21-98db-43ee-8cdc-43d08e39946c", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211145, "uuid": "89e3b38a-f128-4737-a3d6-4d649c8d5388", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211145, "uuid": "38921dfc-2cfe-48e5-abe9-17f30626ae39", "value": "f30fe0b10b15d22069e449604cacb874c6b39fbf857d2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b138e22-29e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1690178091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178091, "uuid": "928504f6-06c3-4779-a11d-6fe782da9d49", "comment": "Malware payload (RemcosRAT)", "value": "431b76b8cbf3cbe0c1b26457f47980bc", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178091, "uuid": "cb4a7c34-7073-4440-ae94-4fc5823feae6", "comment": "Malware payload (RemcosRAT)", "value": "f3931b412c3659e006a979515e6db456e05cc778a816ab91da1481293f58e37b", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178091, "uuid": "807da993-86e8-46da-b033-dc678b060769", "comment": "Malware payload (RemcosRAT)", "value": "df0406413ff01f2d90e687d0ca5d48ff868e4647", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178091, "uuid": "f35e2ec9-93bb-438d-aae1-8799c0100dee", "comment": "Malware payload (RemcosRAT)", "value": "e9108e7b904d521d3fd31f80aafeffdaf8b521fadf122f7f092f37b7ac63d3229a3e66061250e9f5f24f2e30cf4cc0c8", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178091, "uuid": "ccfa423b-3840-43a2-b619-91537d1bba3c", "value": "T15F15E1A1B19C9895F80324F9DCABE9251527AE85916BCB1939A3761E8CF334350F3D0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178091, "uuid": "470686d0-b8ec-4c9f-8417-9ae60c0db27e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178091, "uuid": "abf3d0b5-b89b-42b6-b300-f9fa06c4f807", "value": "12288:DDexpPSzWUAPSzWUEeRNq0tnJQ6LQ9hIVNUyX5fnGzxOFNLu9qqV9r3ElqvoM:HerdUmdUDRR26MxyJGzx4pua0oM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178091, "uuid": "e8a7c824-6bbe-4692-9ec8-431e9a3d08da", "value": 951296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178091, "uuid": "c3ba3df1-3ead-47a8-961d-12c7c80f3026", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178091, "uuid": "771e8757-57d5-41fc-8129-cc370f2fbde6", "value": "\u0646\u0633\u062e\u0629 \u0627\u0644\u062f\u0641\u0639 _Banque du Caire_Pdf.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c27d87e0-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690179016, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179016, "uuid": "3b52467b-d027-45f3-b0d0-a32f981d714d", "comment": "Malware payload (RedLineStealer)", "value": "9870aa79eac5bdc553e78afb06643bcc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179016, "uuid": "04825212-88b8-44ba-a48d-0d062500f115", "comment": "Malware payload (RedLineStealer)", "value": "f5b0e044b296d2bae224086db794d1c73732e40d5fc6e0602287bef03c844e38", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179016, "uuid": "d8b3abb0-5d0b-423c-b791-f6183eb8e849", "comment": "Malware payload (RedLineStealer)", "value": "424d4b72aef2c8da16d53f16e693d7a0357e402b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690179016, "uuid": "ead64b0d-d7f2-44d4-b661-30f8dcef3f07", "comment": "Malware payload (RedLineStealer)", "value": "4dc04e1392154e446b8356868bbb60a4fd6fc39d559c02dae4ec1822171987e639f809cb84c73ae4cc755f91cfb4221c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179016, "uuid": "674d3edb-d6ee-449c-b849-7ea1bc569b18", "value": "T16D74F12277E0C072D4679A305530C5A11ABFBC726BB585CB33A82E3A5F716D09F79386", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179016, "uuid": "d1d0d57c-bc70-4c24-81df-57279fed54d9", "value": "795d5374158688612616ccbdb5ba25ba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179016, "uuid": "0863b5ff-5ec0-4e3a-a1ab-4c2c74b1e878", "value": "6144:FN7IvPhUUarUc7wRCoaPAvJ5s5rPgkm7zfWDsfGQ:P7kJUUa4SPAR52rok4WDcG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690179016, "uuid": "9429a737-0d87-4ebd-a9af-d2509c2512e8", "value": 356352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690179016, "uuid": "31757762-bd72-4fb4-b456-f197d82df70f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690179016, "uuid": "20690520-e83f-455c-b411-ec092253199f", "value": "9870aa79eac5bdc553e78afb06643bcc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2c4f744-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690211739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211739, "uuid": "b547d90a-6dc0-4fd6-8641-ba7b58991d10", "comment": "Malware payload", "value": "65100e0dd48c538e58f0ccf629595422", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211739, "uuid": "1971406c-8d63-4be9-8494-44bd359b8ee9", "comment": "Malware payload", "value": "f5c8ba20e455c2932d230c67583a09ddf63cc0b65e3c1cd3b0382eca083c9ee5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211739, "uuid": "9f393949-5a12-446d-bf3f-993ed17940c8", "comment": "Malware payload", "value": "b2cae1a735e3c8c62b67086b513c5783d8476f7a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211739, "uuid": "3425b1ed-fab0-4d4f-815d-31138e515119", "comment": "Malware payload", "value": "374dd68c3184484292217635325c2c7f3b4a75231301dc2b9522634f071a9998d14a5c33bb125957bd55c7194dc69e97", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211739, "uuid": "5c903ebf-289d-46b8-9cee-f2661c2f11e2", "value": "T168B4129586B81E00C8F44E78454C3747E7BE7CB3E162AB4B8EB85ECD45BD606C72B891", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211739, "uuid": "3bdd8f8a-457f-4124-b1c6-b87f47ba5b3a", "value": "12288:dCm3XL5fkj0tV3yjTRnQXK/JOUyzb7hYNa4QBZGrY4U2kS1SzTbym7PHC:ln5k6Ge6/gUnNa4Q6xUyg/C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211739, "uuid": "cfd1de5d-37bf-4756-b4a1-2588aa467b1a", "value": 532480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211739, "uuid": "73d5adde-d1fd-4136-b762-289c35c4f33c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211739, "uuid": "7fe97b25-553a-4896-81bd-8f1e823f9123", "value": "Purchase Inquiry.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5693a3d3-29c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690162514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690162514, "uuid": "517ef3e2-f1bf-4c39-a0ef-c467e72339a1", "comment": "Malware payload (RedLineStealer)", "value": "a9b440ad0e7d76d9fa2ec485fa53eeba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690162514, "uuid": "ed030fa5-f14b-471f-aa9a-355efed37174", "comment": "Malware payload (RedLineStealer)", "value": "f5d16598bff76b7aeece243b4478a48e666bbf1a2adb20f2684cefe2f7d06616", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690162514, "uuid": "1db05bd8-b83c-46b2-8e1e-a312455bb3a0", "comment": "Malware payload (RedLineStealer)", "value": "179dcad63a03197776e3b9ee4354dbfa413f7528", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690162514, "uuid": "c89c459b-dc94-44eb-985b-b365cec2b9e0", "comment": "Malware payload (RedLineStealer)", "value": "d6b2c976c8928dd42c03a58c05d039cb42a5f8c65a8e8d7db872c0f98bb0b957c82bd323632ffc211c429eac800dc883", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690162514, "uuid": "1ec64a0e-4041-47d8-ab0e-7b5fc2dce22c", "value": "T12DB4AEC6B5E228C5C0A7F5333B7BD021D277B22ABB4D3573D168036925283956934BDE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690162514, "uuid": "f3120399-be46-4189-81e1-472740715abf", "value": "5826e2bea2981d413e896f41d08c994e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690162514, "uuid": "6fe9d5a5-20e4-485e-9bfb-0f5d39415265", "value": "12288:quFz06FWD5fReUOLoFCaK40dC3l8qjNG8AR:qr+WVJeVLeK4PljJA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690162514, "uuid": "4bc42d3a-d083-49e8-96ab-04362a571d65", "value": 502272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690162514, "uuid": "95fc9e49-6374-4369-82b1-aa4ca5254bf3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690162514, "uuid": "d9d7bec2-2765-438c-8ae4-b496a46b6250", "value": "a9b440ad0e7d76d9fa2ec485fa53eeba.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e5a2ca3-29f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690183653, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183653, "uuid": "c51588db-f9b5-4dce-99e3-ddada92f7420", "comment": "Malware payload", "value": "8057e12651bcd2cd991f5e747d0bc4a6", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183653, "uuid": "d01963a7-2f3b-4737-809c-28e9f0755cec", "comment": "Malware payload", "value": "f6162b861667eb347ce8182f43a12842230bcc1e96edbeaa85cd0b8648c4df3f", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183653, "uuid": "b8b33cd0-e80f-4a53-a1ee-702b4cc3fb3e", "comment": "Malware payload", "value": "acc72009b3822b3cd94be4b993cf388b869bcf59", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690183653, "uuid": "2130cf6e-f5c6-4c8d-a750-3095f0707b6a", "comment": "Malware payload", "value": "dec2f40741836e24fb97e561751111935d9e5af20a812888e7aa0d29faac94bb748a18c673285e0273d5dcbeb01c3aa0", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183653, "uuid": "c467bdb3-dbb5-4142-8490-21c6b3d176c8", "value": "T1EBA67B47F84046A8C2EDD5318566C2A27B317C854B2173D33B20BBBA2B76BD86F79354", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183653, "uuid": "29d03f11-67c9-47b7-88b0-f5a5b92ed152", "value": "98304:OdJFWLKRKJ2TE/XLHx53e1gFGhybrQuUEHAzZc2rWe:OLFYmmjR53DFBbrQTGCc2rb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690183653, "uuid": "4ab93bed-36d0-4a6e-90f0-d5e67cb067b8", "value": 9546546, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690183653, "uuid": "13c0a4ab-5698-47d2-91c3-9b617ca76445", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690183653, "uuid": "87435c90-8ca3-4c72-bdea-b74f4467a2f6", "value": "8057e12651bcd2cd991f5e747d0bc4a6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5d16998-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690188873, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188873, "uuid": "849be174-01ab-4591-b6ac-c242e7b58fac", "comment": "Malware payload (Formbook)", "value": "bd0214894522cec44b1fe19c01038c86", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188873, "uuid": "9962f8fb-8222-4b23-a896-41d9dc335fc3", "comment": "Malware payload (Formbook)", "value": "f6c544a29ae337fd15faf5db0fdd4e6bcf904071bd74a17f8adde498d23e9371", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188873, "uuid": "5485e573-db48-4d3d-a013-a518c5110dd0", "comment": "Malware payload (Formbook)", "value": "fe14458d20948c4d52f181286c07d8b605ffcfc3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188873, "uuid": "935dec2f-f1d4-401a-9e75-f1b29a91bfd8", "comment": "Malware payload (Formbook)", "value": "44458bf05333002b77cae0d4e7feeeed39a7b82f6a1ddd5835baba69686188d823992317c78c3192521444d6cdcb3564", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188873, "uuid": "504afab2-fe7c-4889-94b7-2f893af0eafd", "value": "T12F539D0CB7E98575E4FE9BF818B26293DB3AF6438903D71F28C945892713ACC8A417D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188873, "uuid": "2ec13632-9b7b-4451-8bd5-254f08e738da", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188873, "uuid": "e327e96f-6649-47eb-84f1-1b4f09ed8d68", "value": "1536:hz1viO3uPH5XTJ/EsQxiouFbUPGRXTOFUHZ:hZvTMVsLUFbUIXTOFA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188873, "uuid": "c8f7efc8-fa4d-4934-9a49-ab58fd8f511d", "value": 64000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188873, "uuid": "109c8494-5bf8-4aad-a91b-ab27fc3409ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188873, "uuid": "f9635093-a3df-48a6-8fc3-486d710715d7", "value": "XClient.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "315bb6c2-29e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690178343, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178343, "uuid": "7fac5f13-0b88-4689-a70b-52109a4086c4", "comment": "Malware payload (AgentTesla)", "value": "bdfee9f5a11fd27cbca37840dc71a4e1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178343, "uuid": "9836509b-e374-4b9f-95e9-6b0b37c5747f", "comment": "Malware payload (AgentTesla)", "value": "f70af7fc5e6dee70757cc92a9cc2f3ac09d61bf7644017e67ba29ffdfed4d2d9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178343, "uuid": "13fbdf07-708c-44d5-a030-cf42333459ef", "comment": "Malware payload (AgentTesla)", "value": "7e8b6deb9ec53ed9c094e6bcdd92022252534b6b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178343, "uuid": "b08b921a-4261-40d1-8bea-90fcbee318b6", "comment": "Malware payload (AgentTesla)", "value": "8f3599a5b52419fa1e54ccba12cce75fae62241d4845755bfad4fb86436e966089468bf4ac70bb9c37c1714c2a669749", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178343, "uuid": "d820873e-b721-4105-9096-dc49c2d41c86", "value": "T147B41244B4C5C64BD04392785EB7B69F5A9ABC11EBD8E6073971BF7E043DA20A87138C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178343, "uuid": "5877ff28-1a14-45c9-b6fd-1ec3f6a4e809", "value": "12288:r7ZnBC6uEkqqCYBC6uEk7UqTstFkmUesXmWloFVA4L:Jw6srw6sVsHkp3X9R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178343, "uuid": "a1ddfbea-0037-40b2-b88b-f0aadcadb2fd", "value": 524800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178343, "uuid": "02ef4fbe-96d0-4704-bf9a-1c679280d255", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178343, "uuid": "1310c6a4-162c-41f5-bad0-9a45a316365f", "value": "quotation and Specification.xla", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8883ecac-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211131, "uuid": "f54902c1-5d2b-4d4a-ad45-20bcb95f593c", "comment": "Malware payload (RedLineStealer)", "value": "a8980ee6c585d3df09c1077702c4faf4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211131, "uuid": "59e30a99-c699-4065-a460-62bb9c6d6394", "comment": "Malware payload (RedLineStealer)", "value": "f753642a91ba174bc2c1ca096e2a833e54aa2e6d5e1a79f184f335a209c908d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211131, "uuid": "98e11bb8-91c2-4fbc-9676-80c6f6fc00b0", "comment": "Malware payload (RedLineStealer)", "value": "68f3d4b60746da620416fe7ebf21e551ac52f93b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211131, "uuid": "97958d74-4baf-4e45-8672-396c1748716b", "comment": "Malware payload (RedLineStealer)", "value": "bdc34e26eda7ee20c5767788a8a68e8034c24637b3b747d3574db7a81af4654912529b1f08ab0dc5bde89df8d05b872e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211131, "uuid": "7bb8777b-3ca5-44db-9dc7-aab38752d33f", "value": "T187B40212ABD89463C8B127B06CFB13C70B36BDA19A65836737C55C4F1C32AD4A57632B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211131, "uuid": "55d26fc1-efe3-4293-8508-b7373e77f816", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211131, "uuid": "7e27145d-c28f-4ed3-b5be-de317282ea6e", "value": "12288:4Mr/y906BXAK6SJIXRvFC6MH1UXOhEQ6IA3GCi8:nyZBXISJiRNvMH1UXOhTIGCi8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211131, "uuid": "0bbf6a17-277e-43ca-b2a1-cf7211b3f1d5", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211131, "uuid": "552564e7-ae72-493c-b7c6-b45b97a438b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211131, "uuid": "0ded0c78-bf3f-4264-97a7-bca6794b09f8", "value": "a8980ee6c585d3df09c1077702c4faf4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc173ef1-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1690211647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211647, "uuid": "21a05a64-3645-4482-94ae-3076d4cc7d11", "comment": "Malware payload (GuLoader)", "value": "67b6e194c99a760919ec42c42bc87de0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211647, "uuid": "ea8054b9-287c-4d75-ac1d-40f93715d491", "comment": "Malware payload (GuLoader)", "value": "f7d5f219270af7750ec88e6bc13add921895d7bca13c58f596cfe86946ffae61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211647, "uuid": "259c5fba-620e-40b1-ac35-9b9502875b2c", "comment": "Malware payload (GuLoader)", "value": "ad87c31f3a75ff1c3d9ac8c85a557d9f29a89b75", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211647, "uuid": "cf3479f1-0882-4402-a76f-1c32ac7d50b2", "comment": "Malware payload (GuLoader)", "value": "bd251ad04cf8b26088bb74df0bd5a1d17133b6e1142aa89cd4ac0ab636c34b6d9c6a34c8a8fe36a2f331aa3122a6242d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211647, "uuid": "7dbff757-9dff-43c1-a387-51fda8a33436", "value": "T1EB1402232260C8A7E16A13704A7DEF67BFFEE6116141125B4BC85F5A3D23783C61F692", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211647, "uuid": "3cffe3a9-7889-4e6b-8b2d-10efac99f33c", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211647, "uuid": "f5a4d99e-5814-4d19-809f-e65426f534ba", "value": "3072:nwDijpS4DbYcr8bc9MQZgCAWCf0cfxqRWIHtlUMA418gvDNIJ3yY7yemkYs:nFPepQyC+ccpTCTfho3y0yeX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211647, "uuid": "27091817-66bb-41d5-809b-fa93ba6e5dc9", "value": 191828, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211647, "uuid": "41ebcce5-1883-4529-9d1b-c8e5ab175ab1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211647, "uuid": "2e9cc3ef-f389-4c64-af66-8dd07ce95231", "value": "E-dekont.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42a183c4-2a34-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211443, "uuid": "45144518-bfbc-43cf-9e7f-ad6b81b52a2f", "comment": "Malware payload (RedLineStealer)", "value": "a01c1a48ce19956f6bf33d02d8843c4a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211443, "uuid": "10b5fa30-d843-4b66-bef1-6358e76779ba", "comment": "Malware payload (RedLineStealer)", "value": "f7f167c52398fcedddfef84c63f05c26225f7d0987b6282e274f5c27b36f09ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211443, "uuid": "be1c3894-b083-407a-9d6e-097ccef1db77", "comment": "Malware payload (RedLineStealer)", "value": "5559f1c271aae99ae7debaf5120a5a71641b7683", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211443, "uuid": "a8a53aa2-6d92-4ee0-a700-2d246aa8dc0f", "comment": "Malware payload (RedLineStealer)", "value": "9a1a3e0b3c077b8c81607df552c5891ab0ea91a6a34c389c05a817ad12061f61c160f4c549e7553d9d80527219136c18", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211443, "uuid": "698eed85-410d-4cbf-98f6-234fc046b85d", "value": "T134B41243B3E89433DDB523B058F703870E37BCA19978425B2795694E1DB2B88A632777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211443, "uuid": "36b17a3c-e843-4521-a8d4-7dd1061d7160", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211443, "uuid": "a6b6c961-8f44-45ac-99ec-ccb7369f46c7", "value": "12288:PMrty9023EZsTiSD7I3GIuX2sit5NfF/7GDG6/N:6yXEZQDXI3duX3it9YN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211443, "uuid": "edbe81c5-c81c-400f-8c0e-ebf4267515c9", "value": 526848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211443, "uuid": "64aaa3ba-a7c1-44f1-9c27-11566ee7cf1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211443, "uuid": "12993c19-9456-4e20-8b5e-d8bf8a162278", "value": "a01c1a48ce19956f6bf33d02d8843c4a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "946869f5-2a33-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690211151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211151, "uuid": "e5103999-4ade-44bf-80e6-9651cf39dd68", "comment": "Malware payload (RedLineStealer)", "value": "fcc6fca229067af38c83f406ef5a7c8e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211151, "uuid": "2f4c3183-1a42-4d38-9d93-a2a6cd8bb334", "comment": "Malware payload (RedLineStealer)", "value": "f884ca4d94b6fa6a267d2905596112866366f4ee198c1d55a6a3c70e90f90919", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211151, "uuid": "3cf74c3d-4486-44b0-a0a8-5dba585f1cbb", "comment": "Malware payload (RedLineStealer)", "value": "d040abf23037dab524597cc20ff59d56456abeb0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690211151, "uuid": "d0fa43b0-b70c-4179-b7d3-cd63e0f434ac", "comment": "Malware payload (RedLineStealer)", "value": "9e8e66441f6e481a626af93ba5117db660cf0dd7bf1c8a11aaac5e8b6c07205c9e8a1b803f747a11a0ef76b17dd410ad", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211151, "uuid": "fca1f664-fa4b-4541-84fb-af0499e08158", "value": "T188840212E7E99122D4B52BB09CF703D30E327C959D34936A27466E5A1C723D4E93273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211151, "uuid": "22c784a6-2fe5-4369-89b9-7163cde9dd93", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211151, "uuid": "a295fc01-3c9c-4e45-b12d-b3621e652ab8", "value": "6144:KGy+bnr+tp0yN90QE5OwF2Ou+4+eyHLEE3Gz5xquPxgBZ+t4BD7MKSOkjL:+Mr5y90GgL6Jyr/2z5zgBYCBZSOsL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690211151, "uuid": "5c738e18-e3be-4058-bf23-150a4a3dc56d", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690211151, "uuid": "4cb40aa3-11e7-48e4-8675-974fd48e18dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690211151, "uuid": "322735da-1716-4a3f-b0a0-18fb8b1c08ce", "value": "f884ca4d94b6fa6a267d2905596112866366f4ee198c1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5f89789-2a76-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690239957, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690239957, "uuid": "f48babbd-124c-41fe-a272-134dca189221", "comment": "Malware payload", "value": "71b39c7923aceea644829de416e53fde", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690239957, "uuid": "0c6f5ef3-ba2e-4975-89a7-4bd32c36fc6e", "comment": "Malware payload", "value": "f89eeffc7f8072a392fb58013c34b0d47bf661a60f99579e6ad5ecd6fa1471b0", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690239957, "uuid": "03a1d132-b4de-4b22-9a9b-9aa2b5f4b9af", "comment": "Malware payload", "value": "6e5725c4a1317de063ba2219ef238beafc17230a", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690239957, "uuid": "8457772a-8f70-4848-980c-cba5c75335df", "comment": "Malware payload", "value": "f699b0eb54fd27c3cf3154d7abef6330638ff401a1f9f44acb54b4e16bd7e0fd30aec6f6ef15e9f39bff86f7873c9277", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690239957, "uuid": "43029dde-981b-42f5-b93d-a9697b352c35", "value": "T16F4633F8D6A06C4E99AC565F582A732BD86B617B51F8C4A5FAE2F0332F3501552C0F83", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690239957, "uuid": "8f229f67-f9e2-4310-b209-b2284aecf226", "value": "98304:NNzBKEsFhOKDaC9tBXiLWn146dmstt1tnyjK8yhdrf8hi:FaNDaCRXiI1VdRtryjKz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690239957, "uuid": "8e125ac3-6537-4fa3-b2b1-eb0c9cf9b89b", "value": 5687650, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690239957, "uuid": "cc7a00e9-fa3e-4e02-a194-efd746fef808", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690239957, "uuid": "f7b5706b-5bf5-4896-aaf3-d759d98d3df0", "value": "Aigoogle Msi 2.0.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac9b6497-2a20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1690203031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203031, "uuid": "4832d085-760d-4bd6-b172-2107b32e8cbc", "comment": "Malware payload (Mirai)", "value": "4038e07815f9c7c524b24ca3f44e7558", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203031, "uuid": "e1e68e1e-b85b-4415-8909-59368e1720a8", "comment": "Malware payload (Mirai)", "value": "f8a0bbe0697777d0ca71657382ceb48efa06c5481152a6de17835fc94bcc393f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203031, "uuid": "4e4c1d1c-d307-415b-9915-6968ae2f10bc", "comment": "Malware payload (Mirai)", "value": "1b98bc2d17c6c52ad99541204c31f478c498e9d2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690203031, "uuid": "77552b59-ee4f-46ab-9bb0-bec1d861e52d", "comment": "Malware payload (Mirai)", "value": "f2783aebbc2a4f6080ba5bc343f266aeb4e6fd43dca41fcfa57a01134832937e09d4ba7e21a9936801a869cd8b600280", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203031, "uuid": "35a15816-8fee-4109-b7e6-33cf621457cd", "value": "T171336C36E029DED0C6560134A4E88F751F03F1C883536EBB2AE546B2645396CFA19FF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203031, "uuid": "46fd8e78-fd86-49bc-9217-d460281f6ffe", "value": "768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690203031, "uuid": "f3bab46c-a8ce-482d-a97e-72d6460d4dc8", "value": 50168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690203031, "uuid": "901c59f5-29a7-4af1-a488-90249a24defb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690203031, "uuid": "1f0a64bd-986a-46d0-adf9-28b81cc7ac2e", "value": "4038e07815f9c7c524b24ca3f44e7558", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d4a4052-2a2f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690209341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209341, "uuid": "a36aa31f-20e9-4990-a515-e926e2d7ca6c", "comment": "Malware payload", "value": "8b38c5c80ab4c199a43fcb4c5105e279", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209341, "uuid": "0de30026-7fb0-48b0-a5e0-24ca243ac2e2", "comment": "Malware payload", "value": "f91ef36f275c0f7eb71b4d098ca3d036eeeadb05bf0bf53ac67af36fa6947843", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209341, "uuid": "58b012d0-5723-4021-9f99-d0f66303179e", "comment": "Malware payload", "value": "2a144477fd83487345af7230e516d2e26e89b3ec", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690209341, "uuid": "9421acaf-75e4-416d-b5a8-a47c6400b7ba", "comment": "Malware payload", "value": "405a55ae19e8ecc1c225af97abb106a381b56faf388e6080dd299c163c6142902228de56e2993bded708b22525bc402e", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "pw-888", "colour": "#8C3336", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209341, "uuid": "c03da42b-46b7-46a8-b47f-0b31604f1a04", "value": "T17B46333637935BDB2790805244440367E31CAFBE6326A6D026BEF5865B2CE4E4C7FC5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209341, "uuid": "6d7c21f3-733c-4ce5-b576-adb59c0d0b01", "value": "98304:0c/beiIgD0X2+eY8hVa2xFi09YUGLtdqRrZtk14Cz1hkPlCuWg3:7IgDftBhVa2//9B0tYRNtU46eCs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690209341, "uuid": "daa533bd-8065-41da-8fb4-7c3c66cc8bb7", "value": 5687396, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690209341, "uuid": "a81a20f6-f480-4070-a4f3-d95457424f1c", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690209341, "uuid": "9fd11f1c-6d2a-43d2-9985-d073817c0c71", "value": "Aigoogle 1.0.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98bb26c5-2a47-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1690219748, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219748, "uuid": "219508a2-c483-4f59-a42e-8743aff36bec", "comment": "Malware payload (DarkCloud)", "value": "3832de38a53167a581075a94d11b0300", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219748, "uuid": "bc4846cd-22ac-4480-8d46-1e4ff5f14cbb", "comment": "Malware payload (DarkCloud)", "value": "f9a0935eac4db119d91f378de9a7950535ef9e769a2e927fe542a039ef1032f6", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219748, "uuid": "febcda03-f348-49a1-992f-466927734aeb", "comment": "Malware payload (DarkCloud)", "value": "8c175d1f4db3ac4102ed8a451c454b388384058f", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690219748, "uuid": "c11f2529-51c2-4d57-91fa-8cac8a9bff21", "comment": "Malware payload (DarkCloud)", "value": "263e3abcce299907af2281b855265cab2fe3360db70db3546073bbf847e6e3e2d2b74baae9d51a696bdea331eb7a53bb", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219748, "uuid": "3e3d7c91-384a-47c5-bbaa-359e2a455ddf", "value": "T1617522623BB59B54E2E8BFF852A091100372A0582437D34D5DFE20DB1FA6B885F91ED7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219748, "uuid": "32597e67-a8d3-4a38-b838-6a35a52aabf8", "value": "12288:BOvJRBusyx5tOIIRwaaLGBlN6mfc7of3hdwP/cQi3pDvi4OWbDlX9hle4dDMG3GQ:aFud+KaaLaNc7c3v8ultBeuZB9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690219748, "uuid": "e725a572-4676-420d-ae04-f244c8733697", "value": 1572864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690219748, "uuid": "6a3f5275-f8b2-4464-95ac-47a83cc41b48", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690219748, "uuid": "52a34245-845d-4568-97dd-0a4ad7cdd74a", "value": "\u0395\u03bd\u03c4\u03bf\u03bb\u03ae \u0391\u03b3\u03bf\u03c1\u03ac\u03c2 4010061141.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4549b6e2-29e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690178806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178806, "uuid": "648b31e1-b93c-4497-9ef8-09f40266894e", "comment": "Malware payload (Formbook)", "value": "b0ca3307d8d2d3da2ff2b4cfbc85491b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178806, "uuid": "41a43506-d04a-4e28-ad64-5f402d3320d3", "comment": "Malware payload (Formbook)", "value": "f9a62b5f1d116b8836b675eebb3c4b361b50a6b5600c70081cc0994285df9b8d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178806, "uuid": "13b94121-e65d-43a0-9cbc-6668f432627b", "comment": "Malware payload (Formbook)", "value": "c772f34173162f8a393e675e49a2c53d468a2080", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690178806, "uuid": "c22f0010-0df2-4457-945f-08572557bcc8", "comment": "Malware payload (Formbook)", "value": "38209452adeeb2fa3b8141c0af8c1111e6c8e8099c39db8d3d313950a00eb368c101ef837e853b569f96155b4c222be9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178806, "uuid": "f2472cd9-0631-40df-81e4-19574188600f", "value": "T1D5F42335337A6E63F5997EB90AA5914413B11214583BE3CD9CFA60840FABBC0FE116E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178806, "uuid": "4941ed1e-cf4e-47a3-b15d-5caa74c5cb64", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178806, "uuid": "ca65f778-b5df-49b6-8d68-831cc9c7a2b0", "value": "12288:VWvJRBusyiK68A1fCiMI+IlhaUoFjh/2Pv7W61dDoTmGomDhTNzbHla:mFuiBJoFjx2Pv7Wo+6GomDvzB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690178806, "uuid": "8c5b20dc-ecbc-4d5c-956a-41a0943efac0", "value": 767488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690178806, "uuid": "1327cdfa-6971-40b0-8b95-a6892c488a7f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690178806, "uuid": "0e758d65-8d6b-4609-a60e-bab3d7c1ef6f", "value": "ORDER REQUESTED.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bbdba9e-29e1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1690175730, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175730, "uuid": "d9801dd6-9c84-4601-9909-4d5ea5eb95d5", "comment": "Malware payload (AgentTesla)", "value": "d98cbb7c299026ff5fbfa22682ea65b4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175730, "uuid": "46f1fc2d-e398-4f1f-9eac-bf21c5e1f27f", "comment": "Malware payload (AgentTesla)", "value": "fdbfeb2c04faf3de71e77af97d73ba3dd6aad08e783c785eb0a0fd831bd4b757", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175730, "uuid": "28493bb4-71d5-4bfd-91cf-a6baaa4920d8", "comment": "Malware payload (AgentTesla)", "value": "b12cbbc1b7bb4bb9df709a8053a1b5527cff6b4f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690175730, "uuid": "64d2b5f9-b731-426c-b512-dabdd7c0fa91", "comment": "Malware payload (AgentTesla)", "value": "9f0bc0ff00d4347359d83bf0f424e52d9d92d03550b07573ecd80351e15dda4a108ec171c7e04c1369a84dcaad506b84", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Shipping", "colour": "#83933F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175730, "uuid": "852c3247-192b-48e6-862e-68d3c8bdfd57", "value": "T1C6F429A33099FB89F03DA334711ED50063EEE812D322D5DDAD4A1DCA474AD8DF99B906", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175730, "uuid": "ce6af3b4-5f19-4e5a-848f-cb7a1d634795", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175730, "uuid": "2cf2830f-aafd-478d-b7f3-5b63eb55ce68", "value": "12288:G2gXY/A3ZDr525EL/7Sje5e1sTGidM7rJTJxISrWt0:GQu55e1A6rNJxISl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690175730, "uuid": "a9196667-07e1-4b31-af91-62c926647c70", "value": 739328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690175730, "uuid": "7f02cff6-3dad-4888-abff-7f80b3374b2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690175730, "uuid": "2c488115-66af-4b57-a969-81be7a177c12", "value": "Invoice for shipping.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebb5be80-2a35-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Phonk)", "timestamp": 1690212157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212157, "uuid": "19ec37b8-340e-45c7-ac45-c75d467ca179", "comment": "Malware payload (Phonk)", "value": "58bd2096417b214394dffae3c23a4a3e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212157, "uuid": "85469ebb-a9d6-4351-a466-8404916b4af7", "comment": "Malware payload (Phonk)", "value": "fdf7543e256f4d1c388489c66dd8d232e794a9fa23e95d8892bde08f3f1468fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212157, "uuid": "b5c91a1b-f85d-444c-9f3b-a5edf314092b", "comment": "Malware payload (Phonk)", "value": "4d37de854d30bfba244fe2c8f7c55b2ddc9e13e7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690212157, "uuid": "c1b9c71d-4fed-43f9-82b3-9ade8393dd67", "comment": "Malware payload (Phonk)", "value": "3fe3aa0f5077199eb8fa26f2795134543a0f79b2e105ea8da04e26822f1028a0f8e94f932de8a9efaf8353cb52020fdb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phonk", "colour": "#69F639", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212157, "uuid": "92e06647-2928-4f5f-95ad-13546fc9c8da", "value": "T14A8506147AC20DB6EC9E02F1D366491C4F63EC626701D0EB265366EDA63DF079D8B263", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212157, "uuid": "1a014fe6-201a-4ddd-ba93-8d7ccb6d9d99", "value": "24576:MJtsUhtUhNC4ipQjpyp0aXlTHlD/64BS/Z0SKi1W2pZS7SNU:M4UhtmNCHpQjpmndhS/Z0SnDpE7Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690212157, "uuid": "5a3b0db7-2a54-4a50-bb9c-e1b3cc4b93a6", "value": 1774592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690212157, "uuid": "36305e79-490e-4cc8-9979-2092ad9bc033", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690212157, "uuid": "4ad72237-1f26-4f00-bb39-8467482c9cc5", "value": "58bd2096417b214394dffae3c23a4a3e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42005afd-2a42-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1690217455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217455, "uuid": "dbc1d6eb-b529-41cf-b554-6990d50b70ef", "comment": "Malware payload (RedLineStealer)", "value": "9533bae0de9b7ce87d1098c92189879f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217455, "uuid": "f030fa4c-e484-4d9e-8d6f-4e222b1fa229", "comment": "Malware payload (RedLineStealer)", "value": "fe7fc85c6d3ddb842d47b3d26e7691a1b6cd4bb97d5e5477ee373d4347d97e7d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217455, "uuid": "f3ffcb28-7365-4b8a-96f9-285c89bfed3b", "comment": "Malware payload (RedLineStealer)", "value": "bcb2d133c68f1b72f91a8b4b85bd103cf0731f27", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690217455, "uuid": "1080e755-e678-47b4-95f1-f50593e32442", "comment": "Malware payload (RedLineStealer)", "value": "c508a973a1c916592e5a776f78b8eb8c187ef31f5576dbaac552e1b9ffd450249fbfde79c7e15826dc3d177eda0660b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217455, "uuid": "455497e2-ade2-4213-8770-3be93c73cc33", "value": "T17A840203FBE99073DAB527701CF502930B36BCA14D39876B2746996E4C736D4A83672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217455, "uuid": "42614999-d90e-445b-80fc-8717eb33f04f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217455, "uuid": "43d756ed-e52a-40f2-be29-1ce3b34e9c2f", "value": "6144:K3y+bnr+8p0yN90QEW62uXJ9fWufr6WEGYeNFvW4/2UZ3O9hMgBZ+t4HD8asAUWS:9Mr8y908SJazQ12UZ3O92gBYCHw+U3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690217455, "uuid": "11eaed40-34e3-4d21-8e98-29d3100ca93a", "value": 398848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690217455, "uuid": "9e7e78f2-a67f-427b-8878-c134b2c6345c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690217455, "uuid": "227ef32e-9bf3-4374-b750-531a2a1a0e0f", "value": "fe7fc85c6d3ddb842d47b3d26e7691a1b6cd4bb97d5e5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95dafc08-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1690188820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188820, "uuid": "73db63c3-6d4f-4cd0-8c49-39ab237b08f7", "comment": "Malware payload (QuasarRAT)", "value": "bdb1988fea2a37b86db9d928acfa7506", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188820, "uuid": "c39bbb6f-4e5f-4b80-8a92-9c5484e4f4f9", "comment": "Malware payload (QuasarRAT)", "value": "fe8a773ed9bdcbfa839b049f956083e295d93efa6d48e2fa96bbd45af68dab9d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188820, "uuid": "11416651-de95-4bfe-bd28-06f6cdcee083", "comment": "Malware payload (QuasarRAT)", "value": "737cb1a380f0019af3f81b62507c6b4400ab3a69", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188820, "uuid": "51698d08-ebf7-47f7-9a96-6f7f6556408c", "comment": "Malware payload (QuasarRAT)", "value": "4a8fb13e5462f3cf414971d768507b05c174e86768e5ce5553311fa1995335bc7e2cf563d0ceddeab6c5c76ed74ac564", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188820, "uuid": "eeec8929-b1d9-4f68-8d10-710328461721", "value": "T16EF4338F6BA85054D461293CE97319CBC131DE5F6D36B51D8C52AC3BACDC28EB72B821", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188820, "uuid": "38cd3dc0-cb15-4f8e-b861-2bea1777ca77", "value": "140094f13383e9ae168c4b35b6af3356", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188820, "uuid": "437c004b-f466-476b-91f5-641ecbb1e02f", "value": "12288:KCGcHezlYaW5aJnOuzsMaeA5lBnk1ny6GavuyLLdMR2t+YHic:K7u2caJOuwReslBTac2rCc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188820, "uuid": "a90786c4-11d7-49a5-ae12-2410e8012e18", "value": 723968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188820, "uuid": "ae4e68b9-72e3-4fc2-bd92-6199c8730712", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188820, "uuid": "c305e4c4-2009-4946-acd9-2b09c3a0a703", "value": "New Project 1.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f92ffb75-2a3a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1690214327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214327, "uuid": "87781793-cfa7-4d2a-a105-e4a241ff1054", "comment": "Malware payload (Formbook)", "value": "682fbd7115e44f2d2cdac467072a0e24", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214327, "uuid": "bf040480-95c2-4c4f-b2b3-d7c3b27cc34b", "comment": "Malware payload (Formbook)", "value": "fed8358d2eb6cd687bb6f6a88b4f8bc01bd5dcf355535532718a0f04f1eff674", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214327, "uuid": "fd07e458-a051-4f73-9449-ee36d3b13cd9", "comment": "Malware payload (Formbook)", "value": "646aff32f81f87abefd8ba2c5d0d911d20a329c9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690214327, "uuid": "566a3525-7dfc-4a83-8fac-b1037710406a", "comment": "Malware payload (Formbook)", "value": "2f22f0bbfd45eab4508329a619378c2e194e5597dc89add881f80d7f9f4367ae92a9f0e433db603fa4e27a12476016f9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214327, "uuid": "8ac7c142-319f-4dd0-8e1d-3be29fab8138", "value": "T1CDF401903BB69B66E2B8BFF4867055241371A1555877D74C4EF120EA1C22FC8AF92EC3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214327, "uuid": "ad62735e-c6d4-4b2d-838a-98a5fa2c9b56", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214327, "uuid": "dba70cf7-c139-4bba-807b-9735ac6f031d", "value": "24576:fFua+tagsCz/Dh/9BWcmRsuC55pOVn2D:fVCtKcmRsH55p3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690214327, "uuid": "d4c2b5ae-bf80-43dd-93b3-a90407b01cf5", "value": 789504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690214327, "uuid": "7df76199-c9d7-497f-a1a2-84b24de5950f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690214327, "uuid": "fb218db1-41c8-48e7-93c7-1acb25929d77", "value": "682fbd7115e44f2d2cdac467072a0e24", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df75bca9-2a76-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1690240053, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240053, "uuid": "046f2f8c-0e91-4f5a-912d-c9625e0dc1bc", "comment": "Malware payload", "value": "ef8523e0f3a69a47f1d51f0ed839323c", "object_relation": "md5", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240053, "uuid": "8c5e4797-5127-4aa8-9283-3147aaac47c0", "comment": "Malware payload", "value": "fee4d20a662cdcb86e278ff18f40e7b660e12c6dccf5d66c88c3bae0ec88ad0e", "object_relation": "sha256", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240053, "uuid": "e4699724-6704-4e16-a245-70ac749b778f", "comment": "Malware payload", "value": "5431b14aedb1b527b711129e138ed609c9baacf4", "object_relation": "sha1", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690240053, "uuid": "680631f7-0545-44df-8a32-f3ef018f4d80", "comment": "Malware payload", "value": "f7a008f8fe2c31ab05d54d9093bc5078744b9c8f9973e30a2e9c1801d7691f224a88b0005d6133ec63a6a990829fd0aa", "object_relation": "sha3-384", "Tag": [ { "name": "GoogleAi", "colour": "#068399", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240053, "uuid": "0c395b36-fbfe-42fc-a8bd-50c49365415f", "value": "T10D46334BB8CB1F32D12A47B5709F57CA9E684E040B47162763FB728438F37147AB859A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240053, "uuid": "6976a98c-25ec-4a80-a9f0-396fb4976b0e", "value": "98304:WfWMy2eOSmUNQiveS0nGRehMc6zEmktLFt7s365qqXxHw+v+y3hfHDdu7gQDB:WfWMyLOiv4GRemc6zEVtBt7Q65qqXxQH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690240053, "uuid": "a008e35c-eda8-4e29-9d57-a6f4a3acd9f9", "value": 5881344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690240053, "uuid": "5618bf73-a922-4646-96cd-7a1bde4aa798", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690240053, "uuid": "8bb78088-464c-4918-acda-3895fef59cf3", "value": "Setup.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bf2a530-29ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1690188830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188830, "uuid": "edf13e50-1198-4888-a54f-e7a41e3db392", "comment": "Malware payload (QuasarRAT)", "value": "2274734967ed6e0b85c187f26de88b16", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188830, "uuid": "18d9138a-957c-460f-8e88-8ac7cc3b5d51", "comment": "Malware payload (QuasarRAT)", "value": "ffd1f5eebdecbc29317a92b2c87b75ab94d2003eaf6ecfb4872d8c70d8460d09", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188830, "uuid": "cf5564cb-2884-4d95-8123-2fe44ed97036", "comment": "Malware payload (QuasarRAT)", "value": "57fbd7a251aa98b7da358d690879b878ebfa9a0f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1690188830, "uuid": "4b1f4278-fb02-400c-8201-6940b662b151", "comment": "Malware payload (QuasarRAT)", "value": "ba3c62f1965d7bd67b9c4f4344b8230543737061bcb6e559306a0c2206e357eb880d52a3fcf95f9a249b70da6cbad0b9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false }, { "name": "stores-anytime-at-ply-gg", "colour": "#873C68", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188830, "uuid": "22eb4286-fc22-42bc-bf24-b240c052dc5e", "value": "T1B5847B1B73A4A93FD5BD173AE43207140BB9DC467612E78FAA5875B82CB23864D413E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188830, "uuid": "55bc7e52-691d-4f6a-bfee-5c6b3c933571", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188830, "uuid": "a7ac83ea-b921-420f-b8b3-317de7fa223b", "value": "6144:/wMqQ4i1FFiEKMSefgafmhT1b4sVb13uQaPyjzOP/vtXMXfTc0:NpliGonTLluQa6eP/FMXfTc0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1690188830, "uuid": "ce4d6672-744b-4351-88b7-9308dec26f10", "value": 401408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1690188830, "uuid": "5d9513e3-3398-4002-a2a6-0d23d7b985c0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1690188830, "uuid": "10e6c7c8-01b1-4d5a-b793-f52ad6683d45", "value": "SecurityHealthSystray.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }