{ "Event": { "published": true, "date": "2023-08-03", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-08-03", "timestamp": 1691107381, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "3154e153-dffc-4315-a170-69be8ee01f30", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f19223f5-31f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691062570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691062570, "uuid": "bf9aa963-59a7-4e9c-85a8-72a3cf6ca8e3", "comment": "Malware payload", "value": "9499fcf32b387ebb8fea0c9795e13e3f", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691062570, "uuid": "a2882cd1-9724-477e-bd19-e68808469013", "comment": "Malware payload", "value": "0086b0d726b7243e52d043f33e4addf1f794712192fd5131a212bd9257d147c7", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691062570, "uuid": "9df391a2-133d-4900-99cc-106753690832", "comment": "Malware payload", "value": "3c555461e2ded4795e4969c2d5676d34a6ef1653", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691062570, "uuid": "fe2bb038-fed9-40c7-9923-c07ccaf7ee76", "comment": "Malware payload", "value": "74681b2b635703e274c6a6b28f94dfa9fab241401eb4ff1671bf63627c1cbfd0d713a53465b8c5ae252d04ddf48f628e", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691062570, "uuid": "51495b22-3788-414a-8248-38df525ad209", "value": "T1C524B6CA4C809624CB47F574856F72347B52C8FAB740740ACD3660C49E6EFA5A32DADB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691062570, "uuid": "fc059338-2698-4cba-9768-a3efd57cc521", "value": "384:qawxcF9WnEgnteO0qDxAN/5DX7Dm5H5nzlz9T1mNHyW7zM:qa39MEgteIdAN5D45nhzd1mN/zM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691062570, "uuid": "18fb92b9-75f7-4b36-bba7-f01739646c7d", "value": 221345, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691062570, "uuid": "d45f4dcd-4197-486b-b30b-b864acea877e", "value": "text/x-asm", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691062570, "uuid": "a1b074e2-68a2-4dbb-a456-f07ad95d5045", "value": "curriculum_vitae-copie (1).vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82a0fee7-31c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691044345, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044345, "uuid": "a8d9bd00-a306-4a1b-b5c5-e98db28d0711", "comment": "Malware payload", "value": "cae0f536e562615b8e4788a0d0ab3617", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044345, "uuid": "ed1cf5b2-1349-4cc6-85d2-cf56adaf1b02", "comment": "Malware payload", "value": "00b6ade6a2ab611fc1f14269e91980fc7f550dd55e018ecf63a2f4c36ec9e03f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044345, "uuid": "0a30251e-b61e-4b1d-b607-49d8d217d538", "comment": "Malware payload", "value": "dd97e1c6f3cb6d1405191a88236aa59e3beecd9c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044345, "uuid": "8085c323-2dc3-4b26-b92d-dd11e4e50e67", "comment": "Malware payload", "value": "670eafb42af381bf58cd80b4c843cb97ff15ff8126b6db770bc8e5a062ba769c20ba3e8a2e5a20601477e94d4ddb634f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044345, "uuid": "28bae39f-7cc0-46f1-aec3-a5e009b4c9c9", "value": "T114645B15BA561879D16BC17882534A62BBB67CC10731EEFF12D462393F3ABE06A3C714", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044345, "uuid": "2b836ec8-1f5d-4025-b957-20933bfd647a", "value": "230c2064c7853810ac54060ba958b0e7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044345, "uuid": "fc1ca274-ebc2-45b5-9d30-ebd19fc2f933", "value": "3072:8sWtVEOJa7TijcC27WjQZO7AWaCWuB1jLTg4xGwhCCvPCNLCPIL6ZkBjv6PTNs1o:4tzoijfKWVNLPTqw1v6NLv6Zcm+sB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044345, "uuid": "449119ae-4546-48aa-b76b-c2fdb33a9ef8", "value": 315904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044345, "uuid": "a8624075-0c83-4413-929a-504b4a7f1774", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044345, "uuid": "113ca3d8-2df2-45c9-b6ef-9dcf35dcee22", "value": "propsys.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74fc8cdb-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691077393, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077393, "uuid": "9720a3be-d628-4d3d-aada-51d0455c18c6", "comment": "Malware payload (AgentTesla)", "value": "e00b509f4c0a81cbfd51bba4f7cf9831", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077393, "uuid": "b8b8d9aa-0c43-49af-8c91-adf477259ef3", "comment": "Malware payload (AgentTesla)", "value": "023e8f353fd78a832818597a81c03ae4287af75ae28f02b2bba97df745b09894", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077393, "uuid": "26e63a65-8f7b-455b-bbbf-54c96ff6c910", "comment": "Malware payload (AgentTesla)", "value": "52947d3d881c54135d2049681c488ade7919b9e4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077393, "uuid": "81f58044-dc34-437f-ae2b-68fce3733eed", "comment": "Malware payload (AgentTesla)", "value": "24a598997eb0e04cd60f97f7c614d3d24d2c9599c01491f464f88b9ee82b89ec68d23721c7731c5bd51742ee91088beb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077393, "uuid": "eedcbc6a-e697-4696-a289-dd8674b797f3", "value": "T1CE151202BAC158B2C4761D335A786B20A93DBD301FA5CEDF97D04A2DDA725C1D631BB2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077393, "uuid": "f96cba5d-41e3-45f6-9b0e-a1a59083c4f6", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077393, "uuid": "61d56637-53e0-4979-8efa-b4094851212d", "value": "24576:NTbBv5rUanep+5lli8A6BGa6mXcqIAXisQxQFSDu:HBjey7i8APLAXisQxVi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077393, "uuid": "2368dae5-6fad-44b1-864c-990693a08894", "value": 885515, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077393, "uuid": "084cd3af-1b1d-4c9b-a611-9bf73740a32a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077393, "uuid": "134a6254-ae1b-4e21-8bd9-38ac9cccfe36", "value": "DHL DOCUMENTS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32c6d780-31c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691044211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044211, "uuid": "f74630f2-d8cb-4858-9b75-e4e62d520e0d", "comment": "Malware payload (AgentTesla)", "value": "a2a70a948821ffe8d30927790e94ff7e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044211, "uuid": "5491a0c3-4704-48c7-9ebf-598168cc0296", "comment": "Malware payload (AgentTesla)", "value": "02d055a6176494b7077a6ce11aeb6687159757be9142ebc094803a88cae480bf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044211, "uuid": "302672c2-8d42-4744-b6c8-72bab7fa798e", "comment": "Malware payload (AgentTesla)", "value": "15fbb4bfae899c9c6b332f0668909e12335d71e2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044211, "uuid": "7eb46fd2-a7d9-4fcc-9e89-7c0df8d59d03", "comment": "Malware payload (AgentTesla)", "value": "3f01ccb4a6f0beb26aee9c3ef4a5fc066bb8cbbc428d1ade85aa680d05ea282da2811e2bed18506207befd673b8b0de7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044211, "uuid": "49813361-4e1f-4439-b991-5034eb2fd112", "value": "T1F41499E0317D93CFD1A28DB10FC98AB079F135AC98C4160DA0F69B2E93D6355589C9FA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044211, "uuid": "04d0e484-6476-4f23-a65f-8671d0fe731c", "value": "1536:TmMum0jiRNerjn2AY1c9wqvnAv77vvvvv7vvvvvvv7vvvvv64+mhhhm+DtqOgn:T7um6GerjK+9wqY+mhhhmitqOw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044211, "uuid": "efbf97e3-7464-436d-9799-dc1efc20b8db", "value": 206336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044211, "uuid": "08383f6f-0d1a-4eaa-9906-60b98fcd32ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044211, "uuid": "10abceac-0162-49dc-8c93-a956e3910e26", "value": "PENDING NEW ORDER _097KH89.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7cbb9a76-3233-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691090721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090721, "uuid": "3265884c-3057-43f3-84cf-4ecae8229e02", "comment": "Malware payload", "value": "d42973d2307f4e8eab23b00df0814c2c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090721, "uuid": "146953d3-4604-4e55-8753-12226812dc89", "comment": "Malware payload", "value": "039fa01ad7f34ffe65ce65a12f1857c8ca0f5e3515a50d455660d67a20919feb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090721, "uuid": "c787a5db-79ea-423a-ba0f-a07b7a4c5805", "comment": "Malware payload", "value": "ea18f74ad4730b7accd569aa9f9fb11e394e31dc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090721, "uuid": "ef0a616b-e10e-4679-9d22-b93dcad0aabb", "comment": "Malware payload", "value": "70cae04ff23cd958895beafe2d826a3ea6bc7468f1c7e745f4286498873d4ec6e3c4dbbe79cae3ff39223603714f7977", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090721, "uuid": "3f0a3bfc-2eaa-4e2b-955c-f7c227b52412", "value": "T136A63A47F89180E4C1EDD27086669293BA707C894F3123D73B60FBB92B72BD46A79354", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090721, "uuid": "c71688ed-e0ec-42ba-949e-9780577e54a2", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090721, "uuid": "020fb9d8-2bf7-405d-a020-c226734a3931", "value": "98304:hH39P1gXGO3MNjoMHB5SsyEaNkJnNVgsW+K:hX9YGOAoM31W+K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691090721, "uuid": "2b5d1241-1aec-4581-95d8-9e3e728ecaf4", "value": 9682944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691090721, "uuid": "1582212d-db04-48fd-8f82-97650ca10d4e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090721, "uuid": "b5149c4e-2f52-4ee0-b532-86077b30def0", "value": "039fa01ad7f34ffe65ce65a12f1857c8ca0f5e3515a50d455660d67a20919feb", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b1b2214-31ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691047339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047339, "uuid": "b3a1e36a-8bf2-43fb-8690-91358f52e3f9", "comment": "Malware payload", "value": "413157ad1210bff496058fb2d23269c3", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047339, "uuid": "3dd88c7a-4d21-4115-b4e7-ab9424cd3a55", "comment": "Malware payload", "value": "03d58184754f59c5a82a69a5865dcdb3d8b751873b7a45c17780df18ed8b31f1", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047339, "uuid": "c2e4c7aa-e0ec-4a96-9d22-12a7e4775780", "comment": "Malware payload", "value": "5fd8215dd1f9cddf85bd06f222d0ce0d47abc06c", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047339, "uuid": "27394382-d735-4a3c-a96e-1f56dec4bca9", "comment": "Malware payload", "value": "ef078c4f3c7b2a6f10d1770608cc12cf62d6391cd9416d679689579e2791e57d740b415124121e774e232a96161d0c42", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047339, "uuid": "1a5badf6-c615-4e55-ac13-e918db71ca34", "value": "T1E3C3275B72E01189EBB581F6D5920786EB7074721711A3DB2B7823B71B2B8C59F3D3A0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047339, "uuid": "44470f17-7c48-4111-87f4-b2525044c8f2", "value": "f326f88ca83c9aacaa44acfb8884f1d4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047339, "uuid": "eeb346ba-b15f-4e42-8f74-3006e65117b7", "value": "3072:0/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFSiIt:3tzsb5Uh28+V1WW69B9VjMdxPedN9ugz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047339, "uuid": "c008b419-c12e-4725-8b1b-983849b06edc", "value": 126976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047339, "uuid": "4b9ea3a3-076d-46c1-a74d-af5b65bdfc49", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047339, "uuid": "c013e1f1-850d-4a2e-b2d4-d9c8e6d7fc50", "value": "413157ad1210bff496058fb2d23269c3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73998f6d-323f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1691095859, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095859, "uuid": "6f1a04ed-69a6-48a6-ad95-539bee6a26f5", "comment": "Malware payload (GuLoader)", "value": "653c085fdcbdc7e78731cdf76ee24851", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095859, "uuid": "0a9fc2d1-dc85-4a71-872e-c8e625082667", "comment": "Malware payload (GuLoader)", "value": "046fd69408f4d9eabfa211f12fc785b4890fd6e99a42f22bd09067a799d3464c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095859, "uuid": "77f61f77-4707-48e1-b9bb-6dcb25b2b5a7", "comment": "Malware payload (GuLoader)", "value": "ec1146cc76fa842100bc7d464c7a96d626959676", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095859, "uuid": "fa547c25-fd97-40ed-a07b-a6a59b076e43", "comment": "Malware payload (GuLoader)", "value": "6051d1a3e5d2755deb386910c33f208187e806d7c4cd030152463883a4d2b1d814849a64faae29fa808591503f5df716", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095859, "uuid": "e2fbee09-5eb5-4184-a5c9-9c48a7dfaaab", "value": "T1C5747C49F767ECE9FA660239247158263F819C5EA0D9295C228DFB253C36343509BCFB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095859, "uuid": "8547c9c0-d54f-4f63-9685-57bb49a4c3b9", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095859, "uuid": "23d483fd-262a-4aa6-a8e8-b0004f750fe8", "value": "6144:NQ606x6uwX8G2l4COTTU05DyeZ6wl/rlxdyMFQ9KwQld1j2kBLTf7:qhX8GgqU0hZ6wl/gMFOKZld16kBLTf7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691095859, "uuid": "b13214d3-bdbd-4921-b790-bf7f7a1c9755", "value": 369961, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691095859, "uuid": "21edb2f5-ef30-4815-9a03-578990651da4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095859, "uuid": "b4a429c0-2d40-48dd-b471-be9707e079da", "value": "046fd69408f4d9eabfa211f12fc785b4890fd6e99a42f22bd09067a799d3464c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de4ba626-31cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046646, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046646, "uuid": "f38ebd23-020a-4914-9545-7035edc048a7", "comment": "Malware payload", "value": "3d1d6c52de3bc882446a97ae66464c2f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046646, "uuid": "5e326dcb-0156-48e3-a44a-2cfd4add8928", "comment": "Malware payload", "value": "04cfb3bf879ea81614d97c018b0f39ecbabd8f52cb0f89c78892e739f3669165", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046646, "uuid": "2947fbeb-f081-40ef-b653-75edd1b75de4", "comment": "Malware payload", "value": "cbd08406f0a1dcbc6358e897f93a3e55ec391166", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046646, "uuid": "14bf2c87-39aa-416d-a263-33d1b8c15729", "comment": "Malware payload", "value": "4e99dc20aa0cded862f95a47e23744f20de3705b7879ccac33ce6ec0af326a462ce46faad73fb346d60917d3c39b77f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046646, "uuid": "16f12ad1-2fd5-44ed-bb8c-b089b58fde33", "value": "T1B253CE8EEB1A6CFCF515B67E2776D83E2FD1AC5154F81DAD11C9B21F0820902419BCAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046646, "uuid": "cbfc54b6-a6f4-4993-86e2-321df05ffe37", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046646, "uuid": "28d2a5b2-c1e5-4c38-bc36-f9aa3da8739a", "value": "768:WVOjkmPpsMLy9eyIkaOozPppjlsvNtLucM:WQkmmetyLmxpjlsvNtLucM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046646, "uuid": "92b6b19f-fa49-4e78-b9b6-f26fc2a73db7", "value": 63488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046646, "uuid": "4a070c3c-8c21-4bae-b19a-b90938247a76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046646, "uuid": "852814a2-d2da-4d7a-874e-8317b30504c3", "value": "notepad.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb39a6a9-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691044950, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044950, "uuid": "52876a76-c956-4042-814b-0fec2a7ce75e", "comment": "Malware payload (AgentTesla)", "value": "1323b0f34021331211da6af8a5fdeee8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044950, "uuid": "407a3b65-f8a8-49b7-9a7e-67b0d7cb3aac", "comment": "Malware payload (AgentTesla)", "value": "0671a83325b8542dc12228a28fcc62b71fb51a2a92463e3552ca7112783dc25f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044950, "uuid": "73a5b5f8-8007-4e0d-b26e-5c4a2ac6ee72", "comment": "Malware payload (AgentTesla)", "value": "547245ede9358baeeb1bc6641f4ad7d6b32a128f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044950, "uuid": "2ba8986e-fff5-4e6c-b63d-7123b0c8da0d", "comment": "Malware payload (AgentTesla)", "value": "422d1000094c27851ca8d1995cea6ecf244a79bf7062a3a4c43bd5833f0b96c17c1b005cfa6ac890137acb7c7aaa4798", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044950, "uuid": "7dc7079a-f0f1-4c54-a3b8-06a8cd753b94", "value": "T15B25193804B80A12C135D2AD5AD4F613B7904F96721DCE9686C14FC90AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044950, "uuid": "0ee004a7-d3a3-474a-b543-ef31575f5eac", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044950, "uuid": "1c4bf0fd-f399-4d68-8680-485cf5d4752d", "value": "12288:AEKaJEPONKJAH/vxBCL8ZA3IlLdvPIFeT2Q62A2J8DjfMr:o9JS/TC2AiLdXIFYEoJWj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044950, "uuid": "b3ffcb23-4715-4366-b5e5-77091184667a", "value": 973824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044950, "uuid": "7cebf18e-e5ae-4b2c-bf5e-fd0422dda071", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044950, "uuid": "8291851e-27d6-425f-b4cd-b44d96a6ebb6", "value": "scan20230717_16422889(1)pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2369737-3203-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1691070302, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070302, "uuid": "5718d853-1311-4c6d-841a-add42acfb338", "comment": "Malware payload (NanoCore)", "value": "7957c60e89ec81b9a6ae1291be8304f8", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070302, "uuid": "92c96981-b2a4-45e2-bd29-71b82e9ecaee", "comment": "Malware payload (NanoCore)", "value": "06900816a3676700dc9eb14d6a6ed37bfc577ccacddea9648f55d74fa0f98ba1", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070302, "uuid": "c0b23241-ee8c-4250-876b-faa5680ac3dc", "comment": "Malware payload (NanoCore)", "value": "38ed0dccf74504aefeaa29186f39357abc66e9f7", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070302, "uuid": "49505004-dd7b-44ef-a103-4a707d5eef63", "comment": "Malware payload (NanoCore)", "value": "81ec51f4855b50dd84286f33df503df1191bcc9a5dca7673434fb4022bc48215705a3d67b8a813176c38e44810af4ce7", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070302, "uuid": "c357b8ba-35c6-4ebf-8aa0-98bf4ef18613", "value": "T13381C6B2574C9A43D61989B2D9D17F6241A7F61F8BCF0F90631EFAB00E7F1644961B40", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070302, "uuid": "cb4c61fa-c306-4d98-b8c5-3bc2ae4e8cba", "value": "96:3WgJyzz8fXO04OBOu6co1phryuRvcjdpGwemO6Gr:GgJyzgXO0XBX6ZyuBcxpGhE+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691070302, "uuid": "a7383ada-bad0-4d31-a859-8d4ae860c8aa", "value": 3994, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691070302, "uuid": "95395f4d-f8a6-4071-8193-4424278a83a8", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070302, "uuid": "349a2491-6b35-4a4a-b014-ca55ae8d2b56", "value": "SecuriteInfo.com.Exploit.RTF-ObfsObjDat.Gen.11215.25742", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2bcfcad-3204-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691070732, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070732, "uuid": "4fd5fe75-4c53-4ba3-ab68-ad91f70172bf", "comment": "Malware payload (AgentTesla)", "value": "971d710c2612f65b6dc5facb2ba5aac3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070732, "uuid": "1291bf04-f0f8-4fc8-ad0c-4d9107b40487", "comment": "Malware payload (AgentTesla)", "value": "08552fc7c1fcdb754d81dad78184ad191d0585b970a1b633cef88ce63804947e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070732, "uuid": "6ecd3c98-1c8f-4da5-9b0b-bb55fa1f9ad6", "comment": "Malware payload (AgentTesla)", "value": "5a84e0d34ac1b8f41435ff09056915fa347be640", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070732, "uuid": "754fa74d-97a8-40f0-bb7b-fe3b39b5f181", "comment": "Malware payload (AgentTesla)", "value": "7c707a042383dc5db28384b73e905d1ea23663350a75c4cc3cc0307bf37e9db2a1f3e4a9b941a647b0e538e7ec7d4294", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070732, "uuid": "3aa93e48-39c0-4adc-83c3-30762872222c", "value": "T17034FE037E48FB15E6A83937C2EF6D2413F1A0CB0673860B6F49AE6525416537E6E36C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070732, "uuid": "30b35a4f-eda6-44f5-bb70-2093f185cc06", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070732, "uuid": "b32eabe1-849d-4cde-8b0c-318c1d0129bb", "value": "3072:lN9XD38z8b6/cFaWJsGv9o0OwlqeVnZFdTqdtk+NI:D9XDMgbPF0Gv60OwbvTt+N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691070732, "uuid": "c2406aed-794e-4555-b43b-0853be4b726e", "value": 252928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691070732, "uuid": "9afc1589-a19d-4e03-bec1-7e2018eeaf19", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070732, "uuid": "6d1e96eb-c096-4259-ab33-2c97a96fc1e2", "value": "Disable automatic email errors.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93bbdd4e-31b1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1691034925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691034925, "uuid": "86e675c2-70e0-4aa6-a65f-fc332c83d84e", "comment": "Malware payload (njrat)", "value": "3ff8ac4fca218a29177d41edfb4e5030", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691034925, "uuid": "517ad7e3-bce9-4315-b504-8dd2ec5ce8af", "comment": "Malware payload (njrat)", "value": "08bb4c3c5ccc79be512e1f3fa890616ee3ce96875077e13cc3fb1c20c1fd3e8a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691034925, "uuid": "a8e77b86-ab94-44ff-939d-c08096edd216", "comment": "Malware payload (njrat)", "value": "794cc35eff8eeed4f9210b01845f5372625c98ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691034925, "uuid": "a67dbaf9-9f14-40e3-8f96-9a566fb6f537", "comment": "Malware payload (njrat)", "value": "f1602084a24fa611087fdf649cb5f7b01dc3d9eaa2c97d279780ea5e16c6f19f284a10cbc491b6d46f8223c779b4b026", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691034925, "uuid": "5387aa64-2f87-4d74-8a9c-72a516ae1120", "value": "T195032A4D7FE18168C5FD067B05B2D41207BBE04B6E23DD1E8EE564AA37636C18B50AF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691034925, "uuid": "ef76ea23-4743-4350-ad97-1d51f4d92342", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691034925, "uuid": "fcc6e1d0-5969-4e5c-970b-2f92efc1b7e6", "value": "384:qmieQilahHeTnMGiyMTTmHtd4jPSi0rAF+rMRTyN/0L+EcoinblneHQM3epzXtN7:ANSMGxMTTmX4rSPrM+rMRa8NunTt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691034925, "uuid": "dfa03b46-6fd4-4c69-9d3a-5f38d1b7651b", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691034925, "uuid": "2f3e5e0f-166a-4807-b374-13d9d7aa3567", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691034925, "uuid": "638e5aad-e4eb-4c3d-8ccf-e3dbaaea88f7", "value": "3ff8ac4fca218a29177d41edfb4e5030.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96e9e840-31cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691046097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046097, "uuid": "f6598829-866f-4245-b9b4-8093f3a7f2bd", "comment": "Malware payload (AgentTesla)", "value": "6f0e8c672ab45efe3e5252b6b94d7fcd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046097, "uuid": "d94c671d-b5de-46d3-89cf-03fd034c3e4a", "comment": "Malware payload (AgentTesla)", "value": "09b753e77a8d15d71b386dbb730ca68fedf7f1e3c1f8be284bc601c206d26086", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046097, "uuid": "d4b9f5f8-ff19-41bc-8028-0453d4e55b9d", "comment": "Malware payload (AgentTesla)", "value": "f22dc51a94cba1c766480434c2c69fa3bbfaed56", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046097, "uuid": "040e3a31-2d0a-4401-8e9f-5c93916affec", "comment": "Malware payload (AgentTesla)", "value": "75ef48a2894b33acbd5cea1e6cefb21b95d5920aca24f4e3c66f7aec9934546b911d72bf6dc1a7e89737d3bcb31d70a4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046097, "uuid": "6a39721d-d549-4e28-afc9-b3fb9c91080f", "value": "T13B15193804B80A12C135D2AD5AD4F613B7904F96721DCD5686C24FCA0AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046097, "uuid": "6517f0de-603c-4366-a2f7-58ba1855a2ba", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046097, "uuid": "2b9210cd-648a-4408-a757-e9c0cd4a8016", "value": "12288:vEKaJqRXMbNpRl/+ieIiOoE8XPRXSLfw0N5Or1dKEFTBmYO1hCwm2:bQNQjIi7E8f9S8v1ddv0hCV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046097, "uuid": "a0568f47-ae3f-4ab7-ab2c-a354a991099e", "value": 957952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046097, "uuid": "6ffc6487-75ea-4705-b572-c084e5a66340", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046097, "uuid": "a8eee9ed-eceb-4662-ba9f-059c9e923d04", "value": "Purchase Order.PDF.Z.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20def7c1-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691046758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046758, "uuid": "dfe442e9-dee4-44b0-8c3c-7c87f01a5c2d", "comment": "Malware payload (RemcosRAT)", "value": "37e5352615b74aa396a53f3eee8e8b6f", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046758, "uuid": "6126fa89-635a-4431-9e24-e6a78a4cd11f", "comment": "Malware payload (RemcosRAT)", "value": "0a03bcf64cd81057c2a0ac176fede840de936f83e073e6bf126f236a1d532fe1", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046758, "uuid": "5857e2a6-3ff0-45f1-9a15-1bd0e2e65648", "comment": "Malware payload (RemcosRAT)", "value": "5a8ca76a49f35b88191d0d0f5af374d924e696a1", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046758, "uuid": "2be1cc7e-9975-40d3-afc0-efb5bac19807", "comment": "Malware payload (RemcosRAT)", "value": "3fc3d56c78a44060a1fe838c557c3a08b0ff65f46b9cf4bdfa0d0da331bfdc6f0d183d797435644f7ac1d15251328869", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046758, "uuid": "94d25087-c35d-4234-9da9-a37bb7033724", "value": "T17E23AE6DD38F01AACB525337AA1A0E5542FDBB3EB34561B1306C833533EE92D61252BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046758, "uuid": "756f7174-9afe-41d6-a7b7-c7e0ac18c41e", "value": "768:swAbZSibMX9gRWj/EHmQw38XhZHoHoz8I8zH9k:swAlR4Ezw38XIHhN9k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046758, "uuid": "3c2410a7-b082-4a6a-9255-2a1171f9bc8f", "value": 49010, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046758, "uuid": "02274bbd-b976-4554-a715-88b1bc5f3342", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046758, "uuid": "3cc8afea-ff85-4e61-80fc-5298a4872a51", "value": "PO.No.660240685.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a2b53e3-31bf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1691040922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040922, "uuid": "e91c0a92-0b03-4389-af64-f5938fe2e764", "comment": "Malware payload (DCRat)", "value": "48b5831f3bf109b2daa07df363f9a1d0", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040922, "uuid": "9ffba5e4-c682-4605-b0ba-4be3e421341b", "comment": "Malware payload (DCRat)", "value": "0b4157582626a3b1de51951a782da734861b58f9cdac82e91572fc29ca811304", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040922, "uuid": "6d92e744-e884-4db7-a436-083895b6d8fc", "comment": "Malware payload (DCRat)", "value": "7dc8e87d78bbc1ef13830ab7ad5d806935a0f0e6", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040922, "uuid": "dfe6f958-6b86-41b7-b860-7c69080ab8af", "comment": "Malware payload (DCRat)", "value": "fb4e44efd70b97805dd489d6892801642e4a394803718146cbbd94729d34680a248f407451c2475cdb4a3bc3dd18a292", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040922, "uuid": "55767bc0-3e41-42ed-9ace-f8b7e8a59357", "value": "T11F454A067E44CE11F0191633C2EF4A4887B49D51AAA6E32B7DFA376E15123A77C0D9CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040922, "uuid": "34bf71c7-dc84-4a7a-befd-c732194c519f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040922, "uuid": "d5fc9e77-7ebb-422f-b403-1d34917c7691", "value": "24576:0GbW/k/ZwORPpjJWSRRVm2eiZDMBEMgtE:BDrbW72HgEMg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691040922, "uuid": "64168964-cf82-49a1-af2e-87ecd2fe895f", "value": 1170944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691040922, "uuid": "f96b2bc3-cda4-46e2-ad24-e8f0dbdf1133", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040922, "uuid": "a4531dff-fd4f-4213-9562-308279318981", "value": "48b5831f3bf109b2daa07df363f9a1d0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc2d5d6c-31fc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691067205, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067205, "uuid": "d664f18d-3e53-41bd-9ba0-f4e63ece6d1b", "comment": "Malware payload", "value": "0f844be961b0ce43d70c64e532972b41", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067205, "uuid": "72497062-92d3-4d72-b67d-0bdd598274f3", "comment": "Malware payload", "value": "0dee02b21cfc3d8055e4ea59c4df9a4d113dbe5676ce4946ec7406749eeb238f", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067205, "uuid": "a90a9b96-4cde-48a2-a07d-09bef503dcc6", "comment": "Malware payload", "value": "7158c8db999110aea98482bb83f129694fc4c2e4", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067205, "uuid": "29ee32d4-5896-478d-bbc5-4d62c0957d7f", "comment": "Malware payload", "value": "b6b74d7ebec5b46a5bc0191981cf69f890445fe12651d6ea7001b3e31e58ea93608ab66ef155bc0819bd3040ff917cc6", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067205, "uuid": "4f42cfca-648a-4801-8ad8-fbd2ea388a90", "value": "T167B46C22F281C577D076293C9D4BD6F9445CBD223D38A88BBBE41F4C59753823A6A1CB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067205, "uuid": "d8a4a0ed-f64d-4fa0-8637-a868c1f89a1f", "value": "12288:jmSKt5WG+DfnlcdOdU/vMWvoMgwsQIXEiPyz9xkPUCqnus/0:jp65WB7lcdOdU8WvoMgw3IXEiP4kPb+P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691067205, "uuid": "aa843000-dcef-414a-8765-3a2c202f55d7", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691067205, "uuid": "955057f1-0d48-4084-a5c5-c0a9383e94b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067205, "uuid": "ac221195-234d-46e2-b4ee-d453c7ab21af", "value": "0dee02b21cfc3d8055e4ea59c4df9a4d113dbe5676ce4946ec7406749eeb238f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2d24b90-31cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1691046224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046224, "uuid": "1c84184c-55b5-4caf-88aa-eb63c08198da", "comment": "Malware payload (SnakeKeylogger)", "value": "a58ba28556b22b42763f7e250fb0a4ee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046224, "uuid": "1c068b5c-2a19-4c6f-9515-eac7ea4934ab", "comment": "Malware payload (SnakeKeylogger)", "value": "0ebd3bc3035a85c16d9856235d470598e247755fb4b3744c32ac6bab6c4d311f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046224, "uuid": "7daaa521-46f3-402a-b1b6-5771e449c7a1", "comment": "Malware payload (SnakeKeylogger)", "value": "1736c40a3405568ea7eb99626fc6787225081eac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046224, "uuid": "40173271-d9d4-4fad-9e76-97a15a85b1d6", "comment": "Malware payload (SnakeKeylogger)", "value": "a55d4d59f8e13d527df0335568c81486eadf308c33031fcc25641c76d11f0812b50ac84b117aceaac8e0ff9ff63b83b3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046224, "uuid": "b3bf790c-cf6b-4de9-8bbf-5b1c12e6d05d", "value": "T102D47D11ABD0AB17F06F63B3C0A34A6157F4E196A3C9FFCB19806AEA1D57305DD0429B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046224, "uuid": "80932c38-32c5-474d-bddc-91d1ae19884f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046224, "uuid": "3642ff82-d2cf-47d5-b1b5-49c7dba3c479", "value": "6144:hWsTS0AV13ha4LtgdA8ICUNV9xIm683GcS+/ccP+zwrC3vGIETPm3zBzPH:k3ltga2UNKsFSJcPu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046224, "uuid": "d54fa744-4b33-48b3-8d79-63e5f6c6d44d", "value": 601600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046224, "uuid": "6d7b43bc-817e-4563-bdff-22d7da7d68e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046224, "uuid": "b5abb136-2dff-4f6f-9e94-07e6e317a66d", "value": "Refbkefruvt.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "973354ba-31ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691045668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045668, "uuid": "e423288c-89b7-4ca6-87cc-6ede644d3acf", "comment": "Malware payload (AgentTesla)", "value": "1908519a2ad8f20c72a4879fce9986f8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045668, "uuid": "bd260261-8a1b-453c-9f81-9eec313b3c2d", "comment": "Malware payload (AgentTesla)", "value": "0ed77fd89bf16db78b75431e59d9e15c2a284563cb77bc69d49a45823accca80", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045668, "uuid": "4f0a023f-35d1-4a92-bf28-f733db0b874f", "comment": "Malware payload (AgentTesla)", "value": "d20f2e3f0e0aca5ece1084eff3b1c6e3a606562e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045668, "uuid": "e6c22bcf-5a5e-4185-a1e9-8df2d5f154b2", "comment": "Malware payload (AgentTesla)", "value": "708b79e0738deedb56c5a00ffec8be55b31d17bca2eab18d4790a48641675808a423c19cc67b5c07fd79f2749c2ffd0c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045668, "uuid": "abbd41f7-52a5-4083-a5bb-5853ee030782", "value": "T1FE25193804B80A12C135D2ADAAD4F613B3904F96761DCD5686C14FC90AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045668, "uuid": "de21c55f-6492-4ebc-819a-f46f73fb4d2b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045668, "uuid": "46e6a607-340d-472b-a37c-87a6282b9d64", "value": "12288:PEKaJHdi7V5vcaMNkygqOPBWJI19PvJay6Z1YMASScJddpr5t:Wd85vmkyE4JI19PvJN6Z9AEjdpVt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045668, "uuid": "55667cfb-1140-4a9e-b75e-995d9e08b057", "value": 967680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045668, "uuid": "431fddaa-4b79-450f-9648-0746fe781b92", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045668, "uuid": "f81d7bbe-47ca-4085-86e5-830918a5d4f8", "value": "Scanned #00461030823.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6bbf8f2-31fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691067679, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067679, "uuid": "6c8661c3-fefa-4cff-882b-3ed49045a033", "comment": "Malware payload", "value": "9e3a97ab5f3a9179a0357dbcc99e2ef5", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067679, "uuid": "679008e9-ceac-4029-933d-08a17d9337ff", "comment": "Malware payload", "value": "0fbd7b486645d92821b327c5e2d361333ee0fe7de6ed68eab29c3b031ea1e620", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067679, "uuid": "fff5c8e2-c277-4442-85fb-fa738d42fd67", "comment": "Malware payload", "value": "486896377da7be161a280737d3a8fa2ac73b8bab", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067679, "uuid": "8b5f3702-6a1a-467b-93f2-56d040e0e73e", "comment": "Malware payload", "value": "2661fe31ab1d62975099e2d1f2a5b29a2751f9005434d632e1ffc72c8da8aeb0b1ff3d9f9ce4c1331461eff430fc55f1", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067679, "uuid": "541deed1-2000-4912-84d6-5336afa4a280", "value": "T1AB85F10398048B87D41D83F87E633ADD0A0D7F29B4E979DB05927F8B3A31AA7495E50D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067679, "uuid": "1daf360b-325e-4126-8f36-d625da166691", "value": "49152:jQmmQ30FupF6VFQmmQ3030E6VXiNhv3tqRXXA7Piamy0:jpmQkFmmFpmQk3ZmXMhQXha", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691067679, "uuid": "7a6e24c1-ceee-48a9-9fe3-a20f3078c1fd", "value": 1719296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691067679, "uuid": "b892c16e-ad3d-4659-8235-06a74d9ef1d7", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067679, "uuid": "0c23fd91-4d38-4059-8b0c-1f837848cbc3", "value": "Inquiry NO 012621.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d92e989c-31fc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1691067254, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067254, "uuid": "caf566da-772f-4433-bf00-11c12d132cb2", "comment": "Malware payload (DarkGate)", "value": "320c598980ac631f000a4221c97793d2", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067254, "uuid": "7dfdcf5e-aaa5-4fe2-bcb1-403d903fec28", "comment": "Malware payload (DarkGate)", "value": "0fef65c9443c60896499c90bcce4448328ab6cf2387e1d7cf1fb9d8234ff5c5b", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067254, "uuid": "233283e7-6415-403e-b749-9ec19081bb18", "comment": "Malware payload (DarkGate)", "value": "f4b31f44dfe5a29e2de29a0695d415dfd8bbab89", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067254, "uuid": "521a8c34-72ed-453f-a3ae-6fda559f0b75", "comment": "Malware payload (DarkGate)", "value": "8543625d16f7018fcd0d2e9ecc2fa9d2762a92ed5e2e89cc1e3a8df853cb1d22405b76a7af0d180060c2ad715879c93a", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067254, "uuid": "3b5f97ca-4dc4-47ba-a8bd-2d3f38e7e28a", "value": "T1BE445C32F1818937E1712B7DCD9AD6E96939BA101D68544B7AF85FCC8D3A382392C1C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067254, "uuid": "8bb0c203-5dfa-4b96-ae98-bafdea1dc0e1", "value": "b43381439d4d569858211ce4b5ba88e2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067254, "uuid": "f91c861f-d274-44a6-bf5c-a37f4c1884c2", "value": "6144:TTtiiKmkNKD1ABXVwqrB+LqyqNBQuLuF/mM5N3Xw:mmkNKD1AxVwqrB8qNCF/L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691067254, "uuid": "c473b913-1f82-44c7-8e14-0cfabb6f91c1", "value": 270336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691067254, "uuid": "f6a55eb9-48ae-455b-9214-d9876e9d759e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067254, "uuid": "ee134e77-e6b8-411d-8bbe-2087085174b1", "value": "0fef65c9443c60896499c90bcce4448328ab6cf2387e1d7cf1fb9d8234ff5c5b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22a49bc8-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1691047620, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047620, "uuid": "814ef594-9c42-426c-9ac2-3e3fe1c5ac87", "comment": "Malware payload (NetSupport)", "value": "5b03ed3e0e19f09ac9e99db7b1a94c23", "object_relation": "md5", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047620, "uuid": "f35a63e5-b935-4c9d-b49a-dc6da31632ac", "comment": "Malware payload (NetSupport)", "value": "10d1bb53f87a831ba5c62430e91994a1e64c77fcda38112b82ce7c979c337ff8", "object_relation": "sha256", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047620, "uuid": "a9955667-b514-4df9-8332-c3314a25aa51", "comment": "Malware payload (NetSupport)", "value": "6ba0b3a65ad4d617c9b974ca00a9076f5bc03cfc", "object_relation": "sha1", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047620, "uuid": "e699e713-78d3-4cf3-a4f9-d49170545d13", "comment": "Malware payload (NetSupport)", "value": "06d53d4b597169ae67be7f85c18650ecb21944d27485c0c7c4855dd2feec538bed538d9af2fbb28d73eeed991d939561", "object_relation": "sha3-384", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047620, "uuid": "a9a8f66e-18b0-4f99-bf35-ede6accab8a5", "value": "T1CC45DA38397A7C2443DBDA1334F14B961CE9564FD1703A3B199AD8239A352C265B22FF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047620, "uuid": "60d1c385-1eb8-4691-b985-0aedf92e766c", "value": "3072:7uYmNUEpqTjFaoZ+VT5De6rZ9ZNbfhHXCIL1VTdgZ1kgVAsLWGYFL:7/mNVijFPmprZ9FHyIXTdgcgDYFL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047620, "uuid": "a39e83ce-7881-4f0b-872e-4558a4308eb4", "value": 1263672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047620, "uuid": "c783eee4-b3b7-44ae-ae31-f093f1339d82", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047620, "uuid": "2620225d-b8ba-416e-8398-2f696abe1921", "value": "service-supporterx.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a993726a-31fa-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691066315, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066315, "uuid": "884c0043-e7d6-4cf2-8a20-61144783e4c1", "comment": "Malware payload (AgentTesla)", "value": "22e8b1b53abbb477d99d91e268fac971", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066315, "uuid": "53ab27f3-5e74-41d3-a715-821b9e31d0cf", "comment": "Malware payload (AgentTesla)", "value": "10f26559ea7fefce11cc8c2073632544a842ea14abe7e815ba71205116aae094", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066315, "uuid": "65733552-06b7-4890-9ba5-1877f8c0e8fc", "comment": "Malware payload (AgentTesla)", "value": "27872a6648ca6c534c15ba37fb1873b6ffa8cc74", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066315, "uuid": "a4b6d79b-0c5d-4685-a4a4-1cbe6207920c", "comment": "Malware payload (AgentTesla)", "value": "6973c4dbf2501dc12f9e920fe49a795d58e15753dadfc53f2436bc43cf00968d695b719eb008050f9365f7fd3d39a3b6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066315, "uuid": "aebc68b5-72dd-4690-815d-974ea9d96907", "value": "T1A404DA56EBB6EE31CF28063F824173254F3E5ED281E1BE9E3548F1642EB9E44C4446DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066315, "uuid": "78c1d509-f5e8-4ee4-b459-1e0f4373965a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066315, "uuid": "b5f84666-b7b7-4a90-9eaf-2419db56dbb0", "value": "768:2zhrsj3/eLFd5G13NzSw+R6ES0JXtZhVm13j2tSHPWcSaY9:2NrsaLv523NzSw+7SA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691066315, "uuid": "12f35062-ffc5-4e3e-92ef-998ae462e7d1", "value": 189952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691066315, "uuid": "093479f9-4f8f-4ddd-8910-6cb4ea9d7589", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066315, "uuid": "16588fc0-af47-4154-9f62-64e7ee8ecb6d", "value": "10f26559ea7fefce11cc8c2073632544a842ea14abe7e815ba71205116aae094", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74ac6da3-31e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Metasploit)", "timestamp": 1691055918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055918, "uuid": "3fcff348-8402-4545-98a6-7aab09585325", "comment": "Malware payload (Metasploit)", "value": "ee19c684cae213b1ccf7eed6260532c0", "object_relation": "md5", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055918, "uuid": "7a409135-57d5-4d41-8071-b11283ae3c31", "comment": "Malware payload (Metasploit)", "value": "1348a80566be0af4c8af8306cb69386b790a0ab862d203c3ada21165165c2e61", "object_relation": "sha256", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055918, "uuid": "8fae55e2-e485-4f60-963d-a9554c34fa59", "comment": "Malware payload (Metasploit)", "value": "398c6a56e2e702c6e06c3a9a28284fb356e5ee8b", "object_relation": "sha1", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055918, "uuid": "ba0484eb-b982-4d49-aa35-0a5a7821bd95", "comment": "Malware payload (Metasploit)", "value": "5550d15cce71e7ec38c414e15624b446e424624f1609ac817a608971deb4bb76ae8c1e79a3d839b454ab1471c5b04748", "object_relation": "sha3-384", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055918, "uuid": "4f46dd36-5ff9-4eea-aeb0-be00aaafce59", "value": "T149818E633087F08F008647793A9863E694B6DA04DACE5005F78CDEADB9DDD933A4C6C1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055918, "uuid": "c221147e-931c-4414-b373-f109a880ef89", "value": "48:po+MTLimb7jOlsLP0rNfAsxYjh5yXzx057gDlZ+voFuYkzmrnf1eo:9GtzOOP0hfX6wDKMD8o3nf1eo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691055918, "uuid": "98fb30dc-b8e7-4c7e-8196-ae2b077192ca", "value": 3973, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691055918, "uuid": "84824d17-10b9-4ebb-adfd-e1a027104b8d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055918, "uuid": "8ae11936-30dd-475c-8ae9-ec090e32b3f6", "value": "allopen", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5e0c95f-31ea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691059544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059544, "uuid": "6cff88b2-ed0a-496d-b1bd-53132d57870f", "comment": "Malware payload (Formbook)", "value": "649796ae5c9a84e07f4b5f9c92ef4dc3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059544, "uuid": "887ba6bc-fd45-4214-85f0-159b6e144851", "comment": "Malware payload (Formbook)", "value": "136179ab4468cf49d8a048a24716546d4f3380c7f823320bd46e8f4510fb2380", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059544, "uuid": "a61d4cb9-d4f9-4a14-93d6-52545cfe6831", "comment": "Malware payload (Formbook)", "value": "37f4ee39ecc55825467f9ef84de45dc6b99d7a68", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059544, "uuid": "da3424cf-b13a-4e87-bb60-14f04dbec415", "comment": "Malware payload (Formbook)", "value": "a77fecdc954720d7b2a9d38d45388570284c3320cf0c2a1b19acff5ab7d3f1835ede2fd68dedec6b0e87d9eec77da957", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059544, "uuid": "ad56207b-18b2-47c3-8907-15cb17c78051", "value": "T15EC423F17AEC9BB8CFE9437A98A1841443642791ECD4F72FAED53194B903B51309CA8D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059544, "uuid": "27df05e7-af72-4059-8da7-0a461b81455f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059544, "uuid": "8f516dfd-3cf9-4b60-b3b7-b7a8f3d1c758", "value": "12288:1oqnaOaPIKwWHXK6uCZvnJxsmC0ek4aiaIlNbEYlZNg0rl:1FQwWHXXZfcmDTw1EYt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691059544, "uuid": "557c201b-64ea-4661-9592-a2c49f917b71", "value": 575488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691059544, "uuid": "6988f1f0-352e-4bc0-94e2-6b8e356ba0e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059544, "uuid": "8c10a4d4-f6a8-45e6-b161-df83bbedf8f4", "value": "SecuriteInfo.com.Win32.KeyloggerX-gen.7509.30726", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf77839c-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691047051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047051, "uuid": "6ff51cd1-d54e-408b-96c3-1b6be91a7150", "comment": "Malware payload (RedLineStealer)", "value": "ad2ae8e757ea6c04b2e766b2234f7b90", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047051, "uuid": "032ffa5d-3842-41bf-8b65-6aa24f83e69d", "comment": "Malware payload (RedLineStealer)", "value": "14393c02dcf9321274b07c2588696e2068e83e15d7e826e09afd6c1e4bd7c4f7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047051, "uuid": "1cbcc522-6fc8-4b2c-a94f-f3f5dc2a2783", "comment": "Malware payload (RedLineStealer)", "value": "090ffc2a3fdbd9f4dfebe12e29d77ca6e14ac8d4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047051, "uuid": "7754c722-814c-4877-b42a-abe3fed64517", "comment": "Malware payload (RedLineStealer)", "value": "c62a7d9f79ef7fffa6e92610a49dceedde01bdb1950710fda9bb3fd46875d15911675386df8f8de9934ffc80b17216dd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047051, "uuid": "ba1ea302-6c94-4b11-8b81-b728e8e5557a", "value": "T110B4021BA7E99036E8B52B706CF603D30F3A7DA18A74562B2347594E1CB35C4AA34737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047051, "uuid": "d2913d63-cc1f-4b2f-91f9-3f4606f7ef4f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047051, "uuid": "d7fc8234-4953-494e-87f0-32cb4c702ca7", "value": "12288:BMriy90/kHILug9QlnTO9EKPhPVVns02fY7C:XyUkHICON7lm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047051, "uuid": "4bb0354b-1403-4139-aa3b-518121084fa8", "value": 529408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047051, "uuid": "126a53cd-b8f3-4197-b215-d8c5728822b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047051, "uuid": "95620363-61b8-47ec-9ed2-95e4f78e6862", "value": "ad2ae8e757ea6c04b2e766b2234f7b90", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d50d445-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068227, "uuid": "22eb2ec8-c65f-4c18-8d44-39a97ec8e621", "comment": "Malware payload", "value": "e789d3d7185fd172f18295e3393647bf", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068227, "uuid": "991a6bf8-87b1-4cc5-a1a9-eed695b520f7", "comment": "Malware payload", "value": "145a0faa4e25006cc3decef0f1541ea5f0e5ab0c8c446cdb921ac7b6c6c87bde", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068227, "uuid": "e08d2365-d9a4-43bd-b120-bf5d07724a82", "comment": "Malware payload", "value": "606e42948fc9cb69a22073d2fce3452c660979fa", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068227, "uuid": "19285310-b805-40d1-9c0b-4c8b4b223f2f", "comment": "Malware payload", "value": "8e987a222659514a6a41606e4947117381c77e54e6a97a02484839aabcf8cc9c4f83a93b5e1f38893fc5bc557c92887d", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068227, "uuid": "5625df60-6793-4d06-b3fc-b9c070631247", "value": "T183B46C22F281C577D076293C9D4BD6F9445CBD223D38A88BBBE41F4C59753823A6A1CB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068227, "uuid": "9a0bd1fb-f84d-4e15-aeb6-6eca0682d3c6", "value": "12288:jmSKt5WG+DfnlcdOdU/vMWvoMgwsQIXEiPyz9xkPUEqnus/h:jp65WB7lcdOdU8WvoMgw3IXEiP4kP1+P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068227, "uuid": "35c6146d-ee7c-4721-83d6-9f58b877bf94", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068227, "uuid": "817f0007-4ad2-4e87-b092-a485f2c60ba7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068227, "uuid": "553475d7-dfe5-427c-a0b0-6f85781b55ad", "value": "145a0faa4e25006cc3decef0f1541ea5f0e5ab0c8c446cdb921ac7b6c6c87bde", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6dfac02-31d8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691051707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051707, "uuid": "247655c8-325e-4797-8fb3-e888174f46ef", "comment": "Malware payload (Formbook)", "value": "6b32efc6c4ce6890cccbdef3579a6a3f", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051707, "uuid": "e8460ded-0037-4ef8-a75c-8cc6c01aec2c", "comment": "Malware payload (Formbook)", "value": "1476b2d60fbe0daecbe0efda09e0f7251df3390536a00cf63e06a6b30d06a162", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051707, "uuid": "b02e4957-d3a7-4d8f-a1df-f12e1a8105c5", "comment": "Malware payload (Formbook)", "value": "002984184d5a3b0ed62ed737620becf2a5cf9089", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051707, "uuid": "291584d1-13fe-4287-9707-78bc301d858c", "comment": "Malware payload (Formbook)", "value": "caea4216b80a9275e437047413f288c0321bd1018673b9a8101d36f019ed481026c2013d21f545694102766127464e78", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051707, "uuid": "15ef6731-4675-4502-a54a-bafde539fe37", "value": "T15344237F623748D0204F2895FA92760FBF6F1AFE85D05D835A67A496252B4007743CCD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051707, "uuid": "1f1c4b6a-b740-4b3c-bfdb-28fea3da1326", "value": "6144:ASig2wYvV2/sGRQGjNFrXYpdYmiUCsFLB+CheNur9UgT:JRkvV/GRQGhB4iU9XkN9e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691051707, "uuid": "db5660e8-45fb-4b5a-b31e-e6457da98628", "value": 278296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691051707, "uuid": "2c6df267-8c00-4fe7-8710-48b15f27e967", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051707, "uuid": "a18f5ded-01d8-4262-b417-fee04a4b4019", "value": "Quotation G-9840270.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab0d7839-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691049567, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049567, "uuid": "c9109dec-5cd6-4267-ac2c-b9e285da309b", "comment": "Malware payload (Formbook)", "value": "e197a253a7912a2c00481261811a22bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049567, "uuid": "4a31d65d-174e-49aa-a505-a459f332e6fd", "comment": "Malware payload (Formbook)", "value": "1575cbe53742e3339cfd530c0599d1868a41dbca3705fd7ded32302fcdf6ed26", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049567, "uuid": "d5c3d341-8d94-4e56-a287-f4c3e64320c7", "comment": "Malware payload (Formbook)", "value": "bde73b3e6910584b4561ca4b1c2b4124e45c8787", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049567, "uuid": "5a783dc3-e307-40f2-8869-45e1c59ec479", "comment": "Malware payload (Formbook)", "value": "abe77a6b14e87bdeb14b30e5f4613b64930237dc38064e294f2c9eaccbb9ca9d5b23cccd8bbb3fc29babacdecd023f4e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049567, "uuid": "cb29d9d7-6bf1-44de-b502-ee75f9044998", "value": "T1E315F83804780A12C136D2ADAAD4F613B7904F96711CCD5686C24FC94AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049567, "uuid": "8951a3e0-0c22-42c4-a89f-ef4174fbb369", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049567, "uuid": "7cc30b3f-dbca-443e-82a7-f7c897a416cb", "value": "12288:JEKaJxW1fSvXeAG2L8warRJvIrP+HI7AVSfLS4115HoeBd:GttDL8wGJvSMlYhPxRz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049567, "uuid": "f2f53b77-3e11-4c4d-aa68-32c072b2b0cc", "value": 907776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049567, "uuid": "4671e335-a217-44c3-8e57-5b7a66ef43a8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049567, "uuid": "39a6267d-1e3f-4ec1-89a1-8d4c64197984", "value": "e197a253a7912a2c00481261811a22bd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb446078-31cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046695, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046695, "uuid": "a590bb34-e277-479c-98b9-a3e3b4891d53", "comment": "Malware payload", "value": "0f4c73283d11779bd22b2c8aec259f65", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046695, "uuid": "a1076acc-9e4d-4bde-958a-3608adf4f117", "comment": "Malware payload", "value": "158d07ab617c101fe9bda772225e07451b06399e1bc240d657c5b5f2f3fc03be", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046695, "uuid": "32899117-f603-456a-b363-f21c999c994c", "comment": "Malware payload", "value": "8c51ee49f9730dffd5ba036c72d22713fd07266f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046695, "uuid": "e9dc56c2-a327-497f-863c-2c0a32a64baa", "comment": "Malware payload", "value": "06e6920fe215b3ced2d04f59f3380794dea201b0726a7c6a6cc8f456a26654f17f23f4503552e9ada68103bc4cbeb6e7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046695, "uuid": "3a029667-f027-40c8-804b-4563e3ea48c6", "value": "T1C99733CEF994B242CCAD3E7528555871D1263EE12AF7B07A3E24B29B477309D8E53312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046695, "uuid": "7d2e636b-0651-46b4-a052-ecc98bf49dec", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046695, "uuid": "11ad90b5-49c7-4980-8e52-edbc279a5a4c", "value": "786432:B3JHok1IwEc+ge5X3duz4V9Gl7QzOqrWsxmEV6Smx2kkI0Vb:B3JIeN7edwb7MOqSNSmr0Vb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046695, "uuid": "9bf3ff68-66b2-42a9-9d2a-83b10454afb8", "value": 41232896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046695, "uuid": "0556e3b2-7cf8-4cea-8ce7-d95a5aaa0820", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046695, "uuid": "00b83de3-7651-4576-987e-a82ab96809d4", "value": "Social_Increaser.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e0263f0-3198-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1691024124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691024124, "uuid": "00b0d26c-fcfe-451d-8dfd-c4e494c12893", "comment": "Malware payload (njrat)", "value": "0e485a8e92e66b1b9f3f199e66d85566", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691024124, "uuid": "ba534f3f-30af-4cf6-87ee-cccaa41fa3b1", "comment": "Malware payload (njrat)", "value": "179a4c53805418dd29bab3594486412292092aa2925e35b028c2cf8b2d5e66fa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691024124, "uuid": "80be8d98-6d0d-484c-ac1b-6b00f5c3f59f", "comment": "Malware payload (njrat)", "value": "7203c6b73e8a926585ceedd5502c26d5281cd699", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691024124, "uuid": "8ae41a91-1311-4b5d-bf32-868a264fe0f5", "comment": "Malware payload (njrat)", "value": "4eedea301201e4a0fbee428172d3a7cab05d17ac62f395487b77a0950dd5bef05ff670615935b56dbf7f55b575a40abe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691024124, "uuid": "c85ccbfb-f254-4d40-93c3-5f13b0590ca5", "value": "T12813E88DB694E174D5FF8BF1B4A2B2890B71A017A802D30F99F114D94FB3AC09611EE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691024124, "uuid": "a90d07c1-2146-4444-a3ab-961336659a10", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691024124, "uuid": "258b20f5-e193-447b-afcf-85f3567b47dc", "value": "384:MZytX7xdW/IUyNZa55EFiTYM0EvbV56lpzYIij+ZsNO3PlpJKkkjh/TzF7pWn1Rl:qArxIghNZk5EFiTVTbCpuXQ/osZ+L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691024124, "uuid": "74c5ae8f-0c8b-4a2a-b930-c49c5a81c6df", "value": 44032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691024124, "uuid": "48007970-85ef-467c-8ceb-209dd7f5ae48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691024124, "uuid": "a7e36349-d3a7-4007-b86f-c32765a86322", "value": "0e485a8e92e66b1b9f3f199e66d85566.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49fce0f4-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068302, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068302, "uuid": "7cf9719e-6de4-4b1e-a3da-ddfd1ba6ecdd", "comment": "Malware payload", "value": "6046e8c07eddbc579154aeff17f9adf4", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068302, "uuid": "7f725b72-f6ea-43e5-9911-9a6e1bc72f08", "comment": "Malware payload", "value": "17d207b1b71b81a94774c5e71d8ac90161f70fadb9f41e9935bec4c3c5be66ed", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068302, "uuid": "117834ba-41d9-4172-b666-e871a229e595", "comment": "Malware payload", "value": "bbaf2ef27024bf45eea35f9937f2a1691fc6c2bc", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068302, "uuid": "50972d31-0526-4c7b-bc3d-dfa3f8eb3428", "comment": "Malware payload", "value": "6c3ec4e4fa741ff883587206820224fcff37e55cee4f815d78f291955e5f1494ffca864360c18071ae22a7e270e8aa24", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068302, "uuid": "a6d46f96-ecfa-47b7-9b75-c6513c7ba854", "value": "T14FB46B3AF1D0C477D0654E78CC5BD2D9946DBE606E28A8077BF41F0C8A793867A2B1C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068302, "uuid": "babe1d0e-18e5-4f9a-9f53-065726e3568c", "value": "12288:RIrqXlstKmmdtseWz9nwadGr7d4NysYs2iPR5hOAD5a8qnu3/FU:ROksnmdtxWz9npdhNyY7R5RDn+uv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068302, "uuid": "c900dcc8-630c-4267-90e5-75559418110d", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068302, "uuid": "059744e5-9b8d-4299-8c98-028026f8667c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068302, "uuid": "4311edda-7915-480d-a726-bb4cbbcf9a72", "value": "4568-849-0x0000000000400000-0x000000000047E000-memory_unmapped.dmp", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "939f33d9-31fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691067996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067996, "uuid": "e8d487de-7595-47aa-acb8-2ed08fdc1b8d", "comment": "Malware payload", "value": "4377cc80247a8ae7c2fe261af19480f2", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067996, "uuid": "48a43704-ba85-4eb8-96f6-b6fc308738cd", "comment": "Malware payload", "value": "1a94ea3a5b595fa4758ab0e4a3a70a43631439d79d3e94f5f539b00b64d2a1e6", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067996, "uuid": "3564b932-70d3-4e88-b5f6-4b5ff9108d7c", "comment": "Malware payload", "value": "1030e0efcf844afddabc28b0d1df2449bf947d66", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067996, "uuid": "d1c2cd9d-6e28-40d8-9164-3dc52ed409b9", "comment": "Malware payload", "value": "b49c455f86fae9c2a970188ff17867f172522145671ed6ced8fbad8dc08babad136a72b816cefb5ec9e65ee105c60fb5", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067996, "uuid": "53d28e55-a6fc-4706-9666-ab651b09b899", "value": "T165A47B26F5D1C477D0354EB8CD5BD2D9942DBA206D38A8477BF81F0D8A792C23A2B1C6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067996, "uuid": "7081ba1d-e04e-4195-b8f4-b2d8ef913029", "value": "fb5ae4b5aa4e7030af93ab337228f91b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067996, "uuid": "528af12a-079b-41bf-baaa-671a79dba6da", "value": "12288:LBX8vHudqoWy+sZWp9GAzXWvm9JUMRyHelhqnu3/75W:LlQudWy+mWp9Bz0m9ZR/h+uvU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691067996, "uuid": "c74df59f-02b8-4bd1-9ea5-6684b55c663a", "value": 478720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691067996, "uuid": "464854b8-019f-4e00-ad7b-0fd1a71cb77e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067996, "uuid": "3a86f520-4a20-4654-bd27-d0483ec764b7", "value": "1a94ea3a5b595fa4758ab0e4a3a70a43631439d79d3e94f5f539b00b64d2a1e6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4a88709-31c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1691044536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044536, "uuid": "9fc10a68-b0c4-470b-9338-e281a2190693", "comment": "Malware payload (XWorm)", "value": "4169bfe3f6b218deeeaec14f19d4944a", "object_relation": "md5", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044536, "uuid": "9f29ef90-8774-429e-9647-09a16f18c372", "comment": "Malware payload (XWorm)", "value": "1bb6378bbf1bac5a3f0857815e1be778d1ef0ca555954d64b4ed541240451467", "object_relation": "sha256", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044536, "uuid": "312e5570-c235-4e62-8b3a-e484bc4ff70f", "comment": "Malware payload (XWorm)", "value": "8fa6aa6b3479f8871ccbb91f5b5058903a3e6906", "object_relation": "sha1", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044536, "uuid": "599eed68-bf8f-494d-abed-9ad89e8aa9bb", "comment": "Malware payload (XWorm)", "value": "be16da47297c5ea7e4036facfe30a440db1a02d3768bf1b18f1500862fa8c09bed2fa328cbfcfe1fc5b205db698e4dbf", "object_relation": "sha3-384", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044536, "uuid": "06cb4e77-e459-45c9-aa66-a94953a2bda4", "value": "T1D995238864B67C5FF245827BC1943CB9D62DA80DA3DAB85F9D308F566C9304B0F7A4D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044536, "uuid": "b296efa3-b605-402a-9a53-849469403dc8", "value": "12288:YTIpLuS06AK3HBNBIwbIs8U3WGvJgm4/rI2fxrPGkNrP:Sh653H3bb+GSAcrPGW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044536, "uuid": "6b14445c-9d6a-4c4f-9710-4be167ebac06", "value": 2045155, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044536, "uuid": "5a8fc64a-dfa7-42cb-b821-352a50ad504e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044536, "uuid": "a4ce57f9-b901-4063-9036-fa61198c7468", "value": "yhubur.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e504455c-31cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691046658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046658, "uuid": "8b43d350-9f6f-4069-95d7-3f301c7601fd", "comment": "Malware payload (Loki)", "value": "de2866f237dbf0a2b85e26d80c56279b", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046658, "uuid": "1c50e3a7-44e8-44f2-8d30-317b1b82e877", "comment": "Malware payload (Loki)", "value": "1ce46f86a092a55271cc028739981ea665f13482a9b8361959a0c8a70c626e4e", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046658, "uuid": "a7a3306b-ba1a-4b3b-a3b0-6fd0bee1b09d", "comment": "Malware payload (Loki)", "value": "f717129b1873e90e78173794e51ee056fb0dd342", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046658, "uuid": "06f30355-7395-43fc-9d3b-72c7b8982de7", "comment": "Malware payload (Loki)", "value": "9dd25e3f8046d42a67c7d3d40d86ca8f82ffd066523c5a2e1b1120decdf2ce987c36a6b2b7677f6af0d6d48d5b72a823", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046658, "uuid": "3e5ef334-349f-4a55-9d47-c4615800398a", "value": "T17CA40200325CCD98E14756F96AABB14E501CFC627BC6A2D36B98B70F4932FBF2913551", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046658, "uuid": "9961ce80-9b22-40e7-a042-0bf8c4455575", "value": "12288:4SwooWQmmme6v3QLQuEeArYz/4eVRFqPhvGE75S:UWQmmav30x/NVRFqJvG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046658, "uuid": "6350a199-d7b5-49f6-bebc-31415039bbbd", "value": 455168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046658, "uuid": "e67b675e-56f3-4027-8a67-605f29b70279", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046658, "uuid": "57938f5d-3b70-49e4-a64f-b682cf80be94", "value": "23-350.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae3f7a7d-31e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691057733, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691057733, "uuid": "96e2df91-7a40-4183-8e3e-837cbe162c78", "comment": "Malware payload (AgentTesla)", "value": "b35428aa08be474a58f327e3313d7d3d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691057733, "uuid": "9ae02b78-da2f-44e7-b7be-32ceaaca9c03", "comment": "Malware payload (AgentTesla)", "value": "1d2511c250f3d794d9daa3b6e35d25f61615628cff750fb5765503687d8a75fb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691057733, "uuid": "7f5eb022-5058-46da-851f-f1ff00424716", "comment": "Malware payload (AgentTesla)", "value": "98a9f2b03370eab6a51967bbb13d42e6fd37df90", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691057733, "uuid": "0c43c0ee-8a4b-499b-966e-3351ddf36f6c", "comment": "Malware payload (AgentTesla)", "value": "6396817a97d8d27838d3566a04e6924ef3dcea02da323f4cb81fe50c2ee7c84d0d3f1d247d9db36640a5ab6cbc73c077", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691057733, "uuid": "33eca03c-028b-4f9c-8a5a-1e3e644723e0", "value": "T1C9353336DC00670CB9E9B99BAC0543034162198BCF26A5F6B9598D016DAF6CEBC71FF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691057733, "uuid": "c8dff193-d42f-4182-9f56-586c717436a7", "value": "24576:j6ODM/39TtS+DrAJIKbVHpJEk35ec55sq:eOS3xtSvf3Iq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691057733, "uuid": "e5617534-2354-478e-8cb0-0397fb15378a", "value": 1109500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691057733, "uuid": "2fd0b64d-4157-43a4-918f-19001a8f07a7", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691057733, "uuid": "f1012f30-2962-45fe-822b-42b783d54504", "value": "QUOTATION_AUG7FIBA00541.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f4a3609-321f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691082028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082028, "uuid": "b044767f-9604-4f16-8960-4be684066b78", "comment": "Malware payload (RedLineStealer)", "value": "6c2da4878b13faa18fd001a0fd70d15d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082028, "uuid": "7da085a6-8f31-4f13-9546-cd8ea9b7e24c", "comment": "Malware payload (RedLineStealer)", "value": "1da5072b30ffb9012b2cf00f2669518e0d086d55ee3bec7cbcc0fff12b6d318e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082028, "uuid": "22143b14-0429-4ec7-b4e9-55858bf885ef", "comment": "Malware payload (RedLineStealer)", "value": "ee3f4477786c6f0f74695af995fb9579ee8db3c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082028, "uuid": "e4ef457b-2043-450c-beb1-9af71bf75c9e", "comment": "Malware payload (RedLineStealer)", "value": "52ec4863dccbbc5630a6205f6b3a4dc98b326e178a2b4abf808da23fee9f35f9913146f5c73a8afc353f51eee91507a3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082028, "uuid": "4e4b1c68-39e5-426d-9b26-4b647b2761ab", "value": "T1BFC41253E6D990B3E9F01B7028F607D30B35BDA24D35536F2A8199AA1C73384A57273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082028, "uuid": "3450735d-6d08-419e-b515-835c4daec687", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082028, "uuid": "a5c1ee4d-d50f-4c35-ae29-d5db775688ba", "value": "12288:/MrSy909ue4m+9UUUhDyzzry0D8iaAl4nbyj:NyNOFhmzzryG8JnbS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691082028, "uuid": "902979d3-1543-4fb0-99dd-fe521ed1074f", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691082028, "uuid": "1016e7dc-880e-4b0b-8d3a-73d291b54976", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082028, "uuid": "622b6d51-c1f0-4812-bf38-f13a3bf2bd15", "value": "6c2da4878b13faa18fd001a0fd70d15d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce106b52-31c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1691044472, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044472, "uuid": "97df59df-6cb7-464c-81cd-cb710e84a0ad", "comment": "Malware payload (LummaStealer)", "value": "d3c04c040fa2499c2908765fd5d2f592", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044472, "uuid": "ade6c8b5-0412-4d43-90b9-7f9ba248b99e", "comment": "Malware payload (LummaStealer)", "value": "1df374065677b6f98c7b4d19cf48cf0a8ee244cabb29000b75b25d512a48470b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044472, "uuid": "f44df63e-1ac0-4097-97e2-28b4b76efa1d", "comment": "Malware payload (LummaStealer)", "value": "05a54097aa24fc78b0c065731795065f420867d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044472, "uuid": "04e5bebe-f310-449c-bc05-a417fb115903", "comment": "Malware payload (LummaStealer)", "value": "cb60938834931891e8ca6c7f85b4abc7caebaf00d314deb07a4a64c2cf589b118a2c9b9c2fe97a1b9cc7122a2ad1e4f5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044472, "uuid": "b20d8337-e98a-42da-be13-885d09dfa806", "value": "T103352926417AA0B7DF097ABC5E13D83A35D96B40B1B6E188BB1F38C7C5C61121D3A7E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044472, "uuid": "936f145e-b859-4e8c-ad34-d04d04a1c22f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044472, "uuid": "592eabf1-ab53-47a5-a342-3c1cf2b8489b", "value": "24576:PEhpppNpppppoOQpppNpppppoOduayAeU+HPgnBDp/ZxrBiUlwd0XzBcFZd:PpO7OdAAeSnBDpbUywyXzBcl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044472, "uuid": "1f7544ac-3b9c-4d83-8078-4a2a0a34b72a", "value": 1075712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044472, "uuid": "5947b7c4-873e-40d3-8446-43e01ae4ad76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044472, "uuid": "962ff49b-c33b-4308-b4bc-1f5d50c8b643", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6d84034-3234-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691091328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691091328, "uuid": "a7173d12-ec23-4d2d-aacc-a4ceb04f19aa", "comment": "Malware payload (RedLineStealer)", "value": "0b2826ee1c9fd9bd9aa4b0373d6845fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691091328, "uuid": "3c973f53-3222-4d2d-99a3-363b0beabfe5", "comment": "Malware payload (RedLineStealer)", "value": "1e66850ad67a8f1a5a3bd7a9db72b0505746ea55851ed41dd9a97f38501a52ed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691091328, "uuid": "11a516dd-f81b-48ec-a30b-1907a71968fa", "comment": "Malware payload (RedLineStealer)", "value": "59a620a9f5dd9d3788fb5b3d5e3abea957e7f91c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691091328, "uuid": "af5a19a6-504e-47c6-91a3-e2831c4ca335", "comment": "Malware payload (RedLineStealer)", "value": "78bb0293fd789120c1492d43447ae3c39da50239fe694950db9ff71e48b7587bbd9102cd3360cebf5b604c6934d02c87", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691091328, "uuid": "08ea2d1b-b737-48ae-a4c5-73a3d29e24c5", "value": "T15EC41213B6ED40B3C8B117B068F617931F317CA18C38835A2795696F1CB3A85A87677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691091328, "uuid": "e325f19a-c4e7-42b0-b94d-b4fd501260be", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691091328, "uuid": "eab47387-ee6f-479c-ac15-6bce8e61ff4f", "value": "12288:hMrqy90Ho9wfmO5S2Sic8yISZyR/4iD3:jygo9rOoWSZyB4u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691091328, "uuid": "a05d77a5-cfed-49f2-9846-fbfe9e1a433e", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691091328, "uuid": "cdac7883-1cad-46de-8835-c2a297271d62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691091328, "uuid": "36f9bc75-2b55-4383-8904-bf4a77161330", "value": "0b2826ee1c9fd9bd9aa4b0373d6845fd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20ab5984-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036450, "uuid": "73f48382-a787-46f2-890f-522a9a1bd732", "comment": "Malware payload (Mirai)", "value": "39fbc2b2b7da7dd9dc43d0bf55cc2887", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036450, "uuid": "33191347-be45-4ebb-a64d-e30a06d66b01", "comment": "Malware payload (Mirai)", "value": "1ef241ca77d2de374113db8b9e9bad4133142326683f2c7954bbab6415780dff", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036450, "uuid": "44827ce8-ae5f-46e5-bb6f-1cb32f820619", "comment": "Malware payload (Mirai)", "value": "6f4129ac812924f5f044bb8aaf10369e614b238a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036450, "uuid": "3ee38d7a-d554-4d9b-96d9-dc4fcbe883a3", "comment": "Malware payload (Mirai)", "value": "ecdee3931b6e07b68f9f375240e59bb060b1557cc41536af7994690f241015625c402a82854813d416daccd6fb0bd8a7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036450, "uuid": "cecf47d6-5fed-476a-9d98-485fb4c0d289", "value": "T182A3F872E643CAB2C4430AF201A7DA6B0D21BE6B0A7A5A85F31C7CB09F334C57655F59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036450, "uuid": "79508494-34e9-4c17-8c91-62816f2fbd23", "value": "3072:wW8FUmgujld6Mkxm6AJ+4fxHmmFVcqq0GnDZT:wJFv4Lm6AJ+4fxHmmFVcqq0GnDZT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036450, "uuid": "c1e5b7ce-bd6e-4747-97ca-40eb96700d69", "value": 104138, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036450, "uuid": "6499b959-4c5a-478c-bb23-de4057d65ace", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036450, "uuid": "e4fb6e1a-9d33-46f1-9f5b-22e894fa7423", "value": "39fbc2b2b7da7dd9dc43d0bf55cc2887", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a98fb5a4-31d8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691051712, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051712, "uuid": "a9b3c941-69fc-4ae8-9286-39ae770587d0", "comment": "Malware payload (Formbook)", "value": "62e103d750d28c704b676e4ded8a14ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051712, "uuid": "29812002-8593-4050-ba47-7cab66fb73ee", "comment": "Malware payload (Formbook)", "value": "1efb08a82cb31f0627287c5b4d31725dec2f9d5062cea032a454a9f1d953df5e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051712, "uuid": "e57ed530-878b-48b8-8d71-f030c9abee5f", "comment": "Malware payload (Formbook)", "value": "f5b029e5c6e79ff6e501cd229570ad9763a1de30", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051712, "uuid": "86342b66-c942-4fa0-838f-756fd8b3c60e", "comment": "Malware payload (Formbook)", "value": "f265bf443c753610c4e37c54c6cbbc55d8bd911fce441889bebc8b395353d3683a4dd9581659244e1a92ff9b1943854e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051712, "uuid": "845bb7d3-7470-4396-965d-8fc86e1fd39d", "value": "T1105402C4ABF9CCB7D92185715536DA413E705D3548508B872700BA2EBAF26D28F0BB7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051712, "uuid": "e5815908-e498-403b-9077-7b1eebb20d3c", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051712, "uuid": "b29bc08e-4ea1-490c-8a98-1ff3190c29a5", "value": "6144:wYa6ZOPlvVEXet3CEJtHZp7dzWC4BOCRbfYC+rpeK1VavNpK6ynR:wYjOPrEn+Zp3qXRT+Nn1VSWdnR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691051712, "uuid": "b9edc5e7-68b6-4667-95fa-d5c0c429a8aa", "value": 304034, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691051712, "uuid": "ac16fc87-a439-4800-b784-b476146eeecb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051712, "uuid": "b6a88524-80d9-4b2c-877f-55bd8bd02c58", "value": "Quotation G-9840270.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a2b5f63-31ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691045485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045485, "uuid": "a0b05943-d94c-40a4-b899-c025e341589b", "comment": "Malware payload", "value": "c996dc06fb54a057132c5abcbec5e40a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045485, "uuid": "45b9c59c-8914-48e8-981d-0a9127c2bc64", "comment": "Malware payload", "value": "220402e60646c23397146295518abce70fd88eecfe011662fc488034eb614ce2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045485, "uuid": "31571907-6c46-4614-a2b2-c81322f4f9d3", "comment": "Malware payload", "value": "a8e496c71f79d7a36c19cb038025a5701ec16534", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045485, "uuid": "7f01d789-2844-413e-a488-d79b227f87ed", "comment": "Malware payload", "value": "25fa0e41f7d9fcff1dd0ba615c2e045f12b28092ffa1b5012d53de1713755c6cc15f8870e2e41133f4bf2f902ddbdc32", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045485, "uuid": "4caa1eed-d1eb-4a97-9685-8f46c2f71cc6", "value": "T18915E626417A60B7DF197ABC5E23C83A35D96B40B1B6E198B72B38C7C5C61120D3B7E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045485, "uuid": "9c7c5029-56cf-40d4-afd6-d4b9d602bb80", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045485, "uuid": "44afa310-3d0f-4dcc-9e69-380911e805e9", "value": "24576:4QpppNpppppoOQpppNpppppoOEuayAeUv4FUET52ibrC2B0m9:47O7OEAAerU857rC2Bf9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045485, "uuid": "cdd7f02f-844b-4a38-a83d-752b709bb5d7", "value": 879104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045485, "uuid": "accd32da-3e42-408d-a41d-5c1bc28464bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045485, "uuid": "ea56db1b-8bb8-4c50-9329-b8f1a7b38f25", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8802f077-3225-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691084727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691084727, "uuid": "8e4989e9-9429-4e5d-81fd-2c4e739fb4a4", "comment": "Malware payload (RedLineStealer)", "value": "ca498c76ed9f1359380dfab52a5815aa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691084727, "uuid": "fd235ca1-52c8-42c1-bcfe-0a657c827223", "comment": "Malware payload (RedLineStealer)", "value": "2340f896b8cbfa8be08d34c73ef9b4279460a4f9c2e9e3b36b33fbddbed1a2c5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691084727, "uuid": "9812e935-f072-4072-87dc-f0c705f7eb19", "comment": "Malware payload (RedLineStealer)", "value": "eb90836857dcf637bb2676b9b81e90b0a9a40357", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691084727, "uuid": "d31628c5-075f-491c-b288-525cefff0d7a", "comment": "Malware payload (RedLineStealer)", "value": "1159b98a39115e05666aa80579d04283e567002c10c1b2aa0ba56fb7da83db0aba3238b0cc302c3e5f6891bd7704fd4f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691084727, "uuid": "540876f0-e426-4600-8c98-cd3ca9a1b004", "value": "T1F7C41216FAE850B7D9F21F7068FA039317367DA18934836BA641996B0CB3BC0653177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691084727, "uuid": "9202b8b5-219c-41b9-997e-7bcbe14d6de1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691084727, "uuid": "e06fe849-d04f-4ee3-a87c-97510a9733dc", "value": "12288:tMrAy90UGLQJWCk5QrsasU0Emdnm+/gy/QgiEKwAgS6lJ:dyNGEskgK0EGm2gyogww7S6lJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691084727, "uuid": "b384dd07-4a8d-427f-b993-92b8eb69a894", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691084727, "uuid": "c4128cea-5c7b-4e75-9f44-0bc7139dad4e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691084727, "uuid": "f22ffa62-27ce-4f69-920d-e40710846736", "value": "ca498c76ed9f1359380dfab52a5815aa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bfa8ef3-324f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691102719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691102719, "uuid": "c7c7b151-4b5e-40e0-9f4c-e666a367bc89", "comment": "Malware payload (RedLineStealer)", "value": "2aeaa97f6c13b99a88df99600de318c5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691102719, "uuid": "8b1771cc-db80-45f2-9ac9-957f7a169657", "comment": "Malware payload (RedLineStealer)", "value": "239fa79e04cc3bbc9397ebe0fe54215fe9f2034f654b7a156ac2063bb0449d9e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691102719, "uuid": "e49493cc-db69-4e29-b8e3-835c6bf21881", "comment": "Malware payload (RedLineStealer)", "value": "9a29474b564874f97e88f838a0bb6035ac2c66bd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691102719, "uuid": "8973b98c-484f-47fc-820e-f09742d46b06", "comment": "Malware payload (RedLineStealer)", "value": "d96f81f61190a3f50bb28a7c6c67dfb624fcefc5cb2e925784bfe89276b1044d7072747f7c38455082e0225f511ad82f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691102719, "uuid": "dd214b5d-41f2-4496-add9-ea236f965466", "value": "T173E3120543A083B3D9B887B0C8F39701BBB09253D8D5E2EB99EE84773917B544E53E69", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691102719, "uuid": "dfee2044-d2a4-4f6f-b5fa-178a76cbbe3a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691102719, "uuid": "1256063b-49db-4c93-af12-7151ca42cd27", "value": "3072:/Yp7itB9iYWRg8423GO+k8wTYfosQpGTLUCFtKlW3MN9fLEef5:x9SgMGO+krTYfZQogCFcl1zLf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691102719, "uuid": "a50544b4-99d8-4275-a608-1edb56a31ee7", "value": 144802, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691102719, "uuid": "89bd1de7-ad2e-4600-8a2c-e07fa7b511a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691102719, "uuid": "5ad594fa-011e-4de2-8425-a9cc8d8378a1", "value": "2aeaa97f6c13b99a88df99600de318c5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f7f53e3-31d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691050675, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050675, "uuid": "876bb6b0-7b25-4290-b023-4f01ed1a812b", "comment": "Malware payload (RedLineStealer)", "value": "fdbb5bbb7df41b9ecf5b5ed65701b6df", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050675, "uuid": "3b1c12c4-eb3c-4166-ac63-42f5d6cc479a", "comment": "Malware payload (RedLineStealer)", "value": "2428f171da14c4efce31f34161d3ad34213c556fc99fc617f69aca0fd94d717a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050675, "uuid": "f0cd4f4f-0eeb-416c-83d2-0001c31c0435", "comment": "Malware payload (RedLineStealer)", "value": "086d390e225c037bc37e912098355a90eb22af14", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050675, "uuid": "fcce3812-cd25-4473-aaf3-a6634683db90", "comment": "Malware payload (RedLineStealer)", "value": "57db07c7baf7f2176e9b767e619e1c93fd6a3413ec19f252d54bc04edaa3e8db9799091282e843bc35273564526d4e15", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050675, "uuid": "a37a5fb9-4d07-4ec4-a35d-2c9989fa8954", "value": "T105B4026396D945B3DCB51B7028F707830B36BEA18E78836B23855C5E0DB3684A93176F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050675, "uuid": "e2d16fa8-75dc-4a16-b712-4a3b64f02b0e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050675, "uuid": "789a0060-67a5-4258-b630-2755d995bc0a", "value": "12288:1MrFy90gGPve9odj80wISfrPiiDBDx+cgCC5WYm:4yCn/1UrPisV45E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691050675, "uuid": "94e384a7-c91a-4b38-b68e-0f771d7e0dc4", "value": 529920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691050675, "uuid": "f590e726-c4cc-43f7-94a8-ea9345b544df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050675, "uuid": "2ca28e47-fd9f-45b0-a652-9c64f6a73f89", "value": "fdbb5bbb7df41b9ecf5b5ed65701b6df", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ab0b413-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046774, "uuid": "593249dc-b8f9-4fa4-a7f2-f6409abb522a", "comment": "Malware payload", "value": "76c3bf3ced64981b2983dc356969f5f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046774, "uuid": "96980205-b111-4bd7-9ee3-81a906eb2d21", "comment": "Malware payload", "value": "2509420bc591eb5184e72e3e280815d0a68f6e04bf9f7f2a7465c95e685151e8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046774, "uuid": "a0905c29-de54-471b-b167-90d5c855c95e", "comment": "Malware payload", "value": "247c97d9945b5d083cb8cb161cdf743b41fc9c8f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046774, "uuid": "494a6e67-9b03-43b6-9f4a-f3eb8fc50b3a", "comment": "Malware payload", "value": "248a76c515f2d07b2f9a7d76bc54fa1c3ca14c4d19d07372e7de1c62485e319dfdabd88d699505f53677c4c0181bcd34", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046774, "uuid": "6e735bdf-0320-4053-a181-c570bfe5790c", "value": "T11F15F726417AA0B7DF197ABC5E23C83A35D96B40B1B6E198B71B38C7C5C61120D3B7E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046774, "uuid": "9172ef1d-e80f-4474-ba59-ba0bcc37782e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046774, "uuid": "4ee18546-686f-4d3e-a433-321fce0e0aec", "value": "24576:xfpppNpppppoOQpppNpppppoOTwHGPDAveiuayAeU:xGO7OTwHM6AAe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046774, "uuid": "67aca121-b562-4841-90ff-185fbf17d046", "value": 923136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046774, "uuid": "750f2329-e0bc-469c-a7ca-229bd03d1962", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046774, "uuid": "056573d6-d1ce-4a03-8836-15dafe9f1bde", "value": "grace.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47a77d60-3238-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691092779, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092779, "uuid": "c63cb3ae-3dcf-429b-9e63-4427710d630e", "comment": "Malware payload", "value": "5d75670fdc5531ef09ec12de7fa8ab34", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092779, "uuid": "cdf78033-d58b-41c7-bf44-ce337f6b11cc", "comment": "Malware payload", "value": "2a02cf799a0231ff1faf3f5a02f4399fbe4492f0d68081e27f93c181b37731f1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092779, "uuid": "84313e73-60eb-4f4d-b4af-a1b01629aadd", "comment": "Malware payload", "value": "8695057628cf9a12f97e260694dbfc50138cf0dd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092779, "uuid": "10a085f1-d2e0-457c-bb5a-ffa64e56b1f2", "comment": "Malware payload", "value": "7752a9b25d06615fa9d069fca0ec8ac1655234c338bdd6792d2a22c3fd4728002dbf6ad8fd4f88255384531edb5c1332", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092779, "uuid": "3c1aedfa-aea9-478e-b4e2-f4ac3b5d9dda", "value": "T1D9B423790F31C3A98FB7ACB20ACA57D4A58834AC3A5F91151B5633F3665EA4786C33C4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092779, "uuid": "5c8c368d-7ab3-4e00-aea9-c7c9160b4586", "value": "12288:6N/85i/pHqAyIJQenHqDsOnXRQI6Z6udA56hsrIr5H+NIG/:oQcpKLK7oan7d00r5eX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691092779, "uuid": "51cf2a83-c046-4f92-ad16-eab1ca7dc58d", "value": 522916, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691092779, "uuid": "4d644b94-41cc-4efd-b893-80ad88385ed0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092779, "uuid": "ad32d299-5565-4cbe-8c9c-989d47512ebb", "value": "5d75670fdc5531ef09ec12de7fa8ab34", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a26976b8-31c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691045257, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045257, "uuid": "8fe5b176-3a39-4267-8085-b94118dad9ff", "comment": "Malware payload (Formbook)", "value": "3ccdd0e18d28f04dbec0e780c7a59122", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045257, "uuid": "6ded9742-82e9-429c-8fa2-84b78642a0f9", "comment": "Malware payload (Formbook)", "value": "2af567edebedfe678e978ae85cb5ebeca69ec07d3b10207404cb73ad782082a0", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045257, "uuid": "89063e26-f698-43ea-88fd-0e7669e1a367", "comment": "Malware payload (Formbook)", "value": "2885e2e8fa5349fe170415d5b4dc876d3c042981", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045257, "uuid": "d05a0edf-40b2-4878-a895-fd31c97979c1", "comment": "Malware payload (Formbook)", "value": "06453de897bc3c087217389d437043a7df67a0527745557d37ed165a5d9f4f27fe5c71d1307d8da8e85fa5ea6ecf5d9c", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045257, "uuid": "fd0b5c10-c490-400e-bc5a-a981aa788b26", "value": "T17E3412E2BEB30491F80CBA804C0251A273BDB756C968D94A437DDC6FE9870C575ED1AB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045257, "uuid": "86e366f6-534c-454e-b9d1-db7d1e63b9b2", "value": "6144:TWhYQiTelePtWWbf4Y3tqpFNx0JZ3WJLUoWo:TqQeUPtN4ZNx8gx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045257, "uuid": "7e433545-ce51-4ca5-a1f9-6a30f459c01c", "value": 235462, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045257, "uuid": "70fa1b3c-6cfd-4989-8876-696f6574f679", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045257, "uuid": "bd4767d4-dc3f-486b-bf6f-20950b5c25f3", "value": "PO#801644.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0df429b5-3200-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068631, "uuid": "fd7a8ef0-4244-4424-b635-b47a84250ad6", "comment": "Malware payload", "value": "52b4de8ba7ac712518748d193a2d1a7a", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068631, "uuid": "f1a2254a-43d2-42ec-af25-bba713582224", "comment": "Malware payload", "value": "2c016d48f5936bfa312d430755671b2281486c6775365cddc1251dbfdd9e6a7b", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068631, "uuid": "fea39136-b3c2-4d4e-af15-3f6f9adf0f65", "comment": "Malware payload", "value": "90fbfbf892d4ec67b758b6e0fcbae29faf2b0cb4", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068631, "uuid": "9a6aeb3f-b0d2-4438-a779-4f7a22a64a18", "comment": "Malware payload", "value": "bf66e3c9a1661f97facb10cf343e139a6bcea2252cda312d296e016906cac18f896bcd272e0f506ba32e13009dbc3808", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068631, "uuid": "56b3125d-0799-4c29-9170-5bf5959d4668", "value": "T1DFA3126B7473EB8BCCFA15B28F58C5024A1FD03E8CA7A5052B7D50106D9739C3AAB725", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068631, "uuid": "fb9f42fc-7013-4f98-8e88-55cb4f0875d3", "value": "1536:8LX6bs3OQwjgVRQh1Dn9p0Vxij1An09ltbXESlc+qbkABnj8JoKriIZh+3bG5RyE:KX6bs+jn9b0VIj6ez/K1KhwwD1IjTSGO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068631, "uuid": "1b861432-6401-4b86-a665-df20b5fe4a73", "value": 106486, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068631, "uuid": "a2d3900a-1765-4422-a090-9fba9bfd5b1a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068631, "uuid": "b79a7036-5680-4bb5-8d18-0ca456a302f7", "value": "sample.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "282c0424-31c4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1691042905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042905, "uuid": "65d503f7-bb60-4da0-9f88-99043d621744", "comment": "Malware payload (Smoke Loader)", "value": "2f918c0e2dbee6dd09b71a1c9ad6aca3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042905, "uuid": "46a08ca2-7379-47b0-8297-84a6e8422061", "comment": "Malware payload (Smoke Loader)", "value": "2d069be4278adc145301b5a0fe3871b0a111c2649965eb7a646f5ccd82f49c13", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042905, "uuid": "b1536a31-89b2-4899-bbb0-22599413aca2", "comment": "Malware payload (Smoke Loader)", "value": "7de8d0dfd4f7b2ed27c86fb9334ea1c49d1758b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042905, "uuid": "ca67db63-ff0d-40fe-9979-158d6132cd90", "comment": "Malware payload (Smoke Loader)", "value": "694552a168bd2d413a83f60d6e6020463814d9de608719768379871c846b03d50ae48446ac58a8c45f200ef20744a706", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042905, "uuid": "898e3690-73ec-45b4-bdb3-77f017858d9f", "value": "T18D549D427292E872E61E06319D1ACAF4793EB8704F595BF733446F6B18312E2DE72349", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042905, "uuid": "bc28dfc1-ac09-49e8-a8b3-6bfe69938caf", "value": "63b403774c774916f9ed6282f41f8cf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042905, "uuid": "a0b55f22-492d-407e-b8e9-76c8e4ec24d6", "value": "3072:8bqGx1tZudRQLo+ETXyUTBsGIyJDw3j3v5Zg3vMO7HHhSONk+V2gNWj:BQtZudSLo+ETLfZgjBZg3vM+xV2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691042905, "uuid": "59d744bc-8bfb-4233-a720-ebd323f56af8", "value": 295936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691042905, "uuid": "a192fde0-d3bc-4628-892f-7d537bf44f58", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042905, "uuid": "5be49712-7a45-4519-8f1d-b04fbe60522b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75228aac-31fb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691066656, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066656, "uuid": "9f695328-f7b0-4cba-a487-5884616c0ef3", "comment": "Malware payload (AgentTesla)", "value": "486055cd6ce24e4760b4210f832b779d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066656, "uuid": "f0c9fc50-b65c-4113-a61f-8dfbd37d3741", "comment": "Malware payload (AgentTesla)", "value": "2f0cfa1b5ad96b9d08319bde2c660b2eee480089c521ef47bbda609937367698", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066656, "uuid": "dbe17af3-5e96-4395-8dd9-825634ac7e2c", "comment": "Malware payload (AgentTesla)", "value": "e0a37a78dc0c90409269565c9297ec7d6361f941", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066656, "uuid": "47981dc4-9d83-4b5d-afa6-2cfe178f158a", "comment": "Malware payload (AgentTesla)", "value": "8ae6447de03417eafe5ef642ea81442e603ac2abd7fd2f786d5a25fa9b49330bab407d5f7fa86f8781150a8099867038", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066656, "uuid": "c5342380-cb0f-47e8-a2bb-86920c27e2f6", "value": "T154E4BE03B1AD4B5EDA3693F63171513083B6AF6B6119E6567DC6FCEF10A1B4C0A00AE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066656, "uuid": "ac8124ea-9a94-464f-8a3c-f7e45a262e97", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066656, "uuid": "1a9cbb4f-7f94-4439-9b6e-f57dbc8df6ee", "value": "12288:tXiQrjS2iNtO6JuAvverND2yaI3qCYvsLYKHnvwAq:hiQrjS1ZJPvQp2W3/pLYKH1q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691066656, "uuid": "ad0b90a6-73dd-4b0a-8f81-2f37e755d87f", "value": 710144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691066656, "uuid": "d27da7d3-560b-4cb8-b1dd-6017e644d6a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066656, "uuid": "19def25c-3a82-4299-b3d4-1bce45580511", "value": "2f0cfa1b5ad96b9d08319bde2c660b2eee480089c521ef47bbda609937367698", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c552826-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1691046777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046777, "uuid": "2cde5d89-43f0-4b6d-93b4-22776b9192dc", "comment": "Malware payload (DarkCloud)", "value": "e60d2959173c4b5fc24b7b3eb2b99187", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046777, "uuid": "53c74c7a-a1ab-4ad4-90ce-00092b8afc27", "comment": "Malware payload (DarkCloud)", "value": "2f26dac5e15dffd33c32b804e298148572627165cbf983a727a7ff0ad20ba571", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046777, "uuid": "46538c5a-ffa0-4102-aeb6-029a55bdd47a", "comment": "Malware payload (DarkCloud)", "value": "de2ec3fb20790ace1642be05ce4c8d62a8a11b3e", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046777, "uuid": "510a8fca-ec89-4109-9841-1accbd6da105", "comment": "Malware payload (DarkCloud)", "value": "e72a98fb338af83b7d1298263672efb5bc2d8338f02cfdccdea99cb3b368367d37e830b0a32398a36700628e07c25ac9", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046777, "uuid": "0866bf6b-164d-4708-b45b-0532a507bc76", "value": "T109251826413AA0B7DF097ABC5A13D87A25D96B40B1F6E188B72F78C3C5C61121D3A7F1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046777, "uuid": "e2554fb7-4487-41ba-9b9e-21197e6aa999", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046777, "uuid": "32fa724f-d466-4716-b4ac-03feeae165ec", "value": "24576:9hpppNpppppoOQpppNpppppoOx70OXoChYI2nOrrEZ:9QO7Ox7dXDh98", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046777, "uuid": "0c6db87b-ee7c-49e0-9350-aaedf25ec569", "value": 1029120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046777, "uuid": "38b2a53a-e6fb-4438-8897-d5dd555d2a0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046777, "uuid": "0014015d-3f7c-476f-b4bd-e27764f42336", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fed329db-322f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691089221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089221, "uuid": "caea4ea5-aa4e-48a5-8d2f-8d8a0781c6fb", "comment": "Malware payload", "value": "7e7f7eb640fe99875b97b78d2d9b9bda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089221, "uuid": "86bbb185-54b4-4ae0-8ff5-9ed34402bc43", "comment": "Malware payload", "value": "3022b39e282c4983956263cdde6892c555e7e6cece866a3590b974f2cba5a604", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089221, "uuid": "f716fd9c-e426-42a6-8089-9b7ce2b74154", "comment": "Malware payload", "value": "642434edf09e46a463dfe43d0bf4554959ddd1d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089221, "uuid": "793f9d10-1bfb-443c-b8fa-0e85b67c9fa4", "comment": "Malware payload", "value": "34666ca5f7312683ff2a5f67515395edfb1cb096f4dac473cab454cf06c6a54f6e31b564ce1aa73a257a18951f47ce04", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089221, "uuid": "cb3cdc60-7f61-42e6-be0f-12642067fdb9", "value": "T11DE4121973ADC817E97A8BF588F6E54803B1B9971C26F1EC9CC125CE16FAF446A0071B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089221, "uuid": "eaef4904-c53b-4781-a7f2-491c9671c5d9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089221, "uuid": "489c4245-88f7-47ba-b42f-effa7e7e317b", "value": "12288:wnjOMxnVhS1r3AoUfefrA/qQKp8wW9uE9HrzdJ1HN:wjOMxVhSBvU2fM/5a8wQfNzZN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691089221, "uuid": "c581d333-9612-44dd-a4a3-701bd3bf0691", "value": 711680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691089221, "uuid": "c952a6cf-3ecc-482d-a737-2ca0acc01e72", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089221, "uuid": "fa9da291-967d-41ec-bbf5-8f5a7784e2e7", "value": "ChromeSetup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25ada36b-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691047625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047625, "uuid": "5aa451f9-caef-435a-b055-bf84b9a19048", "comment": "Malware payload (Mirai)", "value": "5f4090f5f6523f81d473f19e22a91bcc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047625, "uuid": "9a9ced2d-9f7f-4f03-8d48-7275e4e23b59", "comment": "Malware payload (Mirai)", "value": "30e687b366bec3948f02197b70be7280795372c4c533c0a6f7809b9b982511a1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047625, "uuid": "13561816-50f1-425c-9877-07b3cf3ab0fd", "comment": "Malware payload (Mirai)", "value": "cbf7741abf36cfdc46a4ebd00d95fe44bf4eb2d1", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047625, "uuid": "2b1f1322-9d58-4a83-b13e-4c1526380efd", "comment": "Malware payload (Mirai)", "value": "f1915d3a7dd330b82c962f04afbba44df0d60962c5d79c573e2004ad435ee7f0c4ca36c84abc39e0a3151eca7d9bac26", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047625, "uuid": "48373ddf-f10a-4103-ba97-71ca3a162fdc", "value": "T111D2E04872D7A3FA8C8DCA7EB71E403A309EB4A5A7B19323B305D4574776280E651E8D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047625, "uuid": "946bc943-b0be-4c42-b38f-d78b579c7e6d", "value": "384:MPd/PxEDLd2TwULzm6lowYcEaqsp9qC450LQixBfE4jdlz0lewZ90BK2nJhtNyo:klxKd2FLPxEnspd6IHE4RlY990Hnyo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047625, "uuid": "09bafa26-4b49-4d98-9866-9e5f59e4796c", "value": 29464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047625, "uuid": "685d8afc-79f5-427a-bb2f-2a63cdb98067", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047625, "uuid": "fc58658b-fd9d-441c-a503-1e3c53408dd1", "value": "5f4090f5f6523f81d473f19e22a91bcc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fab8371-3217-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691078619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691078619, "uuid": "13431636-7f32-4816-874e-47a142dd4c8a", "comment": "Malware payload", "value": "54534668606d41518c17a223e3e78e4d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691078619, "uuid": "4aa16313-5ba7-43ee-9701-d0c309699789", "comment": "Malware payload", "value": "32d4abecbfc8e97640092de2779352e46b9fc181379d6c867ff3511b64fc0a36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691078619, "uuid": "6413fc7f-017c-427a-a3cc-54c9c004036e", "comment": "Malware payload", "value": "600856bf3eec1c55f9bd4ffd752b5bf944a1fe11", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691078619, "uuid": "f6edc1be-abe7-490e-9ea8-5deedfe3880a", "comment": "Malware payload", "value": "7859e267a29ab0ae4ea38fce047a5a96d67a909439505132c716365f0f58da03317a580dfb739aaddb8d1924089c1f48", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691078619, "uuid": "05eda003-2c20-4c50-9981-cbfbd7bf7a19", "value": "T179251926417B60B3EF597BBD5A23C83A359C6B40B0F6E298A31B24D3C5C61125D3A7F1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691078619, "uuid": "ae789201-1936-4ce7-923b-97257f09c42e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691078619, "uuid": "fb8ab1ce-86a2-4b0a-8279-04fa63dd90f3", "value": "24576:aY9vmeD2Vz19A2pppNpppppoOQpppNpppppoOBuayAeUlqaK6hgFkSFt7:PO7OBAAetaKEgFkct7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691078619, "uuid": "c03cd621-8c38-4d97-8e82-92c2e9075d80", "value": 990208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691078619, "uuid": "56f3e891-6134-435f-b2e1-027197626c63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691078619, "uuid": "1d6e841e-8e12-490c-b0ed-edde9d274585", "value": "REMBE Quotation 22001625_REV001.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "229c6fbd-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691046761, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046761, "uuid": "de65cfcf-3b2a-415e-bae8-3f82b33622ad", "comment": "Malware payload (AgentTesla)", "value": "45c3a5b5fdcde60fa50175879e45a7fb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046761, "uuid": "a3f12e4a-f84c-4d3a-90a7-c29ba5cef344", "comment": "Malware payload (AgentTesla)", "value": "346819703871e4709fedc019c2ff077dc7976162e25bd7edf75bc62708b769d7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046761, "uuid": "802deec4-4a8f-4521-9c26-d6ac941b1af0", "comment": "Malware payload (AgentTesla)", "value": "b03024216a41f47af6b444f1151f297610f8874c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046761, "uuid": "2c73e38a-4a86-4da7-b8c4-b341e4504a79", "comment": "Malware payload (AgentTesla)", "value": "29a3377ead87a1d7aaf37844e189a7df40d62a8ffc3316d243c889084d7b38356a7df39d5a3b230cdbe98c9689361cab", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046761, "uuid": "956544e8-e431-4271-ad5e-63b3b6188630", "value": "T167E41255A3E0613BF2BF37B1FC3001860A367EB976E5C2AE458435CFD9BAB000A55663", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046761, "uuid": "9f9370df-aed6-4047-8d4e-e69a066f7aa8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046761, "uuid": "06e5a77f-4d4c-446b-9143-102135bde07f", "value": "12288:5g7JUEKiPlYAPLHkGAeti9kYpzNIoP7DMUdqTTi/zzj6xosrgu:5g7PKi7L8eOhjnMHlxoZu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046761, "uuid": "a374929d-1689-4576-9c08-9d43f54aa75f", "value": 681984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046761, "uuid": "58f227df-5253-46c0-a78e-6b62336d8d15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046761, "uuid": "73eb0c53-b120-4cc8-baea-ee4538c55d39", "value": "Curriculum Vitae Adriana Silva.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c061c55-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691044602, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044602, "uuid": "35b766dd-a251-425c-90b6-b2c56b952dc1", "comment": "Malware payload (AgentTesla)", "value": "9fc59de78497e5d88148d1b45be221c3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044602, "uuid": "c6735764-18d0-4367-8522-7a3eadcb2f6d", "comment": "Malware payload (AgentTesla)", "value": "347fdec43c210e6bd804bf1b9dbd2a197f30819056641c8fc89d3677f86198b5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044602, "uuid": "df55c81c-ac00-4269-9993-6e4eb2f86d33", "comment": "Malware payload (AgentTesla)", "value": "fdfa626778e74f9bd73d91be7e7482a11b3cb866", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044602, "uuid": "c603f8cb-2d77-4673-88da-717c40f22f62", "comment": "Malware payload (AgentTesla)", "value": "90a8844d37ef25a8511598c76d2795695a3b08b37b8f7a0be77b27db78ef46c3d2a1802ee1892af21bbc90709ee93453", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044602, "uuid": "34c3b2f5-08e7-4ff8-bf1e-ef087dcd2278", "value": "T10FC42331E7DF80C7A81EAD6A361DBFB264177999C01BC8DD9E0129D1994C0A113AEFC7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044602, "uuid": "20d96fb1-26ee-420b-8d5e-afc1d66a83c9", "value": "12288:Ri/9miU/nAAAdhpxeiPfUwWl9RT4BF7HJdlHVl:RMQLAdhpx9PfUdl9h47zlHVl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044602, "uuid": "01612499-013c-4696-a129-8d4db04e60f9", "value": 569267, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044602, "uuid": "ac094cc1-e51b-4db1-8fe0-2851fb51751b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044602, "uuid": "5110a13b-7f74-4e73-aab5-39d56d2fdc8a", "value": "Bank transfer Copy.pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6936214-31fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1691068162, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068162, "uuid": "9453cacc-8455-4d16-97a4-faee64d0b203", "comment": "Malware payload (DarkGate)", "value": "75b74595f6fea0a3eeb781bce6e691c7", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068162, "uuid": "4641bcfb-59dc-4a50-9f63-0cad41249a7e", "comment": "Malware payload (DarkGate)", "value": "34aed6af1425b5315c9aee05a715aa76635ab453d4a1bf5740e7e94717170bc9", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068162, "uuid": "9ef76041-89da-47a6-aa83-18427eeffd10", "comment": "Malware payload (DarkGate)", "value": "9ad9b88311f73e40b59f82f9fca5b0a35305cc81", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068162, "uuid": "c995aa6d-a04e-4edf-a7ee-b6b4df5d6cd0", "comment": "Malware payload (DarkGate)", "value": "cab051d11346d9673d82b767f5f6a791266643c6b225b23667cec825b5361f3295163d639e5c488cbdd246138f9df388", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068162, "uuid": "6c7f1440-374e-4e4b-a851-588af6538c70", "value": "T170446C32F2C08977E1711B7DDC8BE6ED692EBA202D28544776E51F4C8D392927E281C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068162, "uuid": "a63ea858-0b7d-4a76-93db-7f667f93d718", "value": "b43381439d4d569858211ce4b5ba88e2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068162, "uuid": "4f1368fe-04a0-46fe-af33-c644c5ae581f", "value": "6144:Zm4+Ncp9RhNKOKuldMAH+hYnl5cN2Vs/oZVjtyU:5p9RhNKO9ldMW+hYTcNr/oHjt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068162, "uuid": "b0a6a446-f858-4da4-b6f7-39daaf0d4d95", "value": 274432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068162, "uuid": "b9f5a793-6e22-4cd8-b2ce-4d45d7f0ac58", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068162, "uuid": "c6c2e250-59e3-4500-a49f-4cb2a765091b", "value": "34aed6af1425b5315c9aee05a715aa76635ab453d4a1bf5740e7e94717170bc9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de235bbe-3242-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691097327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097327, "uuid": "38d6b6e2-cb9d-4825-956e-209b2aa3e108", "comment": "Malware payload (RedLineStealer)", "value": "a5e1ae464bd8139813eb0cfa39ba9e24", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097327, "uuid": "0b8dca8a-56f2-4da8-8cfa-da68eec50d01", "comment": "Malware payload (RedLineStealer)", "value": "34fbc2c90ad4048126a0d956bf4b62c29c7649465c0389504eb58dfd19b63394", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097327, "uuid": "20de6f1d-84aa-453a-8798-9fd31c249722", "comment": "Malware payload (RedLineStealer)", "value": "358a8f822b150fa06aca91b084122112b627e414", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097327, "uuid": "e78cae93-de51-4512-8bff-f25c01f0d54e", "comment": "Malware payload (RedLineStealer)", "value": "dc47f668a2f203c5c7a54d4e4e9ae6e750021f9cfc75eb92c3b576af4cfa74da4ce711baa57b130e412af2f7f8cf4d94", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097327, "uuid": "f837cb9f-4759-406e-a04b-a30b3fe3d585", "value": "T14FC41213FADC4477D5B15BB108FB02A30B39BC625D35938F2246562E0C72B8426B6B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097327, "uuid": "27901183-f5c0-4dd2-aed2-073d7a1f80e2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097327, "uuid": "d5a35351-4c49-4e26-b7c2-9959bb788638", "value": "12288:kMr4y905NBNsNhuxVumWi9ZGmOVlD2G5y+/Wi8rLj60JKaEf9:8y8DKI1WibVmlVyQWDrLWIEf9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691097327, "uuid": "c1b7df09-67f1-47ca-b4be-93dea48f304a", "value": 572928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691097327, "uuid": "30d89045-fbf8-4d37-9e58-f295630e2880", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097327, "uuid": "c435d360-019e-488a-914f-2fc576260b52", "value": "a5e1ae464bd8139813eb0cfa39ba9e24.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cb2bd33-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691047664, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047664, "uuid": "386705fe-0113-43a9-8e8e-55a53de98910", "comment": "Malware payload (Mirai)", "value": "4b791629962122ef3be9957e17211913", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047664, "uuid": "cbfe420a-066f-48eb-8b0c-08cebc7064fc", "comment": "Malware payload (Mirai)", "value": "3625e739d139f477dc05e2c99d4a7e1316eea91b207303418a5855d446bfbdab", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047664, "uuid": "353043cf-e406-4d44-ae9b-e88b441f7110", "comment": "Malware payload (Mirai)", "value": "38da206552ffb6ef246258771f93debe2bf10b27", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047664, "uuid": "7669886c-e39f-4f1b-916c-cbad038e546e", "comment": "Malware payload (Mirai)", "value": "69090cf8c8c7b17f62f5bdfdcdc9b5437eec83deb3e08de27d66e11de67fff6e7c0c04705e3def1fed250f5a77f25e82", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047664, "uuid": "d51172fa-c996-454d-a39d-7bd5cece46db", "value": "T170B2E1A487A19716C770B075E37C8F936A3B05E4C6F639261B2092BCDA4245633FD6C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047664, "uuid": "d7da513c-6e0d-47d7-aa83-b35c4530707d", "value": "384:4GHKXlJIDFUS0Mggks3aIrokYVDoDDRRKj55N7LB9U+BhMRChhymdGUop5hu7Z:4GHKQFH0rs3zWoDDRsjt7LB9U+BhMRCZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047664, "uuid": "5ac244d8-4cd6-4eb9-9ccd-f9f26099d3c1", "value": 24536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047664, "uuid": "9efd3ed1-8f24-4060-a734-f5bf78243d88", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047664, "uuid": "a63ae021-4975-43a1-847f-e6cd35788a4b", "value": "4b791629962122ef3be9957e17211913", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b0e4678-31c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691045245, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045245, "uuid": "eafe3087-ffc2-4382-af25-79f412b37bfe", "comment": "Malware payload (Formbook)", "value": "a1980b90da55148b699576f9cb0ea81f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045245, "uuid": "bfdedeb3-04ac-413e-9b83-a97065e59b40", "comment": "Malware payload (Formbook)", "value": "369de2afba1e4a4807ac66f57dfb436ec13cd46a5c09f6a4d7faedc788d04be7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045245, "uuid": "a123f466-2813-4ce5-847d-f548fbc26e64", "comment": "Malware payload (Formbook)", "value": "d3b7e4b5bc71b2079c34c3c87a097930250714ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045245, "uuid": "e83c72cb-9289-4d29-a7b7-fb6959545c40", "comment": "Malware payload (Formbook)", "value": "60ba06b72a725249618ab61cafd4a4bbdd599c5b9af9fb375282a775632b11d1e7b9dca2c62e0369fe07820f88eb95ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045245, "uuid": "1c87485d-25d9-48ca-bb8f-3797d928e9ba", "value": "T1EC34225573C1D083E9728BB16D7623269AE5FB1A34E2810B57E08B5D3D723829D5F323", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045245, "uuid": "9a6937d4-c182-423a-a192-473d6664d71e", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045245, "uuid": "83fa4de8-f956-47cb-a2a6-4c5dc2935479", "value": "6144:/Ya6zgH04XJCrOIbe73C8PMR2UfzRkLhMREsty+3m:/YJgdXBIbeYcneH8+W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045245, "uuid": "5c7198c5-d9ef-4c4d-ada2-91dcfa050d5f", "value": 251400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045245, "uuid": "84f2f5be-e2a6-4432-b039-3a215ce46624", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045245, "uuid": "368d25dd-3745-4614-af33-1e17ed450e56", "value": "EUR 17,970.25.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a83538a8-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046985, "uuid": "d3be447d-dc6c-44cc-b85d-c9be333bf34d", "comment": "Malware payload", "value": "bd2b6dca5995db53ff12e3031a68d0cc", "object_relation": "md5", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046985, "uuid": "648218ee-6761-4c22-ae59-7c100b23c2b4", "comment": "Malware payload", "value": "39137a7756297ed9e328a633f21310d864ac193ea7e9c3d801dadbf0eac447ed", "object_relation": "sha256", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046985, "uuid": "6e4c9a40-836c-4a51-9548-b047b1c871e5", "comment": "Malware payload", "value": "813d94de3936221a151464b695e08d1c6f6e90d7", "object_relation": "sha1", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046985, "uuid": "1fafdac6-da73-41e7-9559-edae7f39946a", "comment": "Malware payload", "value": "9ba4e8db6faaf96572b4ada65373776986b49611504fc57445e680c3b707efb56707c413c9e791fd1092a44aa32cc354", "object_relation": "sha3-384", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046985, "uuid": "bb5d67d2-0c01-4681-b395-0d869fb029d5", "value": "T1C951DD0A97E44A6BE4B70731AEF3472367A4F8119B72975D19C40228AC647585D31BB0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046985, "uuid": "b139b621-bdcc-49f5-aaa6-3523a8857547", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046985, "uuid": "9a1b3fa7-47c6-4168-b4e7-e8356bdbb228", "value": "24:etGSNJp2YYDlalN0hA6RW1WzzbPtkZfSqv00mlWI+ycuZhN8akS4PNnq:6QYmlsNNnJSq80r1ul8a3Aq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046985, "uuid": "9bd5b8fe-73a1-42ee-bd4b-38a15ac356ca", "value": 3072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046985, "uuid": "a2eac5a3-1d2f-47f3-a105-e9dd63353cd7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046985, "uuid": "687d9702-eb08-4fd8-a601-aa637d0b8f08", "value": "41una5tz.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "19e73818-31a0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1691027419, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691027419, "uuid": "9464edc9-6af4-4c26-a2d0-2bf23acb7fc2", "comment": "Malware payload (njrat)", "value": "38e159243e451831d58f191bf027f88c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691027419, "uuid": "a1496e86-7730-4076-825a-0d8f91fd74eb", "comment": "Malware payload (njrat)", "value": "3bc719432f503c057762d2de93c2598f0cd5c086e68e1f804f9035caa67d2a74", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691027419, "uuid": "4ab6870b-9f32-4356-8d18-bca93fdd51b7", "comment": "Malware payload (njrat)", "value": "533798da369c405a347a59a21062e75f31ca3065", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691027419, "uuid": "fdf4eade-077a-4dcb-b50d-8d3b2a6aaa2c", "comment": "Malware payload (njrat)", "value": "4cb18b67d6e05c53db1a802e222282811e44a73c9c4b0124c0b886c13ff360368a9d5336d88a8943b1b51966a0c07a92", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691027419, "uuid": "7d2ee70c-8794-4ed0-912b-6f47ae02eae1", "value": "T15013E78DB694E174D5FF8BF1B4A2B2890B71A017A802D30F99F154D94BB3EC09611EE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691027419, "uuid": "23efbab2-86db-4d94-bb22-049157d0d216", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691027419, "uuid": "010c1c77-76e8-4bd2-865f-21994390124d", "value": "384:N8ZybjqyCEFmVoyb37ilaY2EdizMgh+zEIij+ZsNO3PlpJKkkjh/TzF7pWnOmgrq:N6yjqyVAVlbLCHKQgWuXQ/oXC+L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691027419, "uuid": "09774141-8abf-4ffc-bac0-6918bab50e1b", "value": 44032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691027419, "uuid": "eff2b22e-155e-46a9-bfa1-6d047a047127", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691027419, "uuid": "8903e033-819b-4083-9f53-a439abed2db7", "value": "38e159243e451831d58f191bf027f88c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "450f5c45-323f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SystemBC)", "timestamp": 1691095781, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095781, "uuid": "32796025-330f-41a3-b43d-9c43c1700460", "comment": "Malware payload (SystemBC)", "value": "85f8ed9c9f364b28d64e94075896df07", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095781, "uuid": "daeb253a-3e86-4988-b774-dfdf999312b9", "comment": "Malware payload (SystemBC)", "value": "3c259a269cfbb752ca15046aca1bea4a31390e4674de632c5c9428e95b41db1d", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095781, "uuid": "e42d83ed-8135-4029-adbe-d54f5b2fbce4", "comment": "Malware payload (SystemBC)", "value": "bc4d807af87e7c0b274b8d4661183e1628de78f7", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095781, "uuid": "2ad668fa-e539-48cc-ac33-43190e6ae65e", "comment": "Malware payload (SystemBC)", "value": "3ffab47786eb6a53a3703b3d9797fe3a9da1fe7cba78f8cb8c0ef1f360e84cd0035b0ca009e20c24f84728bb22748973", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095781, "uuid": "b1a6211f-c095-4463-85e5-224b95a0c9d7", "value": "T1CD5623BF6188375CC01AC8745533EE48B2B6191E0FF996BE70DBB6C07B9B8159906F06", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095781, "uuid": "242a6165-4d57-4152-9ac1-c599b4a76477", "value": "531372f8fed94a7a0e3b8ef647c7fcb7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095781, "uuid": "f82cb50c-96f8-4a7e-af25-ccd7d86e9bfb", "value": "98304:zikl1o/34cA08Fu4fZBgNL7bQMla48Llu8EAANISPatiDySc3L4uQbR:DFbRm/QMcu8qn4r5K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691095781, "uuid": "2da16b98-7874-4cf4-9721-68d02a2b0f67", "value": 6087680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691095781, "uuid": "9cbcd80a-c36e-4209-bd55-010c8edfe662", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095781, "uuid": "c41d001a-97a6-42ab-894e-54ffa752a44c", "value": "85f8ed9c9f364b28d64e94075896df07", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bd17a0a-31c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SystemBC)", "timestamp": 1691045219, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045219, "uuid": "d4a95fe5-245c-4484-b766-677020e3fa85", "comment": "Malware payload (SystemBC)", "value": "6ea1172020965edb4537d792d9708895", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045219, "uuid": "64d3dcb4-f816-4291-93c2-f2fac1e6fbd4", "comment": "Malware payload (SystemBC)", "value": "3c94a2599ff2c5b3103ac608e578a7ee477527097cd19e0f1e64d38d5366eae1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045219, "uuid": "c69f7200-bda2-4c71-bcfc-b88e21fda79b", "comment": "Malware payload (SystemBC)", "value": "3172fde93fdda132c70993e38d323e81dc2a1574", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045219, "uuid": "292858e2-7864-4f61-8c5f-528909fd8a09", "comment": "Malware payload (SystemBC)", "value": "9d3215794648cb3cb1c685e86aaefbb0135b2f5be08eea8c2af339da05edf975fb574bbe9a0aabcd4ff7a337dbbcf197", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SystemBC", "colour": "#A89B59", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045219, "uuid": "f5aa0d66-b377-4b0c-b451-e13326f78ade", "value": "T19CC47D11AFE4AB1BE1AF63B680A34A6143F4D096F3C5FBCB598069EA1C47304DD1539B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045219, "uuid": "8e184d58-defa-4d79-9f69-2808cf6b0a83", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045219, "uuid": "1dc8eca3-d348-4f25-8dcc-7596be203c8d", "value": "6144:xKYFmTP4ym4mEca4GtqLA3/3E3I4CmV9X1edcqeofiaO5kkRgVY2t6ta:YYqmERtq0vE3Ixm9UfP/5tW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045219, "uuid": "4f67ca94-e1ff-4097-be33-85c6ce7c3173", "value": 576512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045219, "uuid": "fa0085b6-3a6c-487a-82df-975da04adfa3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045219, "uuid": "45714731-89b6-4d4a-b2be-41c0c684f25d", "value": "6ea1172020965edb4537d792d9708895.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93c7bcc5-31cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691046092, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046092, "uuid": "54683f41-818b-4ce8-86fd-17a84b8113ce", "comment": "Malware payload (AgentTesla)", "value": "e9ad36242a1c263ef582454b28fd11c2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046092, "uuid": "4707c547-383a-41b1-b151-a3e6d4b9fa5a", "comment": "Malware payload (AgentTesla)", "value": "3d575714e9df69e3d22412ec3b54873dfb08a7c8a59d829cbcf34db71f68f866", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046092, "uuid": "8489961b-5963-4088-87bf-0d981ccc5a1a", "comment": "Malware payload (AgentTesla)", "value": "7a7a07f5d7f9a611e459963f6ccc52b3b2836522", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046092, "uuid": "4a63acd0-511f-42ab-a7c1-3c10c3627264", "comment": "Malware payload (AgentTesla)", "value": "d18e98bc7f4ba7918121b18ad4c42fe631917301e73e0f3234b0e65a5d3e5641ce05a1f3f7185d097605d944d116f913", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046092, "uuid": "13aa987d-d1bf-43f3-a919-8a917f5ee950", "value": "T1E0E4E80432A16EB1EC6D73F5686A244403F0ACAB5832C35ECDE335DB6774B978D89987", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046092, "uuid": "2b0f48ff-41fc-4f8e-8765-d788e660503a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046092, "uuid": "c918ef19-6cb6-43e6-b891-981d80f3dfdd", "value": "12288:6DeFSp44YQIrcxfY/5jfC4EONn0zFQUOggp:meFm4YIwBY/5TNnWQUOgO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046092, "uuid": "92f556ba-539d-4c6d-8783-67eb92b0787f", "value": 708608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046092, "uuid": "d4c56bca-013e-40b6-a7e6-f3add16b13d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046092, "uuid": "c54b50b3-025a-407c-8f27-f6f091a96245", "value": "56898765456789SL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "825c51c7-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691077416, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077416, "uuid": "dd1bc489-f9d1-4cca-8ce8-de51c9a3b492", "comment": "Malware payload (AgentTesla)", "value": "91e79d91d6a112020a48d6b29715db99", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077416, "uuid": "8fba9b76-a7df-45ca-ab1f-1017235b105a", "comment": "Malware payload (AgentTesla)", "value": "3d7c838e83fee92a8cbc8aea3f51936c7f03cd79ac48380a4c2383ae11f31db9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077416, "uuid": "7a330d3f-4b7f-41dc-97d3-0d36c1c6f06c", "comment": "Malware payload (AgentTesla)", "value": "09550bb1a09c330f204b7f438c22f68e64321f20", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077416, "uuid": "1c91ecd5-e87c-4cc9-918f-598b4d86e915", "comment": "Malware payload (AgentTesla)", "value": "c368f2eb7289bd40b502f93bc2d83a053f5f2219d53cdfb26ab8014e3f3591010d3e25972b3cc58e01b06e8959f0baba", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077416, "uuid": "25a9be91-6530-48b4-b9df-795f17513a53", "value": "T14BB5B303B94B9FA1D14F1777C1D644A8036BDE60AE12D3CB254F3F1939323A64B49A6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077416, "uuid": "80d6cb7c-0739-4938-a5cd-39984089b9c2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077416, "uuid": "59dcd051-0569-485e-81ae-137635b91ae4", "value": "49152:EEY4s5LA5/minzUkUgzxYdFVeFEEEJUe:C4m2nVYdFVkOJ7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077416, "uuid": "fcab7fa7-e4f7-44d6-bd42-7209bba3efe0", "value": 2409984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077416, "uuid": "257b94a9-d68a-4eff-965b-5d1658ecd2c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077416, "uuid": "b63ddd2f-464c-438d-983f-f3dfb6386961", "value": "QUOTATION_AUG7FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64d7bde1-320a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691073071, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691073071, "uuid": "bf34bffb-361d-4ccd-abef-ddafb9d46775", "comment": "Malware payload", "value": "55fd57f1a588169c1348a4cfbff2acf1", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691073071, "uuid": "49bf3295-1bd4-4ac9-a81a-21c5a733dc9f", "comment": "Malware payload", "value": "3e2e9db730bfb67c3f3e8bb04106dbff20ac3612c9cfbda809095b309585989b", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691073071, "uuid": "e4bc34ac-3728-4d5f-849e-c7cf013edcd6", "comment": "Malware payload", "value": "d2dda84f00ee0dcee7169408b6ca43ebd3759e3e", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691073071, "uuid": "71e2d4e4-d013-40da-966d-2f079b9b2673", "comment": "Malware payload", "value": "e20a8101fc8d594cbdcda1886f1e851e574867a88ce930ea58ce19b8d6fca08d3258c5661cdc872c19fc54e6fd8a8e4b", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691073071, "uuid": "bd095579-5b1f-4c7e-8c71-c816faf68a80", "value": "T108A65B7BB2A695A9C15DC33ED4A38F40993374B51F36C3EB5B9012650E219E0EE3E760", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691073071, "uuid": "2f7ffde3-6de2-4d6f-b098-6100baf37ae8", "value": "49152:1zf8QnvRoJQFGynYuZza8t13xzJYSWz1c4AgT2pwe4GgHdmqn8KkFxGKVkrSctdy:RvRo1yr/Xq0kmctGCo0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691073071, "uuid": "1b1c9822-6516-4a50-a69a-39fdac2b4e8f", "value": 9999872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691073071, "uuid": "c8cfa5eb-8640-4f69-9802-755f227743e6", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691073071, "uuid": "18f63d9a-c6f6-4f47-8778-6467a38e07db", "value": "Copia_de_La_MismaSHGSZSRRNFprhcdBLGUSYEMVHiscqt.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4142a8c9-31c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691045094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045094, "uuid": "bc339b4b-35aa-4f9e-bab2-2f2aacab1e6c", "comment": "Malware payload", "value": "678653ff8c8e73a2ff4b1f7ee59850a6", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045094, "uuid": "6882e597-1fa8-4eee-8de9-56024abff3f3", "comment": "Malware payload", "value": "3feefe7fb289c78a71021ffd49ceaaf130f59cc834f78c1615f341a8aa6adb13", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045094, "uuid": "87666155-b608-4076-b362-63990d1e71c0", "comment": "Malware payload", "value": "72fc5b0ecbabc795eadf2655a2fd44018b605172", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045094, "uuid": "4f57aa25-e865-4561-b54b-47cac92b7d19", "comment": "Malware payload", "value": "e9e10b508e556c9aa77fe9ccf8f698914f55b28c1affc6171d1083dfb27f6ba24707a1bf87c9b1cb0fdf1fd501d29724", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045094, "uuid": "b2bddc7b-d467-4661-b731-0e4b1b3a89f7", "value": "T141E13A1BEA370418D71B2C3B8072650A721F770B574F060EFB30A55D19B6BE21B6AE72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045094, "uuid": "d9ea7e9d-268d-4d98-9f8f-07ac8039dcc4", "value": "96:lRHCjPyqWbVvfh4YcTjGMhVVCvkwQEeGIRf3UNa52ZUPD9lhdLootsYuL9yx9xP3:lRijGB4LqOV8vdQjmoP5JL4YugdDy0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045094, "uuid": "099b42ff-62e8-40cf-a904-26241e54002b", "value": 7182, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045094, "uuid": "6880bbbd-1e69-4869-b559-9633affd4c59", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045094, "uuid": "cb1c4b43-26ed-4308-8502-02fa0bbd2119", "value": "Request for Quotation.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35d64c23-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068268, "uuid": "e00a39da-941a-4c9e-af60-a0d1426bb9c7", "comment": "Malware payload", "value": "8ddd586420033122d24976992899505d", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068268, "uuid": "8105b356-4c7a-4d16-9974-2d43a996e34d", "comment": "Malware payload", "value": "405d00c3e1cb116d81c1b1afe437991057529a56060b8e783041ed8b5d271316", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068268, "uuid": "b5faaf40-f83a-49ce-99a9-aa828c88bb59", "comment": "Malware payload", "value": "35102819531448c7425eb69c4ed2593ea6624644", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068268, "uuid": "bd337443-d529-4b20-989c-3cc59fd3e735", "comment": "Malware payload", "value": "0b887cd480b7a9d036b88ca09df343b11c803bde54fef3ab57f74b4a5023bb28428358c672ac98515c40750cd44806ae", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068268, "uuid": "e5a7e6ed-8cab-4971-99b9-40ece34376ec", "value": "T1C5A47B36F180C477D0754E78CC5BE2E9942DBA606D38A8477BE41F4D8A793826E2B1C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068268, "uuid": "ce9677f6-88d6-487d-aaa7-d6892bdc18cc", "value": "12288:ej3sc2BW/xShLE8A476w2TDVXZAQQAIvdR5gkOhgTlXNdhqnuI/L:e7cBW5SE8A476zVXZAQQvvdLtTlN+um", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068268, "uuid": "8a042f10-3c28-4fd4-b798-d02ba09e6e4a", "value": 485376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068268, "uuid": "3d99a597-fba1-4986-80b7-ebf0467372d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068268, "uuid": "c6eaaa9c-4c9a-4c7b-bffe-30fceae8d9ab", "value": "405d00c3e1cb116d81c1b1afe437991057529a56060b8e783041ed8b5d271316", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3b99ca3-3204-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691070734, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070734, "uuid": "e7c5b476-0e56-4550-b007-70560154a481", "comment": "Malware payload (AgentTesla)", "value": "f71da2af7a07346b068d49dfffb5b067", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070734, "uuid": "b73d441d-2026-4de6-83fe-aa8e7b8b3b83", "comment": "Malware payload (AgentTesla)", "value": "41be68a27165fde1aa859ae6a2f94bee4bd9e1782436bafba389b5783a13c598", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070734, "uuid": "4621b70a-4348-42ad-b6e6-fe5f537f720e", "comment": "Malware payload (AgentTesla)", "value": "b899160e3054dbb80a4d1aceda43fa9551ad0f8f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070734, "uuid": "0dfe2b7b-21f4-4bb7-be02-55fbc0a462e8", "comment": "Malware payload (AgentTesla)", "value": "8961387ee2da1fc1fe4047f9dd7c406f5448398ed78836b0080182a143b33893b40c02c96abcadf3602641188677c3b1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070734, "uuid": "ab1b6db6-a29c-4e62-8d65-87177f55b27e", "value": "T1F3A3129EC489A51A853DAEB8742F4CF710D0B80B14FB8CED582FD4930975F32ED59A28", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070734, "uuid": "75a5659c-60ca-46ff-8ef2-509c9c6b5511", "value": "1536:JJiN68IFa8mhuNuIDuYGXsUTm02YAA009/tcNHsOXuIXjC8c+lRbSKAe:bi3Ea8/lRmqYAVnsOXu6hFrb1Ae", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691070734, "uuid": "babce95a-a197-476d-a41a-8ba47c97db7b", "value": 104554, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691070734, "uuid": "80ded03a-da1a-4dc2-872c-2bc4d6d53509", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070734, "uuid": "9bd97229-ae97-49b1-a8a6-99b47f1d56ec", "value": "Disable automatic email errors.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aad52981-3201-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1691069323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069323, "uuid": "84ab39cd-f297-4562-afbe-ad9f96715bd5", "comment": "Malware payload (DarkCloud)", "value": "18a92e23aba473ea087ea1d7a657d934", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069323, "uuid": "39e1f29c-1449-4bd1-8560-4191bd290a76", "comment": "Malware payload (DarkCloud)", "value": "41fba72245a47fc97ba08382fb31a6cb58d8fe33a5098948dc45fde442732790", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069323, "uuid": "e9402b4d-24ff-461f-8495-1cc87fbeb825", "comment": "Malware payload (DarkCloud)", "value": "7939d4ee66de909264064e089e3b8fbb1c9f1430", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069323, "uuid": "74976a95-8d7a-472e-9579-c62fc4bdc171", "comment": "Malware payload (DarkCloud)", "value": "1c145b97ded57e5e473c6e964e0540cc7c7942a600b050054ac3f3aad07ae9929f24406bf773592e8eeea554bf93069b", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069323, "uuid": "304ea79b-52a1-4afe-9489-ee850bd9cee2", "value": "T1AE0523BD773E8B71D8E8477E9487C66183B21A8054C6F3AE4E84234D3DC5B19BA5B234", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069323, "uuid": "20ae4a44-ee0d-4df6-b04a-6b95277ca60d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069323, "uuid": "1961c9e2-1c93-4888-9080-9a28b1c8bd5f", "value": "12288:NqKus0AXb2qSasZKWoOk7RT9B8b7XRMfPYlLBI2BgnpknPk1Ez9QP:MKrXaqhVf1w7XunYnI2B7kU9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691069323, "uuid": "438ed83f-e802-4420-96a4-f906c3009010", "value": 823808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691069323, "uuid": "2384b2d5-6cf6-4365-851b-9dfd8e62e00d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069323, "uuid": "d2cbd775-6298-4b67-b079-c8475d8ff738", "value": "FDN.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca9f65b9-3237-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691092569, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092569, "uuid": "531d5c51-4196-4d8c-bb55-0afdb8362f6d", "comment": "Malware payload", "value": "8e1c6bbfc0ce1fd85ad192432ac0fe56", "object_relation": "md5", "Tag": [ { "name": "r02", "colour": "#754C06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092569, "uuid": "80158951-fe88-4434-9cf5-3feabf562236", "comment": "Malware payload", "value": "443e1fb52bc324d20afb4b0d9986542010ab475e38e187a9363867e0ba8be448", "object_relation": "sha256", "Tag": [ { "name": "r02", "colour": "#754C06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092569, "uuid": "e019c10a-fd1c-4a42-a15a-8bdffa8bb4b3", "comment": "Malware payload", "value": "4fdb7251c470683a65bd2500f30e2a48214ac0fb", "object_relation": "sha1", "Tag": [ { "name": "r02", "colour": "#754C06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092569, "uuid": "1440c961-4c65-4e61-8299-0c7bdaaf5f74", "comment": "Malware payload", "value": "682d52b3c7008410caabd9598cbb82afcc43932dc490408ab26cfe17083c419d5563ac101c81f2e40ab2da04bbdf0a73", "object_relation": "sha3-384", "Tag": [ { "name": "r02", "colour": "#754C06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092569, "uuid": "79a0b308-2094-4a44-8862-3600ff565298", "value": "T1BEE4232914757885F078C8BE366C14EE9FA88722512D9AED87DCB683CCFA785F034578", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092569, "uuid": "145e76a8-2be6-4224-b9e1-d0384ad8bb07", "value": "12288:lW5Jjg8r6EUmTeABDk/+PGzSr9gsI6XHXAHEQ/szLkYOl2SnXe9tsKCm+HjLRF4:g5Jk8OEHe+uz1sI6XXgEdkY02ke9rCmn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691092569, "uuid": "3920df32-8322-409d-8c68-77c2ea96aa9c", "value": 680602, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691092569, "uuid": "828b7b38-a1a5-41a3-875c-766d4b0073be", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092569, "uuid": "3072d172-aedb-409b-b340-7ef6ed530efc", "value": "nCategoria de auditoria.r02", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "53151280-3238-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691092798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092798, "uuid": "04547e3d-9694-4968-9092-907e6920d364", "comment": "Malware payload (Amadey)", "value": "43762ddccb9db44ea9914e448ba3e43e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092798, "uuid": "6394889c-6e06-41f4-af94-8c9ed7c40995", "comment": "Malware payload (Amadey)", "value": "459b0a16d82e7150ad3fa2cbc740a2b6a33606894669f5febe5d15c20b4cc0ef", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092798, "uuid": "19cc90d7-d2e5-4b73-beb5-fb92b7e4824c", "comment": "Malware payload (Amadey)", "value": "87e5766061740cf4a570133af6108399a11dbd1b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092798, "uuid": "db51cc31-412e-4edb-9346-aab58dc11e5b", "comment": "Malware payload (Amadey)", "value": "f3edee294c54d6d644eaeee3b40f2f7836d711a908a8e9447f35fbc0e30993bbc3fd55e276001b2bd891ced53bfa2ce7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092798, "uuid": "785010a6-6324-45f9-8df1-978d4528d201", "value": "T1C5936B1030D2C071D97E55351878EAB68B7CB914CFE08EEF27551A7A8E702D1AE36D3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092798, "uuid": "56817c2d-b6e6-4cc1-9b06-e57a1751bb80", "value": "52982bbab8b9d5eafbb4ec438626f86a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092798, "uuid": "041c5fc7-3de3-4f18-9ac3-0fc716c35c17", "value": "1536:uo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJUxPaB89p:uoUCWbBNpplToUs1uNhj25LJU9aB89p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691092798, "uuid": "32128587-abfe-4e0f-8517-c0c6c6ee2aac", "value": 91136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691092798, "uuid": "7da9f18c-a5cd-42fb-a4a4-6428e08c7687", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092798, "uuid": "58e23771-e996-4b3e-90c1-f41cd8c2b952", "value": "43762ddccb9db44ea9914e448ba3e43e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2db6add1-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691047639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047639, "uuid": "a3501816-8de3-49c7-ab0b-49ff1aec6088", "comment": "Malware payload (Mirai)", "value": "c138ab068532b26b79b63de49a678d50", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047639, "uuid": "4fdc615a-4fd3-4f2b-8031-74b3f4be6851", "comment": "Malware payload (Mirai)", "value": "46ff4eb57bdf2a87833fd849f5b7ab109e15d3ce228be889d600e702650ba5b2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047639, "uuid": "eb00ec68-89bc-441a-b88b-9a70bdcf532d", "comment": "Malware payload (Mirai)", "value": "5badf06b4209eafa6d4de1df3b8209c70bdfd093", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047639, "uuid": "7db55bc2-0353-4326-96a1-969b9020a42a", "comment": "Malware payload (Mirai)", "value": "8b5c2d770b6c79fe0ce28e0ba1edee8b8b75d7de5313a7a98b8561ba87fe8cef9a4d073c8fa1f66beff0b858dcf6899b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047639, "uuid": "ea00a52c-6c6f-40d2-b778-dd54e356f866", "value": "T105D2E06CD95D7905C69D3E7A55CE96B53C8CB0C0A35DEA8E17228444B62BF8BFC070B4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047639, "uuid": "fe2c08fb-e494-4870-8492-f4712c2a380c", "value": "768:k1uUtLrVDsAp6tLkF4FuetwEub4sU/M9g36KN/iJbUWUR:kbDs06t4BEub4sU/MbU/iYR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047639, "uuid": "e1405652-10ae-414d-a3e3-1e9d442d5654", "value": 30324, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047639, "uuid": "e792a0f9-d3cf-415f-94b2-a510bcaef837", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047639, "uuid": "868a6650-825f-42ac-90f3-4fc296f1403d", "value": "c138ab068532b26b79b63de49a678d50", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a496e8f5-31d8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691051703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051703, "uuid": "6379ba2a-3ba8-4ace-a661-611ade6e0503", "comment": "Malware payload (AgentTesla)", "value": "68dfd45159cab023b04e47f1f508e066", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051703, "uuid": "6520dfd0-ab9e-465e-95f8-6ed6c2a31afe", "comment": "Malware payload (AgentTesla)", "value": "473c1b3522e79c2ad4f0a6363630e7431b491b0e1eccbb6b32efbb93f62f4bbf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051703, "uuid": "b5a4bab4-3b9c-4702-93c5-05f4e073301b", "comment": "Malware payload (AgentTesla)", "value": "a577bf94f8f5e181056bd6fc5e98fd3b3c87d9bd", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051703, "uuid": "a3c4edf0-acd7-430a-93d3-3b48968890d5", "comment": "Malware payload (AgentTesla)", "value": "50f97ee5ad965f52d3ffddf1f4098f9a76ca35fe5ca2820bf1dcef8e8476576d8e054613a9cc3deeea5928b123464ae1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051703, "uuid": "b5e114ca-5719-45ed-a3c1-9fc059adc70a", "value": "T1B4E4234B367A09E8E9D39165A321F444754FC6CC07C83479B6DD90B1FA2841BEA74CAB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051703, "uuid": "49767837-1fdd-4914-aa2d-90563c55da74", "value": "12288:eSJGvSAALiA8u7v4Dmvqo3uEchnK3MjpFBAZ4Rai+0mRLabIVh:eSJUOSDmvh3shF3+Z4W5LaUVh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691051703, "uuid": "5b88a732-2357-413f-b029-3a8a56c5c6db", "value": 696789, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691051703, "uuid": "45b8d3e3-8546-450f-8009-3905ea1789b3", "value": "application/x-7z-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051703, "uuid": "7a8986fa-bf70-489f-8664-c9dbf19d357c", "value": "QUOTATION_AUG7FIBA00541.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86084241-31f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691063678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063678, "uuid": "1b67e1aa-d641-4e34-928f-3a67a12b834d", "comment": "Malware payload (AgentTesla)", "value": "16b790fa266f1f6377b3bc9188467d63", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063678, "uuid": "67af4bab-ff59-4071-9ba2-02eb92669987", "comment": "Malware payload (AgentTesla)", "value": "4767c41f81908b4c8afe3af843e684b65101f8e66e9ac7320b89b31d69e755b9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063678, "uuid": "d4020dfb-34a4-4d82-8816-ba583622b0f8", "comment": "Malware payload (AgentTesla)", "value": "3000fb1fa046885e27cb7bc87812bdbfd5857ec3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063678, "uuid": "f4ee9c5c-e269-4c2d-b166-ef1ff433d50c", "comment": "Malware payload (AgentTesla)", "value": "90ebe453bb1efbf02b0113c9fff203dd3a2d2ee9dad3bc107af8969cb8c8a2957622da49cbdeadfa5c3a0f05392e8034", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063678, "uuid": "1de2b3c5-4448-4ad3-a60d-4ae53499c3ea", "value": "T18015F626417A60B7DF197ABC5E23C83A35D96B40B1B6E198B72B38C7C5C61120D3B7E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063678, "uuid": "b3f6a4e1-2453-4a3c-90a6-46e46dea03ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063678, "uuid": "7e0df43f-53fd-4642-a280-bf4c2b218595", "value": "24576:NWpppNpppppoOQpppNpppppoOzuayAeUvN+FZdjo1:NxO7OzAAe6+F7jo1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691063678, "uuid": "c0b5f77b-ef01-4e68-93f3-6a5918099db4", "value": 920064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691063678, "uuid": "889a3654-8bd0-4a21-8ea3-ef712be65949", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063678, "uuid": "e09bfbcf-25b2-4164-ab45-3a404e078fc3", "value": "SecuriteInfo.com.Trojan.PackedNET.2235.1062.27589", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3007dd3c-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691046783, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046783, "uuid": "8716bd71-9e36-47bd-8488-98143789e215", "comment": "Malware payload (RedLineStealer)", "value": "79db25c05b3e7589660c5973bda162ba", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046783, "uuid": "ea631a9d-f39e-46bd-94d1-f47a779848bd", "comment": "Malware payload (RedLineStealer)", "value": "4865ffb7a56040fdf0b9f2dda0ac209fdcfa70e944f9e74d4c034774e23078de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046783, "uuid": "8d259625-d3c3-41cb-a0e2-d60884bbc23c", "comment": "Malware payload (RedLineStealer)", "value": "08046d53c1ef6a86d865b504f43ad6130556a8e9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046783, "uuid": "3e70cbfa-be6a-45b4-9318-44d002704938", "comment": "Malware payload (RedLineStealer)", "value": "f4b598266504c4bcf6e4f54b986323470cf893fb01105f6f523b968893658766cb7ff9922e5cb70ba5fefe5eb7241b68", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046783, "uuid": "85a8a51e-a261-4855-89df-48cff48335b8", "value": "T1FC349F30775C9F0AD9AD1A706472513463B2EC8A9090FB1A5EC1B0AB2E77F825517FF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046783, "uuid": "0ba6b9f1-eaa2-42da-9fbf-7d3975f58b59", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046783, "uuid": "79885120-dca0-436f-a024-da3372e851ba", "value": "3072:YrfUYj+zi0ZbYe1g0ujyzdHRt9shsOrM3lF7hdlfT0M/h:YzUYqG0Lahyl/u1rMVF79b0U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046783, "uuid": "efbd2b07-64e3-4181-93f8-ce6fbc485b1f", "value": 231424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046783, "uuid": "0ac399f2-ac2b-4c9c-a397-12790c3967f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046783, "uuid": "8b0894a3-af25-4d0a-b5d0-6c9816fde0b0", "value": "Eternal Cheat.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb3d57e2-3245-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691098557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098557, "uuid": "30460145-a0a0-4807-a3dc-0a5a42d4a8a4", "comment": "Malware payload (Mirai)", "value": "7925dc335457f4b45e3e2e138cb64bae", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098557, "uuid": "69eb7cb2-6cea-4294-91d3-1c68ff646500", "comment": "Malware payload (Mirai)", "value": "48a5629e9e32ce54a6dd666838f314c8891794912b0e9fc5103d7011ff29b8c1", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098557, "uuid": "8a604386-e7ff-453b-806d-125edb7722aa", "comment": "Malware payload (Mirai)", "value": "2daf8c4eb841653fb8796259eefa1a9e2efabcef", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098557, "uuid": "15666461-704a-492e-88b2-d9caec58e143", "comment": "Malware payload (Mirai)", "value": "49180d541d215540edad7d76b8e15321c8773ce428fdbf723d1f416528f37ea7432720d5d68530be971671b02ee81634", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098557, "uuid": "42f46749-999a-47bb-b0af-7742f3b0db16", "value": "T176C2D1322AEF39B1C2A434B6FC7C8AC7910F4BB965F15521725017A1DEE200352BA8F7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098557, "uuid": "3402a7b5-c084-4d33-8451-c1cefbaa0b63", "value": "768:AjKX9vt6GqA3Q0jzV7EUyUq9u9ZqLs3UozA:AjqtBqoB7EUBi2zA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691098557, "uuid": "b158ecd5-4af8-4983-a2d3-19791040e104", "value": 27336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691098557, "uuid": "4231a424-cd21-45b9-84e4-b0c364ac9f00", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098557, "uuid": "25c46a7d-2ec5-484c-bb79-a76a154bb77b", "value": "7925dc335457f4b45e3e2e138cb64bae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9608ced-322a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691087064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691087064, "uuid": "b67d23f5-294a-491d-b696-06ade15fb19f", "comment": "Malware payload (RedLineStealer)", "value": "bb8b0862c3c8ac468a57d9ae32f873f2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691087064, "uuid": "2e108040-b325-46a9-8a7e-835b7d81956b", "comment": "Malware payload (RedLineStealer)", "value": "498ce4ddc627a2b95a11ab521c9314fbe975d5aa4de496792906fe7bb8ce64e0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691087064, "uuid": "23ce35f6-ae73-4481-89ed-ca0671a077f9", "comment": "Malware payload (RedLineStealer)", "value": "fbfd4eb8fce8ac49938ad33da602227bdfdfc0e6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691087064, "uuid": "18c5fce6-2f52-44eb-a4ee-33264b62c691", "comment": "Malware payload (RedLineStealer)", "value": "29c276951bf2b41b5e2788eee1c0ffdca091e32cc45b354ce431cc74c0ac42d4d68c7184988718b10ecf1c826c5baf39", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691087064, "uuid": "e526e652-eaa0-4947-a6c9-4cf1e7ebb9a9", "value": "T1B6944B31869B1277F2577933ABD0FC830862F9C66A6973349DCC94B0C7752A4512BBE8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691087064, "uuid": "35763561-d971-4479-bace-37563545f227", "value": "c1d8dc34360d5ef7aa5bc95ab2a0e4a8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691087064, "uuid": "0d9d68a0-4dc7-41de-abaa-7b2bfb9ea02d", "value": "6144:Uj6yKNstxo6mjbLLi7LLccO28qrVO2l5vlR4CX1SvihNAI:UpDtxZEsdBN5v3rXainAI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691087064, "uuid": "dbf63b56-3c50-4ac5-8c6d-15b7865eb14c", "value": 428440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691087064, "uuid": "9b7c2504-53df-4af5-9c71-05f0da03fc08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691087064, "uuid": "a38d7a53-49fe-40f5-8eca-d98928b81e92", "value": "bb8b0862c3c8ac468a57d9ae32f873f2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c00a67f-31ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1691060574, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691060574, "uuid": "aae62f90-7a8d-4b40-bb4a-2e1f1bdbde68", "comment": "Malware payload (AsyncRAT)", "value": "dea3149aae31bd4116adba54840af10f", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691060574, "uuid": "9b6c0765-8bce-41c0-81d3-06af68b1e6c7", "comment": "Malware payload (AsyncRAT)", "value": "49a4c489dfa7a53be07d44857f65fd7a398d7a631a51532f1a9f3b5340979fe8", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691060574, "uuid": "0fc03126-860f-452d-b67d-bb8990c8f2d5", "comment": "Malware payload (AsyncRAT)", "value": "71f22e3720be46ea1d89ca7d47be95fc64a1a741", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691060574, "uuid": "a312cfb7-7991-41a4-af69-0e6d91f828f7", "comment": "Malware payload (AsyncRAT)", "value": "38cbee47b1b04a3f8ddc4e325846e413fe5ee5cb2e7832c7b6909fc2bd22580e6279b4acb3470f1f2ac906e7ddca70b0", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691060574, "uuid": "eab77a9a-179b-4e77-8f0c-9932fabb73be", "value": "T157231A003BE8812BF2BE5F78A8F26145467AF2633603D94A1CC451DB5713FC69A526FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691060574, "uuid": "176375b2-9782-48cb-9d27-75856781d226", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691060574, "uuid": "802908ce-019c-4a84-a9cd-a2a48496ead1", "value": "768:PuO01TXQpMlWUlr7e+fmo2qD7R5+oD6/1ZPIUYgzjb2gX3iHrg3UCBDZrx:PuO01TXOw2k1G/1W9g3bpXS6rdrx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691060574, "uuid": "05cbd830-213e-472a-ae83-486c7833f42f", "value": 46080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691060574, "uuid": "fca66b5d-7c87-4044-866c-1fef65ea5904", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691060574, "uuid": "019d591c-6a16-4d59-8a2e-afbe89fdb83c", "value": "2.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "414239cd-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691044665, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044665, "uuid": "ca313837-ca7d-4d7a-b399-bc1d571995c0", "comment": "Malware payload", "value": "96c30f7179f2d7045aba556d3b8f92af", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044665, "uuid": "5d5c259c-1e97-4405-b67a-437a608e55f0", "comment": "Malware payload", "value": "4b45a2333b183144267f5492c7dae553b28ad86d03a96891efb0fb04359d67e4", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044665, "uuid": "915dedff-0529-42b4-9b1d-4b417c6b37b1", "comment": "Malware payload", "value": "d67b625b55c6eebd2295e3320ffc9e62d4523a91", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044665, "uuid": "040361a7-bda7-4d1d-99fb-dc2eefa675b3", "comment": "Malware payload", "value": "98b9e57dd32395934b79b92c1577d4ec4c51715efa993a9a521ea72fb6e0097750744ec57c6c7f25133628d23ddb3324", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044665, "uuid": "edc9e764-ed2e-408d-b99b-f08494578eec", "value": "T174C3275BB2E01188EBB581F6D5920746EB7074721710A3DB2B7863B71B2B8C59F3D3A4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044665, "uuid": "99703869-bf75-4cc4-8b48-d078a810756b", "value": "f326f88ca83c9aacaa44acfb8884f1d4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044665, "uuid": "6f0a6753-c8f5-4811-bbc5-f66d4e5bf434", "value": "3072:w/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFSEj:Ltzsb5Uh28+V1WW69B9VjMdxPedN9ugC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044665, "uuid": "9e008afa-87b4-46be-83a2-596a2754b11e", "value": 124928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044665, "uuid": "8998c6cf-ab08-4b67-b076-3bede44dcd34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044665, "uuid": "c64ca895-29ea-4cdb-ac22-3c4bb5c18eca", "value": "96c30f7179f2d7045aba556d3b8f92af", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8579a892-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691077421, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077421, "uuid": "ce31e6b1-c67f-417e-904d-637014bcc5df", "comment": "Malware payload (AgentTesla)", "value": "9d0c6c13702c13da1455bef20a31eb3b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077421, "uuid": "0222d378-564f-45f9-9a60-f1f6e6439fe5", "comment": "Malware payload (AgentTesla)", "value": "4dd2b1081222991f76595cae95f0e3b47f56b2cef85177fee637a2534196dfc7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077421, "uuid": "0c5fb061-378f-4bcc-83e3-3cc8ae69b6bf", "comment": "Malware payload (AgentTesla)", "value": "82592302006148b2771b3673097b68c9c3440f69", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077421, "uuid": "5926d89c-d245-4afe-b5a1-93cd1abd42f9", "comment": "Malware payload (AgentTesla)", "value": "9768541138d92d860ac87cd3c010fecae62beb90e049dd26d5c6f817240e97a83b8b67aa311bc014cd7cf54dc8ef17f1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077421, "uuid": "e901b24c-8f0d-4e74-aad7-f8ce44e8914b", "value": "T12D05BFE47340E09EC857C975C8359D63A523615F9E1A920E2453BF8FBD2E3878A138E7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077421, "uuid": "e808647a-a802-4f6b-9375-45fcea2b1036", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077421, "uuid": "245ebc46-4ef9-4c72-a810-f2e73263dcca", "value": "12288:ed+3vSLeIJV1qTQ5x4JC92en/yQm8KiGp+0TqNd/5AWbqXdiEMTtndsOifVpEzSh:uteuag4JW2en/ZKp+YqNdx8NotndslA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077421, "uuid": "ec7827e9-e4e3-41c5-8d39-9b32738893f6", "value": 854016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077421, "uuid": "563401c5-f18e-4033-a04f-e619df55c69b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077421, "uuid": "88ecf7d4-3c3f-4482-9ea3-80cabfb9025d", "value": "payment details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b122b89-31e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1691058049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691058049, "uuid": "fe653487-b4ee-4847-8932-13c81134106e", "comment": "Malware payload (StrelaStealer)", "value": "21c55d28cc74c122b5198f6c22e5bdf2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691058049, "uuid": "1a78d915-74c4-46d7-8c98-5af47b804403", "comment": "Malware payload (StrelaStealer)", "value": "4f70e4e8d0e5a58c31a3cdd32dd02f03099877ba65dcc4ef822aa98a4c9b703c", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691058049, "uuid": "cb021854-f875-471c-8d9b-6fb135812a05", "comment": "Malware payload (StrelaStealer)", "value": "8a0951b86d3b4f1441f29edb60845cf88cc24202", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691058049, "uuid": "0f723c1b-079f-4aeb-84b2-511fc50424f2", "comment": "Malware payload (StrelaStealer)", "value": "84867f722ba9ec667298485b06aed0487c9ef219829bee845a3d7d08e987607f6d3022530b88074cb1d7c86c130302bb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691058049, "uuid": "8f7007a3-fd40-47ec-b8a3-ed11771c3ffe", "value": "T1D636BABD65DB650ABEA19C203FFCBBA4D77754B9C79BC6F044E9A07024204A7DC02927", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691058049, "uuid": "f89f0bb1-ab3a-4029-97ae-c9f6759116c4", "value": "fcfbe5457e76d2ac347d7db113c0ca3b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691058049, "uuid": "8b88d468-4912-4c17-9c5d-143ba36abcbf", "value": "24576:EvIv05XIC9NOSlGLq9lHqQI0fKDs1I3CAZ2KzHvB/8eGsvl6PY4oCs7PyM/91:Ev2/gNeIlH2zs6FTR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691058049, "uuid": "d3ccdadc-42e5-4f41-a2c4-2753dcaa08f3", "value": 4896789, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691058049, "uuid": "c0ac1770-b3f9-41a6-a77b-55e9626da493", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691058049, "uuid": "07c0b422-0746-4ca6-859f-5b4f7bb763ae", "value": "cloudyreceive.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a1f10bc-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068383, "uuid": "1fabc331-b566-489f-a7c7-07e501b01684", "comment": "Malware payload", "value": "7ca3f80816e0b9830188011fd190eeae", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068383, "uuid": "ecab6cdd-ef90-456e-80b9-75ffc8244adc", "comment": "Malware payload", "value": "50275fe91ebc69bbfc65edfaf4739d4345710aab5f7169048c82b7b15807abef", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068383, "uuid": "f3eb3e06-b19e-43ba-848d-7d24eee9bb05", "comment": "Malware payload", "value": "0ea00308137212af1e5e5025d81bad99941110a2", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068383, "uuid": "885ce6e6-e675-4b13-95e2-1596b6b47db2", "comment": "Malware payload", "value": "70b1a52f68ba6e2f74a69d3742b6e6345da4dfdf3c12705445f4b54f5e5e888e9688572d1aadbd3a2d3c423a8bbf129f", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068383, "uuid": "6df7dbac-368e-4b06-ab8e-0358d61bca8a", "value": "T1C2445C32F1818872E1711E7DCD5AD6D9A939FA201D2C684776F85F8DCD3E2923A281C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068383, "uuid": "701954e1-6983-44e4-ba55-ebdb40ebdd97", "value": "5b939a4be22cafb6821abf0ae1aa1dd0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068383, "uuid": "db2018f7-0ac4-47eb-bc4b-457800409044", "value": "6144:7HKm0XyFBUKCYjuvW3II+FkJh3UrWL9RYIeXeF/B/X:um0XyFCKCY3II0kJ9L9RNeXeF/BX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068383, "uuid": "1e155ce2-f377-43f8-87e9-eb46058bcf9c", "value": 266240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068383, "uuid": "54453f46-da82-40d2-b01a-ad0fa90f5b21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068383, "uuid": "ea3a3b50-c571-42d8-86b1-9f857087cb71", "value": "50275fe91ebc69bbfc65edfaf4739d4345710aab5f7169048c82b7b15807abef", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93c2b610-31ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691045662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045662, "uuid": "e9cd89aa-545d-4dbc-bff4-658d01174ae0", "comment": "Malware payload (AgentTesla)", "value": "d7d66ee67e62a71c8bfb9c54cefd6e77", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045662, "uuid": "d74c57af-eea4-41fc-8b3c-6f47fae490f3", "comment": "Malware payload (AgentTesla)", "value": "5093e206d65e8c081c148be03494bfb82d9d7e982911ce3fbbcd49aafdebf521", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045662, "uuid": "511de086-8f28-4335-909a-089a7a1f4793", "comment": "Malware payload (AgentTesla)", "value": "9df02c724c326077c10b7cc8218a6c6dfda7eaa1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045662, "uuid": "88cf9853-d370-4e2b-b83e-65bd13aafc37", "comment": "Malware payload (AgentTesla)", "value": "a0cf9343736c6df1748a4f9fae1b0a60dbb3fc71f19d45fdde8ee501fc77c849ca506c3302728479f9df56cc9c41f927", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045662, "uuid": "4e2d0bea-2c8a-4c44-ad30-14a7be094f7d", "value": "T15CE433B718E9D567EFC8E301B0D34ABDD173282F1C458DE96986B24AC997431C6F48CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045662, "uuid": "02a8b487-4c18-4445-90db-f0d753d727d6", "value": "12288:kKup3vgDadx9Pcv0Mo/UyUyODJWlq17PFJa60Z1YZSp6JiX6/3gwqRR:5yiA+lgUy0Qlq17PFJL0Zh6ks3gFf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045662, "uuid": "40f5aa17-5503-41cc-9ec5-9c964a234a2b", "value": 658263, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045662, "uuid": "2c9ab4d1-3c38-439f-90dd-c58bcdcb7487", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045662, "uuid": "fda6ccea-c8a1-46d0-b2fd-3fafdd6a22cd", "value": "Scanned #00461030823.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59c8cb45-31c6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1691043847, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043847, "uuid": "b9ed67eb-d997-4782-a538-43fc5b3e0ae7", "comment": "Malware payload (Tofsee)", "value": "2645ac6856952305ced88b406a86a553", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043847, "uuid": "224239e7-5111-49ec-8047-d2324ad581cc", "comment": "Malware payload (Tofsee)", "value": "50e1f9d1d7917bdea9173cb5588008574a0f62f71445ea1e67d9b7edb420f7db", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043847, "uuid": "cb0486e9-8325-482f-ad61-f2c9ebe77aef", "comment": "Malware payload (Tofsee)", "value": "1e7dd517829bf4bee2c1925e1c3fe7ecb408c8a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043847, "uuid": "acca5788-ac07-43bf-82f6-dec5daa990f0", "comment": "Malware payload (Tofsee)", "value": "aa8235805868479000f016d72de1c6d61aaf145b4b951a35797a98b92ad01698f14250c6aa18056ab7bcbae7caa13700", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043847, "uuid": "aad06bd5-9806-44a0-a9ce-2bfaa9638c62", "value": "T15F54AE127691D872D62605359E1ACAF8693EB8708F595BD733842F2F1D312E2DE72343", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043847, "uuid": "43d467d6-ea73-4809-9c7e-c18ecb898637", "value": "63b403774c774916f9ed6282f41f8cf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043847, "uuid": "e5cf832a-06ed-4ea9-aabb-e3255bb21c67", "value": "3072:4n0imvJZubuELYNNhtbIUr8PBQPq1HwjxnNqLV7xk+I97ZaWj:PxJZubZLYNNh5J2BQPq1Hwj/KV7jI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691043847, "uuid": "d7859273-8dc5-4276-8212-822945547976", "value": 294912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691043847, "uuid": "3564821e-d8ef-4afd-ab67-ff22b1f41fc7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043847, "uuid": "08b841e5-5a17-4b96-b175-da0a663338c4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67151b39-31e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Metasploit)", "timestamp": 1691055895, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055895, "uuid": "6e2cbf8f-200a-4bee-9fe4-9a686cb7ec21", "comment": "Malware payload (Metasploit)", "value": "815a0617dc07db926fa68cb185ae818e", "object_relation": "md5", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055895, "uuid": "2a3b3985-b300-4f8c-a592-35117b34d7c5", "comment": "Malware payload (Metasploit)", "value": "5195fd0c44088bdab26096acfb350404b32312b5f8244b37f519da3574a7c169", "object_relation": "sha256", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055895, "uuid": "464b252e-e197-4b57-a3fc-a4f573d7372c", "comment": "Malware payload (Metasploit)", "value": "067dcf0f912f39c55ad7721136708472537c67ea", "object_relation": "sha1", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055895, "uuid": "cb8e8d35-b0f3-45b9-8b89-0776515741a5", "comment": "Malware payload (Metasploit)", "value": "364b16fb149bcf72ce1418ed667c193dbe0f5a55f8665d1ea7e84aa03dc1f6d5b2c9246f2702fdd1060bbbd544fd071e", "object_relation": "sha3-384", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055895, "uuid": "6bf1b14f-0632-4c92-a769-f43b0ae5755c", "value": "T19E61AF932151B8EA414283BB3D496AF7807FC264955A7045F78C5F9DF8DDE633A8D2C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055895, "uuid": "e06ac950-7e94-4254-86d3-5ad1004c8b34", "value": "48:u+MThimb7RQF5aHuKZChFNgQfBZL0HuQghFi5QsvuiBrVxqT/s46rH:1GT67aHuSChFNgQfBZL0HgmAiBrVMoT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691055895, "uuid": "fb309267-9c41-4e78-bcc3-da98d4bd0c20", "value": 3242, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691055895, "uuid": "13694775-4f48-4892-b5ca-3c18de6f63f6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055895, "uuid": "a2473e91-171d-4ffc-845f-6d6aaacbbaee", "value": "meter.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1caf7750-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691046751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046751, "uuid": "37d943b3-543c-4e92-ba5f-59ba0c468320", "comment": "Malware payload (AgentTesla)", "value": "299fb1e8c9ce1c44df71fc36fcdeece9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046751, "uuid": "975558f1-a64d-4a57-baac-f59745a31328", "comment": "Malware payload (AgentTesla)", "value": "533522ee0e78efec4fd818e102051957fb0c93cbf8aa2adee2a3159c47d5ad30", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046751, "uuid": "16355bef-ef2b-4b30-b0d1-c8d79c5da2d7", "comment": "Malware payload (AgentTesla)", "value": "e40afaf67900266dd8d4c1e79e3ed841a2ec0ece", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046751, "uuid": "0be3cace-8f7f-4b89-8e93-952424f47bc7", "comment": "Malware payload (AgentTesla)", "value": "013bf6fda24ea223a04f6186ba790189185132f986e229cf54a00cdafc43295386b38eb88c7f411f72f1463f0e61f017", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046751, "uuid": "f6107164-9b04-4720-b35d-e77b85a935b6", "value": "T16A257CAC3600BD9FC91BCE76CA942C54AA2120B6934FE343911719ED9A0DBD6DF142F7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046751, "uuid": "b138dc2e-f61f-42e2-bc74-0ebb14d9df36", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046751, "uuid": "84f468ce-db88-4bdb-a5eb-d0b28b6060f1", "value": "24576:6g9YFHnaaKzGROuY/S4q1jYwClUvgckKhGHxxA0uu7OiFKkGtP:B9YF6CROXSNjYwCl1cQE0z7yP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046751, "uuid": "1c4ebda6-a835-4fb6-a356-f0be66bb83e3", "value": 1044992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046751, "uuid": "6d30f733-fba4-478c-bc8b-f27180768fc3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046751, "uuid": "86bc68d9-b651-4a04-b363-f3bc3e3b5512", "value": "Curriculum Vitae Adriana Silva.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b4f0d8a-3240-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691096114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691096114, "uuid": "efd60d1f-1d47-45b4-a7d6-75436d5b39c9", "comment": "Malware payload (Loki)", "value": "efb8b70d0ade09d402abae53484772c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691096114, "uuid": "678cbe6b-df90-4052-a7ec-f0a554ed4507", "comment": "Malware payload (Loki)", "value": "559bcdc82d42294adceb6f6b268fee48cb2ee55e7ce1d163b1d581a708fdae69", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691096114, "uuid": "39417d76-d9ee-43a1-9953-edfea10ece58", "comment": "Malware payload (Loki)", "value": "27353281b11498375c7b61d1d77089242dd14222", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691096114, "uuid": "6c670607-0778-4fb8-a5d0-4a131dde7589", "comment": "Malware payload (Loki)", "value": "9d82e83da66d2f89c2c7cb9c3541aa2e7e36864ff3cffc8a8f3376d3b48349a33107cabbcadf76fe1fdbb52a4d340c93", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691096114, "uuid": "1cb5a9ce-a51b-42f5-ae1c-06f197b9cce3", "value": "T11FA422F036EE56F8CD9847B994D2548013694BD7A4E8FB3DAEC920945AC27063436F2F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691096114, "uuid": "c3c49d4d-abd9-4bfd-9986-896144b6ea4b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691096114, "uuid": "11441e07-6069-44fd-91a4-99e858ae6bf8", "value": "6144:dWvPb4ulWyjAxHPgNt+uQUE9y/gfNdELN1GDBc1fZYB5CY9mJG5py2V/8S/M842r:dq7UF4NtTQXxdE51uyu5Csmw5ZN/C5n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691096114, "uuid": "28ae682e-c892-4fdd-bd61-4f68793ef603", "value": 465408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691096114, "uuid": "04d7f5c9-d2be-4b35-9871-858379317e7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691096114, "uuid": "4d64e162-4989-4817-a526-a32fe6eebcba", "value": "SKB STATEMENT JULY + SKB PACIFIC BANK SLIP 03.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba1dcebd-3206-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691071496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691071496, "uuid": "90db53ed-695f-4d1a-9791-6d53a559b949", "comment": "Malware payload", "value": "61efdb516dd9c54406a980d108ef76d4", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691071496, "uuid": "fce1aae7-6869-498c-8886-3ec1f42c186e", "comment": "Malware payload", "value": "56c42c4ce3ef015d7a4278cf23a0d263af3b21f2643999b9ac76ab45e8b658da", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691071496, "uuid": "9617dd5f-13d4-4f25-a656-eb11352bff6e", "comment": "Malware payload", "value": "6befc584337fe6f759bc90342a789ddc65bc952a", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691071496, "uuid": "9bd7d803-306c-4260-bc59-c065066fa539", "comment": "Malware payload", "value": "b45ff0f34f7c60e9714620100330687a45ba5e0588d22e8ac7483dd8d3e112057be5942693c6a7980054d8eebc979c3e", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691071496, "uuid": "c95fc5bd-bf38-4c2d-a45c-d164da177724", "value": "T1B2F2AE26C205491FD3024D39824A2A08D6ECE217F625738375749FAE4DAFDCF2E6064F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691071496, "uuid": "c81112c3-0b2d-49f6-9813-75d2e3fd108a", "value": "768:gInX5f4ZSQlF3A0tIgglgUSm84O6jIfiAcu368R0hGmKfiAw4O6sfiATB4O6fsgf:ghg05vtIRv84qK6d0hYK54iKgB4y4P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691071496, "uuid": "dca77005-8a95-428b-8d4f-aae0114cfc17", "value": 36168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691071496, "uuid": "65cbc9d9-9b20-4778-9a92-fb54db7ca5bc", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691071496, "uuid": "f0f5c1ba-bfb2-48de-8401-c01abe44ffa4", "value": "Products.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "278f1943-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691046769, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046769, "uuid": "f189e02a-b440-4584-a651-130fab24bcd2", "comment": "Malware payload (AgentTesla)", "value": "400d933024055d6c9aafa2ea8a4610c8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046769, "uuid": "22d66ee2-e907-4766-b838-ddf5d26c95e8", "comment": "Malware payload (AgentTesla)", "value": "57a48e9411f6b576dde04a4928c1100ac3633c1c2fa378fcec8d44fbf0aaddb5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046769, "uuid": "69108215-9166-4c88-9dbb-ac31080b9838", "comment": "Malware payload (AgentTesla)", "value": "60abb1b602f6f669592fc8d1b122ba3b69482417", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046769, "uuid": "f79a31e4-0f08-4837-a568-767499258c2c", "comment": "Malware payload (AgentTesla)", "value": "462ce6730c97dfc32899ad9fa57c1e5e65a96dfb6f39cec368e5b5f26955de4a292670aa28c0948ec58e0a2e93d7dbf8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046769, "uuid": "485655af-4070-4e8b-a4bf-570fdd9be47b", "value": "T12024ECE0317D93CFD0A28DB11FC98AB079F135AC98C4160DA0F69B2E93D6395589C5FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046769, "uuid": "286d724c-fc63-4f50-b928-2f32480031bd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046769, "uuid": "ed40cca0-f10d-490d-bbe9-920194a93039", "value": "1536:mLcbQRuzF2AY1c9wqvnAv77vvvvv7vvvvvvv7vvvvv64+mhhhm+DtqOgnW7TPxd3:2LRuz0+9wqY+mhhhmitqOwWfxvPXj5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046769, "uuid": "d8fe6e04-9d8e-4c52-9b38-b81cd72ead8f", "value": 225344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046769, "uuid": "1befa47a-a349-4efe-be9b-ca6e77874cd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046769, "uuid": "9cb3e924-591a-4a2a-8ea6-2b81da776dd8", "value": "all invoice0876.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c499ba86-31c4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691043167, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043167, "uuid": "647ad37a-8b80-40ec-9115-6ad69aed2d94", "comment": "Malware payload", "value": "ea8d852464b8653939dd17e98d6c0ef6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043167, "uuid": "748bf29f-d3b6-40a1-8611-a9787fda58c5", "comment": "Malware payload", "value": "58d3321d0f72896d730a7e6d944a3b0ff51e11cc6783a3895b7866a063f7928f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043167, "uuid": "b8982510-ff9a-47d2-a6d3-297da65329e5", "comment": "Malware payload", "value": "3fef45ec75a41e04181364c1af51331f8598d4b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043167, "uuid": "70377d38-759d-4086-9c05-4390caf86b53", "comment": "Malware payload", "value": "4e456494e3f00c0439c70eb6f7d22e9ba95797b8b406055d5c72ad9e27e8911ad58f662e3c613f8ef6951623a60ce841", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043167, "uuid": "45ea7bf3-fd01-4f6a-8dd6-c3d717a84197", "value": "T107452910B600E125F4A245FDBAEAA75C782E7F63479540CF23C43DEEAA787D56D3021A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043167, "uuid": "2c3bebc0-8e17-4b61-9995-165d53bcc94f", "value": "ab13129770f0ecf3c6738fcce37b79a0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043167, "uuid": "bb92cd06-e126-4d34-aaec-7019e155708f", "value": "24576:ZPFjggN520GtNsUGPxIncsMTWsdNL9tn68qQrEZT:jjg0GtOPxmynND68REZT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691043167, "uuid": "e2fdf5c5-b321-4cf3-8ac7-2c8c2b87425e", "value": 1230712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691043167, "uuid": "8fe79bf9-91ca-44ef-aa7f-42097904766b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043167, "uuid": "38918653-c80d-42f2-a99e-c1a709c6c158", "value": "XX7.31USD%1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "265a023c-31ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691045479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045479, "uuid": "3f404f0f-215f-47e6-b4af-60b0dea93e07", "comment": "Malware payload", "value": "0d5422a4633e375c042f179c26c24b8c", "object_relation": "md5", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045479, "uuid": "2a35272b-850d-4ba1-97a1-c32e8b494412", "comment": "Malware payload", "value": "58d63be41c7d8125c4f2e6cb0e234184f0541212ec2548568468d79cf3ffcf59", "object_relation": "sha256", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045479, "uuid": "605e0f0e-fad9-43fb-832e-5ef6b08f1d2b", "comment": "Malware payload", "value": "b8bb731db0672decfae775486f97fec0309467c3", "object_relation": "sha1", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045479, "uuid": "fadfdd7c-7f47-4ef1-9be3-60e6cd8816ca", "comment": "Malware payload", "value": "25df4565bae944ce7afb79fe72e77a9a74a4d8fea557616ab71b7d43a448a07fe29435277f104d1cfd8bd5b8d4261f4f", "object_relation": "sha3-384", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045479, "uuid": "d9835316-23f3-415c-86d9-44703a321ccb", "value": "T14FB423D4266A45EAAEAC1D27C226042C057B4F10CFC9E0671FC9B29430BA1996DC7D1F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045479, "uuid": "bbbdd040-0386-4bb1-9286-b63880687193", "value": "12288:n5X9llvcEAritIZrHWstaMJVVnE5cn0KVpGIIO4kORZSKOrIKcB:NxveriqTa0VE5C37IgKBOrIbB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045479, "uuid": "97f44e5b-5a73-4849-986a-846e18f168a9", "value": 494988, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045479, "uuid": "54ad7ce1-2565-430d-a19e-66b2588f2565", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045479, "uuid": "ac1de337-c273-4cd2-b8e7-89374815cf52", "value": "SOA.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b17fa86-31c4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1691043044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043044, "uuid": "52a6cc0c-e806-476a-8ad1-beb92fd6ea18", "comment": "Malware payload (XWorm)", "value": "91ae58b04a2a4ac19f8ffa8f188af8ec", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043044, "uuid": "e9d86228-1d1f-48b7-ac76-e84aedd962a8", "comment": "Malware payload (XWorm)", "value": "59d72ff91e94a2c762285cce3bcb3e94e8d14608c2eeecacdcd6fe720c3ad5f2", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043044, "uuid": "598fdaa2-d92e-496f-ad3c-d83396980590", "comment": "Malware payload (XWorm)", "value": "f33978487dd3be261ba22c8139aa60661dad6161", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043044, "uuid": "d26298b3-dc29-4a4e-ba6b-8ac13b88c28b", "comment": "Malware payload (XWorm)", "value": "abab14d58179832ca496358da0995f435c4a2f544f6c3b1b798fe81f3ea27392646b2b981c96d38f42164bff9ded15f2", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043044, "uuid": "b2ba99ce-4e3e-4225-982f-b1683b414e90", "value": "T1DC34CDA8E0A2919CFF5626F9E6D0F8C51D113CA275CFCC58052E5DB261E959C2E8C2CF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043044, "uuid": "12d533ed-7ca1-46dc-8c39-a74c24c5ed8a", "value": "1536:KVKmalbXOoEdUPseLxlj+FrI3bCT/v6AMk6lTKsQ:3COAMbQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691043044, "uuid": "0fed42c6-e78c-412e-ad44-b6acfb33e990", "value": 248392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691043044, "uuid": "d2ef9097-335d-4a3f-9385-4a18a70fd9f2", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043044, "uuid": "b6c210b9-8476-4782-9770-700da972cfdd", "value": "73cceb_e5a698286daf43ac87b4544a35b1a482.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7187b54-3245-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691098550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098550, "uuid": "708e502f-bd00-4574-8eb0-c7b394adc840", "comment": "Malware payload (Mirai)", "value": "2a152c936c96dca7fffb5204d16cab7f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098550, "uuid": "1cdcb933-f6b0-4755-9416-6f4145f7a5e5", "comment": "Malware payload (Mirai)", "value": "5babcc16179fec33d53f2b54b8f481ed70fe7dc46385a69f7566a75418cb5edc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098550, "uuid": "c120ae8e-8dfb-40d8-8c87-895324ac8a23", "comment": "Malware payload (Mirai)", "value": "b2b7d95dc03618c0af570f90b29d1ea00d239c35", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098550, "uuid": "9a0e45b5-9ce3-4a6a-adaa-00a0e885f005", "comment": "Malware payload (Mirai)", "value": "d51f0c9c6dab150d76f62773101124610028957f61aaae589542be034a0d90f817e6cc36189873f518ab5dec2b579e02", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098550, "uuid": "075757f9-d383-46fb-afcf-f05ee082ca9c", "value": "T1F0732A26B97A1E26C0D4B57E60FB8B11F6E1278E26B4C50A7D720E5EEF147006502EF7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098550, "uuid": "2661f2e2-9315-4b9f-a06b-6dc6ec4eb912", "value": "1536:hD/B6f6UD5hAS7mo0DCCAXpSKV6v3G78nN9Wj:927jqCt8v3GI/8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691098550, "uuid": "ead41dcd-c34c-44c8-a704-b3946895f675", "value": 74752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691098550, "uuid": "a3240f48-5997-4261-8731-20ac97854f8a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098550, "uuid": "7fde488c-25ac-4f6d-9a24-47504a747a89", "value": "2a152c936c96dca7fffb5204d16cab7f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1106999a-31b6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691036853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036853, "uuid": "c094778a-7e9e-4f31-bf03-3c708a0e8cf5", "comment": "Malware payload (AgentTesla)", "value": "b47e63bebb3a7560623f689aae649f85", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036853, "uuid": "73120faf-63f8-4a54-ae5a-8147886073c4", "comment": "Malware payload (AgentTesla)", "value": "5be0670113523b211bc21dd7d49443f0d89bf9b472b844b2a3242ea7b3eb1125", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036853, "uuid": "a505f2fd-ffcc-4629-9af2-fff22a7ade87", "comment": "Malware payload (AgentTesla)", "value": "ae657af375fe57580549307048391774b52250b0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036853, "uuid": "dde63562-7ade-4fb3-b64f-fc82c2a7059c", "comment": "Malware payload (AgentTesla)", "value": "9cc01d223de61afbeac1ad20326f3ac63eccf7a347707b870c148c015427bd96937a475e975a042eabe0831d9641eaf4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036853, "uuid": "8d4df990-54c8-4a43-ac19-73121e062c07", "value": "T13915E726417A60B7DF197ABC5E23C83A35D86B40B1B6E198B72B38C7C5C61121D3B7E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036853, "uuid": "36bcb882-3b6a-4960-80d5-063e320ef74d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036853, "uuid": "c1896100-ab2f-4671-a0f9-bd0385989d9a", "value": "24576:p3pppNpppppoOQpppNpppppoOnuayAeU7YJVs3ZxtiPCgD:p+O7OnAAeTJ+QCg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036853, "uuid": "33633391-8285-43db-b09a-e7ac418c262d", "value": 909312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036853, "uuid": "dea263e0-a5e9-4e97-a544-74aa6ac807df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036853, "uuid": "204590ed-c838-466f-b661-363bd0426d3d", "value": "SecuriteInfo.com.Trojan.Olock.1.32408.29910", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1d927ea-3242-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691097333, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097333, "uuid": "6c321e4d-dfc1-4fca-b1c8-5cde77d3317a", "comment": "Malware payload (Amadey)", "value": "69ea39ad0d7b9ee76022a7670a3d45eb", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097333, "uuid": "f4cba9ea-f281-41ef-970b-d2684d05963b", "comment": "Malware payload (Amadey)", "value": "5cd66bf9a722b844cd82cd6be69efb162e4d8288bd00e2f3a2a5e622ecd34281", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097333, "uuid": "0b357264-20c1-4503-bd6e-b06e5d5587cc", "comment": "Malware payload (Amadey)", "value": "4f6bf04b737f62b2b8189d86459cdb4e79f8cfa5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097333, "uuid": "0da773a8-5a2a-40d7-b87f-b6444688629d", "comment": "Malware payload (Amadey)", "value": "d8ffd0f3a1d998da50c4fd55c85da449991575fc87136d4023cfb12b69fac2a0abdcab12c6aaa444740a8db8982f79f0", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097333, "uuid": "25c5500e-2711-450a-83fc-e96fa5c6a284", "value": "T10FC41252BADA4172C9F10FB04CF712930B397DA1897487173F90AA5E1C72A99B47533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097333, "uuid": "548ca099-6c96-4d55-a8dc-fb02e5d37666", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097333, "uuid": "3112736d-649a-415c-aa66-aea4da1cf517", "value": "12288:NMrQy902It1KHKNw7eoegdZVDIXOryHiqQf1:NyRK277egZceWHwd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691097333, "uuid": "bc8e6857-0501-4c22-bfe1-be016be9d7c4", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691097333, "uuid": "b2503987-7e42-4570-b216-fae319918f91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097333, "uuid": "37e74f9d-7da1-4c50-b4b5-0105a7007422", "value": "69ea39ad0d7b9ee76022a7670a3d45eb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f868762-3238-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691092792, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092792, "uuid": "895fe843-5924-4212-bec0-b6aa2f35ddb3", "comment": "Malware payload", "value": "0874189f078f8e3fcb59e2900e078b7e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092792, "uuid": "345ae8fb-13a4-4dff-be80-832085b14bc6", "comment": "Malware payload", "value": "5cef817d00f7176aaff7d48722b45d82a0587e010655f9c678e75be7beedde77", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092792, "uuid": "27149c27-1c7c-462c-a0d0-ab1a8277f37b", "comment": "Malware payload", "value": "ff1638a53e3a403c1e63245fef1f3775b67bfd37", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092792, "uuid": "c6681e77-60e3-4ea2-b982-5228fed79836", "comment": "Malware payload", "value": "3e6f71a24357446499cc2125931fede35b46aa14abf8dd13da27878b394e3093f281608ae50a4718b425f5ffb4327c3c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092792, "uuid": "b03ab1f7-c229-472c-929b-6c855867d9b9", "value": "T178858D26417A60B7DF197ABC5E23C83A35D96B40B1B6E198B72B34C7C5C62120D3B7E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092792, "uuid": "bc377352-7c52-437b-9ad3-a216867675b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092792, "uuid": "3a3fe4d1-3b14-466c-9baf-72e15b1a3650", "value": "49152:JdO7OhAAeik4HCnVAMfKHbZ3SH/PxBbI:XO7O/CVnSH13SfPrbI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691092792, "uuid": "f9196696-ebfa-4c00-9f4b-1e4a859c806d", "value": 1723904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691092792, "uuid": "172c0e96-c099-432c-931f-c681df74a090", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092792, "uuid": "f2593087-de2b-4215-b340-16c5630fa689", "value": "0874189f078f8e3fcb59e2900e078b7e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7692e42b-31b6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691037023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691037023, "uuid": "979da28e-bb9e-47ab-aa58-e5ee663b82ba", "comment": "Malware payload (Loki)", "value": "8a967536e1b964e0b81a0e0964e26a02", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691037023, "uuid": "61ee873c-7fa1-44bc-ba70-a8f132b315de", "comment": "Malware payload (Loki)", "value": "5d06339335115891050ba9858ade0a01a1e11ac41ed8988c70953c3285d36121", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691037023, "uuid": "262c6329-20a8-4380-a6c9-2c77fdc7eebe", "comment": "Malware payload (Loki)", "value": "8413b9c6040cbcbef910096a699f2936a65982a0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691037023, "uuid": "d192b637-8b25-4503-8cf2-4b3339fadc57", "comment": "Malware payload (Loki)", "value": "be4e0145da5d36c4b1528b3a35c38e768ed386a917c5ff6dbff194dc3872833fd7ff6af3fbb78a035ebbf7087ce49b18", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691037023, "uuid": "e23b5377-e5f0-4b55-9024-90c218e2f4c6", "value": "T1E505D73804B80A12C135D2AD5AD4F617B3904F96721DCD5686C24FCA0AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691037023, "uuid": "67567a85-8340-4157-b02f-b94e18519f2c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691037023, "uuid": "dc433ebe-3b7b-4f23-92c7-d1b8b1f57d1a", "value": "12288:WEKaJv8tFXRsihtuItL5FbtO2qzuhVOEqQYchW:p+sihthlFJV8uhVbYchW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691037023, "uuid": "dd0fb010-5044-49c9-a8cc-985311a7e749", "value": 815616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691037023, "uuid": "0023cadc-67b7-499c-b57f-49b281d83316", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691037023, "uuid": "2a6290e1-cb93-4202-88b3-fd24e4756669", "value": "STATEMENT JULY SKB+SKB PACIFIC BANK SLIP03082.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1081ca7c-31c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MarsStealer)", "timestamp": 1691044154, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044154, "uuid": "23c3a79d-16d3-4bec-8c27-e9a864e61065", "comment": "Malware payload (MarsStealer)", "value": "076fdd478a34a40f5b68ac2997e148e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044154, "uuid": "9180cea7-64d2-4e4f-82cb-09f4019b0a87", "comment": "Malware payload (MarsStealer)", "value": "5d818a96c25ab660e15720a914dd07a5174214be72f1d4e72019f598cee4d983", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044154, "uuid": "f04c742e-47c9-49f5-8c7e-a500b07dff8f", "comment": "Malware payload (MarsStealer)", "value": "1618af00916ad9631bd8a3dc5be895ce3ce56911", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044154, "uuid": "0c3a1a68-e137-448d-8e12-24fcbef614c5", "comment": "Malware payload (MarsStealer)", "value": "a8dd869945a9d68e62d34c52732d5673e494f7b304c57a6f1c31f5607161273a606d06dd55575046005b695ea7110f78", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MarsStealer", "colour": "#DDEC50", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044154, "uuid": "49d9cd0c-86f3-43e3-83d5-cdb91ac48aa2", "value": "T1B354AF127691E872E62605758D2ACBF8293EB8708F195AD733442F6F1D312E2DF72342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044154, "uuid": "3b1627f9-97ed-4b50-82c9-f472ddd99e5e", "value": "63b403774c774916f9ed6282f41f8cf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044154, "uuid": "849bceb8-ef2c-4b97-8d64-3b90de792d06", "value": "3072:Cs1uGlEQZu7xM/L18eggb+lJiGhrF8TT7Sfynn6smo55k+k2LkU6QGCEWj:CXtQZu7xUL18ab+eTTean6hAbk2o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044154, "uuid": "9fdfc44d-58e1-432a-bf03-6a6dc42043ee", "value": 295936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044154, "uuid": "44d419ac-06a3-4231-878c-0b8b6c32728b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044154, "uuid": "8a98578e-7f97-4b60-ae9a-a308411a0d67", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4eece58b-322f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691088926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088926, "uuid": "b98bc3c8-a6f9-4f58-88ce-d1a9f0d0c98f", "comment": "Malware payload (RedLineStealer)", "value": "86135c12db7706f72d2b10e552099b67", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088926, "uuid": "de0ded67-8dbe-4453-8c6c-92a74ed85210", "comment": "Malware payload (RedLineStealer)", "value": "5d885749a935214b336e3ec5c7cfa5f8e4da7366e36d884762c1c08b59e8354e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088926, "uuid": "9d42c9f1-095c-4d62-9931-214ac4dc100c", "comment": "Malware payload (RedLineStealer)", "value": "b75a4f30b29675e8cfbc63edbda34b2c950c0306", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088926, "uuid": "4f47b9fa-b353-46d7-957c-ad84d500684c", "comment": "Malware payload (RedLineStealer)", "value": "ac7584df0d47cd65453634f547efd25ad1512ea3f2411a19760cc9d2f324cb64a2acff86bd8730828b4aa6ee3268abb5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088926, "uuid": "5a93e8d0-bbda-4a81-9655-781579738b85", "value": "T103C41253B6D890B3C9F22BB058FA46F31A35BCA04C74531B6E99594E1DF37C0A1B1B26", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088926, "uuid": "51d1774e-e08d-41c7-ac63-70e5690747ae", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088926, "uuid": "c4dd07ae-f506-4725-aff6-81e41ac23316", "value": "12288:UMrIy90cyEcHEliZraV1LqwL9nqfjIUIYjAy4DsiKFPUc6vGSw7:UyB+raCwL9nvUrAyGsfFOl2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691088926, "uuid": "ccd779b8-1f60-4f3f-9167-23b0cfe143c7", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691088926, "uuid": "91894048-6182-4123-a298-966e6ea38694", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088926, "uuid": "ebc83011-c1ff-499a-9a28-283f82a1472d", "value": "86135c12db7706f72d2b10e552099b67.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e51d0c6d-31ea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691059543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059543, "uuid": "7994a01d-ac42-46c0-8f01-e5ed9512594c", "comment": "Malware payload (AgentTesla)", "value": "95011c6a2b266b42c2e9bf3570c783a0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059543, "uuid": "eed13004-f1fb-4a29-893a-3f5e019a497a", "comment": "Malware payload (AgentTesla)", "value": "5fe2dd25dadf7dc7ccbf1d0cd8af1347a8a7e4996e02a7d2bc0101e863936eb0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059543, "uuid": "40923df8-b6e5-448f-bd3b-69eda21988a4", "comment": "Malware payload (AgentTesla)", "value": "f340914800a271d30f283f43da3ff9e79254af09", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059543, "uuid": "29e8bf27-f006-4c5f-ae87-15c74e3174db", "comment": "Malware payload (AgentTesla)", "value": "73fb08b7e18b9da571fb2cdad6cc8da7034edca88d68c5f427932134b9832ffbd88183bcde4272a99b3cdc533e94304b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059543, "uuid": "b0ee62ae-e9db-4d69-96ab-487c44cd5aa6", "value": "T1C915F726417A60B7DF197ABC5E23C83A35D96B40B1B6E188B72B38C7C5C61120D3B7E5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059543, "uuid": "ad5e9f20-e5e2-4699-a508-dc9021e1169f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059543, "uuid": "3139b2e6-e1ea-4cac-8592-68e268458f3e", "value": "24576:k9pppNpppppoOQpppNpppppoOuuayAeUYgUGh1gXr3j0e:kkO7OuAAel4heX8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691059543, "uuid": "2a3e1df3-757f-449c-afd8-cedce8c2cfaa", "value": 920064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691059543, "uuid": "914a37a0-fc86-4897-b1fe-5bbb26b17639", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059543, "uuid": "c3a904e0-6e15-487d-a9dd-11b81efa339e", "value": "SecuriteInfo.com.Trojan.Olock.1.6641.10915", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40c6b65a-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036504, "uuid": "4347444a-deee-4794-b347-966d0a697d90", "comment": "Malware payload (Mirai)", "value": "0a590771924b4d08278026fae4a2a357", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036504, "uuid": "ca352aca-3bd8-4e6c-a584-e934c28a012b", "comment": "Malware payload (Mirai)", "value": "60372d900506da46bf83e318f5f8f8c3219dcda3fca977f0172367d6825dfcdb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036504, "uuid": "f8157b0c-2e8a-45d4-a1bc-17ab64f472e5", "comment": "Malware payload (Mirai)", "value": "d33de2e584f8f76a59573161fb946c85ce2b6b68", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036504, "uuid": "8e7233c1-76c4-4c7b-91c7-161e7b96b5e5", "comment": "Malware payload (Mirai)", "value": "26ad738831ff8b52ce1611ff7cb8e93f532618f7727ed3e8e1cd25ad9323f0a122f277855215d52d0c630ec6959fc529", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036504, "uuid": "7096e995-bba2-43aa-ae3c-6e3b8fc85546", "value": "T13CC3E730E8044B1BC2D223F6E75A869E3F351E9797A733155B3879B02FF27991E29520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036504, "uuid": "a610ceb5-f7df-421e-b46f-a92f5eded74a", "value": "3072:4jDy/+mh1vtbPIKadbpcUPium7/L7QsvmGfIiNb:mOJ1vxfadbywm7/L7QsvmGfIiNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036504, "uuid": "b59e299e-a14e-4e44-a852-fcc09911146c", "value": 125008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036504, "uuid": "34f10e04-6197-46d7-8469-3352d65ff830", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036504, "uuid": "bce17986-bb39-4e3c-a1b6-301b90dc26ca", "value": "0a590771924b4d08278026fae4a2a357", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5264fba3-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691046841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046841, "uuid": "c898467c-a9b4-412f-b7fb-95dcc492ced4", "comment": "Malware payload (AgentTesla)", "value": "2a5ff81ca69f1837a4ba15af1de27460", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046841, "uuid": "d643e40e-364d-4e21-90ab-1f385d547136", "comment": "Malware payload (AgentTesla)", "value": "60f6f520f43ff02b6f2f63508c897d51757b563233dd7ef87bd9b64922fdb783", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046841, "uuid": "e6490b7c-e842-4893-bf80-da8bf2ceba49", "comment": "Malware payload (AgentTesla)", "value": "7c3f2e00d868d1b33edc80b8a34b9e8c2fd7e990", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046841, "uuid": "f41da702-0e98-4ae1-8529-3957885f53a1", "comment": "Malware payload (AgentTesla)", "value": "81121d255da2dadba7ac3ca7fd6d0bb8fcf0eea98dc80193665fc6be207424a1a4de1b0d957c05d05acc8f0abd9b55fb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046841, "uuid": "59332ab1-4905-48e6-9b95-09a09f5649a9", "value": "T14015E626417BA4B3DF1976BC9A13D83A75D96B40B0F6E288A31F24D3C5C62125D3A7F0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046841, "uuid": "48673420-312e-4839-a580-bfcd8bcfc0c0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046841, "uuid": "1c807ab1-52cc-4d40-86c1-78d5062d0711", "value": "24576:sbFjcrsXpppNpppppoOQpppNpppppoOIBuwRIMKneywUE3:vO7OIBlRh4eyxE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046841, "uuid": "e3cb33c2-a9d9-4334-a4ff-fee23374e9fb", "value": 912384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046841, "uuid": "54e3b978-c17f-4f95-95c1-d0f6bfcba6e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046841, "uuid": "fadf4d15-2fc9-4a53-929e-96d6fab2e7b0", "value": "SOA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ab3e2b2-31bb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1691039151, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691039151, "uuid": "cbb67750-59ea-4370-9d95-76cc342f0676", "comment": "Malware payload (GuLoader)", "value": "9cd26ed910554ae5b86e53ef892e7117", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691039151, "uuid": "853551d6-f911-4cbe-a8df-aa02706ead70", "comment": "Malware payload (GuLoader)", "value": "61e247e909bac54941a8d5746a808e3d760652cfeaafd34535a85e7f13d6cead", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691039151, "uuid": "cde8898d-b870-4214-a5fb-1ee98d737ac1", "comment": "Malware payload (GuLoader)", "value": "79e682e6a651aa74a4ea7fef64868b0e582b806d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691039151, "uuid": "11a933df-88c1-4f95-8a33-c01934bf6e3c", "comment": "Malware payload (GuLoader)", "value": "2bb7b13bd6760a415506257d39272be2b7f098eabc451fa7a27cb73e5130dd35be7f83bcefdc2c2be97f37df71b80f66", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691039151, "uuid": "57a5c253-b234-43e3-9f07-fcbf13d14956", "value": "T1B264233223C144E6EE434A739B6BAB75D6F3EB2505205EC763981FE3167EA819E150C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691039151, "uuid": "948d688f-58e2-4ecb-9e25-4affafb479af", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691039151, "uuid": "5d599cd9-fb16-4b0c-ad01-3190c45fd1ab", "value": "6144:jBeEp+sUD8z87jwGOVDRXWTUG2Yt2HWu6/r7/2FGCnrO:7p+sUD8z87ERRX/1YtElPFlrO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691039151, "uuid": "33c2c4bf-3d24-47dc-9759-568940a81d04", "value": 331472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691039151, "uuid": "0bb60e3d-8bd2-4377-9f79-8562702c9e65", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691039151, "uuid": "e6843f73-1158-41b3-a517-0718497446fc", "value": "9cd26ed910554ae5b86e53ef892e7117", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fca120f-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1691077358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077358, "uuid": "8686617b-6a0b-41a2-b7a0-3910756935a4", "comment": "Malware payload (SnakeKeylogger)", "value": "82c115af7f8d3ccac858d2665d546f7e", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077358, "uuid": "f1c5f397-4e0f-4024-b224-b17fa6923913", "comment": "Malware payload (SnakeKeylogger)", "value": "62be48d55ce8452ccc11ebafef61b9229995eb863b4da994f5db249227f2045e", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077358, "uuid": "297b7723-7c29-41ac-afd2-3d4d65c48d87", "comment": "Malware payload (SnakeKeylogger)", "value": "87ba605097a8718208d98c7728e790fa3df2b98f", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077358, "uuid": "7cd1c0dc-e977-484a-a383-d732d9665c03", "comment": "Malware payload (SnakeKeylogger)", "value": "cb5bb00db3823142aad5526e8e10cb3805fc43451a7e0313a933574e518d8ed4fc4b9683f897fc0fe0bc0e9a78d1b9dc", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077358, "uuid": "b7403b72-c20c-4765-a8c6-20a6a0ac3b90", "value": "T13BB423B737EC6374CC3847BD9ED7C81043A29A26CAE8F7395EC930981DC2581BA6156D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077358, "uuid": "1db7f934-1bc7-453e-bc05-d198ab399349", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077358, "uuid": "675a7dd3-c709-4499-b50a-222ac0b8abe2", "value": "12288:aq2Vp/eb830mMBGvvNrXg2lElnO4PzuwYy:b2Vl2ObJ3NrQzB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077358, "uuid": "195857d0-f6db-4f7a-bfda-99ec97502463", "value": 498176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077358, "uuid": "f3ce3cb3-4a35-429e-8822-23b9adac7ea7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077358, "uuid": "41f6e135-23d0-4d58-a572-1fec9619b036", "value": "DHL AWB 5016240033.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac618261-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046992, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046992, "uuid": "3e43ccc9-b503-442e-88b2-5c0f79334b53", "comment": "Malware payload", "value": "9387e06cf1bc0d68ec30289c43e39a00", "object_relation": "md5", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "inf", "colour": "#000830", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046992, "uuid": "4c88fda4-8e7c-46de-94d0-1b5510ab552f", "comment": "Malware payload", "value": "62c345c941d810cb301b0791a58980b0248a329a1725e567aca0eb03ac7737c0", "object_relation": "sha256", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "inf", "colour": "#000830", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046992, "uuid": "98b85170-5d04-483f-87b5-b0cc44a71a43", "comment": "Malware payload", "value": "d00b64128329d5a2b13990de19e495d3b4b56785", "object_relation": "sha1", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "inf", "colour": "#000830", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046992, "uuid": "f709e417-7a38-44fb-9722-686ee91c982c", "comment": "Malware payload", "value": "050391fe2f178f5bb10c369ec9baeda6179a0bedba67ecdb9991097f8aad759a2f867e4df9e8f691d32a4b153d74bbfa", "object_relation": "sha3-384", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "inf", "colour": "#000830", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046992, "uuid": "399158e9-260c-40ab-bc06-c69fa5349f88", "value": "T11B313F3CCD75F5C1826CB6A086A70C5223981613CB925A88E9951CB43B0DB4DCF6E78D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046992, "uuid": "6b5329b2-34f8-444b-8c2e-334c5a78082d", "value": "48:2adFelRm0iEjuKYjX6LpAapTK7ypFjX6X0A/4CwO:79jar+XUpAGK7yvXJAQ9O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046992, "uuid": "42fa30a9-c743-41a0-8d5e-2cc27a9421fc", "value": 1816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046992, "uuid": "a3feb7a8-84cf-4cd4-8549-2fb2e5e79ae5", "value": "application/x-setupscript", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046992, "uuid": "55929d61-e9e3-4f72-b651-1b7cda772fdf", "value": "CMSTP.inf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95c35d6f-3233-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691090763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090763, "uuid": "d6f51a36-54ae-4b9b-bcc5-df2ea5abcbd5", "comment": "Malware payload", "value": "5eaf9c2d6aff482ed1b4624d2c6778a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090763, "uuid": "3a729b3e-5703-41b8-8c14-7814b583f167", "comment": "Malware payload", "value": "62ec5f23a90cdb9fc1886dee1c0df6d3a2e86de7b22f4bb252779ba2198adce5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090763, "uuid": "7cc03d54-8782-4628-a274-ec05a5d93621", "comment": "Malware payload", "value": "a61cd68ef1b9dac7def801ab67297403e8c9d2e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090763, "uuid": "56615aa1-62d8-4c17-9ff5-715bb56b16fe", "comment": "Malware payload", "value": "c4fb878c24d39a509874f337013e6d312b829f316b40dd1c602cbb5ef58f0f66878446558e73651c85a553c5d45b0ac4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090763, "uuid": "2db53ed8-98e3-4a52-a1d8-bd332fbe2ef5", "value": "T15EA62A43F89191F4C1ADD27086669253BA707C895F3123D33B60FBB92B32BD4AA79354", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090763, "uuid": "9ee3e216-3ca2-4bd5-842d-87335d11b209", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090763, "uuid": "1162e20b-4d93-486a-8297-9ab5a1724125", "value": "98304:1R3M1L4Ozhl9t/lUNLRI89+BEolmHOnU2q:7C8W/lSRtUCnQq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691090763, "uuid": "56d988d0-1931-46b8-bf07-267c734ea9a9", "value": 9682432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691090763, "uuid": "53d2cf66-7630-4437-9bc6-2e6c28b7e753", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090763, "uuid": "3400265e-bafd-49de-abda-f348376b948b", "value": "62ec5f23a90cdb9fc1886dee1c0df6d3a2e86de7b22f4bb252779ba2198adce5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5f108c3-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691044941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044941, "uuid": "139b39f4-c01e-4d3a-8015-4a937470c72c", "comment": "Malware payload (RedLineStealer)", "value": "09d40569311725819e74a21aa34e081a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044941, "uuid": "d056bcb0-b02b-45c4-b5b6-f0b6cd0ce14a", "comment": "Malware payload (RedLineStealer)", "value": "630ae7e07ebdee531ab5e4423e1e73151990f48a05a478e7dbe62060960be914", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044941, "uuid": "c7e4f6ed-9d7b-492e-b2e3-13618de35ad5", "comment": "Malware payload (RedLineStealer)", "value": "936c58f2622bf350a418bfea95eaee65054d6684", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044941, "uuid": "23142978-f3d7-472c-93b6-c029756d35af", "comment": "Malware payload (RedLineStealer)", "value": "4c461f223d1f1105786eb06cf6c5eb5c50bc331519e485cb193353dd755c864bf7902668754706a410d809be40cacfba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044941, "uuid": "c58f20f0-bf7c-4cf8-a312-c48686901ff6", "value": "T18D14AE077D648072DAB5BC3C60BC9F49B98C7A828376E11A2E9623775F637F21E1590C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044941, "uuid": "fcc2b76e-f5a2-409f-95a5-28d6de496b34", "value": "4bb494acf9e1f9289cc636105d75ac2b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044941, "uuid": "ed83a6a7-dd3f-49e2-a462-8f8c68889a60", "value": "3072:qBdqDDQC17ydKV6vk2Wab6z3fMOVNuLMkn53uWFkVbxKI:qSDUCTVmt6SWAI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044941, "uuid": "eec60d3f-ef66-4336-a837-661c19ae1639", "value": 207256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044941, "uuid": "b67ab3de-cf76-45c3-b833-703e9eec6c81", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044941, "uuid": "d61583dd-20ac-45fc-a2af-5c0ffe331e9a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "404a2fce-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691049388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049388, "uuid": "5a5aaba1-39b1-434e-bbf3-11a129e59a28", "comment": "Malware payload (AgentTesla)", "value": "9998428d529fe1aee505e1a431b0dbdd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049388, "uuid": "45743b7b-d4aa-47d3-8d91-ca255f6adc8d", "comment": "Malware payload (AgentTesla)", "value": "66a259bcc78e70b7f21c21825453729e353f7a39391b4194430b54712e570862", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049388, "uuid": "b38fdeec-ec4e-43d6-85cd-795c978aac04", "comment": "Malware payload (AgentTesla)", "value": "165623133613e7c4be8d301d7e3a9f9b5312ff7c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049388, "uuid": "aa8ef68f-740f-4e4c-805c-d21cd29a5792", "comment": "Malware payload (AgentTesla)", "value": "5c75aaa496b0b63468b170d4d187ea11d4cd8e7ee0d17293fe63324eca1a30b547b589748341fa2adc66b84ef913129f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049388, "uuid": "317d76f7-c729-4b77-92b5-bb6ddc293347", "value": "T13525083804B80A12C136D2AD5AD4F513B3904F97761DCD5686C24FCA0AD6E2E2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049388, "uuid": "c22fc4f1-61f9-4ba9-87c8-22ceaba5ef7c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049388, "uuid": "0acff236-9bd6-4cd2-b610-f7f886e5d985", "value": "12288:5EKaJjKy2pRwd5+1KhkuIv9HpCbHFEz4x1wT/Khkqvk2T+xGiv/l8uqpS:gKL45lX8HGH+0fe4kJ2Sl8u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049388, "uuid": "1f172af4-03d4-4d4f-a672-7bb928213fa0", "value": 966144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049388, "uuid": "d223a6cb-c607-441a-ae9e-cf4a819d0559", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049388, "uuid": "58248251-e051-4c8d-af87-bba67674716f", "value": "9998428d529fe1aee505e1a431b0dbdd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2e041dad-31c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691044203, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044203, "uuid": "0d9727a6-5c69-4565-8ee0-e0f1a2381046", "comment": "Malware payload (AgentTesla)", "value": "5936d6ff945c20c87a36131edc64693d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "IZH", "colour": "#591C90", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044203, "uuid": "78f556d8-97dc-4bc3-bdc5-daf30ca2debe", "comment": "Malware payload (AgentTesla)", "value": "681f579c40c17c2b4561d88805cd874fef60da5daccd68185e2c937365aaca38", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "IZH", "colour": "#591C90", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044203, "uuid": "c80db25a-723d-42ce-9b0b-8d91ec262eb5", "comment": "Malware payload (AgentTesla)", "value": "a1968dd361918e391064cf96b9f410e8e27e63d6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "IZH", "colour": "#591C90", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044203, "uuid": "629d64b0-e95e-494b-a4cb-d870ecd5cce1", "comment": "Malware payload (AgentTesla)", "value": "f80407168cf8bfcfc4fe2054700f531229c57511d74723b87fc929bd410a290e392596f7fc4e45bf217e8577800d2b44", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "IZH", "colour": "#591C90", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044203, "uuid": "38d6805b-5a22-46bd-a201-b953ffa56c59", "value": "T1E313F198C853DCAD0CB9FE29DE82CA4437BE45322F1102D245DE781E7AFB1955E8B45C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044203, "uuid": "96f64878-8e4d-486b-a326-aecae3afd931", "value": "768:Mqa9QH14XvoNILggpjpl7Bumqc6NuOZpPIie5ZZWoTVJCxNOdsDF:MqaKsoasoj16NVZKiaIoXyNOiDF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044203, "uuid": "44fa6c73-1b45-4224-95a9-01708b472570", "value": 41646, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044203, "uuid": "204efcce-5a92-42b5-8e72-01692ca82526", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044203, "uuid": "8414cba7-8bf2-4656-bfaa-47fcfc652c38", "value": "PENDING NEW ORDER _097KH89.IZH", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72cffe35-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691077390, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077390, "uuid": "0e149a7d-71a2-4d06-9bcc-d12339056531", "comment": "Malware payload", "value": "079f3b9d33751fbaf977dcf219167c99", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077390, "uuid": "6954567a-1d4e-4302-8908-515369cd25c4", "comment": "Malware payload", "value": "696e868ed9a18d42900625c5bafce55e4a368dd581cd578ecb295c6a933dd82c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077390, "uuid": "8f36a403-9fa0-4794-ac94-c3ef51b2f094", "comment": "Malware payload", "value": "7a4b24990dab26789b42a9bd98a9526c6aa9abf3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077390, "uuid": "2559e7e8-a8d5-40f3-a5ff-20b9020b0d89", "comment": "Malware payload", "value": "f71f6a24f707def966445db061f18e08e1c6619611ba20196d087743c3e7f2995081fb2add8e609698c6229833d00b37", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Maersk", "colour": "#38D08C", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077390, "uuid": "e05e8396-414b-41e4-a691-17ac6850bef3", "value": "T13E7412452B84D277FB7346721CBFD345AAA19E8A00941A4F77893FAB7572383840F58B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077390, "uuid": "37aceb25-7f0f-477c-9d89-c93bad9f4b90", "value": "7c2c71dfce9a27650634dc8b1ca03bf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077390, "uuid": "d4057844-0379-4254-a639-bea00b5f25b8", "value": "6144:NQLFh9Fq71UmV0Jsn+AIN5zScICtUBwYQI/SUvI/dpBrmfCFTMr30oodp:+Fxq71QzdzDUBwfUg2CZlp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077390, "uuid": "cb6a77ae-0058-4b7a-acf2-9358937bd450", "value": 353464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077390, "uuid": "d692d011-017f-4188-b88b-03b74f8c31bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077390, "uuid": "628e14e8-afa1-45c5-9bf9-046220002cdb", "value": "maersk.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d8286af-31d6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691050671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050671, "uuid": "b5a04781-cc52-4697-a297-228e6e3181f5", "comment": "Malware payload (AgentTesla)", "value": "de02c11e3021c6cb9b37a4f71d9eb90f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050671, "uuid": "4d7b5747-546f-4efd-b885-629df7434f2f", "comment": "Malware payload (AgentTesla)", "value": "6a72f999168bda694409c3df5383ca6b0f062a62c535bec85aa1b76ae0bbd70c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050671, "uuid": "f1bba3b4-b729-4954-98da-295dc19a2b66", "comment": "Malware payload (AgentTesla)", "value": "77dabf1a96b9f5c8bdd067cc404e3eede14d31d2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050671, "uuid": "13cbaf2d-e029-448b-aef9-677f64c174a1", "comment": "Malware payload (AgentTesla)", "value": "6a47eec7a69cca3855b588d16186d02c513ef81e396cb64f25566208d4bdf2427230a8788092e9cded8039b83ae7f09d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050671, "uuid": "6c58a33a-7624-4e6f-adbf-409133db7c65", "value": "T12625C53B0C743A12C121D26B56D4F10EA2904F9E3DD8CD57868D7E89C5F6E2A1CCBD9A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050671, "uuid": "994c2d64-8f2e-4b2d-94b9-9172e1dd48ee", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050671, "uuid": "cbfa54e0-09c8-4f39-ad02-c1a52b84cc22", "value": "12288:HEKaJePIDj0V2aU7HYfqH0joSKKfcikgzz4YCGRLdalZMO6BgRfK7LX8g3fMOMV:ruQVJUdHoo3Kfc4vxCZMOCnsgEj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691050671, "uuid": "2dcac27a-f2a2-4708-a1bb-5094138a697e", "value": 1033216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691050671, "uuid": "46066001-c801-40c1-8746-06f3ad28725f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050671, "uuid": "0af74d5c-721e-4ecd-8a80-90bfef6cbaf7", "value": "de02c11e3021c6cb9b37a4f71d9eb90f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82450a7c-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691046921, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046921, "uuid": "0efdc5f9-7081-413b-af02-48d3920a3991", "comment": "Malware payload (AgentTesla)", "value": "a4b8e4817125fd04e27b2040d53d57f1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046921, "uuid": "f77d4c74-e4cf-43d7-9f57-020e41e2ff5b", "comment": "Malware payload (AgentTesla)", "value": "6a7aa76cd4b680c0900ffd6c6f0885246e7311bfc18885e9d638b06aa945825f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046921, "uuid": "22506ebd-9946-4037-a0b1-f1312dd80680", "comment": "Malware payload (AgentTesla)", "value": "a2cafe7c133271b10a543c21beda9502357edd0f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046921, "uuid": "1fe9cb81-9221-4dda-a52d-02ead6262035", "comment": "Malware payload (AgentTesla)", "value": "8526716c4bbd90af5fe7808f85036fa0338bbb9406d59fa30e5961414429792a9dbcc41eacd8f27a43fdae921ac56481", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046921, "uuid": "72d8f570-fa9d-4ace-b78b-99d022be251b", "value": "T11EA52703BAC699A6DA451737C5E7241403E0DFA13763DE0B794B336A0A537AE8B09737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046921, "uuid": "a93f4a1e-07f1-4e4e-8dfe-0abf77f7c7c7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046921, "uuid": "6ec6b2c5-7142-4e47-9043-d17540a22c4b", "value": "24576:slGtfCrr7tAZQl2IuiCfPtNJ+NFDJMnWSCc7cHJ8q2+iVK3kPzmGC72KB860vWy0:s84TCQ3CCGCaKB8X7S7HCovHDwba", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046921, "uuid": "952bc8f2-766d-47f4-a8a7-6f9d047fa4df", "value": 2064280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046921, "uuid": "5faa5c0d-1410-434f-a4e3-ec640332954b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046921, "uuid": "e5027c76-7524-4528-9ea0-92471f7a2bba", "value": "Booking071305pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1889ac4-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1691049631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049631, "uuid": "a6558163-1a42-4146-952d-3c8ad35082d6", "comment": "Malware payload (AveMariaRAT)", "value": "2bb765bd15e09b84698157a6f3e103a6", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049631, "uuid": "534cac23-ae42-480f-9d70-fecabd5982e7", "comment": "Malware payload (AveMariaRAT)", "value": "6b7fe61a84cc8be5f01cd3eb0952f7ce426ba259998c57a49540ddecaa8b8576", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049631, "uuid": "ffc1af29-1c3c-48e0-a09d-bf750eb349d6", "comment": "Malware payload (AveMariaRAT)", "value": "7fada09da43d8816048c1052590c3e7e0c6f7651", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049631, "uuid": "eb017ff6-75f3-44a2-87be-14cdb4ebafac", "comment": "Malware payload (AveMariaRAT)", "value": "2dc8cca5e1435e48e67304d7da76ab77a276f11a77d482bde5fcce3de21cf1897a3d6a86fcd2e4af0eaab5a45a011e86", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049631, "uuid": "5852632a-79d7-4b59-90a0-61184a7383a6", "value": "T1E6436A6CD34F02A9CF62527B9A1A0E4541FCBB7EF28512A134AC533533EEC2DA12567D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049631, "uuid": "43271631-73a9-488c-9c38-751fc858bf71", "value": "768:ztwAbZSibMX9gRWj9kckz2Jr/g8iOM3ZPqA1eAFGjnaghrg/Bauzt:hwAlRkg+qZPkXrg/BauR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049631, "uuid": "4a53416c-aed1-4733-aece-eb908834c80c", "value": 59791, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049631, "uuid": "4992393e-a350-4cc4-bd7e-6ff584b5bd2a", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049631, "uuid": "7ea8839d-7ea9-4e23-9009-a7b05f5172b9", "value": "2bb765bd15e09b84698157a6f3e103a6.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31a4f117-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691047645, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047645, "uuid": "48c48843-fe37-44ea-b119-35e6446ae79d", "comment": "Malware payload (Mirai)", "value": "d8da675da554880dd349a225e8838734", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047645, "uuid": "95c48854-f475-4e9a-894d-0077aeb04a4b", "comment": "Malware payload (Mirai)", "value": "6e34aef20f0168eb94d71d9785a8526f39ebec67f794149c7fab260f808f2a51", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047645, "uuid": "3f9f4834-312a-4322-91e8-06415254127c", "comment": "Malware payload (Mirai)", "value": "a1bb32cd689c1853cf6cca3070823316ac996629", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047645, "uuid": "3cc4931f-b204-49c3-a028-f538d86ea153", "comment": "Malware payload (Mirai)", "value": "41998da5821017201fb8b52634932fb54c1966151237cb4ac54858f11db72ad75eca381593c5dc4426593bedb7da3853", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047645, "uuid": "bd8713d1-6cf3-4e0b-8eee-0c102c4acca8", "value": "T1BDC2D044F041CE42DEEA29F13E50DADBBBA46F5F6965CD8126A053D15F4D2638306EC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047645, "uuid": "f8079dc3-11e4-4b6c-8af0-24ee259a4648", "value": "768:vVdafO76jpmNJJKehmA7trpfIX9KeA7Pcxdc4uVcqgw09O:bam+AnKehPRa9aaa4u+qgw09O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047645, "uuid": "46994aa8-09a2-4675-a936-783029f747ec", "value": 27048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047645, "uuid": "5cfa8e4f-d06a-44e3-8781-315490a1947a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047645, "uuid": "fa28723d-28fc-44f7-8ed5-5518329b992e", "value": "d8da675da554880dd349a225e8838734", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29f3c899-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691047632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047632, "uuid": "177130e1-7dd2-4ba7-bb0d-2ae063f072dc", "comment": "Malware payload (Mirai)", "value": "b33ee69b97c0d0ab8a941e5b3763eadd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047632, "uuid": "8fa17143-ba64-4d83-8cc0-882e5d1dee87", "comment": "Malware payload (Mirai)", "value": "6ec36e6f2a962912a667d7e46dd6bc3c7dff45940ba027a7adf95fef5fdb84b8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047632, "uuid": "d1472925-f79e-4406-aba9-5351b5cc313b", "comment": "Malware payload (Mirai)", "value": "1db12b84db2fe9b616e5cbae7b81155ac9fd95b5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047632, "uuid": "0ead13f1-2e1a-41ea-bf55-7ec84719d2a3", "comment": "Malware payload (Mirai)", "value": "7d18e25c23eaf002655054f90957c62c1adda5f58d44c6fa6801676ab0333f2083dc072ab7374286338efc03d53f727f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047632, "uuid": "72fc536f-d7de-4258-b9db-e94df2a10492", "value": "T14C735D24A9792E26C0D4A17B61FB8321F2E6230E25B0965D7C760F8FFF2464468162B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047632, "uuid": "1126cbc6-ee63-4b7a-8088-fbfbfcca2ab9", "value": "1536:5ms+geQfvznpCR8ee84cNsAUiAvFI7IlNnws8n:YwfdNu4cmZvFqI3w7n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047632, "uuid": "534d812a-fe75-4701-b206-56ee068da8bc", "value": 74752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047632, "uuid": "d5049d39-c23d-4d3c-957b-4481bf26ee5b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047632, "uuid": "60443c70-ebcd-4868-a648-83fcb2c4adef", "value": "b33ee69b97c0d0ab8a941e5b3763eadd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "123de0d9-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046733, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046733, "uuid": "9e5091e3-9dfb-43f1-bea5-f0f2df14984b", "comment": "Malware payload", "value": "38809ffc176fb14417c7d908b0c6e035", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046733, "uuid": "39330844-4cd8-4a33-b2ae-55dbf1c15b95", "comment": "Malware payload", "value": "6f6b1754f72662da307f50b08664e9665a36b954819f4656d107bc238c104fbb", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046733, "uuid": "23e6080b-c51b-4c47-ae5a-bc5d459a2262", "comment": "Malware payload", "value": "be49557e328c56a3668f28ecfaec33ee8f5e8678", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046733, "uuid": "dcdc6909-7000-470d-b119-477aff573876", "comment": "Malware payload", "value": "177c1873ee359bc64b6e4113d2050f6f89d1a80882b6df1e794b8410a90af44c1b2d30a42bd51edb3a53da0d75f48859", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046733, "uuid": "4612e5d2-bfe7-4e36-a601-c8173d1b3faf", "value": "T10BD3CF00A6CB54C8F2A23F530BED69E98F1BFBE5163AA459214C170ACBDBD84CE54771", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046733, "uuid": "9d4f0bff-ca0e-4e3a-ab7a-27bd9201582b", "value": "1536:N4Mi3mI2hb7KZ18ChuY/tC09TPqnuGVOnnF6kV4jLLVaXHDXPK6:NZ09TPqnuGVw4jLLVaXHDXPK6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046733, "uuid": "62299100-9e77-494e-8186-ee92bf2895c4", "value": 135046, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046733, "uuid": "5279aca7-7651-4ab3-a6e3-f333e20b83bd", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046733, "uuid": "2680c25a-1e02-4136-8c32-f3d2c2b3fd8b", "value": "solicita\u00e7\u00e3o de reserva.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "912e4b89-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691046946, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046946, "uuid": "53c07528-da73-4e96-aae4-9e2c32313695", "comment": "Malware payload (RemcosRAT)", "value": "289b9d21c843094318e3e60dedfda9fa", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046946, "uuid": "c57a645d-e6f8-4138-a57e-f51324595f61", "comment": "Malware payload (RemcosRAT)", "value": "7013fa4992689acdfd051cd0196afea9df2b40518015612dc9453ba61b53d157", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046946, "uuid": "cbc24edc-6c94-43a9-803d-fbd602bf18ce", "comment": "Malware payload (RemcosRAT)", "value": "110449457effd23e17455c4b0dc641462a5d6dbc", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046946, "uuid": "b5991e23-56a3-4a61-b2b0-de625d20825e", "comment": "Malware payload (RemcosRAT)", "value": "265c3255623d0aa7a4c4fefedcd57a7b088fc7f497993a4256b2470216bb6fe9b8f1bca05ce306db0ae8a29cfdfa54fb", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046946, "uuid": "788ed8d8-a966-4083-96ff-08c7f25df4dc", "value": "T120538B6DC34F01A9CF669377AB2A4A4042FCB73EB24051B5306C437533EE83D96666B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046946, "uuid": "52c3d38f-d954-4da1-a39c-ae9a24e1aa22", "value": "768:swAbZSibMX9gRWjFTyXPfQyByO06pR5TflgjAJSrvmB2w9MqNU:swAlRsuXP4yUOPHFf2AJH2wxNU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046946, "uuid": "6a39e10b-b0ff-461f-9488-1ddfe4e8315f", "value": 61382, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046946, "uuid": "2190e181-bc29-4745-8768-48031b2e6bfb", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046946, "uuid": "6c5d3449-1060-40ee-88ab-a86628751f58", "value": "PO.No.660240685.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd1ced91-31a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1691029518, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691029518, "uuid": "1f56520d-9e2a-4b26-941c-b029aba15d8c", "comment": "Malware payload (NanoCore)", "value": "e1e0fc152252fce55dd47b3ed8217862", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691029518, "uuid": "d4543c9d-294d-4b37-b599-0751b811eadf", "comment": "Malware payload (NanoCore)", "value": "713091ad7d4d99ed3eecf895b4be41de34e11c1745cd5411a98079404ce12916", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691029518, "uuid": "665ba517-5cec-4c84-95af-369bf7c66161", "comment": "Malware payload (NanoCore)", "value": "c51af7ccaf8edf769565c121550c6abddde8212f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691029518, "uuid": "54965601-54c7-4659-8779-986bd8d8dbb7", "comment": "Malware payload (NanoCore)", "value": "d618e4b4e40cbc03ecf5813af71263c03d0fa591020ded080125e967a84eb8f33023ef4f45beac2abffd0cc3c9eae8a6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691029518, "uuid": "b79be187-a8d2-4fc7-a4c7-5737f3a97970", "value": "T125A5F603BA72DDE1ED8A1737E5D678441F5CEF602223F69A694B33553C323A64A06327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691029518, "uuid": "14569a41-e1c7-4533-85c2-feac977d2ea6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691029518, "uuid": "1040c7b3-9c7b-4e25-b662-c3e6ffb1fd22", "value": "49152:1MPAVZSOpwRMdfG26z2wXvs7D1ZONrByRUkfU2SDobO:1MoVZ9EyU2SDob", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691029518, "uuid": "08e82870-3a00-47ac-99ef-147a0a76126e", "value": 2265600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691029518, "uuid": "66fb1a65-91fd-4443-8ed0-394366d67c9f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691029518, "uuid": "23f26c9b-fcb7-4c36-9d4b-e66b8ff97281", "value": "CABLE WIREPO-T637893837789.scr.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43925c94-3209-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gozi)", "timestamp": 1691072586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072586, "uuid": "5776f747-5a2c-4190-99b1-9e6463361d95", "comment": "Malware payload (Gozi)", "value": "6a5b2a82fd76eae337397c3bfb163544", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072586, "uuid": "dad70327-2947-4fc6-bded-7616f5e18d23", "comment": "Malware payload (Gozi)", "value": "7203bb5ec300ca74ec9dc8577737a204cb2e7a992f420f92395a2c6f85037d07", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072586, "uuid": "d9220f50-096e-4762-8594-ade81cba8f8e", "comment": "Malware payload (Gozi)", "value": "28a422d69165872e2e6e41639ad7b437b5a7528e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072586, "uuid": "30684e3e-4e5c-42e3-8b09-8ec9a4beb969", "comment": "Malware payload (Gozi)", "value": "374925bdcfc21c65329ee1e7dff1708be675f3b1706225c2a0b486a3575f8719670f837df48df73bd6759f58a62e94cb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Gozi", "colour": "#8A56C9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072586, "uuid": "8ccaedd1-77e0-4d80-887c-ccbf17553b6d", "value": "T12E345B6AA3E51995ED6AD5B6CE53D217EBF334491B24C30F5370CA9A6F07722B21C302", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072586, "uuid": "cdb9b3ed-1f15-494b-9bcd-44078efb3915", "value": "6144:iX72v82Wldh1KeRFSbaWrxls9cPor5b5G:iL2v8znYSSeWr497", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691072586, "uuid": "7f8a230d-8168-4ca3-a190-3bddf0dc712d", "value": 234496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691072586, "uuid": "69366403-7cc3-46d2-ad83-a6cf8f2e1d1e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072586, "uuid": "5e8be3d6-21e2-4c7d-a6f5-ee60e0aa3ac5", "value": "bcd0000.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fa4d100-3238-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691092766, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092766, "uuid": "8813ccd7-e1a1-45a6-b155-30e3eb97a007", "comment": "Malware payload", "value": "ef717a601f11e805a0d67e49a79ad602", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092766, "uuid": "204c3923-4c98-45e7-a406-86e30210e710", "comment": "Malware payload", "value": "7217b974542ea8e3d69211c4280f10b451f0a5d9df60a8ea091d89aa73a78160", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092766, "uuid": "9e5a44fa-d81c-4c05-8842-1c146c272de8", "comment": "Malware payload", "value": "17c25a39fc5faa931e1e99338c530b801f22397a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092766, "uuid": "4cf970ae-010b-4955-ae37-87aa8fbbea4d", "comment": "Malware payload", "value": "019c69718e5f5e994bf810a1faa799fd3eb55b2488fc6f54ed9b806281c6e259dda31bbd9a5750f0c3faf8ad1469515e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092766, "uuid": "7a1992aa-6457-4a28-97f2-d7a9ebd92e0b", "value": "T168D423B96057F6C423A61132CEFED4A6ED05BFF4925762B000DE0BAD7627BC6F494062", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092766, "uuid": "b6f26e74-955e-4b18-89cb-4a399ac0630b", "value": "12288:ZC1aCpxcLoP5fx5+rTGHqlXqDqPZyG65+jZvG0XqndyK7xTSZa6tdp:qbccP5Z5+rTGKlMqr65gZvG0XsdyJYw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691092766, "uuid": "3965f502-3b91-40a1-a87c-e660d979ae42", "value": 619711, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691092766, "uuid": "5f318d78-66f3-40b1-974e-4646ed8f40a3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092766, "uuid": "3d7c895e-b4f0-4cf2-9464-551b331c74a7", "value": "ef717a601f11e805a0d67e49a79ad602", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "796de1b7-31e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Metasploit)", "timestamp": 1691055926, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055926, "uuid": "c8645279-d3ca-4d59-95d6-b0259d12c083", "comment": "Malware payload (Metasploit)", "value": "770387478b181ca4e61b82a34fc3b2be", "object_relation": "md5", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055926, "uuid": "edc2a595-bc92-4c32-9bb2-cee5a47ce39d", "comment": "Malware payload (Metasploit)", "value": "729d7c38a7e3134082a21310e85ff8fb3a93ea3566ce44620ecd223ca05598eb", "object_relation": "sha256", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055926, "uuid": "1066f39d-6748-4ffa-899b-1469b1e00664", "comment": "Malware payload (Metasploit)", "value": "4fc70e2dc6304b8fc77804a7c301dd211a343e30", "object_relation": "sha1", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055926, "uuid": "07fb487d-3251-433d-91df-ccf5e7850dec", "comment": "Malware payload (Metasploit)", "value": "15ee5d50a95d5d546bc51706d1107ff1c5e93b14b96c5f6ffb8b9e5d121e7b18885ae80981b6fe653ba79dae996f04d0", "object_relation": "sha3-384", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055926, "uuid": "8c6c209c-0318-4c88-b2de-59ef227e5fdb", "value": "T10F320A78C82C6E92454CBA847B75B94414ED393B4E7DE0FCEFA21440B255E5EFB32862", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055926, "uuid": "27882dc2-56ce-48af-8840-000c1bcaf82c", "value": "96:Bv4T6TAAcZh3JZcZhuQO4XSXw9Y4D+iNIxnO6ze5e2q1T7h37FLzN7DZocwXheyF:BgDh5Ch7O4QLFwGV7+c0Kv7X9MMh2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691055926, "uuid": "1e8963e4-0e03-4b47-95d3-cafa3bd09151", "value": 11541, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691055926, "uuid": "0e0b19f5-a74e-4d59-9892-2b1a8a3e7c9b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055926, "uuid": "d0eaf2b5-9fff-4f0b-964c-9a4258e20f04", "value": "all", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "105c5282-31b6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691036852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036852, "uuid": "5af326a4-aac0-46fa-860b-aaa3fe5dcb1a", "comment": "Malware payload", "value": "676fbcee5b91a6e8938c58635984bd23", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036852, "uuid": "d8a772d2-4e88-4256-a33e-8518cc7eff2c", "comment": "Malware payload", "value": "73c2221bf1838312b7aab298a3058b97733faa2cb2135359e2be41943b100506", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036852, "uuid": "0721e526-0aa6-40d2-8b69-7edc4486ee80", "comment": "Malware payload", "value": "c1a3acc74530976bb67cf6b7564f10a334f86b38", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036852, "uuid": "747dde64-2ad4-4604-90df-db3f78bb3aa8", "comment": "Malware payload", "value": "6f1541bb31f656a61b3270f7716ff14b6dfea8d268444227cbae3088b9ddcd981736412c7bea41c8c05a0127c0b59cc0", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036852, "uuid": "a8b6ff40-5cff-44cf-826b-1adcad131406", "value": "T144F22C10D2C0EEEAE4FA26FC8A77952536399D20D34940FF23C52D6E5B286C15D705EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036852, "uuid": "efb8c041-2cfc-4bbb-a9b4-03dd0fcbddd1", "value": "64fbe8776a7560c834c27ef4325d2834", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036852, "uuid": "3b83852a-3430-465d-9847-2e0f9ae46832", "value": "768:OXtxiMayvOcC5+A5U5r67oDG0nNGZi402Ia6e0TxfuDnzfPJcKGVVcUJ:OXu+vC51ONkTV0ASVVc2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036852, "uuid": "f980d5cf-b18c-43ce-8863-3a6e6b9382a8", "value": 34304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036852, "uuid": "6d778f6f-4d9d-4052-ad62-c169451ed1c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036852, "uuid": "5f69e217-11ad-4e11-b095-da283aa20b83", "value": "SecuriteInfo.com.Win32.TrojanX-gen.20301.17162", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3acd9465-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691049378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049378, "uuid": "925be477-80ad-4ca8-a0b4-1bcb7c8714e4", "comment": "Malware payload (AgentTesla)", "value": "63dbdf9801348b5c64e40a82079513bb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049378, "uuid": "092cf610-2738-4d09-b63f-e4f830731ffd", "comment": "Malware payload (AgentTesla)", "value": "746d3f266a1d6c17fd484a741cad28bb0578e63d235abefb6f949b90a1108a96", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049378, "uuid": "87654d0a-ad34-4db4-a506-70fddb80a6ef", "comment": "Malware payload (AgentTesla)", "value": "9dc98beaa5776f9288aeccc42bf7472c354f6b01", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049378, "uuid": "03718312-e8ad-456d-904b-4e007031dfae", "comment": "Malware payload (AgentTesla)", "value": "b3a433a24b9bdbc2538c0b8a008cdfe25852a59aef49fea92398074ba6cc8083bb6dfb9c43fbbc5d4c776c108f05e9ed", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049378, "uuid": "69b0e59a-182b-46ef-bab0-e0e6bce7cd42", "value": "T13B25083804780A12C135D2ADAAD4F513B7904F96761CCD5686C24FCA0AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049378, "uuid": "0808462e-81f5-458f-86de-7d67a2da9453", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049378, "uuid": "5866c503-1339-4180-845a-f6e79a156ba6", "value": "12288:ZEKaJo0mJfggmcGNZ8SuXx9iS9fYb7alHx6T7cm6dOxF/syH2/DMCR+:Lr/mcGNZeXrZ1mcMT7x6gF72/Df+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049378, "uuid": "812459aa-7924-44f2-a141-63665ec70dde", "value": 968704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049378, "uuid": "900df516-7239-4fb4-bfbb-973bb511e964", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049378, "uuid": "a9f0a19f-e3a8-4dbc-b4d4-11eba252569c", "value": "63dbdf9801348b5c64e40a82079513bb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "435c1a21-3238-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691092772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092772, "uuid": "d13643a9-155e-47ca-b51b-51bbc6715ba1", "comment": "Malware payload", "value": "0a1b377a36e48b5a59d7cc3327c5a2d9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092772, "uuid": "8d30414a-d566-444b-913e-4a2e299f4e8d", "comment": "Malware payload", "value": "749eb7fd01d545c73582592fd8a78d632c9f66a57769d13484d1e1599b05a28c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092772, "uuid": "bc72d0ba-66da-403e-8642-164e627eff10", "comment": "Malware payload", "value": "76bc8feded70c1e72b828aed8c9087dcebf97886", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092772, "uuid": "f9aec913-fc98-4ffa-8e69-3e64b2467377", "comment": "Malware payload", "value": "afef568ee5707c5d47d68f603c9eb772b5f04fb34ead32d1b237a6177525f43c4f0347d844c49904418e85691fe8e4b2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092772, "uuid": "f92c2f45-96fe-4359-8a55-f0ce52e036c3", "value": "T1E4B423D42C024793C1E9F436BAF1C655BCE7185E2B3C4E622F52B0EBC656A8F91504AF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092772, "uuid": "cf657800-a081-433a-be45-1c9e8b3b8c47", "value": "12288:IZ/Q8mhPZBXybwIIdQLAxCnNXsUKpH0fyXNGqvZ48B8dfQwD26N:4I8oxBL7+MxGCp5zR468pQe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691092772, "uuid": "1f7ab208-213a-4b05-badc-93c2a4a63621", "value": 527681, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691092772, "uuid": "128a3759-1d3e-436b-acb3-f4dd0d2d72a1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092772, "uuid": "f59f4441-1181-451b-92a3-43efd76ea184", "value": "0a1b377a36e48b5a59d7cc3327c5a2d9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d347d71-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068200, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068200, "uuid": "725407b9-4170-415d-81d3-3b9646740df5", "comment": "Malware payload", "value": "1e8fc19bc9567e75cd85f643d30e21fc", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068200, "uuid": "c142a032-e7a1-4e85-a12b-1b2b1502261d", "comment": "Malware payload", "value": "76d9cb366de739ffe3a97b065c9bda83a67c9e76542711c3070e1bb30f544f56", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068200, "uuid": "cb7ec37d-93d7-4b41-8c80-07fd3c79f62e", "comment": "Malware payload", "value": "8eeb8795de459fbccf3af03f5903b64c9784fd11", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068200, "uuid": "b1561ba1-ff62-40ca-b9bf-20a7c8d9563b", "comment": "Malware payload", "value": "39cd8294a6e01fc0d052c4ec2d6bc3a2d62d629ff130eff3aa7fefb4436cd446670914e96c93dba146f502426b7d83cc", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068200, "uuid": "84e2258d-12f6-495c-b112-01cb92f20251", "value": "T104A45B3AF5C0C477D1754E78CD5BE2D9942DBA606D38A8077BF41F0C9A793822A2B1C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068200, "uuid": "7e913dc1-961a-42db-a253-67bf53e922c8", "value": "12288:K4i0blotKmmt1seWzDcjEmXQmrZVse2xvG6JimJP7Rnqqnu3/Oe:Kv2onmt1xWzDcAehrZD2xVJV70+uv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068200, "uuid": "64fe4967-708e-491c-90e3-e274eb94cd6a", "value": 482304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068200, "uuid": "aa95f7f1-72c5-4c41-bf0b-e0e258a6b7d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068200, "uuid": "acd7dfb0-095b-4a78-bbb0-fc8aaf50d5c1", "value": "76d9cb366de739ffe3a97b065c9bda83a67c9e76542711c3070e1bb30f544f56", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a90b098f-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691049563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049563, "uuid": "0c8554d2-439d-410e-9968-432baf7899d6", "comment": "Malware payload", "value": "35f272bfdd28ea3d96ee9058ac93cfc1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049563, "uuid": "550a3fcf-259e-42ed-b31d-6e8f65f1c5e8", "comment": "Malware payload", "value": "785fad18a3d5d268a0d6d99814255229472bcc77c21097bab92cc4d2376b1069", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049563, "uuid": "2d213232-4b87-452e-aac5-0aba99871ffe", "comment": "Malware payload", "value": "886dbe1475d2ad83951e1dc7b46b779b15c804b2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049563, "uuid": "2b6ea1bd-fc6e-42a2-a381-95fec296138c", "comment": "Malware payload", "value": "a8d122fae7a8ab7d1d2242a1de1df7dda6525db206d7a8e6ca1ac10a610e03550e520795f2d1cd99e5e20a52f3fb4a9d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049563, "uuid": "fc1838cf-be7e-44a1-a694-c2be45e2cffe", "value": "T12203F16188292938E03EECF6F4851BBC5DAD153C0AF208E569453321F6435EE9ECA5E3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049563, "uuid": "ff852550-768e-451e-a11d-3001f8f09534", "value": "768:0JHiXNurVQttX/vJ+NlptOlkZYIK+SwBkzrPWo9l7Q/fhsX:0hAurOt9/vJ+n1ZYIzMJT7wO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049563, "uuid": "9854f1b4-87db-4d9d-ac75-1779bdd0ae8c", "value": 40618, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049563, "uuid": "9722591f-3e9f-4b36-af98-99baf94f4ee8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049563, "uuid": "70157593-37ef-42e2-9716-3279f5a4cf12", "value": "35f272bfdd28ea3d96ee9058ac93cfc1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57305db6-31c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691042125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042125, "uuid": "25a72f8d-87ea-42e1-ae40-86cf2a5737d4", "comment": "Malware payload (Formbook)", "value": "f453b83cb4f6c27b4796816e0f628abf", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042125, "uuid": "a67d65ef-18f7-47ff-adef-6718fe1cc778", "comment": "Malware payload (Formbook)", "value": "79114810d9bde07318f8a7790e17b9dd7f377f36c1d4b555f941c9fe5e139385", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042125, "uuid": "0b0d3d65-7c78-4d58-9fbb-8e01a0450f82", "comment": "Malware payload (Formbook)", "value": "9ac829ea257d3129202c8154248335c0f229e633", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042125, "uuid": "4d264b26-60ac-468d-a96d-f1a785725ecb", "comment": "Malware payload (Formbook)", "value": "c9de8a4e31e11944d378012bdae50971f780b32747e07374f776846c937358a833c6568ca746656ed09600bebce4fe93", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042125, "uuid": "91c518de-408d-4784-985a-fd37b4a1f239", "value": "T1EBF2482CC38F8169CF6697379B6A0E0412FCBB3EB69152B5302C437233ED92D25655B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042125, "uuid": "f5ffe600-6edc-4707-bfce-2f86e48fb2d0", "value": "384:ekcMX93wRWjE2Rs1kGBz0No78fj3tD/pEld+xvioP586TSMefR1hlpyuz:ebMX9gRWjXs1kA30j9D+G7ase5r2uz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691042125, "uuid": "72fdf380-66f8-402a-a6a5-bbe1a3959382", "value": 36271, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691042125, "uuid": "a14ae4a3-2101-4f59-a87a-5c3c38833051", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042125, "uuid": "419dc999-34d0-4762-9b4a-56088a06f680", "value": "f453b83cb4f6c27b4796816e0f628abf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4576ed7f-3209-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691072589, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072589, "uuid": "8bfa7d25-1a96-4568-98ba-08350feb1970", "comment": "Malware payload", "value": "6becd620af76084bfdfccec627622d3d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072589, "uuid": "06967ba4-fc7a-45a7-b43c-3202aebb8e89", "comment": "Malware payload", "value": "799c86e8eb6ae575e0155af1464223ad54b08a1f02c7310f93bc9ecac53d9374", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072589, "uuid": "52ec3425-02ee-4040-b4fa-0d799cc7f9a9", "comment": "Malware payload", "value": "d7130c71ddd16b9b095ee11417d492654a78ded5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072589, "uuid": "9261f426-6c76-4213-bd35-5720b0b4bd2c", "comment": "Malware payload", "value": "49394e21858aa699f870de9adebc3226af0df21518153fd07f9ebbd41cfee03490bfc084b64200809637f1b36556042d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072589, "uuid": "6fef9e1a-9bc9-48a7-8a94-ae7c58e8d490", "value": "T1FB05BF53F3E640B9C0AB9671CE12671BEBF1B80A0234D74B57D49EA52F13B62672E311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072589, "uuid": "1e5124ff-4071-48cc-8ecc-5a38c3bd8ef5", "value": "8dc57218301eab0a899a12ef50accd97", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072589, "uuid": "61f0e0be-dda4-49e0-bb91-66d385566266", "value": "12288:A53Gdcktn8UV5aAvPCJv/7eDUbG5LRmMSoJqCSml+tlMTX5Udz0un3rg8F8qA706:83wtnDV5XPieWkJcmlIlMTSddgGvAL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691072589, "uuid": "19a61050-072c-4e2f-be2a-dc6a10480ff4", "value": 799656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691072589, "uuid": "21a6cc3b-b403-4432-9bb9-f9dfdb8ba993", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072589, "uuid": "f0a61b98-8a4b-4f28-a8f9-bc2ff0c93edf", "value": "f435c58.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bdb0961-322e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691088625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088625, "uuid": "611980d9-d928-4982-a2f5-fc662239c264", "comment": "Malware payload (RedLineStealer)", "value": "547982741d54b65e813f3c41700f1ce0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088625, "uuid": "9c1d8191-f6a5-49c2-9c89-227bfc6a1992", "comment": "Malware payload (RedLineStealer)", "value": "79d86b272c2a98c7d4266d85f6df0184cf201921ae1bc94005926d63b604ae6c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088625, "uuid": "56738048-ae11-4daa-b065-bd6c5b79cbef", "comment": "Malware payload (RedLineStealer)", "value": "28613a9e0cc8e9d727a4a576b044c208d6f9452b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088625, "uuid": "59aaa8ff-aa16-45cd-8664-a3a08dc171db", "comment": "Malware payload (RedLineStealer)", "value": "4564f8185f90fc54a0543021159a9abe7e52cf5ca9f0b4dadc75822846bd3dc62eaef6e1f38754602794c748041b36e8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088625, "uuid": "bea7c808-c158-46fe-ba5b-1b41d9f481e1", "value": "T1F0C41262F6E84073D8B12B7058FA53C31A35BCA12978834B2789945F5C727C5A572B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088625, "uuid": "b078eb02-5d7d-4217-93ab-27b79b2592e6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088625, "uuid": "49a5c39e-cc84-4473-a0ee-6e10938c70d0", "value": "12288:EMryy9038y4wtvqYUTIiifyKPsijjBw0Y7:myk8y4OmTIiify8s4jBwj7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691088625, "uuid": "52cd2eee-cbdb-40b6-9e15-a8bf9a901456", "value": 572928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691088625, "uuid": "df9ed881-45f9-4ca9-a0d5-c96b67d864ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088625, "uuid": "1811f2a0-2084-4875-a82c-93a0b6e582dd", "value": "547982741d54b65e813f3c41700f1ce0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b6505f3-3238-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691092785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092785, "uuid": "bd4ec42c-394f-418f-8cdc-ae3f6d101c17", "comment": "Malware payload", "value": "1e63b7b29533609710600b3f099f3872", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092785, "uuid": "6f6f2b8e-c915-466d-9410-8da5a04af512", "comment": "Malware payload", "value": "7aa121910724963c70c9c9af04bedf5be6ea05b15b3d9af4c5d281f1bcec2db8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092785, "uuid": "801967d4-ef3f-4cdf-bee8-320101d87936", "comment": "Malware payload", "value": "c894c3b12c38e912fb703a597d43c8e749f9497b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092785, "uuid": "e9072c06-1663-416b-aaa6-b6ad05529576", "comment": "Malware payload", "value": "28136b1a25ce64511fdee4bbada08a592804413c8a7e74b94a8b1bb247846e6b1bfa6ade1cfa221ecbc6586ad0f3e593", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092785, "uuid": "578fa140-b010-45f5-bc62-4c0d1812c540", "value": "T16313F14FC65E4BBCC2572133085C6B5A86B1A58CC16300A6FFC8B3A719FAB303299995", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092785, "uuid": "8059d8f2-b439-4f14-be61-3b6e13e3c703", "value": "768:pTClP3sEedMV7tzWN4GLkdsY/jkiYvLZaOM1MVnbcuyD7UYcw1QOFVLdmLOzLk:Il/sEedMVRWNHgNWOMVnouy8Ycw1nVL4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691092785, "uuid": "fb369bf1-bcd2-4174-b0f5-d6313e6d38a4", "value": 44672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691092785, "uuid": "ba4fc153-09c8-469c-b25a-bd42cc11aaa7", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092785, "uuid": "b9000541-9b4e-4843-a013-7039d753e181", "value": "1e63b7b29533609710600b3f099f3872", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59a44e6b-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1691077347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077347, "uuid": "c09a2b82-5d52-4ea6-b4f0-d5b9cfc996c1", "comment": "Malware payload (SnakeKeylogger)", "value": "3410529d02cdc6ee212c44cdae46c2c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077347, "uuid": "79180f78-8495-461f-9633-163f85d3bd90", "comment": "Malware payload (SnakeKeylogger)", "value": "7d11e19dcc4a6891657f624485dfd6e3e0ed3f0cd1a4361cc922ebb95d7361ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077347, "uuid": "33fd6bc0-46f3-4159-b5ee-4b3ee03d4efa", "comment": "Malware payload (SnakeKeylogger)", "value": "7061a945f2786bf28191f856d8566ea9d61e7869", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077347, "uuid": "008a1feb-64b2-48ea-bf71-77f37e25eff8", "comment": "Malware payload (SnakeKeylogger)", "value": "99936e4d56e1c96b6a5ce19212cacf15b8ffcaab604b9f912a4f62df4af8382c89a3fbe862b4f126e96b8014476a7d9f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077347, "uuid": "ebda5457-9d26-4960-a967-5933699cfa80", "value": "T100D3195D27F8D840E6FF997701B16112C775FC421A2ACE0D0AD2F51A1A7DA908E1BFA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077347, "uuid": "06013ea7-f02d-4cb5-ba02-6bf6db72362c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077347, "uuid": "cac1a46d-fc93-46b3-96aa-adbed5f6ea1b", "value": "1536:OhrMBR29HM9mZ0kp08+vBUFrlYYnz7mrMSz+m4IsrMFPyKvn02bEb/zRWn6tlkpd:OhryR6sBkpznz5b7Rk6tlOwBINzgbY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077347, "uuid": "db8509ff-2876-418a-9b40-d685e702b355", "value": 130560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077347, "uuid": "98fb5099-20bc-475b-9c3f-922d07e69104", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077347, "uuid": "750c5284-6520-4301-b384-2e647335e134", "value": "3410529d02cdc6ee212c44cdae46c2c0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bfdf8a1-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1691046938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046938, "uuid": "7446a16a-74fd-4a32-9156-efbda03e510b", "comment": "Malware payload (DarkCloud)", "value": "1e5e4d837c446a5b2c8dfbcaf1417457", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046938, "uuid": "d0053326-8b2a-4aa0-b206-69c22e0633b7", "comment": "Malware payload (DarkCloud)", "value": "7d85fc44d14db757a98732f263d8000a5804ffc8c727db5a7ee405297547fcc2", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046938, "uuid": "2d65ecb0-867b-434a-90ca-bc563e1cb707", "comment": "Malware payload (DarkCloud)", "value": "f4b4703a71bd1ae7ca4b1a94a8929bb640b66d72", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046938, "uuid": "a4d08adf-4b5b-4757-a223-7185fe497cf0", "comment": "Malware payload (DarkCloud)", "value": "07b05fa79b2363005e44899fae0908b5041b6b207744213daea1806f9eed7445e700b5db3a72e2efc500d8e1b8e38c74", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046938, "uuid": "a5b16731-9dff-4763-a506-a16b70ce67d8", "value": "T10525BEF83110A7DEC627CABF89571C74991338664237D28A723F35989E5DAD38E109F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046938, "uuid": "e959aff5-a364-4405-b57b-997ab3d28e4c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046938, "uuid": "9050ce4c-b7c1-46f7-994c-56f97055a031", "value": "24576:rAzGFTyPX92M5DOZgewdoIUgXJMldVN1fAQjwUQ:r7FTyP9hDigegBGlr7fAm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046938, "uuid": "3926e587-927e-455e-8bf1-9878d403b7d9", "value": 1006080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046938, "uuid": "2e123af2-82b6-489d-86e3-ac20f5bff903", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046938, "uuid": "3e0aebce-29cc-488a-9fa5-25ee59a2ec7f", "value": "payment advice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7af613a4-323f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1691095872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095872, "uuid": "43014772-756e-47ae-8d39-21c479c4bae5", "comment": "Malware payload (GuLoader)", "value": "185580614da9d10a42ab1a77559c8c82", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095872, "uuid": "26868836-442d-4464-8f11-c032e8eaaffd", "comment": "Malware payload (GuLoader)", "value": "7db87383d1b07e74372fa661071ee40108779bd2900943e2bb68353fec122aa3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095872, "uuid": "ca31362b-1ac0-4aa9-be50-58d7cd20dbf5", "comment": "Malware payload (GuLoader)", "value": "3974a69420a7185aedabc812095e5957420bf535", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095872, "uuid": "8468943b-82c0-4648-afd4-b80abe6b22d2", "comment": "Malware payload (GuLoader)", "value": "4c963213f3855623a3040e4f36bc1f39edf85e4a0e4ea107d729f2a72eb4af6fe1de1cdba2eee96e9cb6446b9f85ae2e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095872, "uuid": "44337a04-db5d-4300-98a7-d5c438c41024", "value": "T175746B49E762ECE9FA660339257118273F419C5EA0D9289C228DF7263C36253509BCFF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095872, "uuid": "908e9522-06aa-47d9-9682-d19989eedbff", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095872, "uuid": "11b028e9-8983-4360-b532-3bf60f2ca632", "value": "6144:NQ606x6uwP8K6xuSKMkB/FmcKrts+PtIK+FTWbAKrzv7BSbMOTp:qhP8bWMkqR6+PuK+FCtzv7kAE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691095872, "uuid": "49ea75eb-194b-42d9-a49d-1ade6930a69d", "value": 359167, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691095872, "uuid": "c1fc9d59-37ce-4946-9543-7808a8930567", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095872, "uuid": "23e14695-4b27-44af-a06f-12cb22c0dfe2", "value": "7db87383d1b07e74372fa661071ee40108779bd2900943e2bb68353fec122aa3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d943e14-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691046860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046860, "uuid": "873f6528-b0da-48d2-a251-3774da7eee81", "comment": "Malware payload (Formbook)", "value": "33c5e8a3e50bad10d8dd4a386bd23c7d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046860, "uuid": "a75433cf-77fd-4306-b594-131188ec2d2b", "comment": "Malware payload (Formbook)", "value": "7ddf9fb46d1aae7b4ac60e280145130de860966295010878e138d8c2213b7372", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046860, "uuid": "d5f1f0db-d4e3-4851-ac2c-e6b5ed953e84", "comment": "Malware payload (Formbook)", "value": "53d782f6bd441127b3826930a662c1b1e042f74a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046860, "uuid": "56f433f8-5be6-4cbd-a875-b529222cdf2e", "comment": "Malware payload (Formbook)", "value": "5ef5695c94115bbd8a23138a1ca7b3665435050b60247b459c787f004d595b47c7e5d399ec7f3397670ff910d716aaca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046860, "uuid": "ea45f56a-dd97-4645-918c-8e8844403dc9", "value": "T1F715083804B80A12C135D2AD5AD4F613B3904F96721DCD5686C24FCA4AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046860, "uuid": "ce3e216d-965d-4afb-be7c-72ea4721f774", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046860, "uuid": "03ea3f43-61cf-47a6-b874-bbd5194194e8", "value": "12288:fEKaJQgZhx/g5RgJUKsoNMPCjYtJh8ZDMRSvsYJ5oU5j/gxd+s:546crNMPCgJGiRSvb35j/Wd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046860, "uuid": "4bfbd9f5-4c09-45f1-87ab-24b1fa997615", "value": 907264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046860, "uuid": "1469df23-6e81-4740-afd0-44d9a79e1d16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046860, "uuid": "7945e85f-10fc-4d00-b034-4db429141c8d", "value": "Nuevo orden.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cf86041-31ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691045517, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045517, "uuid": "b3a444b6-100d-4be0-99c5-95f96e4f5147", "comment": "Malware payload (AgentTesla)", "value": "0dd53598f773ba464fdf2440988ee408", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045517, "uuid": "7f64e182-0b07-4de6-b14f-923b03b25f5c", "comment": "Malware payload (AgentTesla)", "value": "7ee679b79a60f9d6102b3de6ab9a960bf443b066fca01fd587f3e877a48ef105", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045517, "uuid": "712e929f-4f37-4020-afac-190c27c88b76", "comment": "Malware payload (AgentTesla)", "value": "337426037a93cb757a2555c22afb4b529ca187ba", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045517, "uuid": "a3916e38-50f4-464f-a19e-f3d93bb2a671", "comment": "Malware payload (AgentTesla)", "value": "aec737759f21eb4ad1a9570675edff93b6f37855a3286897af5cf2e9058d56f27cd55d83119a09ccf32214151f21727d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045517, "uuid": "0604a4c2-7f65-4c04-97a4-9a5b377ffc94", "value": "T159B423C4466CD9E11E922EFF2676592F49D0B2FCCDB22437B600E5B40BD2B0745CAAE5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045517, "uuid": "3271c1c4-2dac-485a-b770-bdf81122d93c", "value": "6144:8KvtXFvIMJ0cAWeRIEaulm4pBjgEYYZ3F4lWbPSmGwadG2qdenA3QhDDXmf96ELr:B5AWTpOThuyV9FGhOeASvJ6z9CI0q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045517, "uuid": "4522acd1-1023-465f-8811-21a76d663441", "value": 525292, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045517, "uuid": "00d91523-b7f6-4202-a3f4-a5397c86d118", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045517, "uuid": "402c173a-3fa7-4b5d-8865-5610c6616fb0", "value": "Credited Payment Copy TT.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de16e678-31fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1691068121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068121, "uuid": "af12b741-3d55-4973-95f5-f55d8cdc9890", "comment": "Malware payload (DarkCloud)", "value": "f890e17fdb6f14a851c9d3bd4eeb6340", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068121, "uuid": "b5d1b156-e44e-4ca7-a8fd-93a01c2f74ee", "comment": "Malware payload (DarkCloud)", "value": "7ff58aca7eea812c1b0cde7f99ff8658502e76880375af72daef7b0deb63473c", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068121, "uuid": "2c20791f-d4e1-445b-b573-b18a9d4ed2c7", "comment": "Malware payload (DarkCloud)", "value": "01e1843fd269846ac4a349a46b4ede34b79c958f", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068121, "uuid": "6dd7411d-df68-4e2f-a8b0-76f74801c9d0", "comment": "Malware payload (DarkCloud)", "value": "d4e42ec59263ecd492804e4f8c8607d3a89128e0d5038d03fb2e20d43a214edf47819629af5974c3c33b7123da04a16d", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068121, "uuid": "f042ebec-5307-4c70-9b4c-e4e40d1fd9b3", "value": "T181847E27F580D477D0710D79DC8BE6EAE93DBA502D3825477BF81F8C993928269261C3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068121, "uuid": "f1c5a072-7786-4ce0-8d62-a77d5feee4b9", "value": "d1f32407f6eaa31701ca66580a98d92b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068121, "uuid": "bbb2103b-214e-4bc6-87f7-b3008a942607", "value": "6144:FkPhWQ9Qrx3JxpQqoYr2nNp86WrhzBmCliHKDQryDKDqqDLuz/szTFey:SPhWbN3JTQqoe2Np86WrxBmMiHKD5DKV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068121, "uuid": "76a1dab9-382a-4d36-a1ec-c3e0a9491b87", "value": 382976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068121, "uuid": "abba4634-970c-4700-94fe-34ddba08e9ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068121, "uuid": "ca01932e-5c57-4b98-8271-ded21aac8b6d", "value": "7ff58aca7eea812c1b0cde7f99ff8658502e76880375af72daef7b0deb63473c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56f19133-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691046849, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046849, "uuid": "441116a6-32c8-4e74-b958-43056908762b", "comment": "Malware payload (AgentTesla)", "value": "a44fbc10cf73b691bf6f9bae013a72a2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046849, "uuid": "153c68cc-a68d-4e17-868f-b0476c047a8e", "comment": "Malware payload (AgentTesla)", "value": "8076ade469725fb5e2b888de4de7f06233016247e435ab43d89739f29ba6f9f9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046849, "uuid": "e6f487e5-056c-4b2f-b106-87a089059729", "comment": "Malware payload (AgentTesla)", "value": "6de07b0f4aa45ea9cfcf774bee3f1f554b3ed2b8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046849, "uuid": "a5fb882c-4f66-4e7e-a7ef-9fc3df360db6", "comment": "Malware payload (AgentTesla)", "value": "a9c4e13548537189154f9fe4762ae6dabb1972e5d5d6fb7eb55162c47faa25eb42b81e105232a4e893119f4f19b49245", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046849, "uuid": "ae4a2336-5d7c-48e9-99d6-8350082827e9", "value": "T17C857CA16A52250FE21A2272D072B7584354CFF94A76EB4EBC04B25E8B337C75E35D83", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046849, "uuid": "beec9817-b03e-4fde-a6f6-ab9ed381c6fc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046849, "uuid": "47b0f148-af96-4d18-8b71-72286a6a9138", "value": "24576:MPfB7jCawKxfiEQfBVBfcspe2q6TeGNea3gHwVL:gQpflMN6TeGoW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046849, "uuid": "11ec79a4-c169-4f32-bb40-9bd3dad10031", "value": 1867264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046849, "uuid": "6d24b0c1-0a68-4d9d-9ee5-3874269cffc5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046849, "uuid": "26859246-3259-408b-9e1c-a44c53f8cb14", "value": "CICU3023853\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca56f3e0-320e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691074960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691074960, "uuid": "bfed249b-3bc4-4155-b557-127f086cdf09", "comment": "Malware payload", "value": "2bc7cd2091363607ca3ccd5cbe02e8b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691074960, "uuid": "5646bc7b-88af-48a9-8114-5baec98336f6", "comment": "Malware payload", "value": "82fecedbbf5f6c9e5ee0d10924134e572e6f1396192acfcc3aa355e7861f407a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691074960, "uuid": "9b4f4b12-30f4-4994-8b8e-058e9cb6fd37", "comment": "Malware payload", "value": "dd5fd088bbcab80e7e00f84aeb7c41bf91d1741f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691074960, "uuid": "2c94b310-591b-4e8a-b4b9-f26bd6628c1c", "comment": "Malware payload", "value": "0dbfc51c6da22957e06de9971994d8cffb1e892939fa006aeaa4871894797b085fe9ff5066f0c1245f7d47bc8729cadf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691074960, "uuid": "a781a2f9-67b4-41ea-a32a-dd4168a4bfbf", "value": "T163D2F8C59FA84722DB4D1230243FC0179B74A5EB71E9DA0D98C8AB607BED3464C9ADD3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691074960, "uuid": "41c3babc-e001-4acd-acb5-d213684e90bf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691074960, "uuid": "73ddddbc-40d7-4ca2-88a8-fd6bbdb0f75f", "value": "384:cCsiZYvaCHBro36/gMidClerEqYiiI+KJ:cCsiivhoKITCleodM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691074960, "uuid": "f0f09b73-67d0-4402-9639-f45e9723924e", "value": 30208, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691074960, "uuid": "616d329a-4340-48b5-8150-c6a96bb5907f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691074960, "uuid": "1a6d7003-8710-4fcb-bb4a-cdf0643e4411", "value": "1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cfed7b8-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036497, "uuid": "a49f025b-0478-40d8-950a-3b44a0ed0b93", "comment": "Malware payload (Mirai)", "value": "d84affb93b01201a6c54f0248434981e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036497, "uuid": "23132fb4-254c-4b00-b4c6-745a0ca5bb28", "comment": "Malware payload (Mirai)", "value": "8347e8933783cd4129240b96ae5e665cedc5848ce1cbb7d9f58eb97aaa29b108", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036497, "uuid": "8494b8e7-6f87-47e9-ae81-0fdcf3222b50", "comment": "Malware payload (Mirai)", "value": "1e4ea20fdd9b8b9468507d3b342d16bbebae3016", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036497, "uuid": "2d41dfdc-2a27-4518-ba57-387c68bd54f8", "comment": "Malware payload (Mirai)", "value": "9686a6d7900cf128a1f09f2d856ee63f896d2d66d41d721e7d6fc0470af783813c0deb666ba32fca52e77908f0e1c3e8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036497, "uuid": "b6c3c138-2836-4847-9f1e-874578baa51b", "value": "T154C3F831E8044B1BC2D223F6E75A469E3F351E9793E733115A3879B06FF27992E29520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036497, "uuid": "bb399b15-2297-4702-acba-b7b4f39dcd94", "value": "3072:6jVlyaL5JCrIpv04szbttiEiTmP46aQyfPlfKsNb:yoCJCN4szbHemP46aQyfPlfKsNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036497, "uuid": "f9025359-d697-47b6-aca6-d34f66b10d54", "value": 129898, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036497, "uuid": "25331382-a939-43b9-b97d-856b8ddefbbc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036497, "uuid": "10e4782a-3aa4-4c17-a1b2-f3ecd8d512f6", "value": "d84affb93b01201a6c54f0248434981e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2571bf51-321b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691080266, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080266, "uuid": "9c762b38-4377-46b8-977a-98d00c2b1e9e", "comment": "Malware payload", "value": "ed0415b53a3f3adf09ad18b3f71b6d2b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080266, "uuid": "da348bf4-1ee2-4e12-b231-e5fb7fdd052f", "comment": "Malware payload", "value": "83803428227ee2a5452f68c65af0dde8d077b68edbe8bd67e179d8aa679eca71", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080266, "uuid": "b8a6883c-ea4c-4052-be24-41e819477210", "comment": "Malware payload", "value": "fb0fd8281458855a6b28112b18a30fe90b99c4ef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080266, "uuid": "5ee836b7-c49b-443b-aabf-c3d55716f900", "comment": "Malware payload", "value": "9426092d34a24f5bed255351e22dd0107cd61da25bfebc1798d992b2a52095fbac6a64e7c22f9ea524b0c7f28d0bc0a9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080266, "uuid": "3c93e51e-ce00-496c-a169-501390e41efb", "value": "T175C423B3729A427ECCD44B399895810D13B99E47ACD1FB2E8EEC319E7CC2F157861149", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080266, "uuid": "101e31f7-6702-4789-be3a-a9fc22b43cd5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080266, "uuid": "6d29d7e9-21e9-473d-a0ed-025c3e52ff13", "value": "12288:XqEmXtYyLxw+li2wRGezPMQXbG4RpKUyHyRgUP:63YyLuFPNGKKU+yR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691080266, "uuid": "e18ae3da-6054-46f6-b3be-6799e4b2a1b2", "value": 559104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691080266, "uuid": "c58e1c04-42d1-4dd4-8007-ff1a3b798db7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080266, "uuid": "94bf799b-36b5-4df5-8549-1993d479554b", "value": "SecuriteInfo.com.Trojan.Inject4.59820.10152.25785", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e94b3a9-31d5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691050405, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050405, "uuid": "3cb1ff5a-038d-4c8c-a813-4731d057c155", "comment": "Malware payload (Formbook)", "value": "d27e13ce5271639c09cf59b9f6eaee10", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050405, "uuid": "3c9b45d7-bde1-487c-bc56-e1abfa86b6f2", "comment": "Malware payload (Formbook)", "value": "85176443ab1c87d4387378979a276b860b6306e6ae17749d0a1072111cc14a1b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050405, "uuid": "dabc5497-7330-4002-a453-7b3b504f5bcd", "comment": "Malware payload (Formbook)", "value": "a17256280972cca055e7e7104fd1bc25406d9205", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691050405, "uuid": "226340aa-57e0-4621-8c0e-c9e8a6689225", "comment": "Malware payload (Formbook)", "value": "02487e18f3901018de33b22574a2cad916488503b2e1f8c9fe6883fd4f890dce1d938764953acdb302a5116661782175", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050405, "uuid": "8174bf72-f7b7-4bd4-a154-687c22914fe3", "value": "T19B341201F2A0C977EEA316325CB9952A1FF6C52305F4A75B6704AB2B7CA37D1D60C362", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050405, "uuid": "459835e3-8dcb-4f82-880d-1a489e6aed6c", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050405, "uuid": "f69844e4-ad47-43c9-86d3-a6079d64fc31", "value": "6144:vYa6i7eW7rFk+v2RBxS537zBrw6v81rEJK1C+1WnQwTyvuXL1u5R:vYk1xNIxg9E6v81/CnQ6yvu71u5R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691050405, "uuid": "48dbb25f-9553-46ee-a10e-190662b7a333", "value": 247940, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691050405, "uuid": "01a336a3-cefa-462e-be90-70e375d73023", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691050405, "uuid": "e0fce747-aba2-441b-a4a0-83c342dcae9d", "value": "d27e13ce5271639c09cf59b9f6eaee10", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a57d3092-31dc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691053423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691053423, "uuid": "13731a28-8c7f-435f-9ca8-31e3dc351543", "comment": "Malware payload", "value": "71755abcf03d1145198ce5fa29cb8687", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691053423, "uuid": "d4701d2c-d1b9-4008-9509-bf6d9f2ac248", "comment": "Malware payload", "value": "851ef61affd9a6654b5a635e34bd678226e26aece30aafbb7ab2d3947d5057c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691053423, "uuid": "a9011a4a-ee15-4d77-83bd-3828f9e4f0e0", "comment": "Malware payload", "value": "95d7584cf57b7a39e895b93ac8fb06a7581da3e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691053423, "uuid": "f4e04f5e-904a-4319-b152-10c6f6091ccc", "comment": "Malware payload", "value": "e8eede2a65ee093dcbc24f8ef8a9fd1717e2ceab26f943c3fadb9e7ae4a334b3dbdb7b638e2110c7e344efa78107743b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691053423, "uuid": "8fcf643f-316e-4f05-a892-286d6fdd6d39", "value": "T16474233162FB4A29E0BBE5F2D5B16F46D9B2EE34CC8087122677760939F92313E60741", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691053423, "uuid": "3ed1982b-c65f-4c21-9ac8-667bd3b5bcbd", "value": "9212356426809f1b4ccfc1b6e5484912", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691053423, "uuid": "15c7e153-3e1a-4081-955f-4ec8534c9703", "value": "6144:gmjr/ZfHtYgQxS2B0dMcRGoulxofDx4eKFGcWhzDr/PGhJj1zWt2HW7RZobnkfnT:gmjVfHtYDxBgMcRGou/Y94eKFfWhzvPH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691053423, "uuid": "5ab0b6bd-f356-4208-8972-6247b60a2b3a", "value": 365056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691053423, "uuid": "919c59e4-4dab-44df-bb44-7cfd3d0ab07d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691053423, "uuid": "8f356374-8f98-40d9-8b86-1ba34e7cdcef", "value": "Steamer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98f55384-31cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1691046100, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046100, "uuid": "5da0b365-715d-4024-96c2-c35844aab46f", "comment": "Malware payload (SnakeKeylogger)", "value": "f19d85c4e2ff2da0acad772d2c9fc3fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046100, "uuid": "27850e72-e893-47e1-8e1a-7d84654aec96", "comment": "Malware payload (SnakeKeylogger)", "value": "85769aadc4608e599612aeea1554436f1a3f0c2c4cf88c7a597b690061aeed6c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046100, "uuid": "d982bd89-2083-44b6-837a-9e6a4297c571", "comment": "Malware payload (SnakeKeylogger)", "value": "8ac325b48b211c0521a411d786ee2bfc0c8c3886", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046100, "uuid": "05c38f97-7a83-4028-95cf-439ad2007b1e", "comment": "Malware payload (SnakeKeylogger)", "value": "da3fa4049ccf6568a9a5f2aa03011edba5afef59e9d7ea620b9aaa7334b06e3e8d6f67d3fff53c4803d067d038f50322", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046100, "uuid": "13c8c83a-a5a5-4be9-9392-34cc3a13f3ab", "value": "T1D505E73804B80A12C135D2AD9AD4F513B7904F96721DCD5686C24FCA0AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046100, "uuid": "3fa4a3bf-0b92-431f-bde3-175d828a092a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046100, "uuid": "7b2a56cd-aa09-426f-8761-5a05b91c8276", "value": "12288:rEKaJvqAye0xf76gbWs3Y9rJTuY0/gVCrpdnCNKiq5E+8:CqtxRbXY99uY6goC0+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046100, "uuid": "749c3ed7-016a-4f5e-8275-a0f9b9091168", "value": 845824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046100, "uuid": "cc9ae377-6071-4dc6-9bcc-202fa440e058", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046100, "uuid": "308c187f-b599-418f-af00-ab9b8f94a790", "value": "New Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c56581a1-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691044887, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044887, "uuid": "8d07e4bb-ca65-4a90-a09c-e241c21914d0", "comment": "Malware payload (AgentTesla)", "value": "4713815d01ba7f9a77a0bec5aa34d1d4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044887, "uuid": "bb244fb5-e68f-43d7-b147-520fb37ee84d", "comment": "Malware payload (AgentTesla)", "value": "85c947b965f77ca575d542c722023f7a2f2c7766e7e5437932dd684bc8855dec", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044887, "uuid": "3ed1f0b2-10ff-4621-9115-cdba1132fd1b", "comment": "Malware payload (AgentTesla)", "value": "0cb5b74af08a1502d4d525d293678fbd6b09e8db", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044887, "uuid": "89a6aed0-23b2-4d3e-8112-c64e39d38794", "comment": "Malware payload (AgentTesla)", "value": "cb8b41d3786f12744c615acbd61736ca63e183494f347ede15121d03ff9f9863ad86f19996ef0f2102ec7370971f7964", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044887, "uuid": "20a0d381-80f2-468b-8bf3-1965f7ebc2da", "value": "T19315F726417AA0B7DF1976BC5E23D83A35D96B40B1B6E188B72B38C7C5C61120D3B7E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044887, "uuid": "fd5bd60a-e639-4788-a54c-815a191b4d5b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044887, "uuid": "6755f0e9-feb2-48c8-8299-ad417f02f98b", "value": "24576:PMpppNpppppoOQpppNpppppoO7uayAeU+6HAePiyMcjuW1:PvO7O7AAedcAeqyMcB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044887, "uuid": "155aaa62-a6c2-4522-8ea4-77b135c896e8", "value": 907264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044887, "uuid": "0bf4cade-4e10-4959-bfcf-5b090f8d2959", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044887, "uuid": "af61c891-80dd-4098-9824-40af70ff4198", "value": "SHIPPMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a7788aa-3228-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691086046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691086046, "uuid": "329a2247-75f3-42c7-ae76-0650a8971139", "comment": "Malware payload", "value": "a9c13075a3f9c26ea4bd1d02da423229", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691086046, "uuid": "dc6ec9af-78a0-4e12-833a-843852bae9f8", "comment": "Malware payload", "value": "8627f2595a4e2b9b3e78fd956771b037772ce92c49ebc06fd0b53c247f9513bf", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691086046, "uuid": "346585dd-be38-46f8-849d-3c4e88d57b95", "comment": "Malware payload", "value": "68cbee4774c3ddf60a6006e8e6f14f8904f56d5c", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691086046, "uuid": "d403aad3-5ddd-442e-9df4-d485903b5edf", "comment": "Malware payload", "value": "4d31ec87f1a8b589a2f3213aea07f677530e83cac11631aba02fb8eddcc54611afd71a3dd5acf34a5cda78d359c20c39", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691086046, "uuid": "b6e8236b-d971-48c0-86a8-fec527f213cb", "value": "T10A236D4037E88136E2FD4BB4ADF2E6418275E6672903CA5D6CC814EA1F13BC596036FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691086046, "uuid": "cf8ef96b-adf6-443f-8845-f92d92eeb2d2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691086046, "uuid": "28038bce-4988-4862-813a-15954bd2385c", "value": "768:4q+s3pUtDILNCCa+DiptelDSN+iV08YbygekApwLRQHrovEgK/JvZVc6KN:4q+AGtQOptKDs4zb19gwlAonkJvZVclN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691086046, "uuid": "33a12539-55cb-4788-8e8b-f12e6193f48c", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691086046, "uuid": "bbbf2c27-962d-4c40-9cf1-463215524d2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691086046, "uuid": "3c94ed6b-9a8e-40b4-95e3-345d2a6670c7", "value": "bOD7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7f2f25e-321f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691082284, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082284, "uuid": "da965871-363b-4070-9007-325f17a896b6", "comment": "Malware payload (Formbook)", "value": "ffae900a6c90b39e5119ef7c2958d9e4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082284, "uuid": "0b6499e0-1e52-4aaf-b952-4bc0c8299543", "comment": "Malware payload (Formbook)", "value": "869854b67188cf519a00264e8b1d02e7fef12ac977ffb8706fcd70645ffc23b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082284, "uuid": "36febbe5-4f2c-4cdc-add6-594bd60ecf12", "comment": "Malware payload (Formbook)", "value": "cb035ee059510e9f8a173ea51cad63fd04e4b1c1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082284, "uuid": "e9746b27-d1d5-4b74-9497-705cf22ba0fa", "comment": "Malware payload (Formbook)", "value": "8a8d42b70c890a29dde87b1f3d813352b686b2205a1ff56b50cbd5cca61f706e0024d25f3b7059a3bcf1390b0410320b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082284, "uuid": "74bbf5c7-9585-4af5-ae79-aa08028fcda5", "value": "T1D0D422A6731CC2F1CCAC4F76049A557B03976DAF919FF629398AB58E9B53020113F229", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082284, "uuid": "c1213f3d-b717-4a12-9289-76f4bb79190b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082284, "uuid": "7d3a8416-7181-48d9-b036-cc729ef6bec9", "value": "12288:0qCXea1fralnBNzkauvnZ3tEBNTjOfxPkSl/AiSPlBt8O+V8mThUQX8:xC7zizkBhOJ8cyaJ8Z8mTKQX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691082284, "uuid": "e84a3081-7a63-443f-9d57-b966aedf0f14", "value": 597504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691082284, "uuid": "6a6e57ad-3bea-40f2-9ad4-6f279425bde6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082284, "uuid": "d30eb5c8-bf74-41f5-853f-6b5c70db439a", "value": "gonderiRaporu.xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf00f633-31cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691046621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046621, "uuid": "0f2d93e5-d861-466e-8c81-f26d0b912507", "comment": "Malware payload (Loki)", "value": "7fa3715bfad50eefef91bc1486972b6c", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046621, "uuid": "a81dccda-da15-4d45-ab6a-daa2a3bc25a6", "comment": "Malware payload (Loki)", "value": "86e85674a2637575306cfcf4c3f8e6a847ee8c7cef270c57ea806fd01f20e9d5", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046621, "uuid": "13f8ff9b-b530-43f3-9928-bd7ae27e33e7", "comment": "Malware payload (Loki)", "value": "d59eb73960dd601aeb3f4b3833e200c0c56bf297", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046621, "uuid": "acb42885-59cd-49c7-a63f-f1c1a7c41733", "comment": "Malware payload (Loki)", "value": "38f1d8a28e792edcfa779a2eb43a7f580df6bcbc834ee6f08eb2dce471b5f6bfdaa34df2044a14b2e313aa8dd812ad69", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046621, "uuid": "bcea4996-67ea-451b-a922-13fc665ad8cb", "value": "T124A40100724CDE69E18653F898F6B45D602CBD327FC662C37AD4BB4F4836F5AA817A11", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046621, "uuid": "5b1e87ea-46b3-400f-ae97-9c9719827828", "value": "12288:lh8ZoWQmmme6v3QLQuEqAreuTfWGBOHG4myNbc0:zWQmmav30xUzBOm4bbc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046621, "uuid": "24e23a5b-7dcf-4127-8102-769d4724434a", "value": 455680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046621, "uuid": "936c3fa7-35cb-4ea9-99f9-93ef7c7526de", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046621, "uuid": "d4d40a43-6c37-4a38-afc8-fd1df424eacd", "value": "NEW HENGTONG ORDER TP030823HGC.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2490e5cb-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691046764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046764, "uuid": "f5de48a0-fe31-491b-b2aa-f95f145cd670", "comment": "Malware payload (RemcosRAT)", "value": "ea434af5bffeb2299e11baa05fcb929d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046764, "uuid": "d3d8c4b5-5be6-49cb-9204-dbb40fa701aa", "comment": "Malware payload (RemcosRAT)", "value": "877371d8ae10433714781fc8187b21a9bd55e01738d1e701603118d1e2b89944", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046764, "uuid": "96d0bd5c-6631-490c-a727-c703872ad9e2", "comment": "Malware payload (RemcosRAT)", "value": "b900041f49c42ecf07e61ed467e3301f0aaf18ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046764, "uuid": "f97b80f2-fb51-4f17-8979-41f90ed8df50", "comment": "Malware payload (RemcosRAT)", "value": "285da98a3be52577f1a0f912b17a8a3d1c3c69b390d9c5f2896c2634595de938088777b54a3248f5896086f465d06870", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046764, "uuid": "0e96b999-3caa-48f7-a110-72dde4b7c5ca", "value": "T13925F1007269EBA3F83E9BF55414518107B197BE60AEE79A8CE5A0EE1760F500F50F7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046764, "uuid": "63e44b41-f04d-495e-a7c5-6cd3513ef2b1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046764, "uuid": "ee7f8154-6e99-4d82-a169-642fd13fb600", "value": "24576:k6KYMtRqGI4tiIwh+2GF+4+wUROQ7u6RaEq7T:k6KVRqYXqfqr+NRz7u6Hq7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046764, "uuid": "aac3b26a-12b5-4b71-b2f2-f9fe9f975450", "value": 1023488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046764, "uuid": "e9e1d980-6e4b-4b3c-9e3d-eb0fbdc26a34", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046764, "uuid": "c2356ad7-3dba-420c-a247-53fde586a806", "value": "PO21019612.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38c85342-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036490, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036490, "uuid": "d7b90b8a-7a40-4ed9-8e7f-1aa2e5cd664c", "comment": "Malware payload (Mirai)", "value": "b834d5c431d2bb5cf855a3151c150952", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036490, "uuid": "7b10605c-adb2-40eb-a516-89190dcb9bee", "comment": "Malware payload (Mirai)", "value": "881e7126f65751a41d59e846908246030f834ec03b15c1ef2cae8c4a1098cf15", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036490, "uuid": "76d08704-eb88-4e6c-9891-19bdd4db46c5", "comment": "Malware payload (Mirai)", "value": "295dc4b225bd40e838def93e366b71611e3bc6be", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036490, "uuid": "8f28c373-680f-491a-9d68-234a468a173e", "comment": "Malware payload (Mirai)", "value": "754481772d4efd9f2e884ec8e7eb6ef056e7aaf834644454c84fe1d0f2a9df56a717a5551840abdab3d162cdd575cbd4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036490, "uuid": "3e728eba-afbc-4854-a626-c6c5360b27f9", "value": "T1CDE38536B7619E77D81ECE7305A985121C8CD98702D92B6BB2B4E51CEB6BC4F08D3D48", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036490, "uuid": "9be72a42-7b25-4f54-84be-092fcc50108c", "value": "3072:dgZc9h1jlnLA2PiXYeyCcBVNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZBVWDo9mrThPaLEnvP5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036490, "uuid": "b9130210-b90a-4c05-bf38-db10a8a9d12c", "value": 155476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036490, "uuid": "30d9746c-a2d4-4a16-9598-aa3956c8c3ad", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036490, "uuid": "6f4fad58-a666-4ee1-9978-4e46f324e639", "value": "b834d5c431d2bb5cf855a3151c150952", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "baebef3c-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691049593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049593, "uuid": "d9ebb983-f230-40c3-a77e-5b64a8e9fc57", "comment": "Malware payload (AgentTesla)", "value": "74d2ee93961c4db83a6255f428022d4e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049593, "uuid": "f99d2fdf-3036-4f59-81f7-f220fd66147e", "comment": "Malware payload (AgentTesla)", "value": "8972f88f545848efde365259eb058edea0d7db003df9d83d4696ecdaf7618bcc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049593, "uuid": "29ab929e-ee65-4275-bf36-f7deda9d67e1", "comment": "Malware payload (AgentTesla)", "value": "f527297e2c07efe57704c0520780f831513c46d5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049593, "uuid": "3cce7be6-a44d-40f7-9e1d-dc7d1929f92f", "comment": "Malware payload (AgentTesla)", "value": "c5e1317a7b379d80bb217ae36894dd73bd451de889fce0164150cf82fe20f68158c96091694b0c1ff5ae3c642b36536b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049593, "uuid": "248d39b2-8737-4008-ac7f-6165f4f0094c", "value": "T1B1139E2DD34F41A9CF625277AB1A0E5442FDBB7EB38522B1306C933533EE82D51252B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049593, "uuid": "b91604d4-3207-4f76-889f-2483e0eb5fce", "value": "768:twAbZSibMX9gRWj07TcIskwlMTIq7f5WhDv5cki:twAlRP7T6blMTGy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049593, "uuid": "c016fdf5-c87d-49c9-9c45-deb2cd013dbc", "value": 44528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049593, "uuid": "01987b13-b74d-4ced-a052-ad680bb1a3b2", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049593, "uuid": "d80eafa6-5135-4d37-9f5f-93b20c7b97b8", "value": "74d2ee93961c4db83a6255f428022d4e.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "029a4ccb-31d2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691048855, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048855, "uuid": "11c29737-3a21-45ec-8eed-8d4c6ae26ab9", "comment": "Malware payload (AgentTesla)", "value": "f04c1667a1de95ff0d5d03543ed9efb3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048855, "uuid": "269b499f-a70d-49ee-ab76-54dde83c3b13", "comment": "Malware payload (AgentTesla)", "value": "8a4fd336ba5912472ed0fb9ccc2ff0750ba7729b4cfa014b28f97cedbb7e5f65", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048855, "uuid": "65c8b5be-f556-4b2a-8711-6ec693a7e75a", "comment": "Malware payload (AgentTesla)", "value": "42a4a5a59b9d0869fad9cb33e1b7cdb9543d7b14", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048855, "uuid": "3c29b014-65ad-4c6b-b0e3-8e433fdfd3d3", "comment": "Malware payload (AgentTesla)", "value": "d163ae2450daeb30f948aba466da6a434c9f51732c8ec0b7923bc51c53ec796c7a5870b572f9856560f764cabef2823e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691048855, "uuid": "b0960821-049c-426b-8302-32e5cdb14485", "value": "T1C4C423370CB9558212511722745B9214BE8E362FFC7B078BA9EC2B9B1F7928D439861F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691048855, "uuid": "1df6a08f-2779-4e79-a77a-1fbfe1773ff1", "value": "12288:JgCNnAoybXQ00yAxMUrcTANJguOjitJeLDwdwdAQ2E5fE4P/HPe:dNnV00yA2UrcTANJgubtoWOE4PvPe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691048855, "uuid": "47c58d78-2dd5-4d89-a858-fa358937ae2d", "value": 570123, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691048855, "uuid": "40cd16a5-ba95-428d-8908-3464c0a6243f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691048855, "uuid": "d47e7929-83f1-403e-a2ec-7bccbb9aa9c7", "value": "Payment Copy.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2625f468-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691046767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046767, "uuid": "2e3efbb7-82e3-4ff3-afa0-9db4a6932edc", "comment": "Malware payload (Formbook)", "value": "5c412f0f22b162d7f32cdbc9e500a1fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046767, "uuid": "d43dda04-9911-4d1f-b8cb-6ecc041bbc10", "comment": "Malware payload (Formbook)", "value": "8a6e40ffa6aabeda07bd1c75dd8566bdb498ed5ef0eb523e8371e2fecda47e36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046767, "uuid": "288f3451-4b72-4aa5-863f-81638bc6d302", "comment": "Malware payload (Formbook)", "value": "e116967f21c982cdd814d82d2d37594f5a806cce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046767, "uuid": "3f894876-d6b5-405a-8908-e9d56482ae40", "comment": "Malware payload (Formbook)", "value": "6bf30337d2d42a12d50d45ed4b92660001e08d798f4866a004daf4fbc6aff3a4cdd0bdedae45f24929507bad80b29fd3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046767, "uuid": "d5b82de8-c8ce-47be-9fc7-edb2194fa521", "value": "T1E2E4D000716CABA7F83E8BF49515418007F5A3BE706AE74A4DE6A0EA1B65F540F40F7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046767, "uuid": "d77a237c-d804-47e5-b0ed-31ba605dff57", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046767, "uuid": "ec99da27-75a9-46da-a900-143d8d95ad53", "value": "12288:N5MY3kRIBx5xkUQAs371jl1INLMRUGl9zaasU:N6KkRm5BZs7p2aUGs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046767, "uuid": "97162639-de81-4fee-bde1-bcd43a17de7d", "value": 705024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046767, "uuid": "2ddb5035-30ad-43c5-9dd9-f3f93bd55853", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046767, "uuid": "327602c0-81ed-49a2-a673-d45f175cf58b", "value": "UAE61 - 4510793563 - ALTAHER CHEM LLC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ff07e12-3201-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691069224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069224, "uuid": "a8930050-e4c7-45e8-ae21-db9db7e15d8d", "comment": "Malware payload (Formbook)", "value": "a7d10ebd4b24b1f3008f4c2318907863", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069224, "uuid": "d54d2a2e-083c-4fe4-9e60-9e70253ec574", "comment": "Malware payload (Formbook)", "value": "8c305a8516089a9e811fbc9cf560b0e36a2494debe59c5677376638c7155a452", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069224, "uuid": "1fd03a1e-5350-4000-aa0c-8c9507448d55", "comment": "Malware payload (Formbook)", "value": "6a2aa20bff5d51aefd9a9493b365a453e9523600", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069224, "uuid": "1c0f1171-e72f-42e7-af27-7f2565cb3edc", "comment": "Malware payload (Formbook)", "value": "ddd63bf02cafe7bd7bfbb2daf18b793804d4060f510c20849ea334a759946dd02fbbd0656caeb54c78615c3ca9f39e0e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069224, "uuid": "2a5217de-eb7f-45b1-af1c-ec2d5f43ae13", "value": "T1CFC47D11BFE4AB17E0AF63B28063496253F4E192E3D5FBCB59807AEA1C07305DD05697", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069224, "uuid": "01033870-c0be-4263-9238-0e242b34f025", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069224, "uuid": "3029cbd8-317b-4406-a593-935ed2b6f233", "value": "6144:21+DsToi2+1WAa4WtXVAWlCVV9b+6Y8zrFmjSFrIsa76r:AWxtXS9VC4Zsia7I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691069224, "uuid": "4a808189-6e4f-46c0-ad55-ce31f17070a1", "value": 576512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691069224, "uuid": "758e67d9-76c6-4093-ad5e-8677ccbe338f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069224, "uuid": "dc3f32f6-d7ee-49b7-ae26-b0a64ac14b0d", "value": "Fattura_Payment 202360556.pif.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c31f414b-3245-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691098570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098570, "uuid": "e3ceaa22-dc26-4046-8557-d286359ab188", "comment": "Malware payload (Mirai)", "value": "e94387b95c4515a540203dd2d856d353", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098570, "uuid": "43869c85-c3dd-4b33-973c-1224c89fcd6a", "comment": "Malware payload (Mirai)", "value": "8cad93dac4260d4294bd45146ed1935c78542734a03e76b80265dfb2cf542a68", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098570, "uuid": "658dd372-f608-4c5c-8c91-047be4959469", "comment": "Malware payload (Mirai)", "value": "dcade6e3fc246aa88ae50c5a291a933cc90ecccf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098570, "uuid": "9a1c4212-691f-4737-b0ed-0fa929583a05", "comment": "Malware payload (Mirai)", "value": "ad3fe2ae6a68ef4180c970f96eae42a7cd106f59fa34aa33e18f2a816c1d29ef28df45ad0659000cdcef2b20013747df", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098570, "uuid": "20b44787-54fc-4c5d-b408-df60dbddfa70", "value": "T171C2E1A360B5C913C4B7837B5E3D19B721606435634DEE2D37695BC437860E0567ACCB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098570, "uuid": "7b686c5d-2360-4cc8-af9e-ec4d9574e432", "value": "384:MRG99WXUx5+bkbRaliVErjrL9VD9jPwrSaf5CwTvDyLTwfflrTHOBFR0j/y5ZCAU:95+Kcrb9VDJee2KTgdTHOBcK5ZCAyQW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691098570, "uuid": "c51b1775-cd3e-43aa-9471-ce3f862f7066", "value": 27704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691098570, "uuid": "7965bf22-4acd-463a-aace-0a75b8fa6bf3", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098570, "uuid": "4c10bd05-1065-48d7-8193-ddd40962a067", "value": "e94387b95c4515a540203dd2d856d353", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c82c39e-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036470, "uuid": "805345d3-0c52-48e3-a9e9-840da7a9d335", "comment": "Malware payload (Mirai)", "value": "bb9abac2f1eeebb7e5b4cc7e6c580574", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036470, "uuid": "ab8aed52-286d-4cdd-a4a5-6e0cba32049d", "comment": "Malware payload (Mirai)", "value": "8d65b1c26285a08ee8cb11aa868984bd37553e2d2a8e5171d2460c32ca89a2e6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036470, "uuid": "997cdd46-7ab3-408c-830c-f15410290405", "comment": "Malware payload (Mirai)", "value": "1060233bd31c272cd99cc6e3c26552f209d2cb75", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036470, "uuid": "61c1c163-6c39-4890-af7d-891cbffa414a", "comment": "Malware payload (Mirai)", "value": "fe46eca645131b1d240353c9beac3f34a7baea2d83fb5f5110b72359f407a27fcb3e062785309cffaf4f4db24209b33a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036470, "uuid": "091c2804-f340-4137-9f6a-0db5bd136807", "value": "T1EEB3F872B804DF66F00A96B504D38B367E30BFA70E6316A2731B39669D331D528A7F45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036470, "uuid": "370ea03a-db55-4a0f-a686-5143f0d2775a", "value": "3072:Ydg8GXIDvGIk1MG8+mjypvZQoamm/QcuLB1niDNb:YuFX0GIk1MHyphpamm/QcuLB1niDNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036470, "uuid": "bb1ce37b-22ff-4396-a0a6-070f160d0c48", "value": 118090, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036470, "uuid": "f254b082-6576-44bb-b8aa-b896f1bcfaca", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036470, "uuid": "22656145-58ce-41d4-9223-753a8905f2ff", "value": "bb9abac2f1eeebb7e5b4cc7e6c580574", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c5eed1e-31be-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691040496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040496, "uuid": "149d44bf-4550-4b09-8dd3-9872ec80d7ed", "comment": "Malware payload (AgentTesla)", "value": "ae5bc1c42737639d780c8ebfacb9b177", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040496, "uuid": "7e3dae88-f229-4ef1-bab1-3977de7de553", "comment": "Malware payload (AgentTesla)", "value": "8d85f64b35f58fdb6caa756ca8f230799ea1ec2f651f1a83c37d5243c8443d15", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040496, "uuid": "4c4ba19e-8cd5-4cac-9fc7-e5ef648a802f", "comment": "Malware payload (AgentTesla)", "value": "b9bc6495f814752bb408ecf89327bacc6236857a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040496, "uuid": "0560571b-5d95-4e9c-aab4-36adf9d74e23", "comment": "Malware payload (AgentTesla)", "value": "041e8b82ec2f8f90ca39a31082302191cc40e6c988ea510f3a466a5b924b4f7bc3afdf68e3ccd626f76607c824f5ad95", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040496, "uuid": "a2fb345d-c78c-40df-8633-4229d197976c", "value": "T13B15E726417A60B7DF097ABC5E23C83A35D96B40B1B6E198B72B38C7C5C61160D3B7E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040496, "uuid": "1e16a59a-8f1f-41c1-ac72-56c64f1f1c9f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040496, "uuid": "af6c15c1-58b7-47b0-a26b-84881415ecb7", "value": "24576:b5pppNpppppoOQpppNpppppoOcuayAeUmgxAv3ouPt8wSEQPHP5R:boO7OcAAe9yAZ+wev5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691040496, "uuid": "bffaaa41-7d01-43cd-9fb0-7a513a250a9d", "value": 914432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691040496, "uuid": "9be5b1de-c3a6-416e-9ca0-709fc5a650cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040496, "uuid": "8be128c3-08b6-43da-a0e4-57e5d8720f5a", "value": "SecuriteInfo.com.Win32.PWSX-gen.27086.7282", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f6f4818-31db-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1691052930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691052930, "uuid": "96bfbd6b-8d25-4d84-82c7-64e48cf5f591", "comment": "Malware payload (AveMariaRAT)", "value": "fef4dabbd86d9bbfcb2f75aa37ca833c", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691052930, "uuid": "510225c6-ea98-420a-9dfe-d24ed6b0db76", "comment": "Malware payload (AveMariaRAT)", "value": "8df743bfde0cc4b44753b7efdeb0f37e381a302f3248470cb949ed16730dd106", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691052930, "uuid": "7b2f275e-3bf7-43b5-938f-8aeef659ce6a", "comment": "Malware payload (AveMariaRAT)", "value": "87e719b3223d47c2639afd65f697529dfc72b650", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691052930, "uuid": "c122df75-559a-4c53-a8b6-ad7d6f744940", "comment": "Malware payload (AveMariaRAT)", "value": "0e30f149d5fc2defaa02218257d74078b1680101144c77fe91d3bcf5952ea795a67f153b0108ccefd34147bd455d24bb", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691052930, "uuid": "45a7996c-7953-467c-aed1-7657156996dd", "value": "T16905017837A9D69ACD984778D832D2F817707E146EC9F22BBD893F5F38B2201181174A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691052930, "uuid": "23dd80c6-5356-44c3-8544-45a03de93ee6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691052930, "uuid": "62606a70-3f8d-4f8f-a1fe-e8a4a2bf4748", "value": "12288:JQqiOGG6ui/CQaBUgbyd+hT48rhhrAZFC1Yf:JtvGG6ui7dd+948rhN9W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691052930, "uuid": "337c602b-ad51-4406-97ff-d7721e33e1b1", "value": 849408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691052930, "uuid": "fb46bd7c-240d-425a-9772-987015b5cb99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691052930, "uuid": "3840347d-d866-495b-b422-aae49f87603b", "value": "#PO202308.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2d17b39-3233-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691090785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090785, "uuid": "b505b76c-651f-495b-9177-70cb15756094", "comment": "Malware payload", "value": "980c6515335ea5b004b8fb9c3ce639d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090785, "uuid": "991e3893-85bb-4209-b6ee-46320aea90a8", "comment": "Malware payload", "value": "8e425db69c8d41e3e45f84d5a7d310b4d05ac8caa3a32de26677fec63651722e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090785, "uuid": "4ffc730a-a4ac-4628-a08a-ec87434d698f", "comment": "Malware payload", "value": "1769cc86b945ef893fdfcf200de363db29dd14f5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090785, "uuid": "94e48aa5-70c2-4660-8971-b103a93c0b4f", "comment": "Malware payload", "value": "c1c4316325284684c0c853d6ecea27dc1729312c1ba0a6d812021684c692ef6ac5b0492e996919d67cbdad705333d12d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090785, "uuid": "264c097b-9c8d-4534-a913-adcba8dfeefe", "value": "T1D8A63B47F89181A4C1ADE270C6669293BA707C894F3123D33B50FBB92B73BD46A79354", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090785, "uuid": "e00d40ff-b5b7-4fec-9055-0221d812c9ae", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090785, "uuid": "652ff20d-b6ae-436d-b711-9b42f2ca3f48", "value": "98304:EGS3iJNmxO5HNR7rG+dVcTE8g2mwznnd:EqVHjGYLPud", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691090785, "uuid": "1133ce51-40c6-4223-8631-e8298358cd54", "value": 9680384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691090785, "uuid": "2ce7f4ad-742d-4b3f-b275-fd6f6cc6bcaa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090785, "uuid": "b51ef418-89a2-402c-b660-eb14a593a864", "value": "8e425db69c8d41e3e45f84d5a7d310b4d05ac8caa3a32de26677fec63651722e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cd786d6-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036443, "uuid": "3cbf4f6e-af41-450f-a78f-75f05e476c75", "comment": "Malware payload (Mirai)", "value": "877306351b03fbe27382b2199f6e9c0a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036443, "uuid": "6caaa1a6-b41e-4282-9038-e9cc0704d682", "comment": "Malware payload (Mirai)", "value": "8ef658a73b292410dd6a570bc65a0f398e838b5adb141eb9dc81ad124fb46f80", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036443, "uuid": "7f8fb18c-b802-498c-a0a8-92c51ed96c45", "comment": "Malware payload (Mirai)", "value": "59247cf8b9fbbfbcaef8c93dca4bcaa03bb3a592", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036443, "uuid": "292584eb-70fc-4f76-ab05-cd606aa967c8", "comment": "Malware payload (Mirai)", "value": "b099eaf47ad9769287b6ec25ee331cfa88a66e3d45ed4b339e0710429e21ea1d74943d1d485d7b900f43a02e95e6bc90", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036443, "uuid": "a499e25c-1bef-4fb8-882b-521c7a91eac8", "value": "T1CAB31877A4654F73C045A5F125BA9A310F12AD931B1F1A88763CB6B04A3B4CEB84EF58", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036443, "uuid": "6888ef48-7586-46ee-94be-74cc57eb141b", "value": "3072:MDVLSItJP+Xsp4JlN3HTjmH1cuEgvniuN/:MDV+ItJH2l3HTjmH1cuEgvniuN/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036443, "uuid": "00ad9a1e-f98b-4f68-8e60-79397dc7b129", "value": 112633, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036443, "uuid": "6add043d-9cb3-4117-b390-9a493a865a86", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036443, "uuid": "5768066a-a147-4729-a623-010fb074e578", "value": "877306351b03fbe27382b2199f6e9c0a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e09e8c25-3242-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691097331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097331, "uuid": "abc6f003-37ec-447b-8fd7-5563520ecf8a", "comment": "Malware payload (RedLineStealer)", "value": "354bd1aaa1da647c10f39178082c6c41", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097331, "uuid": "cb14a4b6-e5fe-46a4-913d-5c61588edf47", "comment": "Malware payload (RedLineStealer)", "value": "8efa32742a759d1f045aa1bd68059361c92ff94cb8ac2261cabc7fd618f49e1d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097331, "uuid": "e7549fcd-b0c7-4b30-b9fd-d5c54921b62b", "comment": "Malware payload (RedLineStealer)", "value": "09a6973fced977f34dcb062c23442dcf838ae801", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097331, "uuid": "5a384ea0-dd9b-4b9a-a9ec-44a94e96adee", "comment": "Malware payload (RedLineStealer)", "value": "f3312a02610215022b6daa5b3153ea3767dd792553f01e243eab2a5db9a89d300522cc4a9c758fee20bc8b38ee93fb03", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097331, "uuid": "1c4d4e10-d837-4d49-9f81-6ce579bef546", "value": "T16CC41203E6D85063D8F657B058FB13C31A39BD718928476B27A2991E0CB67C5B835B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097331, "uuid": "b71a5999-2c06-4732-ab2b-67d8cf5664fd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097331, "uuid": "be0d3a8e-38c2-46d6-8a28-07b40a70b5f9", "value": "12288:SMrfy90j3SMm832rRUs0i1sheMi9sKuJxRdT+KQYyQW:Byq3SMmVRL03hDKAxHTXQYbW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691097331, "uuid": "746769fa-03fc-4b28-9e20-2262e7029a3b", "value": 572416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691097331, "uuid": "19d8c267-7ac2-4905-998f-9b1d4e31f656", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097331, "uuid": "a0b39362-462d-4ccc-b231-97c6060f8687", "value": "354bd1aaa1da647c10f39178082c6c41.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d0c818d-31be-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691040497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040497, "uuid": "7ca8ed85-f335-4004-8ca1-4c5357cebf7c", "comment": "Malware payload (AgentTesla)", "value": "4c08f19f30a1eda694a2694ad2f0c2eb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040497, "uuid": "c09ed33a-9f50-4c11-96e4-77fb6a02ff8c", "comment": "Malware payload (AgentTesla)", "value": "8f22351f698d43ccb1a779b47b3b721d9ef4c346df9b0472c8dc05a53c8cf46d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040497, "uuid": "fa48d33a-f315-4c5f-86da-18aa2f1c7f63", "comment": "Malware payload (AgentTesla)", "value": "9756bb8a922375574ce6a2784c7946c4b5a8c48a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691040497, "uuid": "dd7d7227-4344-4967-ad59-f8426f13cc45", "comment": "Malware payload (AgentTesla)", "value": "4dcb301eda881427f379587628143dd04ae63f029a649a795cc42c6088055ebefd9ab6e485c1cc29d6b0f464348b09c2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040497, "uuid": "69f5132a-1610-4439-82a2-e542c13bc487", "value": "T1FE15F83804B80A12C135D2AD5AD4F513B3904F96721DCE9686C25FC90AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040497, "uuid": "c7c8ed48-b328-460e-a552-d8178b7da2e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040497, "uuid": "f02b0cc1-b321-4bba-bde5-6cfa9b0a2c19", "value": "12288:DEKaJ51l0cCdrgnwagzCgILWOQvKGxF7sZQNm3J3VPT9y51kVN22AX7w4:UQzCTLBQvKwF7sZQNI3FTA51k9m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691040497, "uuid": "8646e5d5-40d7-47c6-9ff0-c38e625b16f6", "value": 886272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691040497, "uuid": "e2b414e2-5b2e-4a2d-b50a-ddd1dc25cee1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691040497, "uuid": "0f4890bd-118c-45f7-bb43-e83609bf9b14", "value": "SecuriteInfo.com.Win32.PWSX-gen.17904.14064", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9aa3cc23-322e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691088623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088623, "uuid": "5c8f729f-afb4-4135-9635-822bb0e7cb87", "comment": "Malware payload (RedLineStealer)", "value": "5090da2bd37fd95420f9af41e019c563", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088623, "uuid": "52300dfb-6201-4392-bfb9-fba99a3030f8", "comment": "Malware payload (RedLineStealer)", "value": "8f42370dcef5beb7749b11d58e6b425e38c55b0cb788dd02eb3ea5e613430100", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088623, "uuid": "78b5c8cf-972f-4b94-a945-d15f1c4774a7", "comment": "Malware payload (RedLineStealer)", "value": "6aa40d70dc932448801a97141f0381b102c32ce6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691088623, "uuid": "8b421eda-62da-41d6-ba76-13b3548e14f8", "comment": "Malware payload (RedLineStealer)", "value": "67827f6aff49d3aea779354476c4f888fe846b5513090957e7b39e8d63afe94c978cb1742f275120e2ca5280e874fff2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088623, "uuid": "8d78af6c-05b2-4942-83c7-e5103bddedbd", "value": "T198C41213FAE891B3C9B21B7058F707D30B75BDA29C78521B6786995B0C33A94683173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088623, "uuid": "0760f15d-2ad1-45d9-ad72-0f2f9b4c4e3f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088623, "uuid": "980cb9af-1ed3-47dd-81ce-c94f5ff318fa", "value": "12288:gMrEy90DAH0cguNlYg5i3fAHZk2SZtIyhPNiv3i0DZQ:UyC3gYg5i3oHZktIypNGyJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691088623, "uuid": "ea52c190-8a5d-4789-838f-b83592004e3c", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691088623, "uuid": "6e9d0ce1-09d1-43a9-b181-973a2e13de68", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691088623, "uuid": "dbe00e13-9187-4daf-864a-7a1e67f9d2be", "value": "5090da2bd37fd95420f9af41e019c563.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c1492e79-31cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691046168, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046168, "uuid": "0b2e0899-a0ab-4f5a-a9e3-a8bb7556fdf3", "comment": "Malware payload (AgentTesla)", "value": "89fc6efa03469d8f85b5e7cb61adf63e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046168, "uuid": "6b71a40d-ccc5-4391-8ad2-39f257440ad5", "comment": "Malware payload (AgentTesla)", "value": "8f863d304625540995913e53ce885ec3d02a58f3fa538ea28d1b1796bab83a49", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046168, "uuid": "9e26660f-bbd5-41a8-835e-15faafc316eb", "comment": "Malware payload (AgentTesla)", "value": "df2c6f66b506b40589b71af51e94b59158b6483b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046168, "uuid": "4b1f8d32-b1c5-4630-9533-406423829e80", "comment": "Malware payload (AgentTesla)", "value": "2dfbf00f2ac2602ed9d584ae4bdf0765814e8f7bb9ed7f3faf987327c3bc6822c77be888f916d367ce83dec9ae5985f6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046168, "uuid": "d6c60ab2-ac81-45e0-b410-fd434e2e2ed5", "value": "T1FF15083804B80A12C135D2AD9AD4F613B3904F96721DCD5686C14FCA4AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046168, "uuid": "4d4bef7c-d8dd-4c7f-b653-b7c72c65c385", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046168, "uuid": "1d7ff931-20ce-4793-bd01-2438d1f7cbd3", "value": "12288:BEKaJ5AVRZYUaZNMWj8dSZnzaPokWqZUIZbK+C6WGnyntsXjeniIeRhkA:uAdLAMhStaP5/ZUIdjpWGyeqihP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046168, "uuid": "fcf8f2f9-3680-410f-9f60-5d4a601df29b", "value": 959488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046168, "uuid": "4516eea0-70d1-42e6-b3b2-7bd5f59dcf76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046168, "uuid": "9cd32ffd-89f3-4ae0-b59f-189a2cce9cca", "value": "pesanan.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e30810a7-31fb-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691066841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066841, "uuid": "01cd22e3-f254-4055-9682-43b3311a6073", "comment": "Malware payload", "value": "7e51245673d182bcf760ca81e3b848e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066841, "uuid": "c358cb5f-8fb7-4293-85b2-571061bcbdca", "comment": "Malware payload", "value": "92293befae5fa3cc80d1beab93993b254742072879b296f89e9039bdb7a4edf4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066841, "uuid": "5519a54f-772b-4300-bce3-69de5c90e420", "comment": "Malware payload", "value": "022aff2deaee21ace084680ba5c23657ca1c527e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066841, "uuid": "b8352c46-27f4-4ecf-983e-e21ef829f54b", "comment": "Malware payload", "value": "4f0e86a31a7609da42bd5483a5f76ee42037145560fcf75880cdd02fff06dcf92f0103d2f64e642f7941bccac6747891", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066841, "uuid": "287509b0-4fca-4fd3-a732-8242c03b134a", "value": "T16734F13628BC2F18D4626335B1071F3196F59B1F3B7A129DEBFE47B5B1A4A0119230DA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066841, "uuid": "c5a9338d-66af-454a-bf47-9959c0dca1a6", "value": "f418afe0379776397753ae40798cc2e3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066841, "uuid": "8c8db2ee-9a3a-460a-9597-3c3676e393ab", "value": "6144:JMooVQnnOBccnskYPmTpUxrr1XRA7WHxWoN+J0EafCUSYibN6WGH:qQnO/s1mTpG5bUo4bafVibvk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691066841, "uuid": "7272c6c7-0b6d-4cc0-9d19-1c6d76744bd1", "value": 253103, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691066841, "uuid": "b5a52a4a-90db-4888-ae7c-1576d94037bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066841, "uuid": "6169d827-5fe9-4413-bc73-e24178d13640", "value": "92293befae5fa3cc80d1beab93993b254742072879b296f89e9039bdb7a4edf4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "836a451a-31e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691055943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055943, "uuid": "996868d0-6bd6-4f3e-808f-7911cc350616", "comment": "Malware payload", "value": "14bdc506a06ff75f71558cb1ab0313e6", "object_relation": "md5", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055943, "uuid": "8f323260-1b2c-4bed-ac98-97bd86acebba", "comment": "Malware payload", "value": "92ce6d9db2816b5b5327b93fe626087716546884b47c73fe9daf8ac14e9ab08f", "object_relation": "sha256", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055943, "uuid": "c6134d2b-ac5d-4576-a44b-92c9f8bc75c2", "comment": "Malware payload", "value": "f9e03ac2099e79e9b06bbb955e884800363e7749", "object_relation": "sha1", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055943, "uuid": "f49f617b-d796-4a12-b499-21ee6bb0ebe8", "comment": "Malware payload", "value": "633a7671142c021750ee7871253fc5c4739b91397de258534d48bf2555d8215fc609930fde2384d673c3df8c027fd1ec", "object_relation": "sha3-384", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055943, "uuid": "ac3dc94a-b97a-4496-bb92-9294054c030b", "value": "T1A0714B633087F08F008647793A9827E694BACA05DACE5145F78CEEADB4DCD933A4C6C5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055943, "uuid": "33b65cba-cf40-4f3f-b14d-4d96523d441e", "value": "48:5LP0rNfAsxYjh5yXzx057gDlZ+voFuYkzmrnf1eo:dP0hfX6wDKMD8o3nf1eo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691055943, "uuid": "9daa31ac-a45b-492a-89fc-b3278a806d3f", "value": 3506, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691055943, "uuid": "a8ae62d5-8d66-4b95-a900-3cf62b1a0281", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055943, "uuid": "667146ed-ba96-4a57-acbb-4e5cfdb30bf4", "value": "r1_met", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86675415-31db-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691052941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691052941, "uuid": "6cf8c143-8cf0-40c7-84e6-f5a1fc471ee7", "comment": "Malware payload (RedLineStealer)", "value": "267ee7e7f01ccb3ee1058938f105e146", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691052941, "uuid": "d83acecc-067d-43ff-90a4-08ae65c7c39f", "comment": "Malware payload (RedLineStealer)", "value": "9325a4e7d8fa79dda23f00617f225a03de5144a2ad87779db8e5036756381259", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691052941, "uuid": "34875ff1-3dbb-4730-958a-066c6eb76ce7", "comment": "Malware payload (RedLineStealer)", "value": "2771ef362b50b9b3be12280830d25b086f1146ca", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691052941, "uuid": "a393576a-b700-4f53-bd84-99da6757aec4", "comment": "Malware payload (RedLineStealer)", "value": "0bebad592cce0058a17ab7d33c2f859c7f8549295f93ff312eb32872e52514bd00f82b47f7fbdf247696b0c3b91ad5d8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691052941, "uuid": "5d58b5a8-f41c-4047-acf4-ab534729a2a3", "value": "T1A9B40246F7D99037D9B52B701DF613970B313CA25938835B2B86996A0CF26D0A8317BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691052941, "uuid": "f8b417da-288a-4d15-9b7d-68c23de396fb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691052941, "uuid": "cf2e6ce9-0a5d-49a5-86b2-276d3e6728de", "value": "12288:EMrby90FNFj5QfziyTVJEN+u6iTu3BDkBqN/bhnwe:PyknEzlhu6iTiB5ppwe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691052941, "uuid": "3a519fc8-0af8-4ef4-8975-e731b95dc3a8", "value": 529408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691052941, "uuid": "06278c24-df65-4a2f-aa4d-366c3af063ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691052941, "uuid": "be9e4ffc-c7c5-4fc5-a842-7ba6e787b604", "value": "267ee7e7f01ccb3ee1058938f105e146", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "286246b8-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036463, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036463, "uuid": "0d04a104-227a-4c3d-8ef5-0b6013a5f014", "comment": "Malware payload (Mirai)", "value": "7fd6b6dcb28bdd18bb9d6199e2c779a8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036463, "uuid": "2911f1d3-5898-4159-b467-45614d71bd98", "comment": "Malware payload (Mirai)", "value": "94797cd702cf50fea6d780ab0d94cb2a0aa8ee9aa5332e71479adaa7a5245f27", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036463, "uuid": "5ec42e17-1019-4527-bca4-bc115c30753d", "comment": "Malware payload (Mirai)", "value": "00d6ce0d41a9443b489706888e8b36f473aa22b0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036463, "uuid": "1f2ee9f7-27ec-45a0-b23b-37d69e408930", "comment": "Malware payload (Mirai)", "value": "86fd27afa2d50c21b7a3b7ed1f32e4076e6648bfc6fa06af7fc989cb3b3900f0b3ca1e0914d7b091930ed810b7bbf839", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036463, "uuid": "fc8da682-ebec-49a4-8fe3-fd1e296556c1", "value": "T17FE32A30D4504B17C2D213FAA79E825E3F221F9793DB33115B38BAB41FE279A1D69924", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036463, "uuid": "90d86946-efc7-4c42-a7f5-b3f270834b9a", "value": "3072:Cv/WwsLgaq353qHiCOvhOpfqkDQHbeskmhxQwoVSUNu:KPLaq351hOpfqkLskmhxQwoVSUNu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036463, "uuid": "6730b2ba-2f03-407f-b1b3-cfa5f4937de4", "value": 143019, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036463, "uuid": "446958f3-771a-42ed-ac2f-7c2df7e7ba6a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036463, "uuid": "6708893c-e71c-4f40-aa77-eccce46e9843", "value": "7fd6b6dcb28bdd18bb9d6199e2c779a8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5aeefd03-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1691068330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068330, "uuid": "989f1f46-a7e7-43e9-9745-0ce816c0f8a6", "comment": "Malware payload (DarkGate)", "value": "53d0c77b15098f803f708aa141b8dd62", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068330, "uuid": "78ab966f-2a42-412d-a45a-ae1bdc01bef6", "comment": "Malware payload (DarkGate)", "value": "9788d166f10f46c63badb01ce2bdd17792831b9f9eb1e2b0c2c3b6c5c2dfac81", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068330, "uuid": "fd140f60-a408-4d18-99f2-34a536a02bb0", "comment": "Malware payload (DarkGate)", "value": "30a5b5a08d76a81c10f91dd4f8daf5236003fc9e", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068330, "uuid": "cb1c262e-911d-424f-9dce-1aad4cf25387", "comment": "Malware payload (DarkGate)", "value": "85f84033488e363119cec6567a44b0f87a6bde207daf01e66ac3b752d74dcf432de5ceebd47f46f14f17ecebe52efcad", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068330, "uuid": "caa1bbf6-25ba-453c-b5a7-895794693110", "value": "T13D445C32F2818833E1711B7DCD9AE7E96939B9201D28544776F85FCD8D7A2923A2C1C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068330, "uuid": "336fb4f8-94b4-457e-9e7f-612bc0928f8e", "value": "5b939a4be22cafb6821abf0ae1aa1dd0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068330, "uuid": "2a79498d-ad5f-4030-9b70-6b985a17d587", "value": "6144:0TtiiKmgn6wftoScjubSDII+REpNHU72wN5C//q/7:Lmgn6wfuScTIIAEpRwN5C//A7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068330, "uuid": "22f6e4e0-f15a-454e-a0ab-39ffc8926213", "value": 270336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068330, "uuid": "a84cbc24-667a-4d7f-b05e-06d47f54bc7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068330, "uuid": "ae00f6ce-abb0-47d1-9c2d-0925a956d659", "value": "9788d166f10f46c63badb01ce2bdd17792831b9f9eb1e2b0c2c3b6c5c2dfac81", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f385e7b-31de-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691054245, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691054245, "uuid": "b0ee9923-aaf3-4027-9394-154889255766", "comment": "Malware payload (AgentTesla)", "value": "c2a448640c97c6f4e7c09d64cde04aa8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691054245, "uuid": "b0ead757-f73d-4e33-99a2-bae24813f1d5", "comment": "Malware payload (AgentTesla)", "value": "9b5cdf00b21063354a00f49fe27952ae53111c860883c0466c471b72fb0a8f4c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691054245, "uuid": "cf99ee0a-a99f-4019-9dad-99a9741a2a1e", "comment": "Malware payload (AgentTesla)", "value": "c36001e04fb07c1d06cea0bfb610b044f41f6a28", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691054245, "uuid": "3b3b9fdb-6518-45af-83c3-14bc1d6a39ce", "comment": "Malware payload (AgentTesla)", "value": "da437732c75a423ed143ec299aa4800f94c970f83c29c9a39b9d4d431feb838d6f8be67d4a1ab09834fe2ac60b9da7eb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691054245, "uuid": "4a9f9d43-6462-4e6b-a307-f60f66c60de4", "value": "T1D0D423A7C5B88C650DE2A701A2010FCFF9B5A178546B1D1315CC277EC8BA9AE1F34F5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691054245, "uuid": "dc160728-a128-4803-b77d-1392a737d9c2", "value": "12288:Zb8yyF2niDRf0hURNVeUxHIxZHvq3SyB46RSN:Zb8xsaFVSPGh4GSN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691054245, "uuid": "ec8b96ec-ee73-4516-993e-7d450f0df8d3", "value": 613648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691054245, "uuid": "1d6de4d8-8b7a-456b-b26e-ee15a0920d96", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691054245, "uuid": "404c2390-13f5-463d-a164-2c1be11a7453", "value": "e-dekont.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90b74726-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691049523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049523, "uuid": "c7495563-139b-4b9e-924b-dc743f35c60a", "comment": "Malware payload (RedLineStealer)", "value": "1da5bbefaa9936271c6a5f932195b22c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049523, "uuid": "f4d06c17-6bdb-442c-b088-11f67bb22a19", "comment": "Malware payload (RedLineStealer)", "value": "9bb4bd3d5c6bbabb2847c23794412fa93e75f0447015801f0261464e2615fea6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049523, "uuid": "90617949-4e7c-4a6c-a9d7-717eab1867ff", "comment": "Malware payload (RedLineStealer)", "value": "b82edf713f49c23da52245beb3a306b67f344897", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049523, "uuid": "9e3e001a-abf8-46c6-984a-90224e80c91d", "comment": "Malware payload (RedLineStealer)", "value": "c971acf9699edebd4ebcae2cfde59129f8db094638325a19b81048d9a3051c01cb34a7ed65c1bf2c388aa7b238e69523", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049523, "uuid": "6e6558c8-5cca-4c62-9020-e0ffea003c2c", "value": "T1A3D4CF91E189CAE7F9F502F5CC8B982125A56D3DD0E0960E299F7129B5B335320EBD0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049523, "uuid": "0711fa46-db15-4a64-9da6-0f072cc85b4c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049523, "uuid": "e5b7a569-2d36-439a-a49f-9b584c65f293", "value": "12288:mFPuY0PSzWUAPSzWUCeRNq0tnJ2anvXXreEy/voMTLVzlpRIQnUhBbS:+PuldUmdUtRRFnvXXrJ+oMdlp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049523, "uuid": "bc5a2b67-2c3d-4335-85a5-34c3b6ee0189", "value": 611328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049523, "uuid": "21022602-6f20-434b-9e44-46b4d3248955", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049523, "uuid": "ee969838-4a3d-49ca-91bf-8cb3c698a901", "value": "1da5bbefaa9936271c6a5f932195b22c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a840a5dc-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691044838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044838, "uuid": "8110f48d-9f52-48bb-a935-cef1625e3e1a", "comment": "Malware payload (AgentTesla)", "value": "81211984335bec80e7fdc1e4b87fd895", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044838, "uuid": "1d74e05a-0675-4913-9239-2c68d6799cf3", "comment": "Malware payload (AgentTesla)", "value": "9bb9b2de4a10d3870ec7fc4f2a2be8341c6e12cb2ae7a97d27adf246c674781e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044838, "uuid": "1a6500db-04bf-41ee-ba25-65ddc1dd8247", "comment": "Malware payload (AgentTesla)", "value": "b9f18551f83b1942eba94c9353f1f76189f6e3ac", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044838, "uuid": "d49c6de8-0af6-4209-91c6-233bc2422207", "comment": "Malware payload (AgentTesla)", "value": "9e4ad5424d15bf76d345c5efbb742e52c50c7dc1c444d754bf1bf2df23625b7106726dd5998f018aea02a6a8401e21b9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044838, "uuid": "adf9b47c-105c-4952-a852-35e544fbdbe7", "value": "T1BF15F83804780A12C135D2ADAAD4F613B7904F96711DCD5686C24FCA0AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044838, "uuid": "17db6791-44c0-406a-9854-8c17c7d9a377", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044838, "uuid": "6961aa6b-1974-4eff-8d7e-f1aa9a72c27b", "value": "12288:eEKaJ4eJ28TdpQqUOV12/aJ8/T/L4Ofhd/Ol57ljHiWFvcRcYSoO/vJjv:2ATdpQG1v8rcOZ945hjRvGLSoEvJD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044838, "uuid": "abba24c5-3a73-4588-9a04-4b008b1c5948", "value": 886784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044838, "uuid": "f9d81378-660d-496a-901e-fa7346b5324e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044838, "uuid": "bc127c47-da0b-4b74-b7bc-067360734936", "value": "TT COPY $35,163.07.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30a4ee59-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036477, "uuid": "a1ec6484-8d5c-41df-855a-ac411c6fe7df", "comment": "Malware payload (Mirai)", "value": "9da838da085b7161c223017583070ed8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036477, "uuid": "4c571396-c0c7-4825-875f-3525105543d1", "comment": "Malware payload (Mirai)", "value": "9db1a5e089a0b16b3b9a584cb3e5e55eb68620d0ab6b229cf24d49f32b9391be", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036477, "uuid": "e8988496-0f04-4995-9f20-7739a4af6cb8", "comment": "Malware payload (Mirai)", "value": "2b94dca6c6e7f094ed53b4e7105102526d00c8c4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036477, "uuid": "8464c60c-a23f-4498-8b5b-6c3fae2b0a83", "comment": "Malware payload (Mirai)", "value": "c442831140cc450b8007cf6ef8ce211fb690c4d06b9c017896c645d613a1005f24d4a86d6130ed28332dcf3b41f4cea6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036477, "uuid": "23f81078-506e-4142-9324-47bbb5003581", "value": "T15AB31A37A61C0B43C09B55F02DB77BF24F69AEA313A611C46609FEC04B73AB22551F99", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036477, "uuid": "72fcc93b-8b99-48ba-bfc3-8fb149cc29b9", "value": "3072:pC/4rdZHsXsZwwR9tNk5mm/QcuLmHniPNb:pCwrvHwsZwY9tOmm/QcuLmHniPNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036477, "uuid": "12c011ce-3ed4-4a41-a33c-78c7317a0cef", "value": 116786, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036477, "uuid": "1786eb93-cb67-4b11-9650-7deeaba2178e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036477, "uuid": "6d25df0c-15b7-4663-bb7d-657315cca138", "value": "9da838da085b7161c223017583070ed8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df6469ce-3242-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691097329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097329, "uuid": "d0219042-96e7-4ea7-9807-31e1bb64a427", "comment": "Malware payload (Amadey)", "value": "664c16bc42dde4a5662314b15bc05609", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097329, "uuid": "8e8c8e2e-db10-4871-a47c-4370b8ae0369", "comment": "Malware payload (Amadey)", "value": "9e1a977f3db2ef35b86d3cdc89b7cc366ad93c6648db0ba80defaacb3aabe90f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097329, "uuid": "71aaae3a-a9ec-4607-811e-a99c65a02a14", "comment": "Malware payload (Amadey)", "value": "ba5345e96de6afde838b500943998a8cc6fa1fec", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097329, "uuid": "34776383-8ae9-41bd-a5b4-791e4a0e488b", "comment": "Malware payload (Amadey)", "value": "5c0f5c5b8cfcc229f338fa9489f885d071e1fa8b14e97b0084c8dd370708815845fac65ec98ac84b8fa725938808b6c1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097329, "uuid": "7f67f3b6-9fb9-4364-91a3-467f1f316671", "value": "T14FC40222E7D48073C9B51BB058F703D31A39BDB19A38572B2799A95E0D33794783237A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097329, "uuid": "9e5a220a-3fcc-45de-a43b-c6018ab9b6e2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097329, "uuid": "934b4d68-0fe0-42ff-9aa9-0542194b6469", "value": "12288:UMrIy9010SQL/W4EFc0MlL7K2zyYlgi1jzH6uq/vR0UP:cyw01L/Etu/K2yggojzHyHR0UP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691097329, "uuid": "44da5406-435f-4f42-8b56-5813c4b7ab8d", "value": 572928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691097329, "uuid": "2e431b87-3ab6-4aa6-9261-79af2bdfa052", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097329, "uuid": "3265d2b7-c206-4ca7-a270-829c5f7af8aa", "value": "664c16bc42dde4a5662314b15bc05609.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6db93bd8-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691077381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077381, "uuid": "04e09710-45af-4846-ba2f-9c6c4f0f58a2", "comment": "Malware payload", "value": "833d89791d093b7abb8798b3e6d46e5b", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077381, "uuid": "24a46cbb-c878-44cf-a139-0e65874b155a", "comment": "Malware payload", "value": "9e3b420f59e4749711ab4e1308b6918c5ffde45283a713b1ce1b6e87dc9ad354", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077381, "uuid": "9b64069d-c174-4a42-a50f-7f8e23fa4c74", "comment": "Malware payload", "value": "5928c3dddf36c2573c93645efbaa759895528f7a", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077381, "uuid": "3abd250e-0cee-4016-8258-725d67df7c3d", "comment": "Malware payload", "value": "dcb00e24a987ca2c69fe800d5130473c9b2c787ffc0362639e258fb249838f61f920aa88e3598ac6625605c401b541c7", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077381, "uuid": "ba5da6f4-0ea1-4358-9f42-38f7c800624c", "value": "T140B423C9D19978A2D010E5B5DEC943A94356429C79FEC323B2C43528BF85FC1AB3BD89", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077381, "uuid": "a891c14b-6970-465c-a420-cce355613032", "value": "12288:KDkNHERDmjdk/ZZ3ymMnXyeHhMQQnxitUQpC3:K+HLWPYnXysSNxeC3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077381, "uuid": "6011d62f-18c9-424e-a711-7c0fba8fb630", "value": 530437, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077381, "uuid": "196594c6-9a4a-4ae0-8060-52db050d6a31", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077381, "uuid": "c6591c23-550f-4374-8c39-6d4ddec78f2e", "value": "SHIPPING DOCUMENTS OF MV STAR TRADER.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e298ad44-31c1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691041929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041929, "uuid": "7d7e12fb-ae21-4d35-87bc-214d9f8f47a9", "comment": "Malware payload (RedLineStealer)", "value": "b04208d1bdfa8997be36c6b1b3a96444", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041929, "uuid": "203622cd-b745-49e7-834a-77f494f836d6", "comment": "Malware payload (RedLineStealer)", "value": "9e4aced4402eebc177492886c3f6b624b8e2487d47ea10ed344a5beb01ae7f33", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041929, "uuid": "c43c7da9-35d9-4d33-80f0-fefce19abddc", "comment": "Malware payload (RedLineStealer)", "value": "3a22825d3f8e83c96ade17a2a81e59106ea1ef2c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041929, "uuid": "3657dfde-fe87-493a-b1ca-efcdd337ddd8", "comment": "Malware payload (RedLineStealer)", "value": "55475731722e28baa3cd54328c5005425939c95dc88a1ffebddfd36dd74f1e0ba578a5f6f85df80c2713323bc2f5f74c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041929, "uuid": "dcfe93cd-eca6-47c5-8d0e-65ce9cdd1078", "value": "T17234486DD0F16A62D34FF673EB90444225B46BD2FCE33172BECCD9A84799388926D118", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041929, "uuid": "9813dd2a-6b91-4b75-adeb-2f54d48f6b4d", "value": "755b093cafb5bcbf0738487b698785ef", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041929, "uuid": "713bd212-2147-468d-b647-de8826a04ebd", "value": "3072:EX3CGCTJlPWOylnDrb0R2jV552DTxfrpVWL7GfsqPqqTSXEATRQY5pyRPlRVbxKI:EiGCllP6IR2W5fsxXEgaT5AI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691041929, "uuid": "81eb0cc9-4d6e-4973-a70d-845dd3caf8a2", "value": 251288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691041929, "uuid": "d2500272-cd3c-4b28-bc0d-1ee901327df7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041929, "uuid": "89c01aff-3174-4ec0-8843-1c69696e5900", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be2724aa-31cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691046592, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046592, "uuid": "d1ef53a5-92c1-4c75-a84b-3f94e2e4b03d", "comment": "Malware payload (Formbook)", "value": "975ed2bdc3ce34050156fa02c18bc8f5", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046592, "uuid": "ed7296b6-829a-4f38-b738-924f72473659", "comment": "Malware payload (Formbook)", "value": "9f98445aee1b8b0538efb03bac801b51a61bc955d34847ab76fc9353ec7cdefc", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046592, "uuid": "69efe121-4bae-427e-b3fb-3e3bd4afd02a", "comment": "Malware payload (Formbook)", "value": "db9aeb2a56b682271ba6725f891a9f48b834cb96", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046592, "uuid": "84eeae0e-c442-442b-b527-14fe76855440", "comment": "Malware payload (Formbook)", "value": "0e909b1e6358b28633f2c676724ca241e9806b303afdc8bc654e54d2cbd0d58db08c89b5d5846420b18dde54ac17b262", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046592, "uuid": "28a1cc34-6ee0-477a-87cb-5e9859880ffe", "value": "T1DE850103D8048B86D50D83F87E133DD94A0D7F26B4DA7DDB06527F9B3A32A67892A50D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046592, "uuid": "0634f68b-bfbb-4acf-a57f-e762c0768eab", "value": "49152:bQmmQ30Pupp6VVQmmQ3085l6V8iNhv3tVfXCnSgk6+ib:bpmQkPamVpmQkKm8MhHCA6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046592, "uuid": "dafe0fd8-e522-4dfc-85c1-fe78ebc5931f", "value": 1735680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046592, "uuid": "0056cc9e-9da4-40dc-86d7-f1be84ef34fa", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046592, "uuid": "2c7f74d6-cde3-4c51-a53d-e978242dd645", "value": "SWF-00023204-05130-1832461TIB29.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29222fe7-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1691046772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046772, "uuid": "05e366d8-1627-46fd-ac29-0131bd4e1e13", "comment": "Malware payload (DarkCloud)", "value": "eddba74397db1acfa68e3c531c28a5ff", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046772, "uuid": "d4c68bdc-81c1-469b-813d-9df5627ad5c9", "comment": "Malware payload (DarkCloud)", "value": "a14aacfdcd67dc00329aa8d563cf6edfe5029aaf03dc816b3b77c50ded24cce1", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046772, "uuid": "fb412bb6-f46b-4c67-ae1d-0e04dd437aeb", "comment": "Malware payload (DarkCloud)", "value": "db6adf41b5cff216cc9ba9482e51200e5ae02c5f", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046772, "uuid": "b25ccf7d-8a72-42e3-90f4-dd2f1e438399", "comment": "Malware payload (DarkCloud)", "value": "6dfd37a9e79c1aa44a6e577c5f4e2672b5a0d0aa5ed6e12e8407febcd9d77bf6d55c812a8d635ec3ac08357619953aaa", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046772, "uuid": "79a8380d-c887-4f77-9376-cbb9757e6c6e", "value": "T12A0523B426F94B78DB75A3F26481004502FB81867230DA648EF35CED7E71B8157A8F6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046772, "uuid": "775b41e3-a0e0-4368-b9e1-a45e6f09ab22", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046772, "uuid": "769c7554-d7d8-40c7-bec9-f5001199b0b9", "value": "12288:nI2iN8JJBFovPlCJ4qRk5Nj4FWyppfPxyezZXHwusiKcxyAl3:nI1uJ+F047njq1zpQF8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046772, "uuid": "5437a89b-e3b8-46e0-9c9d-e35345eea537", "value": 854016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046772, "uuid": "77499f37-9b19-4206-8cc3-826e6438e96f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046772, "uuid": "53b295f9-17dd-4647-a6f9-7eff9c29a9c9", "value": "\u901a\u77e5\u6587\u4ef6 HZ330A 012334R68\u3002.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86ad3d05-31f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691063679, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063679, "uuid": "9938bb29-4213-40d5-86a0-36b3b46b7fee", "comment": "Malware payload (AgentTesla)", "value": "1ef8e255010d20c6343df3670cce06e6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063679, "uuid": "d7461e3c-0f64-412e-98f5-c321b750b8c7", "comment": "Malware payload (AgentTesla)", "value": "a279d0d918c8c3e075235db70b6c8086c4ca6332973c08035c6696c63315f85d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063679, "uuid": "58e9a7c6-a08a-4601-9350-a0afb0a4370e", "comment": "Malware payload (AgentTesla)", "value": "866fc19fd5269b3fbafdc08da30bed44c38120dc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063679, "uuid": "26d27c52-92b9-4374-aaa6-ceb60280a623", "comment": "Malware payload (AgentTesla)", "value": "2a8442530310948a0bb89aa8ca3bf00df44d45bfee3b6d13834ca3f06b871b1fbb42e2d4b630da8803d5e8bb60887fc6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063679, "uuid": "67aa6b6b-3d93-48aa-beb5-891cabe12c1c", "value": "T1F4E412AB3D66BA28CC4457376996834C032F6E0DBECAF7678ECD7159C3B36442425E09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063679, "uuid": "18e7aee1-174c-4f85-af87-b6d8dfe72d5f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063679, "uuid": "446f49f5-cc29-41d4-a5bf-ea1f3e3a12ce", "value": "12288:tqU7HlzKnxTj2NwBngLqUnPQJE1WArSAlA2bgxFXvRF9MsP7r6s:suxmV2NwBng3nYEvZ+66pF9MsTr6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691063679, "uuid": "439112ed-e4fe-46f3-ad6b-9a0a8f32e0bc", "value": 681472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691063679, "uuid": "62269e10-a077-4cbe-9627-40e630dea46d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063679, "uuid": "2cfc7767-3469-4426-997e-3e6917e6c283", "value": "SecuriteInfo.com.Win32.KeyloggerX-gen.22638.32322", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "528eb80f-320a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691073041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691073041, "uuid": "c9d506a0-5cd4-4ee0-bbb4-a82711228c72", "comment": "Malware payload", "value": "43a466ea26d18d125bf8af925bb617b7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691073041, "uuid": "b470e1c6-83c4-4316-bf3d-a2dc25c61005", "comment": "Malware payload", "value": "a3f665043305d67f64f7386a8bcd89dc5ce86a76a6b5042827af58cd8b4e10f2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691073041, "uuid": "d322a7c8-5064-42c1-8c40-64987f10e16a", "comment": "Malware payload", "value": "a05f3fa8d1b9c7bc183948a516025503a9dda569", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691073041, "uuid": "fa6b51d4-5b4a-4f2a-a56c-388c88a8ff6b", "comment": "Malware payload", "value": "b591e0c4422ac052755cae8094d2e85a31cc64dd46e34c3111b661f07f20510c7ee40366331ea4ef18dee5b1948086c4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691073041, "uuid": "deba61d8-baf9-4713-910d-93280fbe5849", "value": "T1C8952313B6A2C471E6568971481DEAB46E2DF8304F4A47C76B08EB3B0E743E3DA39615", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691073041, "uuid": "1f2cbcab-fef3-41d1-8b81-24dac761cb49", "value": "724ad9571755841c2e0f4aa3cd09706a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691073041, "uuid": "b46cd831-c82c-48b5-8031-b8c6a6b074f2", "value": "49152:vdndufbt9ODXz12CkNram8AciuXRyjy0EjIdfCN:vdnd6av1iam8Ac4GbU6N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691073041, "uuid": "7367cc9a-024f-40bd-bfdb-c895203bab7b", "value": 1945088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691073041, "uuid": "62d28727-6751-424c-b34c-273e22223f1d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691073041, "uuid": "323db292-e38f-4301-bf0d-76a8c19b8e48", "value": "43a466ea26d18d125bf8af925bb617b7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c867774-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046724, "uuid": "07104d62-a185-4856-b350-ad4bf0bf5bc4", "comment": "Malware payload", "value": "86353c06d2594cde997b7c8789632471", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046724, "uuid": "5c0c036d-cd7e-4949-928f-31cd9026f990", "comment": "Malware payload", "value": "a5868ad516fa3b7ec833b5b3fcccbdac1ea9741cf52c3619b8e898e3fa82f428", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046724, "uuid": "a46ab970-f6cf-4cbd-85d7-04038117a8c0", "comment": "Malware payload", "value": "ca33ea13e2ae652bd8c2dc37fd1b71370f6fb876", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046724, "uuid": "78a372be-0991-45a2-a2ee-ee16402bf0a9", "comment": "Malware payload", "value": "d2a11713ee2b8893b714de3bf1ab9f03eef2deb67ee949bffbe1bb4fc3fd3c8e26419b32a63ec06b52a470be2ad3fd19", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046724, "uuid": "cd2fc30d-22cf-46d2-84b9-7ccd60ecc830", "value": "T10922D720ABEC8237D9BF4B725CB363400376F711AC66DB5E68C8914A1DB7B504A52BF1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046724, "uuid": "ca89d6f5-b133-46fe-b9e3-f848d39442a4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046724, "uuid": "31c491ba-bce4-4139-9305-3e8fcc6f1088", "value": "96:1Gdq9K8t1eYPQRq7yv8eVdrMUv65+mXEsiSxxUWCAJk1CMkMa/dmvL2FivXGCmzj:6h1VOUGXX9JHUsdMa/dmDyyWCg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046724, "uuid": "29e98c53-a3d2-4a5e-8f8f-03ca4ec2ca8b", "value": 10240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046724, "uuid": "6f48bc04-b19e-4d6b-82a5-7f3ddfb5d84b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046724, "uuid": "a7d3409e-669d-491b-a86b-42b60657e8f7", "value": "first.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "261e8d5f-321b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691080268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080268, "uuid": "111a03d2-bd33-4e05-84aa-de65cfead8ec", "comment": "Malware payload (RemcosRAT)", "value": "482aadb6cf38bee408d0c0b8ae09c02c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080268, "uuid": "82a46105-881c-4457-a415-288f70d49938", "comment": "Malware payload (RemcosRAT)", "value": "a5dfa6c8066bb006adb1490b52540bd2f049b3556c4c51eb59c4c9830c499286", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080268, "uuid": "ce5470e8-88c9-4d23-a1c0-6ab37893d5e5", "comment": "Malware payload (RemcosRAT)", "value": "0ae60fc2f4ff6e057f9678191980c58fade6e48f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080268, "uuid": "aba4a7db-4214-424c-8c88-9ea53e6516d9", "comment": "Malware payload (RemcosRAT)", "value": "4c7e9eed8ec6c97b7a869f4899555acedc3d21d79045e327acbe257ecf3aae726826408f4380d10e6d71b5e5681c4a48", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080268, "uuid": "36cf8c7a-13ae-48c8-92b0-36a0432df949", "value": "T1A90523F772DED355CE591AFC54B3115803AA2F82B2CAF72D988011402D51F937BB6AB4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080268, "uuid": "a8f79f9c-eea0-4273-8652-0da6ac63be06", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080268, "uuid": "8dc099c9-44ec-46f0-9dd6-a887ad66f199", "value": "24576:ymN7PaLcxZfqD6Nb7KQG0UGMfBfDsXwwchTf2mneLSv:nNTHXHNXK90UFVsX+hf2mneL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691080268, "uuid": "4ade5240-d5ad-4e5f-8a9d-fa1013dae93f", "value": 873984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691080268, "uuid": "31af32d8-85d1-446e-9080-3e79d0f0ab55", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080268, "uuid": "813c5718-33de-4850-a0af-1f53efbc8758", "value": "SecuriteInfo.com.Trojan.Inject4.59820.23925.30290", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af96106b-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1691049574, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049574, "uuid": "7c98f5b8-aa52-4054-aeec-5f7d9f0ad5cb", "comment": "Malware payload (GuLoader)", "value": "4bf3697cc2dc73c5a4f5e9d66444d87d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049574, "uuid": "c401359f-9d61-4ec3-b7e5-64d73898f2e8", "comment": "Malware payload (GuLoader)", "value": "a618fcf60b8d1a87685c6d6f812d5fa62bbd94fd7966244365d3a5c7c174cbff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049574, "uuid": "a7704b6b-42fb-46bb-8e4c-ab13494e29b0", "comment": "Malware payload (GuLoader)", "value": "db9ed3ebae6706970c275e62853e089b7701df4c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049574, "uuid": "9729288d-6cfb-4a67-85c1-ba862f29bbe8", "comment": "Malware payload (GuLoader)", "value": "934a9bf63895891f063937c4b99e48eeca8669b61a4463d437061c4c88206d521c25a0214873841db2fc81c126732c58", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049574, "uuid": "34161e7a-0ae5-48c5-9c39-959b34c6f24a", "value": "T1A35412656BF4C4F7E6531A720E737723F3F9A210913A670FAFA4EFAC2601641966B041", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049574, "uuid": "0a288f2e-ae38-406b-b007-842978f9a4c8", "value": "e160ef8e55bb9d162da4e266afd9eef3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049574, "uuid": "bef120c0-34f0-4fc7-8e7b-04b9ef6b1be4", "value": "6144:qMMYNXqBB+BiXrT5TQy0NFOjz/rAyaN0/StGWf+zHLscvMlxHu/9KSMyC5i9ZjCH:+n+B+rT5TQ1AsyG0/tzrscETu1K/X/+K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049574, "uuid": "336f0c48-4014-4c6f-b3aa-01923e1ed249", "value": 306002, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049574, "uuid": "b1e95f2e-9f1b-4261-94cc-74dfd2f8d075", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049574, "uuid": "e8da4115-3b0f-4802-9218-b8782cc70a2c", "value": "4bf3697cc2dc73c5a4f5e9d66444d87d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9b0efab-3236-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691092165, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092165, "uuid": "a31bacd6-7d40-4e33-98bd-c80b759df542", "comment": "Malware payload (RemcosRAT)", "value": "e4c7418cddf8ba55b4a7bffef1add335", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092165, "uuid": "1ae048b6-4a9f-43ac-9de5-b3f99d043571", "comment": "Malware payload (RemcosRAT)", "value": "a62b6ff9f536f6725a6235b206861f26c6fcf19dd08ed8286dcf90f6d224f3f8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092165, "uuid": "4fc572b7-b565-4c9e-82f8-f64a91f54d9f", "comment": "Malware payload (RemcosRAT)", "value": "9b12ea223ffdcedf84cd7f1be2476247dbbd88cd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691092165, "uuid": "691ca134-1f82-4dd4-9386-9e0469480780", "comment": "Malware payload (RemcosRAT)", "value": "efe07ae59c6c8f0cf4b3b66991f5019395d0b69063d5f53b4b66f6663cc3187336e7d646e7f28793c0a6d33cae4e46c4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092165, "uuid": "68d60b06-8b33-49e8-84f0-06391a08c513", "value": "T1245412813768D16FE87607F30A7D83225EEAA05B2475E71B73889D5C7F2A201D40C7A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092165, "uuid": "6a19f47a-9b14-4b17-83df-aa0aa01ccd9a", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092165, "uuid": "99ed6c32-a4a4-4541-adbb-06cc3e03720f", "value": "6144:/Ya6QK1ArRclhxQGisdHCPE/Slc4fZTQnLRq4QjwWs3AHGHn:/YuGA2eGit8/kfZT0c4Q8W7HGHn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691092165, "uuid": "bc29edda-3a1c-4757-bf1a-abf8d36af3a3", "value": 304351, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691092165, "uuid": "a83fa0db-2bc9-4201-b898-342f85dd412b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691092165, "uuid": "45f7c698-6e7f-4098-be5a-1b4a78e70f8b", "value": "AWB, Commercial Invoices, Bill of Lading & Parkinglist_xls.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d554c248-31e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1691056939, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691056939, "uuid": "0de939c6-0095-4ba8-8f92-d6fb46554841", "comment": "Malware payload (StrelaStealer)", "value": "9713d3cd71ccd7fcef1e41846f0e434a", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691056939, "uuid": "e893dd80-3c97-43f6-a769-8fa9196375d9", "comment": "Malware payload (StrelaStealer)", "value": "a74e20973f21cdddc37a7c034e9741d3d59dd246f22265f6f2aab38dc8a460e0", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691056939, "uuid": "e2fb0cc4-82f6-495b-b6a1-ac79865e760a", "comment": "Malware payload (StrelaStealer)", "value": "29b603d5b8d33be88b0ab35d05e64477f897d463", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691056939, "uuid": "b1d05ac4-1a33-444f-b25d-767aa4545e9c", "comment": "Malware payload (StrelaStealer)", "value": "5bc143b838d3b2621c6a5923e32aa2271f7bac6ba69f2c4d45e7b2baf34c255b5583a114dce5047a7584be53c8ba4fa2", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691056939, "uuid": "6f542641-5b52-4056-828f-d07e7f218754", "value": "T15666E9E476E077D70FB5690DB3CE80B23D64B857F0EDAD8612890D1E928035999FBDA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691056939, "uuid": "7239b46d-a29c-485d-ab70-917209910618", "value": "24576:D8Hs0hS8v8ZFFYVOZdpeV9sfRa1k5WKh/jmpJogOg4KyskQgUtXuW0PkA4BZU4A9:f9CSe32v75g6J79r7UbU7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691056939, "uuid": "80d0b979-9501-4958-b7f7-bb498625fe0e", "value": 6650927, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691056939, "uuid": "8ad86368-6147-4b32-831e-72cd22f76a93", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691056939, "uuid": "3b29b29f-0943-4b84-b727-840ccc6758c4", "value": "866935568725.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6be2377e-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691077378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077378, "uuid": "e51ed908-0b21-4b40-b679-14df47619248", "comment": "Malware payload", "value": "f248664a470d20c243d35ef2a663d3bd", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077378, "uuid": "5baaeab5-5be8-4912-8740-f210e7d4c6bc", "comment": "Malware payload", "value": "a7b0a7f76eb33c5f67a43f9ae0174dd32c988cfe37f747be12b8c95f71352a96", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077378, "uuid": "45983332-9d7d-49f9-8da7-f749514943eb", "comment": "Malware payload", "value": "37079485559d41eca8522befc2c6b78ab9b878c0", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077378, "uuid": "8c3694fd-8419-45b7-9d27-281cb6f3c82a", "comment": "Malware payload", "value": "2bb48b5a8bf1e9cfdaa1a6db87078ee76fc3fd2ba5ff7c1046e6c6c148aff3795b907aa4e3087aa3e6ffd4d6e3bf4d42", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077378, "uuid": "beb11d15-8ba0-45b8-a55b-e6c91001fcb2", "value": "T16085F10398048B87D41D83F87E633ADD0A0E7F29B4E979D705927F8B3A31AA7495E50D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077378, "uuid": "80553a99-c6a5-4318-8734-f82c1a7e918a", "value": "49152:wQmmQ30lupG6VtQmmQ30A0s6VXiNhv3t7RXXA7Piamy0:wpmQkllmtpmQkA9mXMh/Xha", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077378, "uuid": "c5dceecd-43d0-4e88-9ed9-61d0742abc1c", "value": 1719296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077378, "uuid": "a9ec1b25-270f-46bf-9af8-defd27d4ec8b", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077378, "uuid": "1139b858-3b38-484b-83fb-282d886fe91a", "value": "SWF-00023204-05130-1832461TIB83.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a1d881c8-31cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691046115, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046115, "uuid": "584ccc44-30cb-4b48-9b72-4ee081064f07", "comment": "Malware payload (RemcosRAT)", "value": "5061bf130261d76ad62329cd75696c83", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046115, "uuid": "a366dac7-1c17-48d1-9736-a84044b286cd", "comment": "Malware payload (RemcosRAT)", "value": "a7c10ffd303c483eabbfab4e29543e4689d5ba63e79b8f55fbf1994fcf81b4b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046115, "uuid": "be055ca3-5d35-4ac2-b3ae-5ca2b474bf3d", "comment": "Malware payload (RemcosRAT)", "value": "c0482ece1fbec6256f8190d083d61bec63659b5f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046115, "uuid": "00d16a0a-5b9e-47ed-911e-e11e1247e6dc", "comment": "Malware payload (RemcosRAT)", "value": "a041e75a3eedb90d15ee65338cc3f16f1a2cc9d60da5cb2519a9965f3fd00d8b1203aefee5f6c0024c0a72acd453dc75", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046115, "uuid": "19504c4a-ad97-4eb8-94d5-72a79b986fbf", "value": "T1A56412EA4934D1F7D6F38BB055F5730AAFBA93502610A48F8310DA1B791F3C5866F21A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046115, "uuid": "2b173182-ff2c-4bdd-9341-a8fe9fd6d704", "value": "7c2c71dfce9a27650634dc8b1ca03bf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046115, "uuid": "ed45d176-ddae-4ff0-8726-038279afcd1f", "value": "6144:jQLFhcaoWaYRDe/zecQ4ZTCKDrBLz+6Gx2B7Hthm7A7O0kZ5fgv:0FaaoJye/zeMPZzw2B7+F7Zda", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046115, "uuid": "fadcf14d-430e-416d-821d-18f15c5348c0", "value": 328784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046115, "uuid": "e1867363-b250-44ca-b9c9-4f294c57a51f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046115, "uuid": "e1969a4e-d03c-4f32-bb28-21a09a14b23a", "value": "ORDER #00092567.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5a32d2d-31cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1691046685, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046685, "uuid": "2ffb1b27-f72b-4776-b2b2-51b1e612d79d", "comment": "Malware payload (GuLoader)", "value": "d45b28567911c9de346e59dcc9f720d9", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046685, "uuid": "1410a84f-1a8e-4c98-8e84-79b4f7f55e95", "comment": "Malware payload (GuLoader)", "value": "a85d683fc69066378a42a45b211d0ffb519f287157658cae058d228ff98a0d5b", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046685, "uuid": "ea934933-7ba4-43dc-8a2c-07a5306b4ed4", "comment": "Malware payload (GuLoader)", "value": "2e138c63d67bc9644fc56ae27033e7611343201e", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046685, "uuid": "746e452f-56e7-4670-bddc-196513b8a614", "comment": "Malware payload (GuLoader)", "value": "e8972e6e7fa05c38acace1c51cb2b993bcb46564076e432ac134dd14e70c973bb666af6e376df8835b78f8bacb9c70b2", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046685, "uuid": "221edbec-2e9e-44e1-b250-c6a3281d1941", "value": "T1E485F103D8048B86D50C83F87E533DD94A0D7F2AB4DA7DDB06527F9B3A32A67492A50D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046685, "uuid": "a6aefd70-5eae-4bf4-9a7b-42fef5821633", "value": "49152:kQmmQ30Rupp6VBQmmQ3085B6V8iNhv3t8fXCn7ikgWiv:kpmQkRamBpmQkKm8Mh8C7i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046685, "uuid": "10997daf-3adf-4d0f-a104-d25a7f429484", "value": 1735680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046685, "uuid": "407f3f56-b68d-4216-bd75-8bbbb73f036e", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046685, "uuid": "a9055469-17d3-435a-bf08-1ea4cabc9be0", "value": "CIF Order 083234.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24b15f3a-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036456, "uuid": "c6448693-4ffd-4d89-813f-30c562fc2ace", "comment": "Malware payload (Mirai)", "value": "4ec339698ca8f2d7c9ca078221f6caad", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036456, "uuid": "e70e45f1-083c-42f2-9d1d-b45e8fbfc7d1", "comment": "Malware payload (Mirai)", "value": "a908289bef30086660453ab8809af758af3d445ecda4010211282eb067fef3ab", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036456, "uuid": "ac3ac22e-37a8-45c3-a18f-d2988c1fbd92", "comment": "Malware payload (Mirai)", "value": "fd9470fa7f295642aa66573ccc684e182884c604", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036456, "uuid": "4e5adff4-a4e6-474a-a0a5-69ea9b211d09", "comment": "Malware payload (Mirai)", "value": "3346947210e96d2ee5d94fa8e280f0c6fbf13e56a702052588f043cc1b0b2be5fa17cebfb7bdebfa5a856eb659c1ba1b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036456, "uuid": "e88669a0-a8e3-470d-b74f-6748c40fdae0", "value": "T14AE3A53E7A11AFBEE168827107F29F70CF9529D326A19381E26CF6185E7118D0C9EB54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036456, "uuid": "38d227a7-ff2e-48ee-bd4f-18d25ddefdb7", "value": "3072:JW6dm9tS1aRGQdK76t/zCEI5mrThPaLEnvPrNb:c6IG+LC5mrThPaLEnvPrNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036456, "uuid": "06c2bf96-b61e-4e10-8c83-260950f38d4a", "value": 155428, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036456, "uuid": "1d36b98e-5922-4439-95c2-9d4b874fec70", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036456, "uuid": "23eefd26-1e71-4dbf-8e3b-55b1ceb2a428", "value": "4ec339698ca8f2d7c9ca078221f6caad", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16b5f4ca-31c5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691043305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043305, "uuid": "a860dd5c-000d-436e-b7dd-de0a638f887c", "comment": "Malware payload", "value": "539f67a61ffc3f1231cef7f5d4645433", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043305, "uuid": "86851a7f-ca22-4b42-a37c-0c6aa2b47f1b", "comment": "Malware payload", "value": "aac6deed8e7a20b305556e1b2536dfd15c04cc984d10cfb3e4684e40717e2859", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043305, "uuid": "1e9bb379-200e-435a-9e84-ca260b7c4e49", "comment": "Malware payload", "value": "38e8fa12ed58764c5decd975ae6415071b627fc9", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043305, "uuid": "ccfc7359-c215-42ae-9062-1cca8e889fad", "comment": "Malware payload", "value": "6fc2fc2f230ef5282f5187a45d9720e1180b9db9b3bcad40a68d6ca93177d56506235257863e4cfe2ce0d87692f45b53", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043305, "uuid": "1da070f4-73e2-4d29-9b6a-bcf7546da603", "value": "T1683144DC4249C8176ECD1C43BB28BBA562B646E156853343E35EFB484BAA187C17CCA5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043305, "uuid": "3ef7e135-9e14-403e-ac69-9827ffc0f7e0", "value": "24:XepWKqKQmxGyqAo5TBo4Kdhg9hf+fS4zh0dMjJT4iML7vcQjXDbqo07QnY7QnY7J:XcWDJqgL+fTtM7vcQzD+z7QnY7QnY7QS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691043305, "uuid": "636ae018-254c-48da-9480-1670976ecf6f", "value": 1505, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691043305, "uuid": "1fdb7b6e-23f4-4a27-b6b8-1c8a2dbffbf5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043305, "uuid": "adb04e5d-402a-4559-b8f9-45e595d89008", "value": "Microsoftupdate.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16030694-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046740, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046740, "uuid": "b3569a44-a77b-479d-a56f-7ac488bebf98", "comment": "Malware payload", "value": "6d9e6d79babc04eac579ea031b1b4b21", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046740, "uuid": "3715cb52-0565-4f5e-b957-a732535e97a2", "comment": "Malware payload", "value": "aac93deaafba04785ad9d5bbe24228ee2deb21b2475dc55bd060d9f628d9f8e7", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046740, "uuid": "8bc2eebb-e737-433a-b4b3-2c7ba0062b56", "comment": "Malware payload", "value": "4e3c526023ca17d127f245dfa7a6b32fee71c25e", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046740, "uuid": "0585e4bb-02dd-4365-88d2-3d49f0aeb5af", "comment": "Malware payload", "value": "f224bcae6c191e0f912c911efaf23adea2b2fccd55cee9eb632c7972bb82cb43165ee5264ec8181c6de9bd03d2cc7d3b", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046740, "uuid": "afb4377c-cc73-43a4-affc-c881735fc048", "value": "T1D0E423CF8CE11385C449F4FD02753024DCB9346C53BF2BA4F59AD81C1AE7AD6D6988A6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046740, "uuid": "10973dba-1b33-443a-accc-da92b3252f69", "value": "12288:R9qHq/f2IQVFmxoU4VXFMBa0PbBFwvgyKSvBgS7BrGngm7JVNk0:RxxOFmPeXFebjwOSvBTpGngm7Ti0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046740, "uuid": "e7fe43ae-8de4-41be-bb5a-73f5ba2478f8", "value": 688213, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046740, "uuid": "9a53e58d-2c4c-4c47-af95-a224c5b2f40d", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046740, "uuid": "6e31bbd2-adf6-43b3-8f39-daea1a8a2b5b", "value": "solicitud de cotizaci\u00f3n.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb833616-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691049621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049621, "uuid": "a7e7c1ef-77b9-4e59-8967-c3b73b8881c0", "comment": "Malware payload", "value": "e04192bd4869655f59ba28db532eb432", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049621, "uuid": "5b9c00a1-b630-4a70-a26d-98a3d7dc6314", "comment": "Malware payload", "value": "ab1c7b7f8a25c78c1eacb536115429e316ec0ac74b63dbf64cc88b82a367bfab", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049621, "uuid": "72d27ec4-0e53-48d8-8513-877aded41add", "comment": "Malware payload", "value": "fcb21a1aebe9d4a6dcd28753ec87a0649d19ec9f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049621, "uuid": "0911c26b-5706-4144-8bdd-a6f0fa137616", "comment": "Malware payload", "value": "a949133f250d5f547130b662843aa2d373f190cfc29f911456e5df73c9c262440d5ec9d508750a8fa7390042ec299474", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049621, "uuid": "99ed41ec-8b84-4ae9-9b5c-c4f4346e19f1", "value": "T17BE41263B6E89063ECF41BB115F707931E32BCA05974D21B17D2996E4CB2294B93632F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049621, "uuid": "f9ebb73b-d447-4e99-97b0-ab95f2150935", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049621, "uuid": "a87508f6-53e6-42b5-a457-9616a54e42cf", "value": "12288:4Mrwy90oAL+GI0H7pVir+gYXQ2u8DupFRip0ReEHI+8JhT2qrjPDs:Iy6L+GbHdVeeI8D8FRu4Ah6qrLA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049621, "uuid": "bf89b95f-883c-4436-8e66-cd0393f2a347", "value": 689664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049621, "uuid": "54c18393-7cff-49c8-9fff-04db9c776b04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049621, "uuid": "63a180a3-28b2-4468-8ec6-d0ff529cbdba", "value": "e04192bd4869655f59ba28db532eb432.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7716aed0-3232-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691090282, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090282, "uuid": "3649e0a6-156e-4e60-8380-0febe962bcfa", "comment": "Malware payload", "value": "9bedc9d2222ed8a3c29651703d35431a", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090282, "uuid": "5239a821-da72-4e3a-83c3-c7d3a900e396", "comment": "Malware payload", "value": "ab8d8d9cd17221bfa74ad8dadd24339e08d58abd7f98d42998d57e79d88352cc", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090282, "uuid": "5ab349eb-fc69-48d3-a076-58039e808ab4", "comment": "Malware payload", "value": "8445d52ae23579f7643d63d31ce7e021efddf286", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090282, "uuid": "b81bf0fb-dc6e-4aaf-819a-38f692348898", "comment": "Malware payload", "value": "efe508f202fc922497f655cab17edcb5973560a12e0ea9d0c08f7f8176388ca6f0f2b52e6d93a5a99ba5170ff61f9c48", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090282, "uuid": "b397235d-4715-41e0-b98e-fe1b056bcdc3", "value": "T113D2EAA0FE9164EE2309DFE7BA1BA4E0E503298D74958EAFF001EC147428723F4D9635", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090282, "uuid": "99747411-4902-4222-a842-48c25dfef627", "value": "768:q/6yPrUn3C4MJVWxI/dVwrHSYPqzjyMM/IwD89fAjTmd6csGlDpX6xgJ6jTT4/co:4VA4os9uGlLJAPR+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691090282, "uuid": "fa2ba293-6aca-4205-86a3-f096374bc67b", "value": 29668, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691090282, "uuid": "4e5115b6-2853-45d8-85ba-88ac3c495e2a", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090282, "uuid": "a0547c77-cdaf-4ef6-991c-d1c9c7846c6b", "value": "index.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d23d5c1-3249-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691100036, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691100036, "uuid": "98a11319-f119-4547-a6cb-95473160477c", "comment": "Malware payload (Amadey)", "value": "3f7095623c46337a45bae9fca759a028", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691100036, "uuid": "ad2c1f87-b276-408b-b187-ff4090725bae", "comment": "Malware payload (Amadey)", "value": "ab9255a25f215f228ca27f06003748233190454606c024ff268dd6514eedbf6c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691100036, "uuid": "9a0bbace-ca63-4725-b051-d97e0646e817", "comment": "Malware payload (Amadey)", "value": "daaefb4ccdeef0fb17feeaaa188fe93a8e1fd982", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691100036, "uuid": "5ed24e9a-1045-44b0-aab7-103072920016", "comment": "Malware payload (Amadey)", "value": "3e42ab355bcc022ccbdd158cd2c5c97e5118b1d4312423825c8bd9b4631c159ee93882bbf7b56ea1f5f16dbd1acea4bf", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691100036, "uuid": "4c9bac34-c6e0-4e8f-810e-50f094cc614f", "value": "T191C41222F6C450B3DCF617B058F617E31E35BCA25938829F2651A95A1CB23C4F87277A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691100036, "uuid": "b2b1fac3-be2f-4f95-876e-ae807347698f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691100036, "uuid": "1cecb18d-21bb-4120-b0ee-dc150e36f21c", "value": "12288:NMray90xvouufX7RlNLTyOyNeCiFa4ZbB5XA:zysWv7TNyOyICGbB5XA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691100036, "uuid": "f69db018-0480-447e-99a8-f9a1efe64482", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691100036, "uuid": "3e890197-0a28-422e-80f3-73c3c6d24a19", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691100036, "uuid": "2e20a78b-0076-4d0c-bf84-a1331c7b5f75", "value": "3f7095623c46337a45bae9fca759a028.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c210518-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1691049408, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049408, "uuid": "506ada59-7b03-4abe-b60a-dab79991804f", "comment": "Malware payload (Fabookie)", "value": "24b9161fb1b7b6caf0437f94142ebf75", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049408, "uuid": "51ba486d-d602-4b68-95bf-624555d80004", "comment": "Malware payload (Fabookie)", "value": "ac1126f20bdbdb211cca82ad8684ee7d25c3ecd751daa6939e1373ad8d2eadb0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049408, "uuid": "3ab96b4b-10e0-4d33-b63e-8757180cbc27", "comment": "Malware payload (Fabookie)", "value": "0b5353916bb197470345670b1ce90fb2751fa716", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049408, "uuid": "8d3067b1-2062-45f6-aa3e-7f001950bc78", "comment": "Malware payload (Fabookie)", "value": "c045a74c52b051ed9419acce15b9fe7721d77e257f8c967f965b975562ca997f069ef7e74089c3085789c2d75f8554ae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049408, "uuid": "8dbc3694-3d6f-463b-bd2b-c280f845668f", "value": "T1C4643B0362A4BC61E5264B329E2FC6E4761EFD528F5837BB32187A2F74713A1C563712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049408, "uuid": "3dde9b47-4d64-4d6e-9e4f-1fb658f4f6b8", "value": "451d5edd90f05ed2ffedbb8a3f034cb5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049408, "uuid": "8763c552-c6b4-4435-aec1-c70d3c4bb11b", "value": "3072:b5FQDUeKWArpmG4P9Jul4RKQ4+bFgvPaAFpQWjkK9:1FmUmgITPZrFuCA3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049408, "uuid": "bed48dc3-ed82-47db-9307-9d4b8379b62c", "value": 321024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049408, "uuid": "adfc584a-027c-46ae-a18f-847a39d7ef0e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049408, "uuid": "443e709f-959a-4d34-9184-8cbb6fbaefa9", "value": "24b9161fb1b7b6caf0437f94142ebf75.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4989306b-323f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (PrivateLoader)", "timestamp": 1691095789, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095789, "uuid": "2c5252c8-c029-4b5e-ada4-c0ef401082f5", "comment": "Malware payload (PrivateLoader)", "value": "686da75c6922eddfe714217f777126e1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095789, "uuid": "434b1b9b-7d5c-4004-afb0-b17ff23ed501", "comment": "Malware payload (PrivateLoader)", "value": "ad2de4c275c5d84c667feed2bb77431e9c86d3d26c57dd30c18b574524b5fa0f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095789, "uuid": "dfb9b35f-acce-417d-b3c0-153a4004bb0e", "comment": "Malware payload (PrivateLoader)", "value": "81a1241027ded295af7db40b3ae88bffd1f8e23b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095789, "uuid": "d9a33fb1-0f21-4c34-83a4-5e9d83a9b24a", "comment": "Malware payload (PrivateLoader)", "value": "2d7b1144f3f11efed7e88a68b9f5c007a71bb41a3b9372001418b4dbca448a32cdbf281303d7666518164171ea82c976", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PrivateLoader", "colour": "#73A0FA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095789, "uuid": "a881dd23-a524-44c2-a227-f47afa7970b0", "value": "T19B25BF11E7519023EC720471318AABF25EFAF53041AAACBBDBC41A5A5D337C1A2157BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095789, "uuid": "81a30dcd-6d96-4533-8524-6cb560d3f389", "value": "81ee0d56a4a7333fc5e6209497e45f2f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095789, "uuid": "eac1badf-4810-4f03-895e-b543f71c33e5", "value": "24576:2osUGTCe/6HobDxOtTSHEMWTzktQPzMWTX8LsQKAoFUWDNnD1TTq/umX:GZR/6Ho/xOtjwOIQAQ1TT1mX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691095789, "uuid": "1e1cc2c6-6014-49a1-85ba-ead624e277e7", "value": 1025536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691095789, "uuid": "f16329f4-bf5c-4642-8e63-55a0afefe37b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095789, "uuid": "39ef0459-140d-4eee-8884-21f9e9959316", "value": "686da75c6922eddfe714217f777126e1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a69cfe2-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691068222, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068222, "uuid": "6795e6d9-03cc-4474-8197-b393912fb81c", "comment": "Malware payload (RedLineStealer)", "value": "2f707d23dfa54d9305e16e718f82fb34", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068222, "uuid": "2bf4deef-bb17-4fe0-b9fa-9f0c2449b98d", "comment": "Malware payload (RedLineStealer)", "value": "adc93b9ee4d884423d14c5b33635b75235f46542f3a5e73934d263c67d8f3269", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068222, "uuid": "0294f26a-991a-49b9-8252-0fe9cb138cad", "comment": "Malware payload (RedLineStealer)", "value": "3e6011424f00c9be64e589551f45dfdc44b7e799", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068222, "uuid": "0563fbbf-acae-42cd-b17d-afad46525db8", "comment": "Malware payload (RedLineStealer)", "value": "cf2d35554c1dca73920fe3d4a1d00ab1704e0ba1505b88e3fd79da6d838a3102ebb0263813e1c90728bb11b014242a26", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068222, "uuid": "7a2fc162-7bac-4bf8-8d00-c35e02df4652", "value": "T1CFA35D2067AC9F19EAFD1B75B4B2012043F0E48A9091FB4B4DC164E71FA7B865917EF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068222, "uuid": "cdbc37f2-0989-472a-bed9-ca7a3a5baca5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068222, "uuid": "f886c51d-e5c9-4f96-9a69-19059ae0f445", "value": "1536:iqsePqBezlbG6jejoigIk43Ywzi0Zb78ivombfexv0ujXyyed2h3teulgS6p4:AAmeZYk+zi0ZbYe1g0ujyzdd4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068222, "uuid": "228f77ae-c210-4ba8-a719-a77b297d8ec2", "value": 97792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068222, "uuid": "ecc2c9a5-e2e4-4411-b0a1-bac29ba048e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068222, "uuid": "74ada661-3e86-4844-a508-4df354c99b4e", "value": "2f707d23dfa54d9305e16e718f82fb34.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da292020-3201-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1691069403, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069403, "uuid": "6a0a8a5e-42b2-4375-ac24-4af9157da464", "comment": "Malware payload (NanoCore)", "value": "93b477baa88c9520aa5249bb3514d191", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069403, "uuid": "6ac8618d-fd9e-4883-a69b-9fa912768a1d", "comment": "Malware payload (NanoCore)", "value": "aeb0f38f394e7f520a237d6488b5562162bb3826ee07caeac4337994a61b1179", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069403, "uuid": "00cd227a-fb78-46b7-a1d8-29764a0f1a07", "comment": "Malware payload (NanoCore)", "value": "7328f00cb9ada37181075b2fc5af21f474c1cd45", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069403, "uuid": "4202b9ef-e5fb-4a0a-be18-b05ccd5b1868", "comment": "Malware payload (NanoCore)", "value": "68f3c2865c90d73ed58c1a0cb0052befbbc562f21b90dfe37d1e24c519a50d4d22a3fdf34a22322a618b99702c745089", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069403, "uuid": "3a5f32ec-b030-4a33-a306-44c9234c82af", "value": "T15EC423763F8907B8CC20CBB99CE7925143369D41D4E9F13F7EC96284E142745B831AAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069403, "uuid": "d7303eda-5321-4749-aed9-a44343c4d855", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069403, "uuid": "f9e2318b-a950-4af7-9df9-95328ff1a5ec", "value": "12288:cqyHfInhxuY9/rmfeNt2k+qZNO4zIegDFGVRZ3uN4pqayN4C:ZyHfE9KG2Io4zIe+5N+qayN4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691069403, "uuid": "f67d6195-e0e6-4cdb-a017-3ada18f43b74", "value": 580608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691069403, "uuid": "5adb00e4-49a4-41fb-84c7-dea23df4d3ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069403, "uuid": "b6745226-b6f1-4dfb-875d-0791d3b1d668", "value": "whatGodcando.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91fd3fa8-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068423, "uuid": "6bf20334-20eb-4202-88f7-d1660312b991", "comment": "Malware payload", "value": "3353dbe4dfc6b45d87c53a811d60c2ad", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068423, "uuid": "df694cfd-e223-4738-a743-90902291cec0", "comment": "Malware payload", "value": "af6e864a22ae5dff4bf6df20b653576fc517d4414836db88b24a95ac8dffd945", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068423, "uuid": "2e81a3f4-f106-4ce6-9f1f-c7353d5f2473", "comment": "Malware payload", "value": "071959fe42684b3cd85233944a2eabc16c7056e9", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068423, "uuid": "a8586b47-b39b-4b0c-b432-d209857fe76f", "comment": "Malware payload", "value": "80de67bfa820a7c29bbe42e3657b78293959d9bbe50c9c0e7f83c65dc4bec343f42105fa8fe2e32750880a74dfee5939", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068423, "uuid": "a477de6f-a6a1-4520-980b-b4f57ba4b548", "value": "T1B1946C36F590D877E0314E78CC4BE2E9942DBA702D3864477BF81F4C9A792826A1B1D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068423, "uuid": "f8ab9236-9a4e-4469-9e26-fff798aef7be", "value": "466caa9bcf5a9905cd00c4e158069662", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068423, "uuid": "248c510a-b7e7-44ea-934f-0e06eee5e1be", "value": "12288:ObfJmY1oCMa3Wyex7ykWynLSKJ13lqnuj/ro:O7bKCM0ax7ykWynLRJ1V+uTro", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068423, "uuid": "426b8899-c2c6-40df-b3fb-846d9bfb617a", "value": 444928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068423, "uuid": "9ed63d1f-fd96-49e0-8907-e75ea7d303f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068423, "uuid": "6fad471d-b2c6-49b9-bd4a-101e66e6c63a", "value": "af6e864a22ae5dff4bf6df20b653576fc517d4414836db88b24a95ac8dffd945", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35356d94-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691047651, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047651, "uuid": "b9675e51-8a43-4565-b71b-19928d4d9498", "comment": "Malware payload (Mirai)", "value": "807fe910614ff9f239724847d2df22a2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047651, "uuid": "4040e8ab-9552-4ab2-8363-6dcb16d5600f", "comment": "Malware payload (Mirai)", "value": "af8a29cc3f00e47a025e91316dbec12aeb9067a38a356f6dcc40f31dc6f51c77", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047651, "uuid": "0a588126-2418-44cf-b5d4-b7269138dc0d", "comment": "Malware payload (Mirai)", "value": "3411d4dfc6681f205be867dfe9859105641dac94", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047651, "uuid": "00398b8d-c48a-4fe3-8f21-f5cb3e0dc8a2", "comment": "Malware payload (Mirai)", "value": "715e00c0a5e254ba19cf67026e03e5e6b6fff0c78bd3647744638058be5d57152235cf356eea496556abbcfdd93bcdca", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047651, "uuid": "35f2df32-9051-41f1-83b8-795010367d87", "value": "T1C5E2F193D3629453DE782BF2F9A9C4CB2BBC4B5CD27770A31A1416282E560535F3C893", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047651, "uuid": "e4afd554-7426-423a-a738-9adcab7cee1d", "value": "768:8oiWiO031vpAPbrVWZK3XVGxm9XDL9q3UEL5It:8orm1vpALgUJDqLS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047651, "uuid": "6bb9259a-8510-46d1-a2fe-6ab73b98d6ff", "value": 33028, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047651, "uuid": "e222132f-ef1a-4603-92f1-e5189ea300e0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047651, "uuid": "7b695431-d4c1-4311-aa9a-84cc8871c35a", "value": "807fe910614ff9f239724847d2df22a2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87b97298-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691046931, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046931, "uuid": "be5b4124-a212-434a-832b-d6709b549f13", "comment": "Malware payload (AgentTesla)", "value": "0f637d22a2ff666c44bd9531d21b4549", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046931, "uuid": "19b3e3a3-331f-4bb7-9fea-8c0460df8d35", "comment": "Malware payload (AgentTesla)", "value": "afbe25240ff930618be99be2ac711c4a9f6e1610873a22cffedf33eae5245259", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046931, "uuid": "fa5dc118-8507-451c-9be3-0a8e1f3e9499", "comment": "Malware payload (AgentTesla)", "value": "43ce149a7f579d798f39ddd43ab55fbbc80de3a0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046931, "uuid": "4bccb96a-9a25-479d-a9fc-5f8deca7135b", "comment": "Malware payload (AgentTesla)", "value": "1749a37b4f2d8c802c32fb9a2b1da73dcfa9ac5eb715cbadeda2fb4bf76d7a4f1b372d2b24191bb913ad347ae81ee159", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046931, "uuid": "80dbad53-80e3-4f2c-88f8-b6fc9c94223e", "value": "T148452A3804B80A12C135D2BD9AD4F513B3904F963519CE9686C15FCA0AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046931, "uuid": "d70c3292-70dd-49d7-b26e-93b364161640", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046931, "uuid": "5a5872d3-71a4-430f-a0a2-2416a3de1b1a", "value": "12288:3EKaJqHnslVBn4FnMN0+2Tk0xIF+K5h9oRVTg5toSosWvWpZ/F4:vCVB4FnU0+2gG9sh9orTg5tN0m/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046931, "uuid": "6f1c327b-a37e-4fd7-a476-63b712823079", "value": 1164800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046931, "uuid": "ce9d4d21-a1b8-4326-bfe4-b90c42918893", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046931, "uuid": "e3751d03-34d0-423f-8947-752bb31e007a", "value": "Ayl\u0131k Hesap Hareketleri.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "468f7602-31d2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1691048969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048969, "uuid": "c974a63d-4543-44a3-9aea-0005b43027aa", "comment": "Malware payload (XWorm)", "value": "ce90f45a4b8b1293cfb92f591c717d51", "object_relation": "md5", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048969, "uuid": "859aee66-244e-408d-98c8-29ec88568964", "comment": "Malware payload (XWorm)", "value": "b08756158b8b618cdf9defc7134737b1d0da931210b583643a7a0af3e927b9c4", "object_relation": "sha256", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048969, "uuid": "be77435f-49a0-4121-91a2-d72e89bc0cc6", "comment": "Malware payload (XWorm)", "value": "5336b02e6b573891fb4bd2898849c3a94a77dc51", "object_relation": "sha1", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048969, "uuid": "c828c7d7-441d-4297-ab8c-1105535b55d8", "comment": "Malware payload (XWorm)", "value": "495f8284dded02baa968106812823a56b29193155dce11fcdaa4576c89aec91d0bfe0d0063a00fd7bed0a6fa089ae0b1", "object_relation": "sha3-384", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691048969, "uuid": "77bf988d-bb24-415a-8047-f6b4400d9dfe", "value": "T1431100A66886898473B1D3F617E3E29DF513D28A51414E0CB744618BFF6A30E46D3187", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691048969, "uuid": "f96bf7f3-0ae8-40ae-841b-2a3961f85a88", "value": "24:hMNmMvy4GqptEIjb18qe+dU8xuY8yu5yoTLXl88e/ZM8E4olEC:ImMqopOIjb1FO4ucoTLCyt40F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691048969, "uuid": "0c946e09-a806-4c4c-a84f-15d9528cc6eb", "value": 896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691048969, "uuid": "b57a64a2-fbef-481f-b692-49eac4232fb3", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691048969, "uuid": "ee8c24f7-beb8-449f-91b8-736bb2f73b35", "value": "akuy4l.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "adaf814c-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691049571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049571, "uuid": "6260eb62-47a0-4057-a5b9-7bfd02a9c9cf", "comment": "Malware payload", "value": "b97cca0dd82db5809b48af3e7732f40e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049571, "uuid": "f1b4e7b1-fef4-4433-b723-eafdcba42e3c", "comment": "Malware payload", "value": "b0ba72fccb5f49780222ba8873ba4cd9dacd9cc5a0a1bc7a8beac6c207bf39b7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049571, "uuid": "7fad41f7-dac9-4702-b276-faa74afc4486", "comment": "Malware payload", "value": "d9748b37003a3e4b669777a79700b040f0657eb5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049571, "uuid": "afce73a8-5a98-40f1-92b8-11fccbb6ad07", "comment": "Malware payload", "value": "177bbee472e5753eaaee4aac7f7c5eb75069c06247835845dcad7cb1882518227309deb71e931a084868fdcd88bcf36d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049571, "uuid": "6cb38c05-ecf6-4b68-877e-c70f2ffe12a9", "value": "T125533F1675BBCAE2E3882FB2DA8B9910D361D647761BEA0DB84F13D141037F7AC4611B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049571, "uuid": "8648ca2c-7a37-42c9-a8a8-acf60d1f98b9", "value": "768:Fp1B5uBhDW0XTO+6QGyZP5c4CKA0keq2conz0R1m2YE1DuC/0kR3YNj/gM/4/oAj:ryW0q+LRcTKHkeWTRDKk87wj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049571, "uuid": "4f16dc17-59bd-4a44-9e55-dbd78b0f598f", "value": 64971, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049571, "uuid": "8cfb8fa0-c925-4033-81a3-a45962ab991c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049571, "uuid": "b74dab31-17ce-4d37-8826-fd0f07d83bc0", "value": "b97cca0dd82db5809b48af3e7732f40e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3510a9e8-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036484, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036484, "uuid": "f41a55cc-8d08-4bd8-a191-22d3228f9a15", "comment": "Malware payload (Mirai)", "value": "468bd27ea088fd0109a21eba170ea0a7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036484, "uuid": "f880aa54-a853-41f9-8fff-b91f45503ecc", "comment": "Malware payload (Mirai)", "value": "b14eb9596f91c1625c3df29413fa08ba313a6b9e6d7fb1297fba74761c135568", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036484, "uuid": "00fd8d10-a1a6-49d0-93ad-6d0546fc87d8", "comment": "Malware payload (Mirai)", "value": "318fb9b4ebbea79f5b3630ba099a5d2b8caf1863", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036484, "uuid": "96636a60-b734-4a97-9cfd-f3c6617b3b44", "comment": "Malware payload (Mirai)", "value": "4da052d84a758ac3428b85730f690eb42d53790ab95e44cd64027f02633648d3462519800e545521729fc1f8d431727f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036484, "uuid": "8d2d55b8-f41d-4080-8cf8-21360c4e94e8", "value": "T139A3F831A641C973D04305F212A7DB660D32FDBB1A6AAE56E32C3CB0DE360C5B565E9C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036484, "uuid": "2a6b4b00-7d92-4207-ba7c-baaba1923945", "value": "3072:VK1z13U6HzHoXRtmTUhQogBEmmFVcqq0GnDZT:VK7DDeKlogBEmmFVcqq0GnDZT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036484, "uuid": "c2942f1e-3495-451e-98d3-127273a358c4", "value": 100042, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036484, "uuid": "f238676f-9bdb-4cdd-a214-0453b8e0ce25", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036484, "uuid": "1bc2169d-f232-46fc-98ca-e802e18d263d", "value": "468bd27ea088fd0109a21eba170ea0a7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38e8e337-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691047657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047657, "uuid": "679e87fe-1a3b-4f64-abab-9401401fce89", "comment": "Malware payload (Mirai)", "value": "c3e6907a643bd0a45737377e57de88ce", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047657, "uuid": "a3efe2d3-e1e0-48e3-bdf3-c82ba6f6b8e8", "comment": "Malware payload (Mirai)", "value": "b1c9d3924206559c4ba5040df635aa72e923431b74e58a60e3a854b3aa4de071", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047657, "uuid": "82a7934b-b4d5-4ff1-8ab0-e70c44d8dd05", "comment": "Malware payload (Mirai)", "value": "fa21555af517fe2021ec490ea54bfb5e7ca6622f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047657, "uuid": "8672ef96-9154-42a0-a02a-96cfb97aa935", "comment": "Malware payload (Mirai)", "value": "53486a486d635e59d56931b610c4eead83d55a3782b00516cf341743387039d8727d2a16ae2ed5abc9f5fb5bcb2105d5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047657, "uuid": "2af27274-b622-48f6-8f6d-5c2f2ec9a774", "value": "T1ED536EC6B4119E7DF5CBE7BE84224D0EB821722150531B27BB6FFD83BD721A48946E06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047657, "uuid": "c5f3ac8c-9a86-43e8-a1be-30b952772543", "value": "1536:kPqRg0FGTbSX5xpLepSGorsF7QhOx2X/ZOqc/yA8q:p5VHV8I9cKk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047657, "uuid": "98657d2b-b845-4c99-bbc4-3758ef037f8e", "value": 66508, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047657, "uuid": "eca15b5b-b6ee-4bd0-b7a8-19eadb122af5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047657, "uuid": "d9ff3628-c37c-45f5-b912-7b4129f00b05", "value": "c3e6907a643bd0a45737377e57de88ce", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "466224b5-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1691047680, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047680, "uuid": "f055076e-423d-4c90-811b-635622ac7acf", "comment": "Malware payload (AveMariaRAT)", "value": "482d58e4fe182379c037a5dc371737ce", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047680, "uuid": "64432680-9f12-4712-b8fa-bfb0bb5843e3", "comment": "Malware payload (AveMariaRAT)", "value": "b459fcad4b72a8006adb2fec48c45c4432eafe016f2ed4f73c29c6c36e83fc68", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047680, "uuid": "6a2173cd-6e0e-43ab-a3e1-4f4ae062612b", "comment": "Malware payload (AveMariaRAT)", "value": "894afda082bf8062c3e06c62c01f38f7077095c4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047680, "uuid": "b80a5769-3abb-429d-a54c-f1a3080cd1a2", "comment": "Malware payload (AveMariaRAT)", "value": "0c01b4c7accac25eb2fd1959801bc4b3e4505b1e9be92f1179e68d6654286ad110b208e0688e48f6c4ea1b84bdeb720d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047680, "uuid": "2c8648c8-fee9-474b-abba-d83e13815880", "value": "T14745DF1676B59572CE00CB35C5E79A1082D7EE99A7E2C10A678C736D0B323BE8B075C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047680, "uuid": "7269cc88-ea4b-4b39-9bbf-b618a7107688", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047680, "uuid": "074d2b96-6e75-4f6e-9783-4b97b6edafbf", "value": "24576:iZ32xrZPIYfyg0LL+SaROJhF7z/95JRby9f:CwP3yg0O3wDJxy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047680, "uuid": "ea8f696e-5a0e-4df1-8f18-5ffea43008df", "value": 1213440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047680, "uuid": "fb0a2417-b2c1-4772-9c91-29c2a6ed9d7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047680, "uuid": "e2c5fde9-fe40-4717-b58d-90af53807c9c", "value": "482d58e4fe182379c037a5dc371737ce", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6674d48-3206-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691071463, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691071463, "uuid": "e4bc2911-7639-4c36-ba3e-676b3e02e010", "comment": "Malware payload", "value": "447010346212fccc07858ec1604c1453", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691071463, "uuid": "7db23e95-5906-4395-9399-f382766ef1b8", "comment": "Malware payload", "value": "b46ed5d869f9490be823fb67294a1288ede683e97d619a4c5d36bbe06724061d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691071463, "uuid": "c67ce38c-550c-40fa-98f8-9b7a9cdea8bf", "comment": "Malware payload", "value": "0b7f2dfa8475d9e3d85782bb785cf6fb5eed1ede", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691071463, "uuid": "017ba461-22ae-413d-91ef-8df465753c6b", "comment": "Malware payload", "value": "2a4eaea2b02dba5746d5c98b663f17312f51ad950c4eefddfe2a1386d057c3c2f4d754a68754aa34768439fc464f80ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691071463, "uuid": "fc5bad19-fab3-45e7-b18a-c324742251c8", "value": "T1D1150826417B60B7EF5977BC5A23C83A359C6B40A0F6E298A32B34D3C5C61125D3A7F1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691071463, "uuid": "c0dbd7ba-16bb-450f-98b7-1f98e99dde5d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691071463, "uuid": "b2f7df17-ac14-4f20-890b-8f8f070bafb5", "value": "24576:PY9vmeD2dzBqpppNpppppoOQpppNpppppoO1uayAeUnnlXhJvHXM16h:lO7O1AAeIXfvHXK6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691071463, "uuid": "2f159ebd-df4b-465d-a6ec-6d6e2c9222da", "value": 952832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691071463, "uuid": "3f5d2d44-6763-441a-bcc9-0bdfd06b5206", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691071463, "uuid": "d493e98a-bfa0-45fa-821c-892d7636716b", "value": "SHIPPING DOCUMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c0890ac-31c3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1691042589, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042589, "uuid": "da29e0fe-dcae-4676-b652-a46ab002e16f", "comment": "Malware payload (Fabookie)", "value": "c6307eb8b86134c16d9484b617c9f531", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042589, "uuid": "88afa0a0-94ee-4962-90cb-9b8735a8e147", "comment": "Malware payload (Fabookie)", "value": "b490ef6fbe56b282b90cff8ac0a696a36e3da41399dbc98417abf3ddf4d78bbb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042589, "uuid": "ee15d23f-b863-4a79-9e03-cea358bdbd20", "comment": "Malware payload (Fabookie)", "value": "efde0d4a1be44d1c6763bc4114941260b9b09b1f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042589, "uuid": "7e55f7a0-0793-4158-925d-52ec5c147a6a", "comment": "Malware payload (Fabookie)", "value": "65e474a8ebaeaa7b94126b27e55d49a8734b0ea2d54fc574b2c66b76c5c3858a92db1f6b8fe61e28df4449620274e7a8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042589, "uuid": "aca06f81-b7dd-4947-a9a5-1168c432613b", "value": "T11515AD4377548885E04D45348DABCBB9E6B17C207B2C43A773B2BB4F6E32AD16512F4A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042589, "uuid": "a09af8fa-5a7a-4875-8268-784619be7ff8", "value": "de5ffdef0b7fe6105bfe44941d62fcd6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042589, "uuid": "6ce4b9b3-ca60-4010-8d4a-c1182f1a3595", "value": "12288:K72Y4b/l0Dp6E3V51qvii3mmm6AV5Cqylkg5ZQnXlV5Za5Za5Zj:GcyPV5kRhAVdcpmt44F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691042589, "uuid": "7ef4db7e-9d8a-4dc1-9700-889b24903f94", "value": 955904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691042589, "uuid": "6d4fa4c3-ad09-4826-9595-15327922e740", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042589, "uuid": "cd37e16f-9f69-458f-b67a-2ca05ea52d2a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8523bec5-31f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691063677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063677, "uuid": "07303d90-8e1e-476d-b36e-eb2d6947f119", "comment": "Malware payload", "value": "d9c523fb5f89af06ede9c36d6ac4d067", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063677, "uuid": "597556e0-90bd-4dfb-bfaa-1a66f7dd0b64", "comment": "Malware payload", "value": "b5202e397d9dd3ebe764858eff1a98a679044f726ae19efe44ab099bb87e7a03", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063677, "uuid": "3d425f38-fb87-48a1-a262-71dd8883e448", "comment": "Malware payload", "value": "581110a150523241f5c38d2514ab0cfe969c6200", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691063677, "uuid": "48d1dd56-e7c8-4a37-ab1c-a965eea49ea4", "comment": "Malware payload", "value": "dbd2a4d1514b0d893974ada086eb082e6e05ede0e92465aa7bfbc1ca384c89b323d7398773b76d88d6130bccaee73fa2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063677, "uuid": "67127bcb-d47b-4bac-ac7d-9c9717d21608", "value": "T13EA21906D7C00FB5E5F622BD8AB2912A3ABAED25471140EF12C4649D5F2CAC31D349BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063677, "uuid": "83bcdfd0-7db3-4949-8857-aabf49d5ccce", "value": "a4dcc6b6d18fcc449f6902d126361422", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063677, "uuid": "4d78141b-51ea-4517-a23c-4d244c3c17ea", "value": "384:EiyQek0uSk2p8wdhYXzs/st5h5mjHaA1sgdPb3iyAivKz45SbG4th+Z:EfQ/vz2p8wdhYXYUt5h5mjHaAXPbz7Lh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691063677, "uuid": "93ff711a-f8b2-4508-9e7d-27ef28265c76", "value": 22528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691063677, "uuid": "49b55273-51c1-4671-822b-fddfea2216ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691063677, "uuid": "2c46ab65-59ea-4f0b-9153-d2889cf210a9", "value": "SecuriteInfo.com.Win32.MalwareX-gen.30206.13882", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35d9afca-3221-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691082871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082871, "uuid": "185c93af-b549-42f4-b766-cb190fcebde6", "comment": "Malware payload", "value": "9890523167901151028a9d3e901dcb4e", "object_relation": "md5", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082871, "uuid": "413cfbb4-ccc9-42ea-95d2-596c31cda622", "comment": "Malware payload", "value": "b599d945081eced866b0b3d03e5bcd84efe1e939c1a0750f0360dfc81c778ec5", "object_relation": "sha256", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082871, "uuid": "83f553b8-fdbe-4b9d-b3c5-57cca4dd93e6", "comment": "Malware payload", "value": "10dd6ee679df61429805828d1d592dbded353caa", "object_relation": "sha1", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082871, "uuid": "8fe94b45-ce52-44c1-8234-0f0ac9fafbd7", "comment": "Malware payload", "value": "d38c7545139bb2420504270c9efb805ed84f435098a2fc4d4a4c9b25aa08b6ff926ad2a35db6467ebfff62b2b280809a", "object_relation": "sha3-384", "Tag": [ { "name": "cve-2017-0199", "colour": "#B8DD67", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082871, "uuid": "610b4fa8-68ab-403e-91a0-15afd920258c", "value": "T14D327C6EDDA891ADC34F54FB51632056DBE87ABAF339920E7A70AB40886738F4341315", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082871, "uuid": "ed1c2a9c-e1db-4a06-9f74-65f844625051", "value": "192:Eya0NfninWfT64N5eNA2A+EnVs+mg1SoB8JYgO36PvvKR2t3Y9lcWeNgfmS:EyXfninWfT6u5+A2bkBdB8JYgOqPG2aZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691082871, "uuid": "224a2d2b-a7ab-4640-99f1-0f5adbd202ad", "value": 11493, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691082871, "uuid": "566f1c5f-9703-4605-a1ed-7a96c302378e", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082871, "uuid": "5185b1cd-9341-43cd-aacf-1f635007786e", "value": "SCANNED COPY.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99008109-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1691044812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044812, "uuid": "4e6325f6-1277-4020-86b3-3f982e024a50", "comment": "Malware payload (DarkCloud)", "value": "2188abb5d8649a71916bf0cf613b66e9", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044812, "uuid": "6afc8ad1-d526-4d29-9757-dfc2e727d958", "comment": "Malware payload (DarkCloud)", "value": "b9700184e83e21b733a46e13fe85885778d6452e125161953cf5ee191bc54695", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044812, "uuid": "b52259d9-a5e3-4ae2-ada7-47fe2476e938", "comment": "Malware payload (DarkCloud)", "value": "088f7f32158cec2f4b29913a8dea50bcd7229c2e", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044812, "uuid": "380ba938-5efb-4a13-a876-d3b0b63d7fb0", "comment": "Malware payload (DarkCloud)", "value": "4e3e9566ffe10a534017fb92e44cf70843a0ab9c19889a82e0c911077ab2e389e231452ce570954ab927636234a4a99e", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044812, "uuid": "2d7700df-8b85-4f3d-b232-2db5d11dcf3f", "value": "T12D052353B174EC53343A6652A82F53797C49EFAED02D8DBB0F1A1EA07122A2D31255F3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044812, "uuid": "cc54873d-82a3-4230-9b1b-bf1b3d529722", "value": "24576:sz4BN/YSTk7n8IlWbSJA+1uYCRlvt3XcwB/ObzgJt2:XBN/vTk782WCA6u9z5UIu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044812, "uuid": "145861d3-f613-4c21-bf62-d062950713f8", "value": 853689, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044812, "uuid": "00929bb0-fdba-4afb-a3fd-31f852fd1f24", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044812, "uuid": "4de5e5fd-a9c3-4a5f-b409-c924a2abf4c6", "value": "FEEDER DELAY NOTICE.PDF.Z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "624422ef-31e1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691055458, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055458, "uuid": "be1a2f11-ed75-459e-810d-165016793703", "comment": "Malware payload (Amadey)", "value": "9cf49dd83baa5d91875bf336a6c9512d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055458, "uuid": "bb104d15-7954-43f8-ad90-41e8dfdf4f05", "comment": "Malware payload (Amadey)", "value": "b99bd60480fb52adedfb56b3690cc2128e865364ba13c93e1877b3affcec0e7e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055458, "uuid": "cf6b3eaf-7d89-4bde-b20c-00de97fb39d2", "comment": "Malware payload (Amadey)", "value": "c3d4248582b9d3633d3ca8bedc8cb04b41cedf79", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055458, "uuid": "208b7b06-e1ef-4cbd-a9db-f1826bd5a87b", "comment": "Malware payload (Amadey)", "value": "861d2b5a37eca1b6ef3dc6b46230451747039f4855f3259bb211307ed09cc0ac588f22929aba0ab1ab12e073424c7850", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "lumma", "colour": "#810EF3", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055458, "uuid": "11e1bd87-6219-4a4c-9a78-deb98e261105", "value": "T1C1858D32F99190B6CA331231AF4D732CB7EDB6701A79415763D40E6D2EB04936E39A63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055458, "uuid": "2ba3baa8-51ce-4dbb-8325-dbb480cc9aa7", "value": "d6fe9a16ebb87dfc9981e18fa43062fa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055458, "uuid": "615d649e-6c14-4535-b71f-334aa9617c8e", "value": "49152:Dx2aHePCXXSAEj6xmPhcsGdK0L1ZuZfTgvN19hqe+Fr0Q:DEoePCXiNUmPWsoKA7UfMvN19hqlqQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691055458, "uuid": "8cd5f6c2-d28e-474f-b7ac-c3076e38b731", "value": 1808536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691055458, "uuid": "45547eef-bba6-4c16-9cc2-cd75b1b59a3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055458, "uuid": "9226c68a-6b76-4b14-8621-3b6994b77c5b", "value": "vt_b99bd60480fb52adedfb56b3690cc2128e865364ba13c93e1877b3affcec0e7e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f6c48c3-3246-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691098832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098832, "uuid": "008052d9-202f-45f5-b50a-b5476d25834c", "comment": "Malware payload (Mirai)", "value": "142c248b36ed164f674b871570401a1b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098832, "uuid": "af370b73-7f12-4942-ad35-63add2fe49f1", "comment": "Malware payload (Mirai)", "value": "b9cca900a65652b103da43de678c67c11a0e8f894117bb46482b3bf3a79d7e05", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098832, "uuid": "c2e7a4ea-73e3-454d-b2c4-d8e0843f5368", "comment": "Malware payload (Mirai)", "value": "e605f6aefbf698bd76bda41482ebf8fe1101eeb4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098832, "uuid": "85b126b0-5b29-4ac0-8711-6670173c9677", "comment": "Malware payload (Mirai)", "value": "fe03704e0d5f79f74953cc3f43f24bdf59e69961af5659092aa9c1b3c11bd45fbfc3e33d57f7bdb07fc984ba5b0c9d77", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098832, "uuid": "0b2f3d9f-3e1d-41f3-83a1-82ce257165d0", "value": "T13E533B99F4028E3DF88FE9B984160E05B93023D212931B276BAEFDE37D331659D12D46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098832, "uuid": "941a1f57-0095-4a81-bab1-d83f42199737", "value": "768:Ge4gpsM204GEkRbj3eX1VnQiiQthc3gFHu1eu48B8vB6J7EzNfXuuJpozCK3s:Go3EkRbrOSiPDFu1X48B2SEzNfeuJOc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691098832, "uuid": "0e221e93-92c9-489d-ab8c-fdce1d1f5cf8", "value": 65100, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691098832, "uuid": "affacca2-0f62-4964-905a-3aeeff8774eb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098832, "uuid": "d0491816-70a9-4204-b705-cc4d6676e212", "value": "142c248b36ed164f674b871570401a1b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b226b442-321a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691080073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080073, "uuid": "18d14dbe-2567-4607-837a-a69d419e2d42", "comment": "Malware payload", "value": "640527a052a0fa57c58dd1a4a4628ec2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080073, "uuid": "64e5c996-134a-4434-b9ac-98878b851c14", "comment": "Malware payload", "value": "baeffeb5fdef2f42a752c65c2d2a52e84fb57efc906d981f89dd518c314e231c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080073, "uuid": "6971d53c-9fc0-4b89-b85b-16eeda35bd0f", "comment": "Malware payload", "value": "0195a022d023e2a82882e74bb7e48d418538ca9b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080073, "uuid": "15de7218-efaa-439e-824d-91c12c73d23f", "comment": "Malware payload", "value": "66ae4eeff0d0d6194df6e8650318b0854fd50b23fc2209cfde7bcc73084ee16f33350c6fb80a89acfb11fa9e08b3ba1d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "rilo", "colour": "#D3353B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080073, "uuid": "8dceaf04-9b3d-4e0e-961a-e685774ee11e", "value": "T1FA0633F69141D80EC414A37BE78305C1E6A754706BA62C662F94BF6C613E7A70FA3783", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080073, "uuid": "836f0d5f-f9b4-4be9-ac50-9cfd3931a77c", "value": "6ed4f5f04d62b18d96b26d6db7c18840", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080073, "uuid": "38323ccb-1dd1-4bc4-b4ba-9e3233e16417", "value": "98304:NNwCzm0strjuaOSyXtIsHGT82wLQazfq0:3wl0sNnzKS82wLzx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691080073, "uuid": "02b9b386-af68-46b6-a1aa-2f08bf8e95f8", "value": 3748352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691080073, "uuid": "5e7e54ca-9186-4d2f-aedd-1a9dd34c1386", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080073, "uuid": "32a658bc-c329-4dc0-ae40-7b3197bbf5dd", "value": "baeffeb5fdef2f42a752c65c2d2a52e84fb57efc906d981f89dd518c314e231c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f172d7bf-3203-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691070301, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070301, "uuid": "85d19e50-9b78-4ad8-9abd-be4471f58aa6", "comment": "Malware payload", "value": "e2bed9d6074957b4b790d8694b7198a4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070301, "uuid": "6546f8eb-1535-45ec-af39-eba9f4505179", "comment": "Malware payload", "value": "bb2a1a20580023a06a5d9289cbb7c1544928bf695a9b475522e79d3897c8739a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070301, "uuid": "73bbd4eb-4748-4d1d-88df-30466922368a", "comment": "Malware payload", "value": "73e48dc69e1ca12f57c4752d562431f30ebd00a4", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070301, "uuid": "632d7d09-8c8a-4e14-8280-bbc4f6fada91", "comment": "Malware payload", "value": "d42830b47755d1d9751862942dbb7822df95ee4b22c1725729c603eeaf44b7d6b852f4d789723c0f5ee1515bdbfc23bf", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070301, "uuid": "2e906aed-76e0-4ca2-8c3b-c30baaf896ae", "value": "T13EB24B05DBC04EB9E4F622BD9AA2607B7B7AEE71474500FF22C4246D4B6D6C21D708E6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070301, "uuid": "3fe600d9-a595-4263-adc3-6da57754106c", "value": "a4dcc6b6d18fcc449f6902d126361422", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070301, "uuid": "30c880b3-c207-474c-9e3e-ca3ab23d32bb", "value": "768:2qbvz2p8wdhYXYUt5h5mjHa7XPOiom9ZpyYjl1STBtCse/:2qbap8wdhYXYijg27WJm9ZtlcTBgR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691070301, "uuid": "dba2c783-c8b3-41e8-80c4-d54c31e2ca32", "value": 25088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691070301, "uuid": "e6415b9b-b529-48b0-b504-7a52acf365fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070301, "uuid": "89f9d7e1-1a56-4eda-a734-35c00224e722", "value": "SecuriteInfo.com.Variant.Zusy.479680.3311.4857", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "215ddae3-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691044611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044611, "uuid": "3aaa5ec2-f812-46b3-bc43-8b96f8608d0f", "comment": "Malware payload (AgentTesla)", "value": "f18a07e69e32f2057d8ed8582a3500cd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044611, "uuid": "62f24c7d-4d44-446f-8af4-f4aef3f3afc1", "comment": "Malware payload (AgentTesla)", "value": "bb5557412213a1e283b548c6cd1da5c5848610756cd98352e6a77bb7ae952839", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044611, "uuid": "1a9089d2-7821-46f0-a2be-66a2921b4582", "comment": "Malware payload (AgentTesla)", "value": "2a6bb4b9c8a96d4f16dfd90894b07808f30361e6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044611, "uuid": "3484716b-dffd-4641-806f-deb9edbf7964", "comment": "Malware payload (AgentTesla)", "value": "d6033802fa92b5614a588b99da0f2ff14d4d55b612d2f833cdd1fe36f2770c72c228a5872d51831d4704638bd145bf19", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044611, "uuid": "f3ef2564-24e8-47ac-9541-2769b5eba1e1", "value": "T186E4E10175B95F97C5BE83F91521B10017F66CAF2429E32EAEC270CA2672F104A95F7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044611, "uuid": "929964ca-0adf-4487-b1b0-c3b4d5c6dc0d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044611, "uuid": "1e82461d-9320-4292-8162-95ba24eecb70", "value": "12288:akaNZ2Di7UAp1TlC1+iwdNMbPwhro2PrKv7DFiKT2XYxRrou:RavJDp1TIvw4Sro2PraDFiKyXYxRro", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044611, "uuid": "75ae09c4-d58a-46cd-885b-7691e91d2e5a", "value": 681472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044611, "uuid": "18695f20-bc84-49aa-b73a-8e63a977e3a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044611, "uuid": "694e3fd6-8a93-4f23-923a-5cf90f1e7c02", "value": "US $ 295,500.00.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7721c33f-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691077397, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077397, "uuid": "2e572ab9-7dae-42b6-b18c-391b7436a010", "comment": "Malware payload (Loki)", "value": "c56ae0f0eb03a51df60ffd2f98d3bcb7", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077397, "uuid": "f0d06705-6e81-4395-9de7-144975ae957d", "comment": "Malware payload (Loki)", "value": "bb94337fc61ca086607933c1f8fa917fc40880e2e935f6db65c3434ffa4a5fc7", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077397, "uuid": "a2117009-7933-443f-b58f-8655cb8a2ad9", "comment": "Malware payload (Loki)", "value": "1e2be5bf0d6ee53ffade3cbd94ff52c15021a199", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077397, "uuid": "e5b6f2ef-6dc0-48c4-a72d-b3b8aa908072", "comment": "Malware payload (Loki)", "value": "91762ac15cfd3ddd7916907992a127febd7a888ef250a912906322220a7760f243a7b61d2007e5b3a47818f4880b2cee", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077397, "uuid": "8e2e2490-bb82-4764-9aee-45541d50fabf", "value": "T1C005D63804B80A12C135D2AD6AD4F613B3904F96721DCD5686C14FCA4AD6E2E2DDFDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077397, "uuid": "623f61d0-7ffc-4df7-9fe2-43278c2b3079", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077397, "uuid": "4523d08e-c92f-485c-9210-0566dec1d4ad", "value": "12288:FEKaJ6yY2+9eLYfZohoPFAZs26HH8bLGPs32PBg:t/9eUHmZD4SGPskB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077397, "uuid": "2314e829-5b61-4233-8975-3288991edeaa", "value": 816128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077397, "uuid": "53ec2985-74e9-4a23-b7a9-101f3bb663f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077397, "uuid": "c81e01f9-f305-41c9-992d-b67a16a09871", "value": "DHL Invoice_UTJU01GTKE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44d3dab7-3209-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691072588, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072588, "uuid": "b7c6cf35-1b0d-4132-9039-d9bd16fdd698", "comment": "Malware payload", "value": "d2ddd7c07791608791026b7ec810b603", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072588, "uuid": "a56c7236-e168-4b5b-869c-23344ef52919", "comment": "Malware payload", "value": "bd55b7a4300f67219e9f81a9544b8d4bbe4f2d6216416fccc93a57b2887dff4a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072588, "uuid": "081a89d4-4f80-4096-b882-d8ca2d90b880", "comment": "Malware payload", "value": "316ab648f30e8b0160f8456da8ced27d2cd6fbf8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072588, "uuid": "24f2f0b1-867a-47f6-9317-3d6b6b715b1f", "comment": "Malware payload", "value": "5de28929f3789221170dced576fcb7cce9ac7000d27e6f15ab29a2d3e0fc945e0c142d78e00f26b3bee4ce49fc4cab93", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072588, "uuid": "4fbdad74-10fc-409b-bf1b-a9d1c846f077", "value": "T139A47C9AF2A940BDD0AFC675CE12961BEBF1784A1234E74B42D0CBB61F13B71661E311", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072588, "uuid": "90ebb904-38f4-4151-8741-1030680c016b", "value": "12288:wqCSml+tlMTX5Udz0un3rg8F8qA74LR6:wcmlIlMTSddgGvAx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691072588, "uuid": "2530a24f-f4c8-431a-8396-6c73df2df2dd", "value": 465920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691072588, "uuid": "83252bb6-243c-4411-91ff-9a20c16ce432", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072588, "uuid": "0fc5893a-3680-4547-8c78-b198345790a4", "value": "f3c0000.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c04abc45-3245-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691098565, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098565, "uuid": "142bbb2e-e14c-4975-9ea7-6de5252975fc", "comment": "Malware payload (Mirai)", "value": "4bbe41a5288e576b366ba39452b9b533", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098565, "uuid": "fc90d555-5b4f-47d9-86ce-8a9c19a62e35", "comment": "Malware payload (Mirai)", "value": "bf720a851ab1eb5bb7c3d025b21c5d740341f53cd24f8439306453a19c934c86", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098565, "uuid": "bd200a4d-233d-42c0-b8cb-a2100ccce9fc", "comment": "Malware payload (Mirai)", "value": "aef35189347edf2e143bcaa722eb50cd833ddec9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098565, "uuid": "9220098b-cbf1-4ac0-966f-e71de413e4d5", "comment": "Malware payload (Mirai)", "value": "26f05ccfe7a3773e927b12b8462574513646c95ecf7121a4553972ecfef7a8476335a2590d2e69151ff246046fe15c46", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098565, "uuid": "1804ce5a-54a4-4e70-aaf0-6be16b1a05bc", "value": "T1D5C2D071F8C1BDB2CEFEAD34445185D03BD61F4937E1CDDA208DED226222D3296ACA90", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098565, "uuid": "b4788549-5957-4719-aca0-7ad32040517a", "value": "768:7KnqLiChP7gI5gBZw+LajRzg4uVcqgw097:7KqL1h4Zwa6lg4u+qgw097", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691098565, "uuid": "56368453-6326-4e51-9498-45366198dcdb", "value": 26224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691098565, "uuid": "57587be3-1385-4447-8a9d-2b77232752dc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098565, "uuid": "16097e55-8677-40e5-880b-062a86c90a1f", "value": "4bbe41a5288e576b366ba39452b9b533", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c542b8c0-31cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046604, "uuid": "fcdb8b4e-ad67-4a9b-81a0-41f383a28020", "comment": "Malware payload", "value": "2aa2eaba8971df4bd996a3571ac525dd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046604, "uuid": "779eaee8-0dee-4e31-9163-29abf30be946", "comment": "Malware payload", "value": "c03eaff7de09fac9babacd633ac3d752fc6bf55df6dba1c247d6d74048c23e9c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046604, "uuid": "2a886bdc-1532-41fd-a1fb-a16dd0d8d294", "comment": "Malware payload", "value": "3355a140a5ee81b38f3f740d8592af0eb5205c78", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046604, "uuid": "10c0a69d-8ee4-44c5-8195-34828a2e06a7", "comment": "Malware payload", "value": "fdd2923a4ffeefda54eb3fd83198dfbb91a9f29171af2b736381a03a6025c80cc4f6ad651962cc2b25d9fe3c12011714", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046604, "uuid": "56f6bc99-b5bb-4e53-a054-ba55680339c3", "value": "T126848C095EE42C75F867B2FCC4B5816E63337A5007B496DF11878EBA1B32B80A53AF05", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046604, "uuid": "399f1585-2889-47e7-b281-ba57cc491153", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046604, "uuid": "cfa750d4-f82d-40fb-9a9b-312b696c9930", "value": "6144:uaM5VkHAkucoc2lih6rEXfJiyE+7tmXcKVRGVO4Ap421/7JY3q:uNM1uxc5UEXBh57IXcLINzUq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046604, "uuid": "29d6f4f0-6643-4e36-8a75-f8afc43ce1d3", "value": 389120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046604, "uuid": "28795898-1674-44c9-a93d-cf567dd0e6c3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046604, "uuid": "ddbb2d9e-7e20-4a55-8f6d-052f40c64784", "value": "Crypto Ultimate BOT AI 2.3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ab20fe1-31ca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691045647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045647, "uuid": "d0155009-1c80-492b-a7f5-a7a19e012ca6", "comment": "Malware payload (AgentTesla)", "value": "2647e6f85941e9aaef32e0624abb980f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045647, "uuid": "09d70014-3cc7-49fc-973f-d08d826ef66d", "comment": "Malware payload (AgentTesla)", "value": "c0e23b8b4dd4d537334e668def8302713846e1688614c08f0d5c0b6a5381caa5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045647, "uuid": "e3c1f4c2-3791-4f2e-8a57-d0afa4eba9db", "comment": "Malware payload (AgentTesla)", "value": "9e7bcce60c0aea5d94a45012ff9a6f8ce428b546", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045647, "uuid": "f884a562-0f95-4e3b-a9e6-956f981b01b6", "comment": "Malware payload (AgentTesla)", "value": "67f3bbc1769f75649cc57b853b2cb29787005b4113c9c7306594b2b11ae980d414fff9faba721a1014171ad259982419", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045647, "uuid": "7f8af120-92fe-4d66-9a6a-aa64811522a6", "value": "T107F2AE23C5014A2ED3039E31C21E6204D2A8E266B9A5B3CF7971CDDD4EBF5C66A7468C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045647, "uuid": "5b75eb28-255b-4f1d-beae-395a5086cb21", "value": "768:0I7v5f4ZuQlFPA4tIgglgUS+M4O67YfiAwe368R092q+fiAs4O6wfiAvx4O6rVj:0180Z7tIR3M4KK+d09gK14uKsx4D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045647, "uuid": "ef6f3e26-42e4-4ee2-9dbd-c96d962c83ac", "value": 36167, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045647, "uuid": "35751825-e987-4286-ae22-0a4554f6e838", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045647, "uuid": "97b3d034-a2c2-476d-8874-9d51554e131f", "value": "Updated SOA.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a62cbd9b-31c1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691041828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041828, "uuid": "2d079aca-c9df-405e-a54a-ac1d6b8fdce2", "comment": "Malware payload (RemcosRAT)", "value": "a2e86c66aeb9972f4d321bc8c09f6462", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041828, "uuid": "2a33a6bd-50dd-4056-8036-a492834f866a", "comment": "Malware payload (RemcosRAT)", "value": "c14657190bec0bf6b8fd9ef47563657948aa3ea66a43e7d0224c7662f323e144", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041828, "uuid": "a705ca52-042f-4dc3-9423-6806ecd4136b", "comment": "Malware payload (RemcosRAT)", "value": "416439f73d6c381570b189ec13e39e75dbfa0124", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041828, "uuid": "df8f76ee-a26f-4aca-be11-3e2c61aba37f", "comment": "Malware payload (RemcosRAT)", "value": "70a7f385b45d647bed420030d5161fc764b7a71db3eb832b0e27e3a0dfb183a484ce59c2eba8804877dd2b4c6aa78a8e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041828, "uuid": "7309bd79-ebcf-4f61-9f30-f864994b6bd7", "value": "T14A455B3804B80A12C135D2AD9AD4F613B3904F96761DCD5686C24FC90AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041828, "uuid": "d4bcc599-37b6-4f73-8263-a4ddfe00df5f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041828, "uuid": "4088e695-361c-472e-be54-b9b3a1c74123", "value": "24576:WWo3JwEUGlbYnEjkb8nZ0Co0z05+56/y:po5wEUGBYEUsA0kF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691041828, "uuid": "db57de1a-28ce-46b7-9604-942ed9df5507", "value": 1218048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691041828, "uuid": "3ff4c6c6-5726-42d8-b909-7a1559f3b908", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041828, "uuid": "6b2f112d-a9c7-4c1b-b4da-0bda4c275325", "value": "a2e86c66aeb9972f4d321bc8c09f6462", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1148c70-3199-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1691024720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691024720, "uuid": "b091d631-811f-4c2f-a644-7922f93c7483", "comment": "Malware payload (Stealc)", "value": "1d2c00de086d483b61de6072a3832324", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691024720, "uuid": "56422be1-46c6-4a9e-b06e-8a0504495ef7", "comment": "Malware payload (Stealc)", "value": "c19be545bf9f627cb8a1230df7d754b04aa53979aa52043a18bd3e708faaea09", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691024720, "uuid": "198da0cf-d251-4b73-845f-0aa0b2143577", "comment": "Malware payload (Stealc)", "value": "cab902c5d0733119f383d7616b6608b07de61775", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691024720, "uuid": "91d15f42-eddc-4742-a31c-73ad4996696a", "comment": "Malware payload (Stealc)", "value": "b97ff52ecce37cd6487968ad617bbe40b87a3a806248bfbcdcda3e91da775629e7f6e56c6536da51a8c7df1f45681397", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691024720, "uuid": "78fd2a1c-5b9b-45ab-950d-b1ec9b0ae8d0", "value": "T1DA6665C3B1E159DAA0C977B036E6F3F629EA9C3085A15CD79D103959E87D862DC3230E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691024720, "uuid": "ee9c1fa9-dc50-4174-8a9d-2e004e340c88", "value": "037186f4dc0b9fa0469de68e8c5dd86b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691024720, "uuid": "a63f83c7-5528-4109-8180-db3ffead6dc3", "value": "49152:VwPCWolBs7i94ZZ2ggGWKuUE9Y3161vgWD9fl/Wj1sZ1sHQcwz6O1CL:FvK9QQ1eZKRHRwz6O1s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691024720, "uuid": "67447a09-de7a-4f3d-a219-0ca0decce9ad", "value": 6621176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691024720, "uuid": "3e499b4b-989a-452b-bf91-01942473a96c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691024720, "uuid": "3312c9fb-a6aa-4f95-ba68-339c376336e8", "value": "1d2c00de086d483b61de6072a3832324.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20187fe7-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691047616, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047616, "uuid": "2523d8e9-04cc-423b-8bbe-36fd54a80221", "comment": "Malware payload (Mirai)", "value": "b3cb1ce4fe36efececd1dea26d5cdf12", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047616, "uuid": "3ece25b3-8845-437d-9b0a-2b16241a05d9", "comment": "Malware payload (Mirai)", "value": "c1a4286e2afd8e6b3b67fe0798711263e6244be5fcebfd256ea52e5427a94e8f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047616, "uuid": "e744b6c1-4f3f-4ffa-bdd0-ebefe4f87b47", "comment": "Malware payload (Mirai)", "value": "44363f53a1c13f9eb376588325f77ed9069dfbdf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047616, "uuid": "bf6696e3-16ca-4589-be7c-95a853cd00c5", "comment": "Malware payload (Mirai)", "value": "7ca682e147ebaebc78e6a3fc5bd46f87fbf2f0e9735f4a33664392679491326c6f36877d30e0b66d9558ed422b61d30e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047616, "uuid": "dea13843-86c4-448d-a458-7f7013047707", "value": "T170C2E0E63E77799BDE250039386DCE3281B0F062D75EA713D240920961171B9BB728EE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047616, "uuid": "c5ee6374-d7b3-4637-bffc-8cdfeaaca04b", "value": "384:Mw1DMwk8JPyG3GDZaEXVZVBy6HInRiWLRYh4Sw4cGJYeRzOFGBzd8QXHwOj8hHNz:pMwoDZLFbBy6HQHRYfeAxdd8qQsUU0NT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047616, "uuid": "934740d4-c36d-4683-b25f-7299680c1b23", "value": 28056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047616, "uuid": "1dc09dd9-42b8-4c43-8217-a71bdf2ef08b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047616, "uuid": "da398898-db4f-4c3b-93e1-42d3abe4dc14", "value": "b3cb1ce4fe36efececd1dea26d5cdf12", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0d8bde6-3203-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691070300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070300, "uuid": "607c016a-c878-4223-9305-7b28f32e9ea7", "comment": "Malware payload (RemcosRAT)", "value": "4205e9fe92e166b7646469a84217cab3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070300, "uuid": "6ecedbd3-5666-40ad-a175-67899a435461", "comment": "Malware payload (RemcosRAT)", "value": "c2603fdcd24aba4629f3a8e3822f8c8ca84a97c89f163e05f9f5e1492da81036", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070300, "uuid": "5cf2cc76-5e52-4d73-8241-6b19abc914ba", "comment": "Malware payload (RemcosRAT)", "value": "4f46cd8e752cc5937a32fefa01bcde8061eb5b73", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691070300, "uuid": "19b13028-b834-4188-a23d-53d2a5864293", "comment": "Malware payload (RemcosRAT)", "value": "c42a247b19cec417d7ad1e11470f4a9e416a96ff913e1d231186b62fd7c8ea52fc009a6ffc6cff1a4a9c341e04c5c744", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070300, "uuid": "71fd5d72-05a6-4472-8fa1-8351c01541eb", "value": "T1C135CF27B3E54677F22334754C87A2B5DCA97D2029357C4267E13E89BA3B2403F186A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070300, "uuid": "82fcefcc-5088-4bb3-88fa-b346e954ca17", "value": "051f371797f6e597d48d110e8ed68eca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070300, "uuid": "9a054a6f-2e43-4670-9295-422d7dbb2994", "value": "24576:+GBEKQCWCWF4bH7yT+YLWPP7/NCo9LboxSYVuDpa7Dfavrjnpi0JN:rDpd7/NCgLRYwNa7mvrjJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691070300, "uuid": "623e6411-e2c7-47fe-be44-7af3e29ec4f3", "value": 1113600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691070300, "uuid": "9c775b9d-e68f-4b1c-9c1f-306659d2ef19", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691070300, "uuid": "9f2391b4-c701-4a2d-bbab-20e7fffc1835", "value": "SecuriteInfo.com.Win32.DropperX-gen.19020.29434", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ca037f7-3212-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691076520, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691076520, "uuid": "0dfa2c61-6d0c-493c-bd78-49288b1a2a76", "comment": "Malware payload", "value": "4d58447fef336ba689f9d39956e1efb8", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691076520, "uuid": "b34aa9c6-3709-4268-9d78-badf3aefef57", "comment": "Malware payload", "value": "c29cbfcf8b3e00512db266c9b4b85e833bc3cbca7ce973bc7c74da7a28e3bc2f", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691076520, "uuid": "e2d5d745-0017-41fd-8ac8-e86fcd5579c6", "comment": "Malware payload", "value": "78da702767ab4c0c40227742e29750ce8dcc3f09", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691076520, "uuid": "f6a85bdb-ae16-4678-8879-6f09616408e4", "comment": "Malware payload", "value": "d97fb1838d75ebeb4f0f5deac1786533024fc453980150ef0d8ef8a1e8ffe47ffbc6b19dad2638b47df6e23963f1d281", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691076520, "uuid": "56e61d7f-e6e5-44d2-a8f1-aee6cd174c46", "value": "T17E338C6DD34F42A9CF5252779B1A1A4442FCBB3EB34451B234AC833533EEC2D92256B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691076520, "uuid": "6ecc8823-65b4-4546-a461-4800074d8df1", "value": "384:HL0AbZSikcMX93wRWjEuINlVAYWi62vNU7HoniROmTcziNP8qcpvnUo8HH/6ZIS8:HwAbZSibMX9gRWjb6WHikfB84yZoOY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691076520, "uuid": "ae265d9d-9258-48d9-9949-2fc5a062e8b2", "value": 53666, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691076520, "uuid": "987581a9-9715-4c8e-8349-87fe5dea1ce0", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691076520, "uuid": "97ccf58d-917e-4f2f-8674-a68d7410e242", "value": "SecuriteInfo.com.Exploit.RTF-ObfsObjDat.Gen.22204.16645", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad196d28-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068468, "uuid": "948dd262-e3dd-4bdf-a5ae-4fc7a3fe9eca", "comment": "Malware payload", "value": "e3cfcc6e179668b75feca3af8dd9ca57", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068468, "uuid": "dff0e6ff-1bf2-41ca-b5c1-5e7975d45ecc", "comment": "Malware payload", "value": "c2e90c45911b7b6e9d46f4dae5bfefa47e50abddd75cc6d5297cddeee23dd002", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068468, "uuid": "129e66eb-24f3-4d34-8b69-f6560dc68291", "comment": "Malware payload", "value": "731db498aadeaf4952124c220ab3ec69b9ed9fd8", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068468, "uuid": "cab52953-19a9-481d-8566-445ec7855470", "comment": "Malware payload", "value": "86807b9a7c1322954934d9ac3ca69d0a5ef4f9d8de8bd19f8fdd320358d7fd6f5f1a2f69c9af1ccb70f942a7245c5f28", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068468, "uuid": "0c756916-c085-4b3c-a146-f0b37f63e44a", "value": "T1C3A47B36F180C477D0754E78CC5BE2E9942DBA606D38A8477BE41F4D8A793826E2B1C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068468, "uuid": "0b636477-26da-4804-bad9-59d7624b76c0", "value": "12288:ej3sc2BW/xShLE8A476w2TDVXZAQQAIvdR5gkOhgTlXNdMqnuI/1:e7cBW5SE8A476zVXZAQQvvdLtTlY+um", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068468, "uuid": "60e49ca5-f161-4048-85fa-43a666b6c07d", "value": 485376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068468, "uuid": "09073c14-86d2-476d-abe0-a852eeb5d493", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068468, "uuid": "8db3aa72-4055-4f61-994d-55bda48ce0c0", "value": "c2e90c45911b7b6e9d46f4dae5bfefa47e50abddd75cc6d5297cddeee23dd002", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a47ec3f6-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1691046979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046979, "uuid": "4dfe1828-d21e-4798-ac05-dc1627955a21", "comment": "Malware payload (NetSupport)", "value": "196a452f13961de61e5ac0f2e3c6fb51", "object_relation": "md5", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046979, "uuid": "f856fc20-0ed8-4208-9d36-c5141a414076", "comment": "Malware payload (NetSupport)", "value": "c4465c81ca773aaf8d0343d69b7d82b1aa6a5e772b67f027ab9735852b53f69f", "object_relation": "sha256", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046979, "uuid": "0c20a57c-274a-4656-b280-42676c37aafa", "comment": "Malware payload (NetSupport)", "value": "a591a97f653db10cf1a8942e0f830566d7f61d20", "object_relation": "sha1", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046979, "uuid": "614b4ed2-90a6-4f7f-aeb4-678711feae72", "comment": "Malware payload (NetSupport)", "value": "0e04a1736391c985e06e5cfcbc67b886018a17955e3900600d529bc2b1a1f0d8ff4ceca59736a33f79f3c0abc0532c81", "object_relation": "sha3-384", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046979, "uuid": "f7315fb7-fd9c-4f82-9c1a-8635bd773879", "value": "T1F4B17D35BB77D978C1C0E04FE918C8A0A9D96FB3E6277C05E2CAEE4454063C4ABA6185", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046979, "uuid": "c8a3d4fb-3e80-44aa-b1d2-b33eafd3cda0", "value": "96:q9CZzykRhmnUr5lNZ5PQTJTEKJeCHCMOEJaOIFbeUgmbWJ7T9lx2z93hPb9:SCZzykRhp7jSJTEKM6CREsFaUgntlx2F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046979, "uuid": "42dcf02f-c0f5-4ea2-a0ec-be37b0573ff7", "value": 5396, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046979, "uuid": "2e8e9994-a234-4499-bfdb-e3e13f6b1dff", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046979, "uuid": "07417e25-a788-4fd9-a04a-3da5b1060ce7", "value": "download.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a086f40-31c5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691043311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043311, "uuid": "a436e21e-98c1-4eb1-ae6b-7a88f5718f92", "comment": "Malware payload", "value": "f981a70d655924a35171835bbd7baae0", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043311, "uuid": "2024fa45-e4da-4046-bb56-d6cb855ff991", "comment": "Malware payload", "value": "c4556e927e1c3ef0a3732501e0634d7bdc6e16a28b114f0d686278a548d4d65c", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043311, "uuid": "99992270-101f-40d5-9425-5679b8d65f63", "comment": "Malware payload", "value": "94ddeb107ca25e82f13efd55622b4c03bfda9cd9", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043311, "uuid": "9b7722a8-cf1a-41eb-b44a-464ca371d663", "comment": "Malware payload", "value": "fdc055d43343fe96694023f832d954a8d86c4956df2246ccd75166c973e123ae480c3205a00ed498de58d3f4e05c1bad", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043311, "uuid": "edf013d6-eb71-42a8-86da-b31cc7a5255e", "value": "T176118C6F3A437AE0A2BBF4F1051F144DB2F969B1293A13E5E46070843D56D6A61B3F0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043311, "uuid": "1636008e-b35b-48d8-a7c3-891f8d44e4df", "value": "24:MB/cdYciIN+iAUx/GNcfrKNceJF+PCxbnTURJkSkt+GK:dwIQiTUWmNpJF73QM+5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691043311, "uuid": "be2de76b-5fca-4f59-bd15-7207f386eac0", "value": 881, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691043311, "uuid": "fea5b022-b50d-446b-990d-9ee8afed2c21", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043311, "uuid": "8dea6c6d-d291-49c7-9c3c-dfdbc8141a6f", "value": "miguan.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60f59ef7-320f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691075212, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691075212, "uuid": "b926bcfc-5ff9-4f07-8b49-0f8db346eb45", "comment": "Malware payload", "value": "989c12b22ae56d5bc6249047119a9ed1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FRPC", "colour": "#A20577", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691075212, "uuid": "35db80f1-a891-432b-b73b-00a08aedec08", "comment": "Malware payload", "value": "c4b185dbca490a7f93bc96eefb9a597684fdf532d5a04aa4d9b4d4b1552c283b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FRPC", "colour": "#A20577", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691075212, "uuid": "7b54e42b-26ce-4943-a074-127da81c1ff3", "comment": "Malware payload", "value": "234d24856c162ef75a67902d623bd6bd89338e64", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FRPC", "colour": "#A20577", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691075212, "uuid": "36391596-ebde-44ae-a2ad-3afb46207829", "comment": "Malware payload", "value": "aef91c36ba9adce7501aadbfaf9be7ab324bcb1db55ec6178a8db1f26099161a2829760f09331d56cc90261d9aaf55f5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FRPC", "colour": "#A20577", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691075212, "uuid": "511cd84a-699c-4630-9a4c-19328e077be8", "value": "T18CA63A47F89180F4C1ADD27086669253BAB07C894F3123D73B60FBB92B72BD46A79354", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691075212, "uuid": "9e9d3b10-5799-405c-888a-83fa060f6441", "value": "9cbefe68f395e67356e2a5d8d1b285c0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691075212, "uuid": "9c97e4fc-fa1b-4c2e-9fa9-61adfcfc6116", "value": "98304:MP3p3Y17g6+P82QlFZY+CdvLtNoE15mH+nhQ:4lFP8DC/dtNBayQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691075212, "uuid": "a5903ba9-c868-4e6e-b953-c820f20664bd", "value": 9676288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691075212, "uuid": "b99b1d89-5c72-496a-b653-50fd396727d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691075212, "uuid": "efd193ef-b461-4369-be10-568bcb71a4c5", "value": "FRPC2.malz", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f44e8850-320e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691075030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691075030, "uuid": "47d86650-4e63-4cb6-b3ba-f8ff0ff89f7a", "comment": "Malware payload", "value": "73622e5023038a1ae089a5bbf139fd4c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691075030, "uuid": "729d1455-6ba4-479f-8d88-0b01cd9af50a", "comment": "Malware payload", "value": "c51e9877869d243d61ef01af4932ebc73e698744760ecbbdc29b672335c57988", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691075030, "uuid": "9f4c6195-c10e-4852-930c-e3e228a9995d", "comment": "Malware payload", "value": "8decfc28032dd89704cb69437420919f9b1926d2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691075030, "uuid": "1cb31be7-9859-4b0e-b52c-7fa117013e0f", "comment": "Malware payload", "value": "5cdec7ff320dfb80c30877eb5160c6b190c8ace6a09644f7c57737b46144f6d71b3c4db550d6b544467866f28e5d803e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691075030, "uuid": "8f19e095-da0c-4cd2-91b5-0f7d09898b3a", "value": "T161B633A9A7257FDED67C0EB8343BF1799808EB5A12C0CA930348E5045E65DA170C7F6E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691075030, "uuid": "cbd5fb28-859e-4db7-8bd3-3063366af499", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691075030, "uuid": "e83897bc-154b-43ab-b2d7-001a15fb5be9", "value": "196608:u0HiyAD0uh4oJ8J9l0Fk6VaJEdqlSbqy7YgJk1IBZ/ii1FHvxLjx6PFbRrI7LTxS:uyNAD1hN8Jf8k6n8lS2xgLBLrVx+FbEo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691075030, "uuid": "26cc1ae8-c100-462c-b81c-059f53d072bc", "value": 11170820, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691075030, "uuid": "feb728f4-b67f-4f0d-afa5-8bbbc1115048", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691075030, "uuid": "23314d10-08eb-43b4-918c-f99587d3b298", "value": "2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e97c797e-319c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691026049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691026049, "uuid": "9d2ef40b-aa23-4a36-912c-4c8956940508", "comment": "Malware payload (AgentTesla)", "value": "40f6a9d22f5b2c4d8e9380c56926449c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691026049, "uuid": "a722e6db-eb2b-42ca-a216-76dee83d5c6e", "comment": "Malware payload (AgentTesla)", "value": "c7728266367cb088e58dd7c5207e86c2c00a36a45e7267732bb5322af0fc82b2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691026049, "uuid": "d26a4731-d5d4-427b-a635-ff7e166ffbb4", "comment": "Malware payload (AgentTesla)", "value": "bdd852b8e28e4ad18f1fe8765beae78dea896a27", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691026049, "uuid": "7b333881-543c-483d-8c4d-df0bf8f33f8e", "comment": "Malware payload (AgentTesla)", "value": "b21b637f0d7ccb7f563eb7d1a07fa86ef56c32aa7bb0ce3729c42fecdcaa992b1b90e1d7d69348f79648221881dba12d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691026049, "uuid": "41f6bb70-4283-41ee-8a0e-d1d62d7b2954", "value": "T1A1951823BAC695A3C19917B7C1D72C1403B4DBA33723D70A654B2B6616033EA5F4EB27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691026049, "uuid": "0f727cde-3d5e-4119-8529-007a6dc7d368", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691026049, "uuid": "bf5c83f7-43ca-4fe9-8c5c-faf9589720fb", "value": "24576:P+/em/5iDF+x1/pWkbEl9EnF9b5qmZO3kDFC8Y0SVFNzobvFxaa0i8tG0yPRSKvG:2D/p230FC8Y0Sd0LF8li8cnv3HfLK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691026049, "uuid": "c53c2067-fc91-4a66-95b5-bec835e3a791", "value": 2054040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691026049, "uuid": "0d9ab4d5-0596-4828-b153-103f0095ae63", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691026049, "uuid": "dc0427dd-a9cf-4d5c-9976-4a31b570ec0d", "value": "SecuriteInfo.com.MSIL.GenericKDS.61009645.tr.1321.15127", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acf3ac8d-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1691046993, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046993, "uuid": "ff0badaf-fd9f-4fd6-afa4-2ac37697e94d", "comment": "Malware payload (GuLoader)", "value": "32d5077b3d24a692855454327d8d268d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046993, "uuid": "d4da353e-f805-4a63-962c-312ea8d600a7", "comment": "Malware payload (GuLoader)", "value": "c916af0cf60c716f5e6d8c586efa0f58553fb77e4038ea25318b8f67faa060f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046993, "uuid": "1ff2b3a1-d545-4956-8764-ebca4d92f583", "comment": "Malware payload (GuLoader)", "value": "59171b31e3b0a162eb71ae6397794632edd3715a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046993, "uuid": "f9c4c3bb-c466-49d3-a5cd-3f74c31b5669", "comment": "Malware payload (GuLoader)", "value": "cba2f799eba2336c1364f7d7eb7a317766190c7f0313b8426eb688fe70af2587c95601e78baba2ec4ff502d2a7ccd448", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046993, "uuid": "0af01248-4d04-456a-aed0-e8c166781c8f", "value": "T1D184236F361180BFCBD248B606B77B96ABF2DB202A5439C71B74C30468A1BD2595F449", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046993, "uuid": "73e45e1c-d248-4467-ad31-35c28405765e", "value": "7c2c71dfce9a27650634dc8b1ca03bf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046993, "uuid": "e13b361a-ba55-4a7c-a401-be2d6ba1f50e", "value": "6144:7QLFhxNh8exJ91BG3/NuZI9n5D+86WqyHDo33AlD4uZLlvv87AJhcHhD2jZ/x3gj:MFTzdxJ9/I9njqyjh4uZLlvv7AhD2jZ0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046993, "uuid": "7e5418cb-2354-4e1a-a529-825f41f86500", "value": 392920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046993, "uuid": "065d7e69-83e3-4ec7-80c6-270672512da5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046993, "uuid": "e94d6e27-dec6-4c03-8070-b8f772a6def0", "value": "\u3010shipment - IDINV00074082023\u3011SR-2306004-Yv.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44319978-3209-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691072587, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072587, "uuid": "965b51f4-b6bb-4541-b65d-03d22d02751c", "comment": "Malware payload", "value": "4e9d25f65dec942642b7dc7b4811c1bc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072587, "uuid": "75d64620-51c2-4e1e-b9a6-65fee228b83c", "comment": "Malware payload", "value": "c94297eec998730e85fb2b4302f33ea6126d1ae5f6ba05e0200834d8d4fd5647", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072587, "uuid": "5641c26c-a3e0-4fe7-9d99-fedb2b2e6f9b", "comment": "Malware payload", "value": "5301f2da35e2905e729fd914d01da840e552a492", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072587, "uuid": "5c9d90e5-a1b6-4cc0-a902-e94bfdd85623", "comment": "Malware payload", "value": "791246cfc0747981713f32f199af24517163f13ff0d4c4737d26b611aae1ce7e36c1b420666c3a5bb268a047ae149c95", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072587, "uuid": "f488700d-0d6a-466e-a040-928beb79064f", "value": "T1D9A48D96F2A940BDD0AFC675CE12961BEBF1784A1234E74B42E0CBB61F13B71661E311", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072587, "uuid": "c1f05cbe-be51-4907-b097-9ee5aa3833bf", "value": "12288:wqCSml+tlMTX5Udz0un3rg8F8qA74LR6:wcmlIlMTSddgGvAx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691072587, "uuid": "8e12451b-8de4-4c5b-89af-2ee3b74b9500", "value": 465920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691072587, "uuid": "25688319-44e4-4749-8ecf-e98efdf99081", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072587, "uuid": "de418213-6cc9-4824-bb20-dcaf742b1333", "value": "ee00000.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d1d33ca-31d0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691048121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048121, "uuid": "e9916d42-defb-4dff-b8ed-b25f91a7578e", "comment": "Malware payload (Loki)", "value": "1892d8096709dd77655414e73ad6d25f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048121, "uuid": "b74ed817-337a-4313-a7ef-9949d579fd39", "comment": "Malware payload (Loki)", "value": "c948905331a49dd9d200fe4c6807a39e8be5cddf3c7e8f50f4a3a6047d4080e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048121, "uuid": "922df052-7d6c-481c-945c-8473e66d7623", "comment": "Malware payload (Loki)", "value": "927d1fbac31d80a76d5fe8dd2becb0570b2e7d1e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691048121, "uuid": "918c2537-23c2-4da2-a4c2-9e88d1319d28", "comment": "Malware payload (Loki)", "value": "2f8e87caaff46ca6b01549d5913168afaa8363080799d6c5c3333dd67d503c9c5a9dc67475dfb411ec3f67d12eb14e09", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691048121, "uuid": "c1d393ba-bfc7-447d-94ef-a35a8151862a", "value": "T15F644C1352A5BC51E5264B329E2FC6E8361EFD928F1937BB32187A2F74713B1C162712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691048121, "uuid": "b205c460-9c4b-4f1c-bd1c-dfe994febadc", "value": "451d5edd90f05ed2ffedbb8a3f034cb5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691048121, "uuid": "fb503710-ada8-46d1-83e6-5a5d95d91be2", "value": "3072:f5F4DmSeQAVpaP9YyIoLWuPBx0wULUtZKxpifjkK9:hF+mYADwYyfEwSU3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691048121, "uuid": "613d54cb-96e6-4cd0-85a1-da95f83907c2", "value": 320000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691048121, "uuid": "dd697d52-6733-4d20-abe3-3dc8732ae28d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691048121, "uuid": "5e175ac6-8a71-4e03-9f55-c13fe61ca77d", "value": "1892d8096709dd77655414e73ad6d25f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7c7d8e4-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691049588, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049588, "uuid": "61ae6ce9-f31e-4de0-8fde-850edafe9941", "comment": "Malware payload", "value": "d620669b2950480023d30846c5231a85", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049588, "uuid": "6a923c52-68d0-46d2-811e-e2cdf8330fc1", "comment": "Malware payload", "value": "c9dcdd1d2b9cb487cc1f8c5c1e0c58b55c6900f76f95a43eee9e894c4aa44458", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049588, "uuid": "6b3c649e-13dd-46c1-bc62-58d01a3aae9c", "comment": "Malware payload", "value": "4418b3cf60da3e759e7eb3a774ba2acb12a098e6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049588, "uuid": "e24a691a-3c63-44fa-b757-96fbc769fc07", "comment": "Malware payload", "value": "3a42dfe5e87f43a8c96d30f0533c2314e9b9715eb1fa1c28ef42bf577dfe2c5ce35ab3349f00f701a54deb225f0b7496", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049588, "uuid": "b175aa4e-f0c4-4f74-b06d-e68cbb2ceef1", "value": "T1AEE41382BBF88436DDB507B0A8FB03D70E377D61AE74436A2386998D1C726945876337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049588, "uuid": "0fe0fe19-42fd-44cb-b024-990952051b95", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049588, "uuid": "0f4a075c-885f-4773-9587-392df10191a2", "value": "12288:TMrBy90yAp/DzIc9mF0yO01LqWO0xZekCAeMpmK5vkYf7T2oHCvbpw1:myyHI+mFROILqWPZFeMpm0f7vHaw1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049588, "uuid": "86feb24b-2edc-4892-b522-d94135bb0aca", "value": 696832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049588, "uuid": "36d7b513-d5c8-49f0-8fc3-2694ecb168b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049588, "uuid": "96e5c170-ac84-43ec-a942-e94288b620b3", "value": "d620669b2950480023d30846c5231a85.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0e34a43e-31f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691065625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691065625, "uuid": "58ecf1c8-cc65-4504-8a9d-00a4a7563c30", "comment": "Malware payload (AgentTesla)", "value": "dcf7a8ef1a8e5936b98d15ce94464647", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691065625, "uuid": "33c62bea-c4da-4fec-a7c1-581e90a90395", "comment": "Malware payload (AgentTesla)", "value": "ca399dc8b5bd33a6536454774e350400d0693b4ceef2738d06b8cb73a9e262e6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691065625, "uuid": "9d2b425d-9a80-4000-9181-19328f674a69", "comment": "Malware payload (AgentTesla)", "value": "3a0a113525e2e3be85b27651fb3da36fdfb6f75c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691065625, "uuid": "eec704d1-1a1e-49d1-8ab5-d2a0fab5ef6c", "comment": "Malware payload (AgentTesla)", "value": "f209ab08387b9ae057ec7d891048360a3fa7be58fea3964bbc41f0d420dc7e157deffcc268b296153b6bc093d4721ed3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691065625, "uuid": "f7480c36-d651-4da2-859f-2300bba57412", "value": "T1D415F73804780A12C135D2AD9AD4F613B3904F96761DCD5686C24FCA0AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691065625, "uuid": "42450161-be1b-45a9-aec1-f5f2858de491", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691065625, "uuid": "4bf4c9e3-9d11-479c-add6-c7cf66cee486", "value": "12288:LEKaJ6HA8xuiw7jA4c3AiKJNhGc1JcV8dNUm+QGjB2Yrl6cPY6Ij2:DlA7M4c3sNhGc7TcmVG92Ioj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691065625, "uuid": "f81df662-ba75-4a57-b3d0-f933b2a03ed6", "value": 888320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691065625, "uuid": "47327530-97e4-4194-b2f2-d8a5940afc68", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691065625, "uuid": "ee3a775d-1242-4f6a-948e-9b0cac71dc23", "value": "remittance NO. A01TT2023 PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "81af8f95-31c6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691043914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043914, "uuid": "6ab2bd37-d8b1-41af-9488-69c67c18d6d3", "comment": "Malware payload", "value": "9d383592178e4a3170a1e8e4772749ba", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043914, "uuid": "283f8fc9-ea27-4393-93c7-ece60de26359", "comment": "Malware payload", "value": "cbbcca0d54ade8d8a691994fe64e8363b49e2ce76bf7d6c7f92c28a123c5f7c3", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043914, "uuid": "00a34b4e-5c65-4285-a243-e3420c7ba894", "comment": "Malware payload", "value": "ea8080b463e0ca6e21c1f8b7ba97a347697f6e9c", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043914, "uuid": "83c1c615-5d58-4961-9a31-dd7d3c5ee532", "comment": "Malware payload", "value": "73728516c1803f1b9bbe04fd8ceddd6aa801a141b6cc2df675d6c17d5fc39abb21c068f158e98a0e7cbf4786699d8bee", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "github-readme-com", "colour": "#1341C9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043914, "uuid": "8769acb0-d09a-4a81-bea2-f0c9d82bb9e5", "value": "T134F633105E291FBE06BC133C70BF6F5D26214F95908CA2FB5BD568D706AEF01292F869", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043914, "uuid": "464320e6-6c2a-4735-bcbf-6749b8b6d775", "value": "49152:EtWDUvlUSjbAZ3dPgJ8Sqda1e6A37ZcXfVZnrlTLbfbOduZKitwzGJkUem10yUPW:A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691043914, "uuid": "1019b8c9-0ab3-4697-9312-f5f65dec193d", "value": 16105107, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691043914, "uuid": "63264e06-1614-4a6e-aefe-6f91ade33ab9", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043914, "uuid": "011aa8aa-ab01-40c2-86a0-de8afe651bfb", "value": "update_SC.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab9841b9-31e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691057728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691057728, "uuid": "00a5a8e0-c35d-4065-b26d-3b76cc708c34", "comment": "Malware payload (AgentTesla)", "value": "ab3b1d612b645d695efd70dea3bd3012", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691057728, "uuid": "e735820b-9f1a-467b-bf58-ca6d57a667e1", "comment": "Malware payload (AgentTesla)", "value": "cbd2e33daf09934c60b689bb54205a2072ae6ae9f748eec21f3508a5cbfb532b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691057728, "uuid": "b0f22eb1-6376-4a1c-961f-19c9d973715e", "comment": "Malware payload (AgentTesla)", "value": "9cc322cbd2b114f1f4c1fff2d6a7179cc717c384", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691057728, "uuid": "a940f7a6-28cf-4ff2-b3c1-0fda1636aed7", "comment": "Malware payload (AgentTesla)", "value": "94bee902ff4ea69f840d42d028413c1b155628b0c74946fa8b12d5228e5a990009089d07f52f42daf533d3edc59aa386", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691057728, "uuid": "6065d00a-c1a8-453c-af8c-fa64923d5bb0", "value": "T117952703BA9759B2E35917B3C5DB580413E3DBE53323D60B798F236A18037A64B29727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691057728, "uuid": "e1a8255b-55d0-4114-aa83-7271271e556f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691057728, "uuid": "b8599353-b88a-45fd-a9fe-05956c00cf10", "value": "24576:gpoZRpg7u1bDzV4fZ6gIr4GkVqZxR59Z4v+FIqVTN88Zm6/6zGdfY5CsoOqWz10b:H4s1R5ov+FIqVpEk6JG9Wz1q/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691057728, "uuid": "70343f5e-c12b-4e65-a976-017d8d3fe905", "value": 2040832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691057728, "uuid": "197e74bc-8f37-4d34-a34e-f7246c8c4513", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691057728, "uuid": "9903954a-190c-4670-ae28-a9debd401f53", "value": "QUOTATION_AUG7FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da094ca0-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691044921, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044921, "uuid": "ecdd3770-2df3-464b-b3d2-5dfad3629336", "comment": "Malware payload (AgentTesla)", "value": "58cb061994c4255b1036fa4254c68230", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044921, "uuid": "b4c4f803-3148-44bd-bdf7-81391954f02d", "comment": "Malware payload (AgentTesla)", "value": "cbe64315ecbd415dd086b2d0872865e5ecc033290ce157bf79d693864769ff8a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044921, "uuid": "3d20a789-dec4-4031-bafe-2fa69199a976", "comment": "Malware payload (AgentTesla)", "value": "926b8432815493d8eaec572e38c3dc5f88b3d078", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044921, "uuid": "3871dbec-c887-406a-a44f-a104e7c38121", "comment": "Malware payload (AgentTesla)", "value": "ee22ab6ee111b776d81441d780b69773bfa79396d96eac3cdd3396dbec0af97d2bd643e2d1ea771e5e0842e3204c4e9a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044921, "uuid": "dea18964-1ec0-4dd3-a33a-0fbb9c898dd3", "value": "T15E25093804780A12C136D2AD6AD4F613B3904F96751DCD5686C24FCA0AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044921, "uuid": "a5247af2-8bf2-4016-bb5f-4aec5575dfa3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044921, "uuid": "9bfca4a9-9e24-4c1e-868a-16bed9643606", "value": "12288:TEKaJ6JAtzY74DMy6FJNt/2DipIFv1b5Xz6kC7hQRzgoOkA1NN4H2er:LGDMySdC+sbxYGRzDOV1NW2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044921, "uuid": "53c96007-129f-471f-a103-f74e996a8eaf", "value": 968192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044921, "uuid": "ef01e26a-cd5c-4bff-9118-b0b6d843cdf5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044921, "uuid": "c6da8121-f607-423a-a053-b6e5cefb2e9b", "value": "DHL Receipt_6015535460.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6326f898-3246-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691098838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098838, "uuid": "d414e5b8-df24-48e0-a153-150bc4e56acd", "comment": "Malware payload (Mirai)", "value": "9f8cbc288fe9f78a87896b326af8e356", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098838, "uuid": "e577ae1c-82d6-4273-991d-6f330cbd405e", "comment": "Malware payload (Mirai)", "value": "ccb60cafe662ec89fe97506adb5b33ec86f3c5a5eb707c5550fe0c9060b19cd9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098838, "uuid": "77461375-e0b6-474b-bb89-76d49c080933", "comment": "Malware payload (Mirai)", "value": "eb621045186eca052266e73a848656bf491aa843", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098838, "uuid": "ba086eb3-1537-4d5b-a3e4-48357005d574", "comment": "Malware payload (Mirai)", "value": "e269947606c64a57e99de31fab7f7af933777402dd65a39c5be3df51826998aa87d26f26fb32d3fe1b56ad439948a917", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098838, "uuid": "ad38204f-1216-44d4-b0e8-ba60bda29840", "value": "T1DCB2D024B1E964F0CE306038F87DC987A7DB00FD91F87B22366B54F86A9588D15A85D3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098838, "uuid": "9c418af9-b9b8-4eed-af84-b0bf733dd971", "value": "384:o2oBE5aNSS75BOI+ypZ5vTlYIwcvsdTf5MF1iAUgefoeDYbZXGcH1ZhymdGUop5f:oyaNSq5sOHpTqncvsdDePiAUgefoeDeA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691098838, "uuid": "44ef7089-0259-4209-92df-986f1f9c3365", "value": 23736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691098838, "uuid": "774593fc-ef78-496c-8cf7-87afb40f01a0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098838, "uuid": "567e8a00-c40e-474d-91c3-e93c8b9f1df7", "value": "9f8cbc288fe9f78a87896b326af8e356", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de82426b-31c4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691043211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043211, "uuid": "97153cd6-104d-4165-a192-dd37f5e2a328", "comment": "Malware payload (Amadey)", "value": "b91ba5bf7fe448f9a9283dd00743fd08", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043211, "uuid": "349c99f7-d0fe-49e6-ab6b-1fbbdb3eeea6", "comment": "Malware payload (Amadey)", "value": "ce3df63d9bd718613c01278d86f836b141cb3cf1242f40f8102648b52908a97d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043211, "uuid": "eb2f5333-53e2-41be-84d1-0984203e5e64", "comment": "Malware payload (Amadey)", "value": "f499d0ca76737f542431bb091da6733d543dcd08", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043211, "uuid": "74399f7d-27be-4c2b-81a9-09a1f41837c1", "comment": "Malware payload (Amadey)", "value": "e971d7a62cc96a1235597de0ad85ea3babb9fb043ddcf5c13245e905fc61fd8ec923e4ebe01f7d07f82b64fbb271d258", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043211, "uuid": "a0930870-8179-4ef5-8816-e8200e509ec2", "value": "T1D4E41217E7E492B6E8B51B70A8F702C31F35FCA15978835B2787A50B4DB3644983272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043211, "uuid": "926d5b0b-3ff8-4626-bb5f-a03a0189be0a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043211, "uuid": "b211c199-1ac7-4ab7-b769-ee5983f225f4", "value": "12288:AMrky90CGmMthr4wn2Cq0xDkSIqS7SQ/Nb2H2MO0mXbw/Ov45oWFUAAa:0ymmaVnYWISIdDyW0u7WeAAa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691043211, "uuid": "429a313e-845a-435f-b9de-8e704d24f6a3", "value": 696832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691043211, "uuid": "8c1f74bf-916e-484b-af4c-da5c65c50de6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043211, "uuid": "e5768920-4d26-428e-b5e3-641eaa9bceb0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "019bb186-3232-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691090085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090085, "uuid": "f002e277-4a63-4952-a30d-1ee53e5235ba", "comment": "Malware payload", "value": "e2c171fe9877db0ae7eb1259da53620b", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090085, "uuid": "31483f9b-d3c8-4417-b136-95bd1944233f", "comment": "Malware payload", "value": "cf5eff650a4ee7c42c03469fa041e8451553dc01bc8caffa5e51f28edc3b9f0c", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090085, "uuid": "b0a944f6-1ba2-4fcf-a0cc-fc14988870d3", "comment": "Malware payload", "value": "79946a087354460461b5c38a3099aded749599d0", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691090085, "uuid": "e0206ae0-ab59-470f-81ba-cae9fe57a94a", "comment": "Malware payload", "value": "30709f37d65c98a22a646ebb9253b07f049b6209c11fb224a2f585f28d0dc8c7942a5b9810baec7b5403d8c6c8cb9d79", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090085, "uuid": "3d0b5d81-65ae-4b3a-9a63-4a4b7110dbe0", "value": "T132C3023E2E765C92D8843C7B07C52D277588C18658DEE843F96D7C6A1B827636A3903F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090085, "uuid": "7c23dba7-0bd8-4155-bea5-c4c41a727323", "value": "3072:kCmnZkMQEX5e2FKikX1Ky1f8hUuXbfHKgEOe6SA884bJI/CbuBKJ:IpQJ2FFkX1oCqLHhze6SAWbJIKoKJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691090085, "uuid": "af475601-86c7-4cb3-bddf-eca583e564d1", "value": 127547, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691090085, "uuid": "36067b3d-d2c1-48a7-85e7-cbeb8472431a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691090085, "uuid": "9042fc2d-8df3-4a60-96a2-4de00a104c8a", "value": "Vare-Stealer-main.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e73155f5-31ea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1691059546, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059546, "uuid": "cb5c040e-5839-4edd-afe5-39d97dbae8dc", "comment": "Malware payload (DarkCloud)", "value": "67f2b20d5587cc88025a036f11846b80", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059546, "uuid": "53837762-390f-4a53-b6b5-589d7c87d5e3", "comment": "Malware payload (DarkCloud)", "value": "d021a19c0089bc53a0f8adbeb4fe2221bfbe0a2b6a503aca3f1948dce9580db4", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059546, "uuid": "c2289c49-a70b-4c86-9c2a-4d5070b912b3", "comment": "Malware payload (DarkCloud)", "value": "e798772bd538fc6ea697c0e1ad36fca393efae49", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691059546, "uuid": "a3dae467-01cd-4b30-8502-47d14935b451", "comment": "Malware payload (DarkCloud)", "value": "35378692bfb89133834d4f115b89729cfe0b461a98ad4cfa4fbb8246c72ece85173a43ed2a69e9e64e841eae4e0920f3", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059546, "uuid": "f3178804-2e10-4f1a-96f9-9e25b9d0442d", "value": "T12B0523F03AED5738CCDC8FB56C571080417B92C6A7A9FE2E2AED7488B793945B429311", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059546, "uuid": "49b17aeb-cb7a-4939-bf83-a381d23c93fc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059546, "uuid": "39680742-ea5d-4268-9985-ee53b16975a9", "value": "24576:JgiLq3ZGsP3A60tpeEefsSzmwxLnLaAT25:JdGUsvWtuowxLLaAT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691059546, "uuid": "3fdc0193-c043-4b44-a6d6-db7193c66f8e", "value": 796672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691059546, "uuid": "49dd6928-f9bd-471d-b965-0f30e787041b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691059546, "uuid": "992b3e4b-7b93-4e6a-9f5e-84080a4b6133", "value": "SecuriteInfo.com.Win32.KeyloggerX-gen.18242.22124", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d9c5014-323b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691094024, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691094024, "uuid": "364598f9-d571-4d82-a1c7-f831f7d2bb56", "comment": "Malware payload (AgentTesla)", "value": "99362989f9c6f651e636fee07f4c3e0c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691094024, "uuid": "2fe3fbbf-87fd-429a-8c25-6f4ae1eb9bf6", "comment": "Malware payload (AgentTesla)", "value": "d05d78b3497714c8085c3303654492b7ad7348a84db4de87797e8d6c91193dba", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691094024, "uuid": "73d7ad64-9665-434f-9e79-731794be6888", "comment": "Malware payload (AgentTesla)", "value": "29fcae649c1421dccd0bdf253869257d633052ee", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691094024, "uuid": "e46dd4bd-63c6-49ce-a4a3-5f7829097a28", "comment": "Malware payload (AgentTesla)", "value": "3395b07fddd482349146a4375736343205162198b59c04f837cc21d4c41028d487f1ec4104386638bfea336a00ee14c4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "cab", "colour": "#C58E2E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691094024, "uuid": "7a87a68b-1087-4d54-bcbd-4bba33b182fc", "value": "T15EC433BC9D4C409B3962A2FF235EBC340092DCE8496003D26AD6A6F856737C9F729774", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691094024, "uuid": "1e95d596-d0cc-4f4e-bd1c-68b68a887adf", "value": "12288:ZZwpAxKx33ewOk/r3331fHt8RxNNIp6K3:rtxM33ew1n1fHW3NWL3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691094024, "uuid": "b641f1e2-4daf-4805-9ced-f4c8a4cda21a", "value": 563276, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691094024, "uuid": "2ee5fbba-837e-432b-bca3-ea6e54a12132", "value": "application/vnd.ms-cab-compressed", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691094024, "uuid": "57142397-fa47-4cdb-85c7-37bb6d51a694", "value": "nShipping Doc-7032775623_PDF.cab", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2fa2a6c3-31c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691045065, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045065, "uuid": "8cf76a85-2cad-4e0f-9f9d-87b0b536e337", "comment": "Malware payload (AgentTesla)", "value": "60afa37c37677f0501b9099e5926194f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045065, "uuid": "a08f38cd-df93-4198-834f-285e3118d672", "comment": "Malware payload (AgentTesla)", "value": "d143750fda26f7d51d271719c7206cac7015528a13a00faa4f35232dc1dbc63c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045065, "uuid": "75adfd92-c47f-4b4e-a8bb-feca3c184e1a", "comment": "Malware payload (AgentTesla)", "value": "6dbf7803c968b4c2c21fae71250d46314fcd3004", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045065, "uuid": "b21e12a2-0785-4d75-8893-2c6368678b5f", "comment": "Malware payload (AgentTesla)", "value": "c15582a176fb57cd7e7bda56ec5e1c7a94c1b0a1bf96a89ed3eba6f4f1a7867a321587142977b5d56c3e0fb6d97fa15d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045065, "uuid": "e85ef983-a029-41cb-bbb8-d48647b7de0d", "value": "T14615F83804B80A12C135D2AD9AD4F513B3904F96761DCD5686C24FCA0AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045065, "uuid": "4dbde59a-540c-4833-b0b3-ea214367f28c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045065, "uuid": "15282a66-9708-491c-a8aa-5cdf3340c49d", "value": "12288:NEKaJcL/xQTD3rKHb+Ssc+NJpi1kmLN9AIbEb0hi:P6bnJs1fiyw08", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045065, "uuid": "ccdf79ec-7c38-4af5-a5b0-06602a170abf", "value": 887808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045065, "uuid": "2fbfa8c2-a912-4d52-a2a0-b7c7ce559927", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045065, "uuid": "85f2c42e-8691-4ecb-af0c-578a51090566", "value": "PROOF OF PAYMENT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "39346e95-31cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046369, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046369, "uuid": "48940722-95ee-449e-b987-06c7612290b8", "comment": "Malware payload", "value": "3d3cbe5145a0b249506d9bb76446fbd0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046369, "uuid": "ff89bc75-5b6a-45c5-a95c-4edb18e0db8a", "comment": "Malware payload", "value": "d196b93a4013eb777e01de1ed92b3d8bdf2ac312e84a6afc69255884ea7b50bd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046369, "uuid": "f777be38-f237-473b-b5f0-cb966f88f3d9", "comment": "Malware payload", "value": "83cdf4bd38a9b9fb6dfc4374497957075ce35ece", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046369, "uuid": "9e1bd962-3650-4b3e-b233-115c6c4e73f8", "comment": "Malware payload", "value": "f6361fab03bd1d7b9206b731ae987458575f02b176547af9f787ef0978380e2882cb74f4173cbe377c54bda97ebc7ffd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046369, "uuid": "8748a0c8-6cbc-4118-8f51-f8320a6cdda5", "value": "T1C9C50893E89540F4C0FED134C6659223BD6138D9073433D36BA2A6E11B7AFE86ABD354", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046369, "uuid": "c119b2d8-a00e-4fc5-9565-afbe1f66f9b3", "value": "24576:hveh5wOvFfAkVzg7C2Gv0l1LgD/kMg0I2sYvbJOaWQoGW03k59yjq:hGXwGFfpgG2Gv0l1YzzsYvbQaWfG85E+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046369, "uuid": "92ad13ef-e108-47fd-9dc0-8fde7ee5cebd", "value": 2645769, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046369, "uuid": "b4154469-1309-467e-89fc-dfd931c091cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046369, "uuid": "8fd2d568-d77a-4bd5-a60d-93b99909a2a7", "value": "3d3cbe5145a0b249506d9bb76446fbd0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6cc00d80-3209-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691072655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072655, "uuid": "63f36d6c-5c74-4c0e-a042-da134d72160f", "comment": "Malware payload", "value": "583369c7d0674c6786c03d17c0d0ccc5", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072655, "uuid": "b52ac2a8-2950-418b-9861-4c8854d4f26c", "comment": "Malware payload", "value": "d487f41dbb476cb9cf554b82ee08d9aebdecc4a0a1a8a8d40e6bea1637a5217d", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072655, "uuid": "18a438ba-e4ec-42ed-8fa8-cac84a6fc477", "comment": "Malware payload", "value": "3750653d6820b6867be33c96b1eaca53adba8972", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691072655, "uuid": "59f00328-02a9-4319-b1de-ab6f284bcbf7", "comment": "Malware payload", "value": "03f34186c67450e6aeab44cc37dcb196f231a048b8b933a57337b6d8005dbf685fe7337b8feb32356b4fddaf29b0cf49", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072655, "uuid": "dcd07294-464a-4971-a0b7-397e290b97ea", "value": "T1C063F1847664DD279BEF84E22753D77D0BB0AA07F391A887E27C027C615BA4C0D9208B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072655, "uuid": "2e936f54-d1fa-4ee1-b8ae-cf9051f306a2", "value": "1536:3nl5fNeVWRIthSpvK9jNeqiq+z4UxuRxOQTTHYDqUyFLznQ8:lxRILS9KnJ+cUxaxOQT8DoFzQ8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691072655, "uuid": "25f3ca5e-3e4d-448b-8547-915c3465e32f", "value": 67618, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691072655, "uuid": "425cd601-a3eb-4870-800f-bb881880c9a5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691072655, "uuid": "67bdb6f9-98cd-4bf6-9408-41cfe6fb2bb9", "value": "sample.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0977208a-31fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691067764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067764, "uuid": "7f274040-7efa-4da0-b1e7-f2b7a236dcf7", "comment": "Malware payload", "value": "ef55f1651d921f5a0e57da18d87b7b06", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067764, "uuid": "424171f1-b2d8-4bac-917f-e8cb61fd7684", "comment": "Malware payload", "value": "d52e6ed2697143f48986d6745dc5c068c66aad22070653ec4fff6ff6319f954b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067764, "uuid": "869ea4a6-3fab-438f-ac45-8973533f401b", "comment": "Malware payload", "value": "1c06d315f02d32d990bcf4f8fd78d9dd7a4bdeb2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691067764, "uuid": "fe86f1aa-8b1e-484a-9deb-15aeb41432c8", "comment": "Malware payload", "value": "0a6337679226969c6901708708b4b42eb396e99a3bd370523a0ff298a824ce41ca492fd928440af73deeb4904c4c3850", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067764, "uuid": "16eeb5f0-4b79-43cd-8f8c-3057edd24820", "value": "T169E44C90F785FDF6D8458B7448D2531A63B9F080D71AFB2F6624FF38091EA889D63609", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067764, "uuid": "1b634d96-1e62-4534-9066-0723c325be3b", "value": "3c2803e8c3d6d3cc1b9ea7682adf9962", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067764, "uuid": "dc82c242-db44-4de7-8bee-ae053944a756", "value": "12288:Yu5scRjTWFrqLnGTGc50HYgjpOtKzkAcMZLkD/Vo3W0CG:YyRjTWFrqLG6c50HYgjpOMzBcwLs/Vor", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691067764, "uuid": "1ea77757-35a9-4a96-89bc-7bea6eb9b58b", "value": 699636, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691067764, "uuid": "a899146f-0d5a-49f1-a342-be82a43a6c80", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691067764, "uuid": "691bfe43-a3d4-4de0-8594-7cc1d99c7f8a", "value": "d52e6ed2697143f48986d6745dc5c068c66aad22070653ec4fff6ff6319f954b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a414b15-31f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691065618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691065618, "uuid": "59227d19-391f-41f0-9661-28c72fdee5f9", "comment": "Malware payload (Formbook)", "value": "80ba9ea60bb2472189e71e94bd3bb10d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691065618, "uuid": "4118ca08-bc47-447f-8a28-e71cc395d820", "comment": "Malware payload (Formbook)", "value": "d66fd5bf48c5579ea56c0ad773bdc1926c7e5d234bf6814786f076cdd1dd6c0a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691065618, "uuid": "ce978a6b-f643-47a6-beca-cb0cf31bd0be", "comment": "Malware payload (Formbook)", "value": "91d0b3967ed684a0c6aeb93b26b93d7e7cea5a06", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691065618, "uuid": "363bb092-a6a4-47c8-99c9-014d25769bdd", "comment": "Malware payload (Formbook)", "value": "5bc16df7891cacbbe72bb23c83d8be5758b5d616f14cde43c997958b4d688b86ec72d595e196c3b05d46be429aa7595b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691065618, "uuid": "21325ad6-5b8d-43cf-8712-408ddfe39ee5", "value": "T17315083804B80A12C135D2AD6AD4F613B7904F96721DCD5686C24FC90AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691065618, "uuid": "640ebf85-0532-42a9-84c7-be1f92582de4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691065618, "uuid": "c5aa9b36-2dab-439a-b6df-912a035fdbca", "value": "12288:2EKaJLviVqZ5QgYZwwuUMadzNNKyitahBGiUiK369PIG0/ZAH:hv+O+zD9itahBjUkIG0/iH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691065618, "uuid": "8b387ead-2985-4075-850a-4a5f0f9f1676", "value": 907264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691065618, "uuid": "ad9957d2-de65-4bb2-a2fd-d7c875b8736e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691065618, "uuid": "377cff27-0d7e-4390-b695-0bc1a1d49961", "value": "Pre_Qualification_Doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "925e029d-31de-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691054250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691054250, "uuid": "66a1e463-d48c-40ef-b645-2b49085f14e3", "comment": "Malware payload (AgentTesla)", "value": "cf4b50c9a644dcc57ec043745b66982b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691054250, "uuid": "adceea53-4bc1-4c6c-adf6-e6039cd1ec50", "comment": "Malware payload (AgentTesla)", "value": "d8ed3fb0de9b294adf3d48b7149010d51b01a9f9b262581aff015f1318999671", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691054250, "uuid": "a9bb05e3-8d03-4a37-9c8c-bec11f868d07", "comment": "Malware payload (AgentTesla)", "value": "fa2c3775f061ad5b6469c66ec8f765af6fa9e259", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691054250, "uuid": "5c47ccbb-212a-4791-893f-f387cc4aced1", "comment": "Malware payload (AgentTesla)", "value": "42fb78ffd42acffa1e80babea5ecc5ce5c21f5fc610815d129525c1eca6d978f96d422ed81ef732309c09a81c5a938aa", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691054250, "uuid": "b967b88e-78b9-4f48-a6b4-2197c378e5d7", "value": "T16F156DD1F15088DAED6B49F1BD2BA53024A3BE9D94A4410C569DBB1B36F3342309FE1E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691054250, "uuid": "43ea80ce-d574-47fd-afa0-16392f794bc4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691054250, "uuid": "d1a80b7c-c7e6-45e5-b285-c759d5e0517d", "value": "12288:Uqi0FmT8wnh6RUm/H702p6tor4v0+/4gtk+ZTDkm:Ri0FFwh5+HY2pEofm4gkwT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691054250, "uuid": "d5cc910d-0c24-4617-820a-73dbe78325cc", "value": 910848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691054250, "uuid": "235d5780-dad3-4bf3-804a-7eef750844d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691054250, "uuid": "479df620-714d-4ca1-a31e-ca540def262f", "value": "e-dekont.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c92e155-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691046724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046724, "uuid": "66a09679-532b-4bfa-a526-1a93a0c7a4c4", "comment": "Malware payload", "value": "3011a3cc4b2c0b18c4a579b556c2a7fc", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046724, "uuid": "cd701b04-dd97-4764-b6f8-4e752365dfa1", "comment": "Malware payload", "value": "d9deb07281e98b7142321af2e1785179fb0646543978d689911d132cab03ce80", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046724, "uuid": "54ecedda-3cee-418e-ab79-9b00b3409374", "comment": "Malware payload", "value": "52b8831f40c7085f3d02f83fdafed813e2254b27", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046724, "uuid": "985813a8-9505-4c11-b6fd-c37faf304396", "comment": "Malware payload", "value": "50d66e32127c198e6db6b700b7879e3c643889a2f719da10b2561141c12aaa1edfbd072a933b631cf036cfdcdfe60500", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046724, "uuid": "6b825624-9506-43ac-8d36-0f60163d82ed", "value": "T12B2270C0BBD657744B4D765C68573809E07C8CD9F12481DDB6B8462A0321CCBD6FBADA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046724, "uuid": "a62b022a-5fe6-475e-9e92-214f73800e2f", "value": "96:a4LaEnFLq/ezU0TYjylBWPSQcGFXPsRuTpPJW0dUgjn8b8RbGA5JEmzyo97lQ6P5:NLUWKyPWt1x4MpPJWMsmTxN0m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046724, "uuid": "5174d057-fb5c-48dc-a196-dade157c7f1f", "value": 10815, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046724, "uuid": "20d5e2ce-1fd1-4579-a795-59a93a0b0f2c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046724, "uuid": "aff5b31a-e4e0-4afd-b119-8e0d94fbf796", "value": "DHL DELIVERY COMPLETION FORM NOTICE.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5dc13e32-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1691077354, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077354, "uuid": "21735522-43ea-46e4-9a50-7e0e7ffc1f89", "comment": "Malware payload (SnakeKeylogger)", "value": "ab8cb2fc431b1206c1e4428af1488e88", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077354, "uuid": "9b0345d2-93d4-43fc-803f-2d7ac8c43df4", "comment": "Malware payload (SnakeKeylogger)", "value": "d9eefd6741e692541008b7d71cde7d92662a6088247791f8a48e41b953324196", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077354, "uuid": "656d2deb-b3b8-4ffc-b723-2fed96e62c03", "comment": "Malware payload (SnakeKeylogger)", "value": "61dd8385af2655b179438e67c95a7ca070a3e127", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077354, "uuid": "b32210d3-7d7b-4936-a7d0-3774251fb772", "comment": "Malware payload (SnakeKeylogger)", "value": "19c7090f0010cd5efe62072c4ba9e220c5f3ecb9e87ed2fe9999a5de0fd3be340c2a92dc533b3c4662d0f194c48edaa0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077354, "uuid": "53c07482-2920-4170-aff0-f7ea38edc091", "value": "T11CF43BD1F15088DAED6B09F2BD2BA5302497BE9C94A4410C569DBB1B76F3342309FE1E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077354, "uuid": "88123a33-b445-46bd-9b9a-5fb5f26ad64f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077354, "uuid": "18493310-21f5-40a3-b336-fdabefa4aa79", "value": "6144:0WvPb4upXWXxsmh60Q3k8BPk7zVs4+3CVURJfenvQN+sOuJAvAc4kmGxW0pmNHm9:0qpXWH0PTezVs4nznq+YoAcAMuGTuhE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077354, "uuid": "d5d59f6b-5a8a-47a2-81d7-37878f56a11c", "value": 787968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077354, "uuid": "5b137c0e-2b52-46d5-9702-3e0da750d85b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077354, "uuid": "038a716f-710c-471b-b108-5e942f8f1c0f", "value": "\u0130HRACAT BELGELER\u0130.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce897c38-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068524, "uuid": "eebca3e4-538a-41e0-9d1e-aa3ec1d4577d", "comment": "Malware payload", "value": "03d940f491143cd469e40baed7bef9c2", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068524, "uuid": "dd188436-c3d9-4036-8911-f5006a9a2412", "comment": "Malware payload", "value": "da05617eded07cec14d283b73336c4582b4e812c99c81da14c06f28d7432e0f9", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068524, "uuid": "0d367ceb-f468-4b3e-a16f-b87f8ed3d427", "comment": "Malware payload", "value": "60cabdc576145bf986b53b6ae22b4b7836effb5b", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068524, "uuid": "0f1e1bb3-5654-4a16-8d71-ee02d60b7858", "comment": "Malware payload", "value": "acf3aa47fc4e23083bf94d99700c0e7ddff6338bd796754b2b40fbd064cbd23b0c3101198275eca39df3d36454bcb8ac", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068524, "uuid": "f098d153-f23e-4251-bad2-b84026179da9", "value": "T122A46B26F181D877D0714E7CCC5AE2ED942DBA603D2868477BF91F4C9A392827A1B1C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068524, "uuid": "eacead4a-9c6e-4a3f-819b-3330a8f3da72", "value": "7024598173b2334b7da5ef6ca0d0e66a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068524, "uuid": "298fc1aa-2b1d-4ac2-a916-f4d8bda0d4b4", "value": "12288:3BBtd/qcoyfOi7ipmWm0wsWZ16oWymqnuj/F:3/tFoli7ipmWm0wswBm+uTF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068524, "uuid": "75326535-e874-476c-b9a2-b89e1ec122bd", "value": 453120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068524, "uuid": "a27f65d9-3edf-48c2-b12c-8c22db05f55a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068524, "uuid": "c06e45cb-6b35-4dce-a215-6a0c1dcaed2e", "value": "da05617eded07cec14d283b73336c4582b4e812c99c81da14c06f28d7432e0f9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0b15229-3231-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691089922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089922, "uuid": "a6740b04-8d77-42ec-8b01-b3d1d9d5966b", "comment": "Malware payload", "value": "9e9d3ca2bb0dca4602f6230c63af9885", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089922, "uuid": "114d2b0f-1cdd-4c1b-a6d6-be046514f88d", "comment": "Malware payload", "value": "db0671a8aa2824d479000a440fefdf5baec097ab171212b161865d7383897815", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089922, "uuid": "87754946-4092-468c-b968-ef23e5985357", "comment": "Malware payload", "value": "5e2cc25105932363c2034f9062fbe4ca4aa6aba4", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089922, "uuid": "b80003fc-b07f-40bc-bc6d-bfd6be846e5b", "comment": "Malware payload", "value": "13ded75ee7510b9b3933771f1fbff7e8ece938a005c55ebe9eb4696b525b553c02a65eb1f876054ed8a77a58cb786650", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089922, "uuid": "c44a269e-736a-4e4e-8834-d5156191fb16", "value": "T148F41831E69C32A9D16B9078FD0B5C02E936789A1320BFEB12D55E521F66EE05F3D360", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089922, "uuid": "efdd0d75-f59e-4bab-958c-5165971565d7", "value": "108e18be559cec71db1f519ae1ab24ab", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089922, "uuid": "ef27c0df-31fb-47d7-94a9-2b1a16807259", "value": "12288:F6tRUpJc2oxn9p6l/MYnBHxf2zm7PmSojJZR47:Qt+q2knBYnbfCePmSUZM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691089922, "uuid": "199fa25d-52df-4649-94d1-3b6d7c8765df", "value": 750592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691089922, "uuid": "7669c02f-fb81-48d2-82f0-056976e9285d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089922, "uuid": "15509146-e4ba-4b2b-b2bc-4c4f48b6e3f8", "value": "9e9d3ca2bb0dca4602f6230c63af9885", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77debfd6-31c4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691043038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043038, "uuid": "f0619bc8-99dc-4823-820a-a4db3e8b17df", "comment": "Malware payload", "value": "9932fab98f2c021632045d04966db4fd", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043038, "uuid": "a991a15d-7e0f-4c15-8cc3-4df680d8f181", "comment": "Malware payload", "value": "db1185f24c56cadec1c85a33b0efeb2d803ff00abf4c9df1e00d860683068415", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043038, "uuid": "d4b7101f-3d73-467a-9b17-b4345a5f422c", "comment": "Malware payload", "value": "95f6e7eeea10068c60a5856ac05fd3b9a554d500", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043038, "uuid": "9261d200-b614-4b13-94b8-eb06dc795d13", "comment": "Malware payload", "value": "f9178b10b50faf8f18233cc043969ecfad18cb48360cb7ee9147d82d33d1b1c1ee1e45a38ea04db922b9ede8e4938de4", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043038, "uuid": "e17cb998-ff04-4896-bc24-48a36e024c0b", "value": "T118726E3AD702F53AD216863CD1191698FB684607E739661F5406F3A84B80EDF03A6F4B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043038, "uuid": "e5c18a9c-d07a-432c-95e0-22baaa222ec5", "value": "192:nmz+IH1eQyUwHpj0w1sPbxbnb25bv/0PdvwOfw5Ie9e8ebWqgj:+BVeTHpwCsDRbSGwmw5IX86tq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691043038, "uuid": "1951de02-e4d8-45d5-b8be-d0e83730955d", "value": 16193, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691043038, "uuid": "80f7cb68-6e5b-4c55-9443-b1af3d6d0199", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043038, "uuid": "5f7cd4ad-80a7-4cf4-b7c1-61b37ae4d1d5", "value": "73cceb_b5b6005e2aa74cf48cd55dca1a2ff093.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f07dae0-31e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (QuasarRAT)", "timestamp": 1691055909, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055909, "uuid": "cb437f17-49a1-42e5-961d-90d94bb9127b", "comment": "Malware payload (QuasarRAT)", "value": "88657ecdee3d71d7e470a8332036963a", "object_relation": "md5", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055909, "uuid": "f8fea8e7-bace-4bc1-96c4-d6c0270a6a2e", "comment": "Malware payload (QuasarRAT)", "value": "dc20017aaf4eeba0943edb41bbc0296b6d08d996eb3a86562347d7c33e2a7f5c", "object_relation": "sha256", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055909, "uuid": "91aa145a-89a4-4267-b3cd-040e9ecbf257", "comment": "Malware payload (QuasarRAT)", "value": "cb85e831262475220f8906dd17104acee7127785", "object_relation": "sha1", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691055909, "uuid": "89c58682-5e55-47ea-9d06-e0b54ef1a585", "comment": "Malware payload (QuasarRAT)", "value": "300bec8f5f95d973354f91dea8aa36999bb96504fe59a6aaffb15231f177cd4c6d975913f60665a13c20f30845352c16", "object_relation": "sha3-384", "Tag": [ { "name": "172-104-142-200--8000", "colour": "#F53C27", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "QuasarRAT", "colour": "#359B0D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055909, "uuid": "64494f37-3462-42e2-839f-dc5be5c1fc87", "value": "T127E56B143BF85E27E1BBE277E5B0041267F0FC1AB363EB0B6581677A1C53B5098426A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055909, "uuid": "b8c30955-0c6d-472f-b450-49cbe884ec6a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055909, "uuid": "42d11838-f0a1-4fc0-be03-e770749741d7", "value": "49152:avht62XlaSFNWPjljiFa2RoUYINHRJ6DbR3LoGdQTHHB72eh2NT:avL62XlaSFNWPjljiFXRoUYINHRJ61", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691055909, "uuid": "3e7b8d3b-b57b-40c5-868b-a96d346de8ad", "value": 3265536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691055909, "uuid": "46a08170-6232-45e5-bdd9-461e8b648e60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691055909, "uuid": "7e224bbe-c859-4a7b-a754-075f8f6aaa75", "value": "client.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d391b6ca-3224-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691084424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691084424, "uuid": "7938bab4-370f-4f01-9f19-113fc760edd3", "comment": "Malware payload (Loki)", "value": "0af339663001b7430d7202dbf21b28e3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691084424, "uuid": "f7f230d7-d32f-430f-bb56-9b1132b1c918", "comment": "Malware payload (Loki)", "value": "dc49bc48694470b48eda11e05ba609634580de598d44d13f5bd19f229119d69b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691084424, "uuid": "3ceeb2d6-dcb1-483a-b622-f0c0e45e1895", "comment": "Malware payload (Loki)", "value": "ecc4021852bd2ea85fc372a6b8ef6d0652897ade", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691084424, "uuid": "0ef1e2d0-a8eb-4983-aa1d-08081335323a", "comment": "Malware payload (Loki)", "value": "a64464a844db50054bdccb48c05797c2d27569b72b46759b3ba7d6b9deece7c50129da57207cf0a6e8a821c89f790a1b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691084424, "uuid": "f99673ac-b495-4e49-86cb-589ad7b3a928", "value": "T189A4237E363D2F38CC4A09FD86A3A001237255266386F76ADCDC749E759BAC034165EB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691084424, "uuid": "e92c822f-9904-4b7d-9fa6-35d06e04f0cf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691084424, "uuid": "98692aaf-2b4e-4765-bf8e-b32637da4031", "value": "6144:FKOWvPb4uNVAk60Mj6KUP4TFXSkMuZ+X9Jftk9r3NEwYx7+7UFM/hUU5rW:FDqQkBnKUPucjftpx7gUW5t5r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691084424, "uuid": "a9253249-2d36-4001-954c-a35937a83cb4", "value": 469504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691084424, "uuid": "fbd5d021-b1ce-47f5-9c43-4a0d58dc496c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691084424, "uuid": "0c1e5f01-8cbb-4a18-8e23-51e8a40186c2", "value": "RFQ - 00800-103-DOCX.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84983b70-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691077420, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077420, "uuid": "2a1cc993-d492-404f-b73b-99a1dd363a69", "comment": "Malware payload (Loki)", "value": "c821f448cc025a70ecfb8a0592ef2347", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "UPS", "colour": "#972105", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077420, "uuid": "09f8aecd-d752-48e5-ae49-1265aace39e1", "comment": "Malware payload (Loki)", "value": "dd76fd61be4e869427bf5ec1e4d6bcc62a6afaef188412103f7376daff1762e8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "UPS", "colour": "#972105", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077420, "uuid": "3e69561b-f926-4f66-9eb9-df07e042009e", "comment": "Malware payload (Loki)", "value": "42bcdf21f4a4c3ce4e42248c9c729e162a1e97d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "UPS", "colour": "#972105", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077420, "uuid": "f8f02bcc-1372-4c9c-b6fc-f6690e46ba53", "comment": "Malware payload (Loki)", "value": "6437b34a763a90c46591a1a8bdfdfaec58f3a2c769f5f4e504d3bc3bb0af1352ce5936ab1507a446c021b37d83b30f2a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "UPS", "colour": "#972105", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077420, "uuid": "cd34f283-621f-45b4-85a9-54f463be9bba", "value": "T137A423B6307C4779DD178B7E5CE3C4C2137E9B52A98DF3734EC026CA2AA2704955872A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077420, "uuid": "5d197d6c-1f9b-4ae8-88cb-e05c5c2d1ef5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077420, "uuid": "836641ec-6a21-4c28-92b9-933e524ecda3", "value": "12288:X2qhXCBmWMhc7P12b9G9BvOobllFaLiGJ76yiO:XXhNhOPnTb34X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077420, "uuid": "f62866a2-4c01-4985-b19f-95637342f1f4", "value": 464384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077420, "uuid": "f93e62f9-9d24-4111-be72-97968e104467", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077420, "uuid": "aaf27a7e-5f0a-4a35-8b83-afac0ebacd02", "value": "UPS Shipment Documents_UPSCBJ19051780131.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "046bf518-321d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691081070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691081070, "uuid": "481dd202-f5bd-416b-bb71-3f00623c73c6", "comment": "Malware payload", "value": "2d1b5b841118e9c03119cd4c9ef3df6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691081070, "uuid": "994472a8-fce3-46a0-ad20-eb005352fe24", "comment": "Malware payload", "value": "debfbb04e8af278715226121ad78fc5fe71720061cd697fff77183e78133b475", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691081070, "uuid": "f3d01c6c-e84a-4eb8-89ea-c7123e9caf3f", "comment": "Malware payload", "value": "ac22266322b4188beb97e8c93c59c6ffd1468c81", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691081070, "uuid": "b0e21d03-da5e-4357-9d60-60248811fdd3", "comment": "Malware payload", "value": "53a3bf184f4c82cf5fff702a2fa55d86ab78add39032d9acfe600c10ff00c5a2f9e356d5f151f288de46ee35e4100e98", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691081070, "uuid": "a2c1bd7a-83e0-42d8-9749-2c4e6378f1b6", "value": "T11EF4122872AD8C27F67E56F595E2E29843F1744A1C2AF2EC6CC135CE11FAF446901B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691081070, "uuid": "99fd0c56-742c-4086-96ec-f7edf379909d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691081070, "uuid": "74e7c2a5-87e5-4994-a01a-b6dd2df2ba9a", "value": "12288:ynjOMxnVhS1rvgHASTbNTk89m5t/zNN7Et2zszNrKvIXFCmrVTyBZtzcWx5onT:yjOMxVhSB4H/T9m5t/zTEhrKAZZyBZtC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691081070, "uuid": "f0803553-d75a-4afc-97f5-fe68df27c482", "value": 770048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691081070, "uuid": "20d49458-931f-4815-9545-45bfd4a29265", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691081070, "uuid": "f9093dcf-abf5-4d9c-b951-74f5eae0d880", "value": "Order 8820516930.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a339f1fd-31c2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691042252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042252, "uuid": "d6b4be5e-e9fc-467b-b80c-15f66a468a8f", "comment": "Malware payload (RedLineStealer)", "value": "e5950795a3251ce026b10ea8b1df26e0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042252, "uuid": "c2492036-60cb-4ebe-8982-92b34060164c", "comment": "Malware payload (RedLineStealer)", "value": "e0193765c9e157028a992d2c76b8d3b717cc4390ddb4d6a972351ec9d39981e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042252, "uuid": "1653c285-8a71-4a55-bddb-eea59cabe700", "comment": "Malware payload (RedLineStealer)", "value": "e6402394a104a674f05c4e89453a41df6bc289d4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042252, "uuid": "1298c6e1-fc8c-4b87-92f0-97d863f6fbea", "comment": "Malware payload (RedLineStealer)", "value": "44262cecd5f6c8b45596e6bbda3136b6ba12a1320bb29e159d3e04fc961ecb88a6b4d205472ad64148eff0eae7151e3e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042252, "uuid": "28c1857a-9ec5-4097-9427-45e6878b3ad8", "value": "T1AE84CF02B691E832E61145358E2ECBF47A3EB8704F296ED737446F6F59312E2DA76301", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042252, "uuid": "eeb66cf7-16f5-4ccd-ab72-45cad347d115", "value": "63b403774c774916f9ed6282f41f8cf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042252, "uuid": "b3ebe269-101e-4171-892b-8a6238ced65f", "value": "6144:XSZsnALU00Rzb3wEPj+hBQQCQxHOPX0VQzOgEU:iZsAg0uzb3zCh/Cau5KG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691042252, "uuid": "1a104435-b896-4947-ac08-6603de3d55e4", "value": 376320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691042252, "uuid": "638e920c-1326-4fde-ba9c-dad2a51cc3ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042252, "uuid": "346b5585-d95a-4be2-bbc9-9201c5de4ffe", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "350beed3-3234-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691091030, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691091030, "uuid": "3a05e551-4bb4-4138-8d22-966d7b83e9d8", "comment": "Malware payload (RedLineStealer)", "value": "56341eda3aa2e14af85986adc287c293", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691091030, "uuid": "c941cc0c-fe4c-42a7-bbbc-43bc24ca9f07", "comment": "Malware payload (RedLineStealer)", "value": "e07bcb43a7b6916042d4e2f5ec8d7b1d8c2180695eaf38ab3a7b778a26430d7f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691091030, "uuid": "960da62b-e904-4b71-b992-e97971dd804a", "comment": "Malware payload (RedLineStealer)", "value": "2a64afaec1983cbd3ca5427c7ff7c043e310c75f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691091030, "uuid": "dc334a57-40bb-4204-aa87-697042d1634e", "comment": "Malware payload (RedLineStealer)", "value": "7196363189e981212130d65bd7f7051d85f8bb6ff32d2ed564079daa8964855ab8f68dc69cfbdb5a436d4633de232734", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691091030, "uuid": "114315e2-5b9a-4ea7-ad2b-0e87010fe4fe", "value": "T1ADC41263B6E88077C9B057706CFB17930F38BC625D38925A2B45990B5C73BC9683672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691091030, "uuid": "2806bc8e-098f-4e8e-b060-9c318d1a7536", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691091030, "uuid": "8e5baceb-515e-4f78-b658-8b0408bdbb0a", "value": "12288:YMrEy90N0mccFeJtMSN7cycbwie9USaUtkV:MyeeJtMSNwyuwLUSackV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691091030, "uuid": "a7fa420a-ade7-4d2c-a6c6-77309a29c922", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691091030, "uuid": "94fb59cc-4f55-47b6-a654-e94e47c912ff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691091030, "uuid": "769ffeee-8f30-460c-a646-d42c2ea00090", "value": "56341eda3aa2e14af85986adc287c293.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbf1d4ba-323d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1691095229, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095229, "uuid": "10f37c6d-2d0a-4034-ba13-887c9f8d8b40", "comment": "Malware payload (DCRat)", "value": "25acb6e3bbb41b9af9aaede681f62746", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095229, "uuid": "80691965-0114-4468-903a-8ba570f44927", "comment": "Malware payload (DCRat)", "value": "e111e1f67503e9fd7cb18891121745e21b374010663101c34fa66e8721d96a06", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095229, "uuid": "2c92038a-4bb1-47d2-8dbf-9fc82149f568", "comment": "Malware payload (DCRat)", "value": "80fce902c5c4d671168f21fe145630d225f92237", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691095229, "uuid": "e99b5ed4-57e0-4bc5-af01-d5ec7b82a767", "comment": "Malware payload (DCRat)", "value": "f8f7ab26a18f9f6fbc2542bbad62c2c63adf23188189953f8735440b451e8ddc7d2c8f7419ce63c11c0df83a3f078aa4", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095229, "uuid": "39bd51c8-d6b8-4aa9-b912-ebab5200de2c", "value": "T141456B017E40CE16F0092633C2EF450887B4A9596AA7E31B7DBA377D651A3A77C0D9CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095229, "uuid": "bd07ca93-4ad5-4a4a-98ef-a112420fdfc1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095229, "uuid": "dfd094d0-2558-4339-a18a-1adefd83f8ae", "value": "24576:kSxEAt2sZqMuq0G8JHPNeMPhML/I7/0njQ:HxRgLHRPN15ME7/0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691095229, "uuid": "758d5ccb-6298-4c9b-8949-9c5e82184fd6", "value": 1240576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691095229, "uuid": "bf31453d-d9b3-4e29-a487-2ec893d16fde", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691095229, "uuid": "dace1514-4a48-4714-a5a3-b0eff49a32bb", "value": "25acb6e3bbb41b9af9aaede681f62746.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84526735-31cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1691046925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046925, "uuid": "600dc08b-53d1-4c76-8c9b-05fdf0c3bf84", "comment": "Malware payload (GuLoader)", "value": "aa48863662165dbb591ffaf354a24004", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046925, "uuid": "ba43e1cf-7fb4-4876-98a8-e7837e4cc3b7", "comment": "Malware payload (GuLoader)", "value": "e15efe6abb3771d3bc76e8df6a9208035a5f741c5e8ea4381b48a1cf61d23e7d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046925, "uuid": "b5f63e54-faf5-412b-99a9-c7ec1de5aa2b", "comment": "Malware payload (GuLoader)", "value": "6c38c89eb2db8f8cf810d492295ab9105d6b56d1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691046925, "uuid": "6df5d4d4-df67-4fc5-946e-8bb09765e518", "comment": "Malware payload (GuLoader)", "value": "35c517999eacde1bce4240018a673c912632c7b9e00de456e577b90922a8febffdb702d71bc60c435c4ff5ee9f522227", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046925, "uuid": "5f4021d1-31b3-4fc8-b226-547b7ff3b85a", "value": "T11854F1892BFCD467D6D24AB01E72913BE2F4BE7D146AD10767223FAD4E3D0908B1D246", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046925, "uuid": "ed5f01fd-c7b5-45f1-9804-c9c3e88c41fb", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046925, "uuid": "f5b84053-444a-4b81-89f1-68073c06ec86", "value": "3072:H030XCIscLlj+c4qw+bpgwozvlHkZNegjc1gBytLIec5gHzLw1sJECboJTyccaFr:Hj+q76LJs4oOLmozL3nsJXck0Ir", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691046925, "uuid": "8df12426-619f-418a-9e59-babd849164e3", "value": 279070, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691046925, "uuid": "ef222956-bd2a-4989-8400-7e9705446de2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691046925, "uuid": "fb38f909-7dfe-4017-848c-95c07b81aed9", "value": "Dekont.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d815392-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1691044659, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044659, "uuid": "e913968c-4774-4569-8857-f3ce017060c6", "comment": "Malware payload (AveMariaRAT)", "value": "e29430f973a27719574ae320d4a59007", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044659, "uuid": "03c0daba-efe0-413f-8d91-e8811a32a430", "comment": "Malware payload (AveMariaRAT)", "value": "e1c65253212ac1e1b683e0fe76bdf5c166f6dae6dadf294a31784637f81ea259", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044659, "uuid": "9821d51e-a149-4b5b-b8c4-f54c95379a05", "comment": "Malware payload (AveMariaRAT)", "value": "9044c6519fae2eee86217b9b6fcbf0940b11ae1b", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044659, "uuid": "d3f89641-b29c-4a53-a567-4844b46ae075", "comment": "Malware payload (AveMariaRAT)", "value": "1b766ca7f345e2c8e6aebd1145b8193a564cab453d9e9114944dad2638128c0ef9304c8762f8a278ee31cadf0db08edb", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044659, "uuid": "a70fa094-0b48-4e42-9203-f8312c14b90c", "value": "T11E337B6DD34F0169CF5252779A1B0A4941FCBB7EB38412B1346C833933EE82D62266BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044659, "uuid": "eb960127-cd24-4b7e-924e-46a50eab8861", "value": "768:+wAbZSibMX9gRWjZ4MVU4aZLOE9bkzZE4mN/idwhRAmZGWqJj:+wAlRGOBZLlt46RARj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044659, "uuid": "38e2a7e5-d4f1-4cd6-bf17-77214db27f01", "value": 52101, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044659, "uuid": "14210dd5-2935-4762-b1c6-28cf081fd1ea", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044659, "uuid": "54b6e21d-8ff1-499c-af43-2c598a2f111d", "value": "e29430f973a27719574ae320d4a59007", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "997f7464-31c5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691043524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043524, "uuid": "bcf61c5b-c24b-4f38-9e86-e16d1b69115c", "comment": "Malware payload (RedLineStealer)", "value": "022e5f47a4ce66a7f0eda9a73f6751ab", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043524, "uuid": "a7d8d8b7-ecdf-4557-9813-e03823522672", "comment": "Malware payload (RedLineStealer)", "value": "e20f55052a678cb46b022c4a2fe842df103dede80a9ca81afa917a95d3f2286a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043524, "uuid": "770d7643-aac4-465d-9121-b0aa2094454e", "comment": "Malware payload (RedLineStealer)", "value": "728c8cea2fc668e29e89c53aa4112b02d8aad729", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691043524, "uuid": "5713bac7-3e4a-4fcd-823d-4f686812d4ab", "comment": "Malware payload (RedLineStealer)", "value": "96d5bc067ee2c6db1179de74c3064d9f748e61ff5ea5bad97bee42b7f848d9966a7ab291a88d8c1fd8e0dfe8dc5b5a96", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043524, "uuid": "1bef318c-1f84-4403-811e-737e66012492", "value": "T1FCA4D012B191D832E62146359D1ACAF82A3FB9748F196BDF7384AF6F59313D2D632301", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043524, "uuid": "8b0ef902-8659-4cc6-aa1c-f35d01ce26db", "value": "63b403774c774916f9ed6282f41f8cf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043524, "uuid": "5e0de607-8c86-49eb-a0e0-c81d99bdb9e0", "value": "6144:6aiZJbkL3rnChypJNrCRNQyAKLOmnF5WJVA6gf98bHEM9266:UZJwbrscCgKqAWfA6gFQEf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691043524, "uuid": "1f7ef461-ad28-40a8-8bbe-bfa6f3a8e844", "value": 450560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691043524, "uuid": "5151e1d0-0f35-48eb-9e19-9705778fa75c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691043524, "uuid": "35eaa80b-1327-478e-8e62-7262902afe49", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1660e28-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1691049577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049577, "uuid": "70d91920-be12-45b4-9606-a507bc5d977f", "comment": "Malware payload (AveMariaRAT)", "value": "e75d36310ab34ce34c393a138eb90580", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049577, "uuid": "f9e66802-3b60-43f5-8ccc-f426d8b5bbc8", "comment": "Malware payload (AveMariaRAT)", "value": "e303e5293b5a55e35e4f9bd7c3142b17406e40f3fc6669c9970dc96e23f33302", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049577, "uuid": "7d5f6c6a-f3cb-46fd-ae74-24f56cba3f1f", "comment": "Malware payload (AveMariaRAT)", "value": "4dcd8020131f10aaa12e9dadf288768f9ff69fa2", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049577, "uuid": "e5e87014-5f6a-4978-b02d-657688eb9306", "comment": "Malware payload (AveMariaRAT)", "value": "992455cd393abf774aa50f44402bc3b5aac3eaf5272f7a45c32156b86ceed51ccfad47c54415b2a73a841878a1794697", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049577, "uuid": "46d01081-36fa-4ea5-8093-f2c6b9364488", "value": "T180952803BA8755A2C1941737C5D75C3003A8DBAA3623D70E79AB235A0A437BB7F49727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049577, "uuid": "8b81ecc9-8d40-4f06-a3ca-5dda3f260859", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049577, "uuid": "15bdec5f-4860-4d80-94ea-9c62f87a45fe", "value": "24576:igvepaLVE7croojrHNwqI/avlnfMYwVj2XGHk1geHz+A1S8OnZ81Lh7J5vMfWDjX:vveEtwdKGE1gLShthN5OWX1hV4lY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049577, "uuid": "bdd95a9b-a8f9-4289-a6af-941f235bf5ab", "value": 2034176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049577, "uuid": "314af8f2-90fc-46d7-afac-341eb87d9023", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049577, "uuid": "a8837ea0-8a32-4392-ad0e-94d2d1783946", "value": "e75d36310ab34ce34c393a138eb90580.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b43d80d-321e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691081726, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691081726, "uuid": "8c366c83-4df5-4716-83dc-4af2d8d2063d", "comment": "Malware payload (Amadey)", "value": "be9e684e9f866de95a01e2583561b7d4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691081726, "uuid": "e126a9b4-1c32-4e7e-b9db-e340b6122cfa", "comment": "Malware payload (Amadey)", "value": "e3b21916574f794407587963fef4a3b760a086e647276dca256b520ab39aa616", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691081726, "uuid": "51319c40-e37d-47d2-a753-8bd87c13164f", "comment": "Malware payload (Amadey)", "value": "d5e25d674bffe011d8038e2685b2a8b60acfe3c3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691081726, "uuid": "f58885b0-c38c-4de5-90d2-35e724b49a7f", "comment": "Malware payload (Amadey)", "value": "b92f2709d2bb63c59eb1fd72f96f5297f47cb52c174a68cc0e43f50de81d032a95818b95a051eef75b56d559bf3fd4ec", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691081726, "uuid": "6a27149a-b10b-4a85-ba3c-6923e7ba4f99", "value": "T1C8C40217FAD840B3C5F16BB018FA07D30B39BDA29D70921F27969C6A1CB26857532736", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691081726, "uuid": "3f0fb052-aa9d-4e97-8f30-18712ad7947b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691081726, "uuid": "d3606f43-947d-4d54-91c3-91399d8cb35d", "value": "12288:sMrWy90FnbwsZtLY8wFUxZV7UUXyxYOi/P5:iyYbx/UkymOmP5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691081726, "uuid": "92dd307e-50c9-4968-bbd3-fb67ce74c72f", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691081726, "uuid": "dd7c88c8-ff55-49d4-888f-cc65ddab6b9b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691081726, "uuid": "d5ec96d0-02d8-4822-a590-3ec71d2db3d9", "value": "be9e684e9f866de95a01e2583561b7d4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecfd1460-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691044953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044953, "uuid": "f4e9ac34-907f-427b-b189-f8f704a44843", "comment": "Malware payload (AgentTesla)", "value": "7fd56807ced09e181ba31ea14357c8b9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044953, "uuid": "d701b589-45e5-4d62-aa62-9cf3b8a3959a", "comment": "Malware payload (AgentTesla)", "value": "e3d2fbe1afcfdd726069b3c7f6913d4513976e7afcf8ce7b93fe852a5b60a00b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044953, "uuid": "7f0f21c0-028f-4b1a-8587-f6708fb359cf", "comment": "Malware payload (AgentTesla)", "value": "f807938283016b7d885c48ed4ab2b1f090f36824", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044953, "uuid": "9958798e-712f-42fc-b997-c197f853b937", "comment": "Malware payload (AgentTesla)", "value": "5d0013c578c00849f0f56684c54fd8855f33298c2e0be7c2ab6d8b4850d5c5cf8b3d8debbc05591a47bbf1848ccc5afe", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044953, "uuid": "aa477a49-8174-454e-92dc-90366227fef6", "value": "T1B3D4235D1F5E4B12C3BC12B09B6EFFA73F64A3F2222BE451902E06C4DD2990971ED429", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044953, "uuid": "e36804d8-2343-4de4-8afa-95879a6b59da", "value": "12288:JS0Amxc1rcpV1mjN8INLW8fWcqwsTdn2WzZTQaQuZwwxT9ZN3RvkTmSA/n:U0fhCN8INLJWBNpn9ZTQavZ19ZN3Gq/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044953, "uuid": "258f5baf-433a-43e4-89e7-ea3266e4e574", "value": 634863, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044953, "uuid": "c1707ea5-f8e0-4598-8169-b120784d9e46", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044953, "uuid": "7e7d00a5-a71c-42e6-8540-80cdcf068a21", "value": "Invoice pdf.z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4952797f-31d7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691051121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051121, "uuid": "8a66d150-efbd-403d-baaa-c5a834974470", "comment": "Malware payload (Loki)", "value": "cad4fd34e3d0af7a8c1b5202933f915d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051121, "uuid": "d5ddb85a-70f8-4f36-b6d9-8dea28703615", "comment": "Malware payload (Loki)", "value": "e43e6ed9728722214571cc37b745086f7dc04731d08375bf54ee7cbe83cc6ace", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051121, "uuid": "e7f2f305-c86b-48fd-bc0c-1429b9ad2ba4", "comment": "Malware payload (Loki)", "value": "c912961eaf93dedd69027badf62729c3402d07ef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051121, "uuid": "b58105d4-26d6-459d-9bd9-aee8388cd1fd", "comment": "Malware payload (Loki)", "value": "6f9f1874cc4f314ad7c5b6b0f6619e1b4ccae295dec8659b5db0b2b0821a81df017c2123c4fadb645f70eb7559b687f1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051121, "uuid": "441fba39-3f61-4fbc-8ce9-2186af8590a1", "value": "T16DA42275318D6B7CDE9D43FA8E92528802B75752FEDDF32EEEC624884643244A47722C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051121, "uuid": "3378a9dc-e767-4177-a7e3-02f524660d72", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051121, "uuid": "592c4196-6086-4a34-8974-083be07af61f", "value": "6144:RWvPb4unZ+BrZqDRtqMNGGBojZ3YS6G/3RhLBkWqBdRx/bDDBKBB60lkqPSqU4W:RqZYrQbqMYG+SG5VBafnPDBz0Cbqx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691051121, "uuid": "28fe30dc-1b0a-4f87-b3d8-34f65cd05c5e", "value": 465408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691051121, "uuid": "5ef3c828-a6dc-4ff9-baaa-73f00862e2e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051121, "uuid": "7642577d-a201-4626-b175-bcb4967307f4", "value": "gunzipped.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "506de195-31c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691045120, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045120, "uuid": "b187e94a-61cb-4ff3-8371-df5b725c820a", "comment": "Malware payload (AgentTesla)", "value": "0dc9012b2951b76b3beb22ce2acce62b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045120, "uuid": "cec48fb9-dd0b-451b-b8a1-8fb31926fd15", "comment": "Malware payload (AgentTesla)", "value": "e548b630d4bb71e90b02d96f0088b174e886777980bace4e182ad076bb398b6f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045120, "uuid": "2e3747d9-0428-4bac-b710-ea9135a868ef", "comment": "Malware payload (AgentTesla)", "value": "bebe04611d6481e2f2d32ef3500247b412118d32", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045120, "uuid": "13b21788-573e-4751-9919-98e357046c82", "comment": "Malware payload (AgentTesla)", "value": "f80c24437907e5ae816d3e7507fe65ce6f01b7a235518ab9309bf3051e35eb065733003a770f2866812e13b7fea5b2e2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045120, "uuid": "6e678e83-d835-4583-811b-e28329f72d2e", "value": "T11B45387450B44952C436C2B9AED4F52272915F9A6018CD0D86C67F8A1AF3F2B2CCFD9E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045120, "uuid": "93374070-570f-44a2-a36e-eaad22c6ec3d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045120, "uuid": "3a3a94a0-09a7-4f01-8672-4614f3ade701", "value": "12288:wEKaJmNfCqcZ7Zqs4gjIfQrkmLtoz7Qviu5B3QKB7O1W7Leuv:S8A72IfQYuiXQviufg36v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045120, "uuid": "1e49ef4a-8a75-45e0-846a-f7c38aaccbc7", "value": 1265664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045120, "uuid": "af63e74e-6188-43d5-8271-ac7f9e3c1a4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045120, "uuid": "6cb5ba40-afc1-4bab-9031-8694522b54cf", "value": "\u00d6deme 31722.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1d930a2-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1691047941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047941, "uuid": "5964b060-d516-41c9-9430-126ce91172b8", "comment": "Malware payload (NetSupport)", "value": "979990d73d89d19f37392c6e80a54e7b", "object_relation": "md5", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047941, "uuid": "e5d8f105-5272-4c33-a461-66127ba69fe3", "comment": "Malware payload (NetSupport)", "value": "e54a526a2c603f4b9d4557680bed89deb4f6276a100ed0f5ad50a7dd1c393538", "object_relation": "sha256", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047941, "uuid": "265b7c41-d6ea-48ec-8bea-5ec78aa2b9ef", "comment": "Malware payload (NetSupport)", "value": "9500fb25b8476667cae27a85bbc7b3c236b5ba61", "object_relation": "sha1", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047941, "uuid": "c97aa45f-12d0-4f80-aac5-6cbf652343f2", "comment": "Malware payload (NetSupport)", "value": "b06908f185ce71882dc4a61192f3987d41f542780fe9fcde8ddaf468ea7b6628e0a7cd054c497a520f016a1cde077650", "object_relation": "sha3-384", "Tag": [ { "name": "94-158-244-41", "colour": "#9434F4", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047941, "uuid": "a138d29a-1265-463f-9d91-35a43c2da2f1", "value": "T1DCA53397C01B5486C9A8317D386135687F5235939F715AE2AC107AB2EEDAB5C3C8F8F0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047941, "uuid": "169705ea-092e-4f5a-a394-dcae3f1196a8", "value": "49152:TDT1sibMnJIhlx4rqChb4c8qmjo32rfYopOdxkp92TMp2Oaq:HThonO94+q38qmJfyd6Ugp2q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047941, "uuid": "e00d6c65-3790-402b-ba06-a121bd8fbf3b", "value": 2189150, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047941, "uuid": "0447c4dd-ccd2-4c4f-b56e-28a8ec0bcd8b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047941, "uuid": "ed649d8a-c972-4128-b67c-9e5050d3bf28", "value": "BiosphereResolution.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "433036fa-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691047675, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047675, "uuid": "d9e6ffc2-5cbc-4ad1-90c4-7ed9f9b6b782", "comment": "Malware payload (Formbook)", "value": "7b429c29a5d488db61e5c22bbb162293", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047675, "uuid": "3123cf77-1584-4df5-b6ff-194b8531ae82", "comment": "Malware payload (Formbook)", "value": "e5854984cb78e5ce4bcc31263e290d895b3de4660e87e0f5af115cb9b60b5500", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047675, "uuid": "7dd55d0b-81e1-465b-9eb3-8f680c7ec949", "comment": "Malware payload (Formbook)", "value": "03babc1e2648c8d6bf5547248c63639faca00de0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047675, "uuid": "b1272cac-30ae-4020-93ad-e257aff17ae3", "comment": "Malware payload (Formbook)", "value": "8f521147dd3fcaaecadb438025dfad57627f399800b214e012d04b1d909ddb36d114c46c442d30ee1247274270ab97ab", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047675, "uuid": "de2ee25b-1628-40b5-881c-8feaa8f80c8e", "value": "T107D4028463E4623BF5BF37B26D3000410A72BABE7696D7EF488434CFA566B4109657B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047675, "uuid": "4788f739-eaf0-404e-9afa-80bef5df2d37", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047675, "uuid": "34de1e6f-2351-4e0a-91ca-5b03e234304a", "value": "12288:ag7JYbpMObBAwW0eieg55hEkYegq8pppPF7D2DjIFTrjcRk3ZimjgVuqxU:ag7ClMoAwte85HIzbDYIFvjcRk3ZiSgj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047675, "uuid": "54738898-8507-4d14-8919-d4e8cc0a26cd", "value": 618496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047675, "uuid": "586e53bf-c41c-4590-8825-f53f4b94956d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047675, "uuid": "0aa31aad-20b8-4d15-9dd1-f450302ebb29", "value": "7b429c29a5d488db61e5c22bbb162293", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05922c05-3229-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691086226, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691086226, "uuid": "74660b84-c3a3-4b59-92f3-cf7a646b2a8e", "comment": "Malware payload (Loki)", "value": "20848021a4b56d6abd12e32715b29ce4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691086226, "uuid": "d5121d72-c835-4c32-b366-b7ce0c2ec4c5", "comment": "Malware payload (Loki)", "value": "e7024298f955778f099dd0bbd8310abb90c39088d23a3a429ca5738c4b21bc9f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691086226, "uuid": "fe2e8963-3d7c-4c8f-a121-19d7b4b65aa2", "comment": "Malware payload (Loki)", "value": "fd9ed2261fcfe189aa1a68b96a84343cc575d4be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691086226, "uuid": "959e4843-da8b-4335-a448-0b4490d00f36", "comment": "Malware payload (Loki)", "value": "31b13a034d47319ee33bcc74fed5f6512f0a813c68133b3e5726e6bc47e2e51d03a5196298ae68b269058e5d83cda9f9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691086226, "uuid": "b8c0c61b-99cc-4a04-8bcf-1f3075c7c479", "value": "T1ADA412B4F7BF263ECE5C87B89582554413E64F23A492F3AE5FC1705E909236834A119B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691086226, "uuid": "04e291f9-0583-4dec-9ec6-47f7b9751a05", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691086226, "uuid": "92a68f2c-24c8-4304-a7f7-fde8a1862697", "value": "12288:xaq/Az+p7lmOdOIrFxIpnqvS1HSnpP8UT:FozxW5gnSwHSnWU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691086226, "uuid": "805440a4-bcd6-4987-abe3-cbd06f12636f", "value": 467968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691086226, "uuid": "393cf346-181f-4a5b-b357-b1cbcc3e03a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691086226, "uuid": "7ea41583-d6cc-4af5-ba43-d1129c5a24df", "value": "RFQ 00800-103-DOCX.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f3b155b-31cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691047668, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047668, "uuid": "68ec99ca-2158-47f2-a0ab-b0b8bcd129ae", "comment": "Malware payload (AgentTesla)", "value": "6308cc22d136d3cc309205ca43233bec", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047668, "uuid": "392f1f75-559a-4e2b-b4da-359346cfd7ea", "comment": "Malware payload (AgentTesla)", "value": "e78ca14c9af7852b5dd0e701e033539c1239999b2fadb772d4a813b248b0c724", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047668, "uuid": "d878cfc4-0fae-448c-b8cb-1abdd10a260a", "comment": "Malware payload (AgentTesla)", "value": "c4bcd2dd3fedd1011f2fa9dc680faaa23b385e77", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691047668, "uuid": "8721bf79-aa48-486d-865f-32d5a9302dcc", "comment": "Malware payload (AgentTesla)", "value": "2f934ee5d23212a16edc73ea3b2ff4ea67df7eaca7c0a5dd3076f67493470892153a01a419807bd2034e10fb12e8ca2e", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047668, "uuid": "71654bd3-3975-43ba-8e30-f43ac14a3a16", "value": "T190C42311D0EC6CBAC63C057698E00A27F7BAFE9FDA45DF87CA4440DF842D26E2961352", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047668, "uuid": "68f31b0f-a6d7-421f-ac79-6525e950f5b5", "value": "12288:RG7amAZ1ljXQ+7jmemD2vZTHPp9EifyLPbRkVFqR6+zCNSg8AoOjdYXIzgm7PH9:E2mAZ1ljAcuD2vlHx8/0ckhSg8ryaXsX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691047668, "uuid": "49c6a47c-6846-432a-90cd-7a840d88ccc1", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691047668, "uuid": "9cc41701-fad4-43ff-bf03-229d0cf09c9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691047668, "uuid": "18324152-ec11-4fe0-b858-0a111bd5c531", "value": "6308cc22d136d3cc309205ca43233bec", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80727933-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691077413, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077413, "uuid": "b0d3dcf7-f806-4f03-b369-3e4eb7c7e1aa", "comment": "Malware payload (AgentTesla)", "value": "e2a4a40fe8c8823ed5a73cdc9a8fa9b9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077413, "uuid": "56c713f3-bbb9-4ebf-9774-664aac46f2fc", "comment": "Malware payload (AgentTesla)", "value": "e7a157ba1819d7af9a5f66aa9e161cce68d20792d117a90332ff797cbbd8aaa5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077413, "uuid": "75df651c-27fc-46c0-9ff6-a9d9f65b4945", "comment": "Malware payload (AgentTesla)", "value": "4194d0f9929a6fb5f43bf45d009e3fe4e3adb574", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077413, "uuid": "8a1d29f1-1bf8-490a-b10d-cdf0a5ea1a1a", "comment": "Malware payload (AgentTesla)", "value": "ab2c923354a1faaa6b28e0451a715bb6780e4a561e4268ab8f16312d5da987e4ab9b143397ce88111863aecbf6c2ba6b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077413, "uuid": "75e715a5-0cb6-4eab-af87-7897a1add466", "value": "T18ED38D1091EA51CDF2B27F5357ED69A48F2BF7D1573A54AD3008070A8BABE84CE58372", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077413, "uuid": "e08829af-9494-42e1-9c29-35272f4d0d8d", "value": "3072:4s3BZiZdZA1R+fctQz2gDgfgoohjmvmlmZmzmWmXm3mFmGQjr+gMQ:TBZiZdZA1R+fctQXmvmlmZmzmWmXm3mk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077413, "uuid": "d3565810-8ee2-41c1-9395-5f25f758c638", "value": 140936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077413, "uuid": "5b1db7bb-b804-469b-bcd0-ae3c2d17daa6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077413, "uuid": "b0bed434-74e4-47f1-8cfb-9e95e37a1cc9", "value": "GREENN VALLEY PO REVISED NO363846348.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f07e1fae-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068581, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068581, "uuid": "d8a2cc8e-1cc9-45ed-9638-f37b695aa00d", "comment": "Malware payload", "value": "1b9e9d90136d033a52d2c282503f33b7", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068581, "uuid": "4d78b560-8634-4b1c-af71-8d6687a98bdc", "comment": "Malware payload", "value": "e7b76e11101e35c46a7199851f82c69e819a3d856f6f68fa3af0636c3efde0ca", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068581, "uuid": "509e0ace-7d8b-4be9-8d7f-2726185c63ee", "comment": "Malware payload", "value": "5ae3bcc14ca300d17abd3b8fe297795fa9a02db5", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068581, "uuid": "d9c6c4ad-b90d-4781-a6d1-4b18c2ec1fe6", "comment": "Malware payload", "value": "1c83cd5d1fe4e19927ad11fcf9178c0b71e02d8c296994920b73c86dada39e6e2da52b1313bda3077c7e15b9512ed16a", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068581, "uuid": "bab36b90-4960-4ba2-8462-fcb6c28806fc", "value": "T1E1A47C26F580D877D0314EB8CC5BE2DED42EBA602D3964477BE41F4C9A792827A1B1C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068581, "uuid": "a0393266-df67-4fa7-b540-f5ad5f0e8982", "value": "1f83fc9c1de04dbfae9ad5c2e4dc0e58", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068581, "uuid": "7847134f-cbac-45f3-bb88-5fb98c584bdf", "value": "12288:pvqdWaEQg1vNg5FoK3+OPMcvHH2tHjLZqnuA/VSm:pidWblioK3+OP7v2tHXZ+uOVP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068581, "uuid": "1f56b740-5b71-4556-b226-bd724c6c3bd1", "value": 462848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068581, "uuid": "133b5e6a-3396-4151-809f-f173345b5a04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068581, "uuid": "b014c51a-806a-4e91-99e3-83d612cdbeb8", "value": "e7b76e11101e35c46a7199851f82c69e819a3d856f6f68fa3af0636c3efde0ca", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7060e8b8-321c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691080822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080822, "uuid": "cc05b1ab-4282-4fcb-8861-3476840d39df", "comment": "Malware payload (RedLineStealer)", "value": "25d035a712153aaf9fc3fd6bc23bf269", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080822, "uuid": "1a8b7fda-4bcd-43c9-b2c4-c22c9d49e080", "comment": "Malware payload (RedLineStealer)", "value": "e7f4ffd3c1bfd375c5cf1ad44721e7421b80846655a350a25d902d0db48c164d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080822, "uuid": "16971ae1-f9a4-4447-85cb-0b49f8ddc7c2", "comment": "Malware payload (RedLineStealer)", "value": "17b391af5adf45d3ced28496700506c630eaf6ff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691080822, "uuid": "7ecc0cac-44d3-4e83-a245-140bca901056", "comment": "Malware payload (RedLineStealer)", "value": "04fa841809d1bf632d73abb010edfd5e469d3b65c29617082d4b53164ad2d5dcfb96cebf70a0bd163894335415ba2834", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080822, "uuid": "8d135586-5d3e-4ce1-b462-4c779201d5ad", "value": "T1FCC41223EAD90173D5B1177028F702D31B35BCA26DB9932B2B01A95E1C73685B835B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080822, "uuid": "fbb252b9-d44f-483c-a3e7-9adc7f36c9e9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080822, "uuid": "bc4bd876-a75b-4bcb-8f21-4de18ea3687a", "value": "12288:WMr0y90a1KQ38Sb6Qk44RtcqRyZoCiWnkYKWGd:myN1V3J2QARzRyGCb3KJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691080822, "uuid": "32097c05-4bee-4e29-bdb3-cb109bc0b633", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691080822, "uuid": "9b92ea2c-fa23-4481-a187-345b4c56d382", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691080822, "uuid": "98bf537e-0684-4f24-a08a-2e8b66656b31", "value": "25d035a712153aaf9fc3fd6bc23bf269.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd5958ee-31d2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (XWorm)", "timestamp": 1691049275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049275, "uuid": "a80fc188-d066-419c-abea-690f7e951c03", "comment": "Malware payload (XWorm)", "value": "7dccfd816603f31309b243d2b66a9987", "object_relation": "md5", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049275, "uuid": "cbe29224-b846-4fbf-a2ca-8f1b25984bb4", "comment": "Malware payload (XWorm)", "value": "e8107d0a4bea46232f24631c246c90eb89d022c6c95d4cf968ed6edc8495fe04", "object_relation": "sha256", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049275, "uuid": "bfcf3280-b2c1-47d5-aa15-40a8257ce2d5", "comment": "Malware payload (XWorm)", "value": "3144b6209ee17f4f79941dcd6b58e4e4a00a1003", "object_relation": "sha1", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049275, "uuid": "50ba59d2-54bb-4661-957f-442aa644cb7c", "comment": "Malware payload (XWorm)", "value": "a1c65d94af607f7ca2d4ab1074500d63f490b69c7aac31462009673375f3f87fc5581a3f1af850889780cf9f20b4d1a3", "object_relation": "sha3-384", "Tag": [ { "name": "108-62-118-133--9734", "colour": "#6FAB9C", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "xworm", "colour": "#E0D5D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049275, "uuid": "1103ae98-2f7b-4fe9-8bcb-e71779a8d454", "value": "T1C5F05C3706163116FF27C175A115B380961B92840E0E759317AEC8657D825E5CBEB5FC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049275, "uuid": "d5beb323-bbb7-4de1-9980-4ddc009ed01c", "value": "12:weJCaq81kkGr5pYuDRN3L81kkGVX5lDQ981kvYAp5DFYRlr+1kVv:w/RrPYiRxbRxfDkvYAp5DFYRlr+1ev", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049275, "uuid": "3c296736-7268-4583-a870-04c8439de868", "value": 472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049275, "uuid": "06786c50-fe36-46e9-962f-e7c0f2820dbf", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049275, "uuid": "b3221b32-b3c6-44e5-9695-ff2f92482a76", "value": "enuvvy.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b15e6765-31fb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1691066757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066757, "uuid": "d15c7399-6dc2-439f-8617-ce5a208a45e6", "comment": "Malware payload (AveMariaRAT)", "value": "f3ba23553ad0411c937414c4de068c5b", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066757, "uuid": "1d68de7d-e9e4-4714-a9e7-4a113322e5fb", "comment": "Malware payload (AveMariaRAT)", "value": "e9a582ce8d2063276e85bdb527a49d2842a195f643a5e6a6d8fcb0cbbcaf5a12", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066757, "uuid": "9421d4d2-c116-4136-bd0c-c51842500190", "comment": "Malware payload (AveMariaRAT)", "value": "f7e64c20bfd8596b4641c8c962812a046429a9d1", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691066757, "uuid": "240f9da1-d3be-44a0-b2c8-ee219c9207ee", "comment": "Malware payload (AveMariaRAT)", "value": "901a34b4e6de5120a28536ebb55d8d24f1de958e0f08b9894933903e9534ba2daa6f7ebe512814f397bca483d60abea7", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066757, "uuid": "9a626db5-c660-4c60-b735-d2fcda7036d3", "value": "T14A951823BEA7D9A3F1581737D6DB043403A4DBB1B633D60B358B235918037AA8A49777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066757, "uuid": "2636c708-df1c-4cfd-aeb1-c8bb75df56bc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066757, "uuid": "d176c407-1ffa-4fd2-9f43-f85311f1b468", "value": "24576:4s0FnAEF4O4Xf+opgS0L96ajd14DYMkt/1OUrwVVoUc6Hmszp10ncC8C8+ZcjWe+:KSit/wUr4dc6HmlwaFtZjj4lFl5O3c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691066757, "uuid": "34f1bd62-cffb-4810-8ab9-58d0afd5fd01", "value": 2034176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691066757, "uuid": "4b350302-0858-401f-b71c-c371b7d1cf30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691066757, "uuid": "69e9800c-08b7-468b-a14c-c23669753ac3", "value": "SecuriteInfo.com.Win32.PWSX-gen.3506.1371", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca71b1c9-31a7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691030722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691030722, "uuid": "c65ba134-fa30-4a81-a4a0-e6729efdeb40", "comment": "Malware payload (Loki)", "value": "7ff84cbc78447f2a64fe47cd1a0a8d61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691030722, "uuid": "31b2978a-3bd3-4298-b8b2-2983095df384", "comment": "Malware payload (Loki)", "value": "eab752432f60f4568a56559c449f891bfa3e3327da4f05e7c496c6d2573da409", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691030722, "uuid": "f355ef19-73d6-47af-b5f7-87568781a618", "comment": "Malware payload (Loki)", "value": "48f5ec15812affd5fd4d4d49370871091fdbd4e6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691030722, "uuid": "f81f4ef2-acba-4843-995d-942bfb760dfc", "comment": "Malware payload (Loki)", "value": "31bb1d26eb64fb39e1f03c539be1d0caf6c7e1bf26656c4b0edd9382aed58c9b33a508972ec756a38c685c2991f26104", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691030722, "uuid": "adfc4503-624f-4c82-b57e-96aeb4b574cb", "value": "T1C505E73804780A12C135D2ADAAD4F513B7904F96721DCD5686C24FCA0AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691030722, "uuid": "9bde08bf-1bf6-40a7-9c11-f7e4f364b842", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691030722, "uuid": "0f5cc487-1c93-4c89-8c34-0aae289f5cac", "value": "12288:TEKaJdQsojOARAu9fBf72bS9m+ITqEmqTLS7:IMyARACfBfybGm+IT/27", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691030722, "uuid": "cebe0136-9467-449d-aa4c-0433746b6488", "value": 814080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691030722, "uuid": "c8967517-4ea6-4309-afb9-31fe6828b095", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691030722, "uuid": "390ef79c-1246-4e40-a196-0aea09f61384", "value": "ArrangedRemittanceCopyPDT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd9c1ce7-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1691068603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068603, "uuid": "fe38990f-f697-4cc5-8d2f-da92c9e675e0", "comment": "Malware payload (DarkCloud)", "value": "3aa58cca2ee4e3b9eab05037aa850c42", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068603, "uuid": "67dd01a3-383b-4003-a318-2bdb24e2fec8", "comment": "Malware payload (DarkCloud)", "value": "ec7fbfba6a5dad316f773f7d2124a2f6bf83d176b2aecb952ccf870bda0261f7", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068603, "uuid": "a1d15cd2-8ae3-4d28-9f87-b6462dcc720f", "comment": "Malware payload (DarkCloud)", "value": "72acc84e92447e13be39469ec023ea9e989a7ddc", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068603, "uuid": "6108061a-3404-4c35-84fb-d42baea7f44a", "comment": "Malware payload (DarkCloud)", "value": "44dedfb34a2ef3f1b19d93f967c9e4e1a414eaffd904c0d36eb3643fbbbba9ab14c9643b67b078e16bec9db51a8c3ae1", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068603, "uuid": "14ae244c-107f-484f-a736-cf2334010624", "value": "T1A5546C22F2C18973E1711E7CCD4BD3D95939B6201D286847BAF85F8D997A3923A2C1C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068603, "uuid": "c4afef47-14c8-4d51-aec9-314284a87e85", "value": "825edb672dd5a0e6c1d8ce120967ef44", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068603, "uuid": "0efc3cf9-bc35-424a-9158-b4b57e5e208a", "value": "6144:U7Km7qLZfal2/iByYKjSucIj4x9EsG/l:/m7qVfalyiByYKjSSjK9Et/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068603, "uuid": "a06075af-24c5-4fe4-9e2f-687fec7366ae", "value": 282624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068603, "uuid": "41c6c942-f155-4ab8-b261-bbf1dc4e731b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068603, "uuid": "240c2832-17f1-4e38-ad5f-f5886ca48ddf", "value": "ec7fbfba6a5dad316f773f7d2124a2f6bf83d176b2aecb952ccf870bda0261f7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18cdf19e-31b5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691036437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036437, "uuid": "6baf5206-72bb-4255-80d1-cb9ed815d18b", "comment": "Malware payload (Mirai)", "value": "d724d6ca33d8728434e8a62a1ba13464", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036437, "uuid": "5434892a-b9bc-43e5-98f7-a551e0d707a0", "comment": "Malware payload (Mirai)", "value": "ec83fcc94d1fd981d13c7e5f3318671f3c96e677eaa956c7c1df4de2444c326f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036437, "uuid": "468b8612-5696-4b6c-a63e-cfb5ab4b380f", "comment": "Malware payload (Mirai)", "value": "dcbf6712cc51e0a9a903e21733d4bc7d535226b8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691036437, "uuid": "54b94fcb-6eba-45bf-8086-1c523ffa978e", "comment": "Malware payload (Mirai)", "value": "b212f95ff0c085600c3ce6ef6a2107f682b53029508f7bdb6debe9e454ba935fb4536ff4c362035f3fe082a9e1c09b47", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036437, "uuid": "e41c0fdc-153b-4ee6-a9f9-c64a26c5cb9e", "value": "T128C3C63B67170E23C0CA50B101E34332AE75DF9B34B952D7AAD07D686F36A843856BD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036437, "uuid": "6477a27b-17b6-439b-8139-64578ab53783", "value": "3072:wsrp9xV+GZTZepNPhj+e3fSqPGL7ymm/QMurB1nKGNb:SMQplVGamm/QMurB1nKGNb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691036437, "uuid": "f2005a37-efde-4a4c-b888-575e6c9fccb1", "value": 129856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691036437, "uuid": "6c8e8bb4-ca1c-4d9b-806d-f0fb03ef5e0a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691036437, "uuid": "570019df-2a59-42f8-bfb6-3fdbd9aefd17", "value": "d724d6ca33d8728434e8a62a1ba13464", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bc5252e-3217-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1691078720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691078720, "uuid": "fc51058c-72b1-4422-9216-b37c47957865", "comment": "Malware payload (njrat)", "value": "3a64204d2b23e407761a1b08abb773fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691078720, "uuid": "55681a94-0f25-4b69-bba4-d5871b7cd1d2", "comment": "Malware payload (njrat)", "value": "eda8e0bd2b4cc55089ac0f090da85b368055d729cdb4eab90bc0a65e856f303f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691078720, "uuid": "6211c85c-a118-4acd-8c65-2608ee37e4a0", "comment": "Malware payload (njrat)", "value": "65c02ef44b4d43e40494d0e31ed03d8b19ecbf47", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691078720, "uuid": "ced2c818-36ca-48dc-af88-9e687c42126a", "comment": "Malware payload (njrat)", "value": "f8ab4dd7ad7feb9807a33f5001118e8748ccd25065f63fafb5a1e4686a00f2c8927ec27ee3d116e51ea66ce80fb2daae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691078720, "uuid": "4e034257-0a3c-49a5-87d5-030fe635dd54", "value": "T11E634B4877958A55D2BD2E7804F296518730E50B6D03F72E4CD170EAABB3FC44A42BE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691078720, "uuid": "e0efc35f-6336-4647-8971-2f57ac36bbd7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691078720, "uuid": "8bd39719-4d4a-401c-9ec4-f76516c6169b", "value": "1536:bZnyCIUoN36tXQviFw16sHsBnvbx9fLteF3nLrB9z3nxaF9bgS9vM:bZnyCIUoN36tXQviFCtMBnt9fWl9zBao", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691078720, "uuid": "c238c87c-58ea-46f9-bb4e-da2ac05075cb", "value": 67072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691078720, "uuid": "02b522f5-55e3-4546-a5ba-f0ea7049731e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691078720, "uuid": "fd9dcfa7-7b2c-4a7a-b005-1029815bfb31", "value": "3a64204d2b23e407761a1b08abb773fd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da485901-31d8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691051793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051793, "uuid": "29f11219-0034-48b8-ba7b-6331b0993fc7", "comment": "Malware payload (AgentTesla)", "value": "51c542804f7ff2ef816ce45cf87e5342", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051793, "uuid": "49684720-d2ed-4594-9210-02cecb5940ad", "comment": "Malware payload (AgentTesla)", "value": "edf942008f618033dc24b8045cb03715cba5e3037f5eee1019963c40ab072c7e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051793, "uuid": "292b5158-a34e-4dc0-9966-3970322b22c3", "comment": "Malware payload (AgentTesla)", "value": "d2e3d4d9c0b47c4a1910e1950bbf06be67c624bc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691051793, "uuid": "5aba1798-1a7a-4976-928f-c079056e79c1", "comment": "Malware payload (AgentTesla)", "value": "d7fb319442f24cbd3a622b8bdbfc42134b36c2a7a78fb75d678c100a0a069e09814b94fef1fcc044c87b44af4b50f313", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051793, "uuid": "4497a7d6-cc16-408f-b4e6-892cbf1b98cb", "value": "T17065E73804B80A12C135D2BD5AD4F513B3904F96721DCE9686C25FC90AD6E2E2DDBDEE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051793, "uuid": "b5b0c437-918e-4f6d-9c01-a5a82fa16803", "value": "12288:xEKaJ51l0cCdrgnwagzCgILWOQvKGxF7sZQNm3J3VPT9y51kVN22AX7w4:+QzCTLBQvKwF7sZQNI3FTA51k9m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691051793, "uuid": "3ee7571e-f1b8-47a0-887a-d51bc90b0c49", "value": 1441792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691051793, "uuid": "57265b18-cc0d-4736-a3fb-71e4decbf661", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691051793, "uuid": "86aa2b4e-c7cc-4102-bdbe-89b9d6613694", "value": "quot.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9724c1bb-31c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691045238, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045238, "uuid": "10fddbc9-5fbe-4175-a7ca-de13495c6058", "comment": "Malware payload (Formbook)", "value": "fd7015f8b176cb1ae6fc3e9c833b3a87", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045238, "uuid": "ea58e767-a000-428e-8a1b-9557d3c0e234", "comment": "Malware payload (Formbook)", "value": "ef4cde54d610d33229248e98f2995b24415ad98727d69ddff1458bc321c314c1", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045238, "uuid": "1bca55f2-8af2-433d-8024-a49d4fabcabc", "comment": "Malware payload (Formbook)", "value": "c6441a0f0672e5b8dee1cb25ffafd5f8d1596cd4", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691045238, "uuid": "403e71af-ddbc-402b-8168-9c8389b5e1f6", "comment": "Malware payload (Formbook)", "value": "9f69f83869f045e3d9330351371d74a41085a432333f742604027fdcc5dd70327e5c215f252669610bf1febf0fe66c5f", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045238, "uuid": "aaeb297c-1328-4563-a1a6-1333e6a4e64e", "value": "T16A3412E2BEB30491F80CBA804C0251A273BDB756C968D94A437DDC6FE9870C575ED1AB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045238, "uuid": "208475de-093c-4637-bc3e-52fae2394eb5", "value": "6144:2WhYQiTelePtWWbf4Y3tqpFNx0JZ3WJLUoW9:2qQeUPtN4ZNx8gk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691045238, "uuid": "d0797a56-6b6b-4587-b317-edf26c4da743", "value": 235470, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691045238, "uuid": "cd90cd23-169f-469d-9e57-859f8c79ad98", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691045238, "uuid": "53ee919e-b24c-4b6e-9ded-4150857e6acc", "value": "EUR 17,970.25.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e29b0d08-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068558, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068558, "uuid": "fa55663d-8caa-4815-973b-d19aaf199b9a", "comment": "Malware payload", "value": "452e948f431cf470fbbe842274795505", "object_relation": "md5", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068558, "uuid": "c3c2c3ed-4c6a-4d41-a8ec-a11fed05a4c0", "comment": "Malware payload", "value": "efe4dd6e9ec7f3d60a456a863d47a1624ca5354bd37f8a3a7c7a4dd4f68596f4", "object_relation": "sha256", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068558, "uuid": "9ab27c7c-f936-45b2-aae2-2bd02e979608", "comment": "Malware payload", "value": "d44de579895fc09710862a45f706cec07fe91f95", "object_relation": "sha1", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068558, "uuid": "88361f3a-6092-4ed4-9120-fa91dc3b01d9", "comment": "Malware payload", "value": "58dfa30db941e63fc6393636de3cc66214e57aea009d10554c9b00385f8232f6c2c7f095c8bfb41549e44a1baf790530", "object_relation": "sha3-384", "Tag": [ { "name": "darkgate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068558, "uuid": "0bdd73bc-63f8-4e28-a348-cd39a7902e9e", "value": "T177B46C26B190C477D0654E78CC5BD2D9942DBE606D2898077BF4FF0F8A793827A2B1C6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068558, "uuid": "0e506615-62eb-4cda-8d41-8bf32930fd5e", "value": "fb5ae4b5aa4e7030af93ab337228f91b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068558, "uuid": "b2ad32d1-18f2-4f58-be71-61e95727b1cf", "value": "12288:6IrqXlstKmmdtseWz9nwadGr7d4NysYs2iPR5hOAD5aaqnu3/tU1:6OksnmdtxWz9npdhNyY7R5RDh+uv0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068558, "uuid": "cda96a3f-5958-4302-9d62-e646a2754cab", "value": 516096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068558, "uuid": "7f02b465-0e94-46c4-8f04-b0b769c0f930", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068558, "uuid": "5adaf45e-a4ba-4b37-9ac7-75e2ae0d37fd", "value": "DarkGate.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42fdc582-3201-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691069149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069149, "uuid": "0c59d995-f44f-4084-91f9-24d94cfbd6cd", "comment": "Malware payload (AgentTesla)", "value": "690bca3a7bc4f216912a93d45a8fc99c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069149, "uuid": "9dd4ced2-0d89-43f5-8793-04b56a2a5ba6", "comment": "Malware payload (AgentTesla)", "value": "f25d6018d3bab1f7651937b7b8e618979ea3c45b06e42e3d93e8b59cac9d46c3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069149, "uuid": "764058e6-2723-4060-9e3d-ba897ad0c17f", "comment": "Malware payload (AgentTesla)", "value": "a41726e2ed5a428aac1f33033bfa8ad43bb2a95d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691069149, "uuid": "c494b38b-51c2-43b3-880d-9865592564e1", "comment": "Malware payload (AgentTesla)", "value": "0ef3fef6d4847cff06903890390049c2d7dffd49d34aa1a8b03b6959ef111fc2ba24b07d9f47517f33b193df3f7319d9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069149, "uuid": "c7a95d9d-ba6a-4f9a-91bb-33eab6b2f315", "value": "T195D412AB3E38BA65C80D473365560B0C035B6E8CFDE8F72B5D8EB299D7B32443221915", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069149, "uuid": "e17fcaec-9aed-4383-99b2-78ec9f9a0863", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069149, "uuid": "ae3ed52d-c5a7-41f3-b595-785ffe08b3ac", "value": "12288:bLqtZa+LNl7hKWWpQjdu4nmwz3WogzQwUjvrodJNi:b+tA+RE6s4nmwz3UzQno1i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691069149, "uuid": "2571e013-4f77-4757-bcb2-dd2d6b69b879", "value": 604672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691069149, "uuid": "79727dba-f1b0-405d-a797-12533030d263", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691069149, "uuid": "2ce969a2-54de-4ec0-b0c7-3cefa5f1888e", "value": "ChromeSetup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85a981b9-31d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691049504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049504, "uuid": "5c17c1a3-7e0b-4022-b57a-9b56b71e5fd6", "comment": "Malware payload", "value": "c9568572ad1ba1204371e8595eb72fb0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049504, "uuid": "8acac131-f85c-4ca2-97bf-b3b71830e6c0", "comment": "Malware payload", "value": "f2da960e23d327d9ca8f1e2c1480666b43e448ce1950daafee8cdb4157f44dd2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049504, "uuid": "a9ba7121-2854-4c0b-97e3-2116c725c20e", "comment": "Malware payload", "value": "a60a4c6026ab3a3889e47bb2ccf59d87105c64cf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691049504, "uuid": "c6bf5814-1c3f-4e09-bf1f-b5ed65b1f385", "comment": "Malware payload", "value": "e9dda51851eed1e6ad2b88f693a7dc32a5c0fb61ef1dbf247ebe84468569defcdb24b221dd778ccc67c9653ab983c07a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049504, "uuid": "3206fe3f-9d7f-411e-84f9-a331503c668d", "value": "T162B41257EAE89437D87527702CFB02430E35BCA21D78D79A2649A98A0DB37C4B47172F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049504, "uuid": "9d612dc3-54da-4747-86c6-4d1bcea55f20", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049504, "uuid": "49877554-7c45-44f5-a704-f057ce29cc89", "value": "12288:FMr5y90OGGzXxk08ZAOg3BgBYCyQCxULzedZz1:gyrXkZng3KzrEmed/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691049504, "uuid": "ae7ef1f3-2ba5-467f-b5ef-306525314925", "value": 529408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691049504, "uuid": "856364ce-5edf-4e8b-9908-03ba41a2326d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691049504, "uuid": "5196192f-b629-4069-a504-b69095fb5425", "value": "c9568572ad1ba1204371e8595eb72fb0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9565fbc9-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkCloud)", "timestamp": 1691044806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044806, "uuid": "c93dc934-9985-4729-8bf5-f65a92ac87cf", "comment": "Malware payload (DarkCloud)", "value": "09cc09440f7e27c1e277867f409288c1", "object_relation": "md5", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044806, "uuid": "9d5d28d0-36e2-48fb-b591-815c2aa5307d", "comment": "Malware payload (DarkCloud)", "value": "f37044c7d35e640b023f3cdc034ad89cdd077a2e8967a9e62f887296faa57a93", "object_relation": "sha256", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044806, "uuid": "6c6e8603-300d-417a-8fd7-342e019c9beb", "comment": "Malware payload (DarkCloud)", "value": "c58c201035b7c59a846d983ee20c220bd5606ff5", "object_relation": "sha1", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044806, "uuid": "913df3e3-dabe-4297-accf-304b6625dd7b", "comment": "Malware payload (DarkCloud)", "value": "939614dfd4f562b9042699264f071cda600dec90b3538231bedf51847e812607587481e3c551d11d0473e9f69f07d822", "object_relation": "sha3-384", "Tag": [ { "name": "DarkCloud", "colour": "#D119B2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044806, "uuid": "cd8f8863-21dd-452f-a5e1-8b60e93ca1aa", "value": "T12D453A3804B80A12C135D2AD6AD4F513B3904F96761DCD5686C24FCA0AD6E2E2DDFDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044806, "uuid": "68ad6fd0-2f9a-475a-8fb6-e91788decaaf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044806, "uuid": "71b1bbef-9f25-460c-b9d8-455ed1dffbc3", "value": "12288:uEKaJhpx7v6OaEfQP6X2Zfntpknh225l4b2qBEoHcBTPgxfYQuC79ehtgWyr/Bh7:vrDfQCX2BntQ0BEeqVCG2WI5t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044806, "uuid": "6793dcc2-e8aa-4d2a-976c-45ab607042e3", "value": 1175040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044806, "uuid": "880a110a-9508-4b33-9823-aacc222bce5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044806, "uuid": "8b5aa3d9-029f-4e40-aa54-40e831151378", "value": "FEEDER DELAY NOTICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bad213a5-31c3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691042721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042721, "uuid": "2325a604-032e-4f53-a761-a272ffa4d3da", "comment": "Malware payload", "value": "df9fe95e3fd54568a935b92e25b88024", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042721, "uuid": "66ac43c8-dd39-4335-ba42-c5d5c98b23b4", "comment": "Malware payload", "value": "f3e6621928875a322ee7230ccf186bdaa5609118c4a6d1c2f4026adfb8e88744", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042721, "uuid": "d6086aeb-b60e-497d-8593-1e8bb8466bdb", "comment": "Malware payload", "value": "ff84a61688475d484daea4c9a096b0d23c0c3577", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691042721, "uuid": "63091efa-39ab-4582-8d29-08a5aad184d0", "comment": "Malware payload", "value": "5c8a29a49ca14720507b90490ab6b325c9f623b411807c1330ebfaf127e737f2bbbb3d4a5187a969be53a0f9e6580212", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "usrfiles", "colour": "#269101", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042721, "uuid": "a4510294-ee7c-4474-9eaf-1c8ca8638373", "value": "T1B64423366540BCBDD0E84A39887926EA3106CA557B84F2BCFD46FF6A71E414E8B2144E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042721, "uuid": "145bcc52-dfb9-46f1-aad1-108ef3642763", "value": "6144:LCMe3GNL3oVb9Y2rw0oC/8xDBs9OJyLcLvuo7Tg:LFj4Vb9Y2rIxSayADuo7Tg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691042721, "uuid": "8bdea629-4f58-4e2e-a640-b333fe89589c", "value": 276153, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691042721, "uuid": "92a62fe7-e06d-4c01-b5a5-113fb494bc9f", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691042721, "uuid": "85d8e48e-676d-4b75-a249-c9d4d191b035", "value": "Details for booking.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eef16161-3190-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691020904, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691020904, "uuid": "f0d03a66-3b7e-4a93-9220-353104637d55", "comment": "Malware payload (AgentTesla)", "value": "5fdc0483b87af933bb337c9865007ca3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691020904, "uuid": "f977e480-1918-4117-a740-e80d51b1f390", "comment": "Malware payload (AgentTesla)", "value": "f5751d89bc6f15c3ade6513d3cf44f92a25e8cd25d2f5ad239b8c44f8f732cb8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691020904, "uuid": "2f15e04c-5ac4-4122-b0e3-d4e0f5adb8b2", "comment": "Malware payload (AgentTesla)", "value": "17174970d3d02dd8a10de06074e68cfbfa7c234f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691020904, "uuid": "e1f65b5a-4413-4597-9338-61ae7b974def", "comment": "Malware payload (AgentTesla)", "value": "63d806931f567f0440c4662ed623c425fa6763e501c443503fcb075e41db26f0768e984e126c01956ffa8b3479561e2f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "unpacked", "colour": "#9FA24D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691020904, "uuid": "8ff31034-fbc7-44df-9af0-3deebc584daa", "value": "T1D844E0037E48EB15E65C3D3782DF6D2453F1A4C70673964BAF48AEA52941283AC6E37C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691020904, "uuid": "a8123bc7-74b1-485f-be77-e6337fce151a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691020904, "uuid": "175c0d45-a560-4c91-b360-c8a676affd7e", "value": "3072:fxAhSS1M+CsPw2y08ybzP+blCYejVtKXWT:ZARhPPw2y+bzPe1gVtd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691020904, "uuid": "ac17f242-d5cd-470c-a2a3-6b54d1baf2d0", "value": 270336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691020904, "uuid": "5c2eaa80-71ad-4e64-b156-0b212220f321", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691020904, "uuid": "7d92d4da-e9f6-4f92-99b7-15972e784154", "value": "agent_tesla_payload.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60ea6b46-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1691077360, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077360, "uuid": "c314ea21-5467-42aa-89d4-0ef6de8b4723", "comment": "Malware payload (SnakeKeylogger)", "value": "aba5cc62cc5479e1f5f5c733d750520a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077360, "uuid": "b3e807e9-aeb2-487c-83eb-e35968b07087", "comment": "Malware payload (SnakeKeylogger)", "value": "f6bdba555d1356168f7f1581949ab5ca8d6b20e9a6495e0cfcef8d3b129638a0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077360, "uuid": "bf86a33a-ddcf-4051-a14e-d67fc7f97ea7", "comment": "Malware payload (SnakeKeylogger)", "value": "02670702f7c840e382edabab7933b5079112b2fe", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077360, "uuid": "f093fcba-f1c1-4cf6-bef3-b6f70ee22d9d", "comment": "Malware payload (SnakeKeylogger)", "value": "663a489b6e35b08f5701d5a4f049c2bb5529bc4bcd8c353495bf802d6b14754663e64a1eaa018299494adc6590f703ef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077360, "uuid": "32c74033-4fda-4089-a3ac-05131fc5c41c", "value": "T17405E73804780A12C136D2ADAAD4F513B3904F96711DCD5686C25FCA0AD6E2E2DDFDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077360, "uuid": "f5ad5e39-e0c9-4c4a-b60b-8466496f00aa", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077360, "uuid": "fd1bef05-dd32-4369-b9d7-6e4e81bea476", "value": "12288:QEKaJFds+DAOBwjoe1qtWiRW95ZZUiGTrj4z1/c7:5dYjoeYWJdZvd/O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077360, "uuid": "9f670787-ceb4-4084-8fcf-9737f3025beb", "value": 848384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077360, "uuid": "9161e96c-2e6c-403c-af20-bea7545e9ee3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077360, "uuid": "758566ac-da6e-4efa-8370-d7d396917386", "value": "revised_invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "678a6651-3246-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1691098846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098846, "uuid": "af2c42bd-4dc3-489a-902a-01a16cad2c4c", "comment": "Malware payload (Mirai)", "value": "aa7db3c92ef613e36bca1d9d1b977f79", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098846, "uuid": "8f3407b5-b6ee-4655-965d-576693e8b3bd", "comment": "Malware payload (Mirai)", "value": "f727a2d45fe1481f5c18411c90997de17405654af26ac0a76f84de77dc977926", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098846, "uuid": "51070a12-1b8b-466f-8294-9557929bb495", "comment": "Malware payload (Mirai)", "value": "4334401fc6fd0746295589fa1e193efb2718a7c6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098846, "uuid": "17c9fda9-9841-4c4e-a4eb-1504f4dd18dd", "comment": "Malware payload (Mirai)", "value": "f7185997be6f843f9e539728d7fd16eca0022b90fdce7576b8bb01839e355b915e1b2f96df25f577831cf612574fbb3e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098846, "uuid": "ec37dfd2-d173-4f69-b451-d82711fb5634", "value": "T105538D75D11DAEA8C0414AB4A9198E705F13E4C046733EF7EA9587A68443DBCF858FF8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098846, "uuid": "7f0f36b2-2a90-42c2-8b27-28d3bd07e6bd", "value": "1536:ragXV1f1Fl/wtknCPQauiufs3Ii3O/qyD6EZeCc:r57f1b/0QHf+Iey6EZe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691098846, "uuid": "be61a8e2-08d8-45ae-8a58-84bbbcc30129", "value": 63480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691098846, "uuid": "6f3b15d8-c72c-432f-9900-e9319cd9f9dd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098846, "uuid": "fabb06e0-3de9-4c55-8e8c-499f79fd0a5e", "value": "aa7db3c92ef613e36bca1d9d1b977f79", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9206d408-3243-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691097628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097628, "uuid": "da6a47aa-d29b-4959-9837-26a8daae209a", "comment": "Malware payload (Amadey)", "value": "7fcddfdbb4274641fe030b6ecaa763f2", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097628, "uuid": "cc2b9ab8-8354-4e27-ab6e-24a5e9e5ec97", "comment": "Malware payload (Amadey)", "value": "f88735003a9e85845e0360e13dbdcb05fa3a4d6d1d486d1d4445bd33ea435ff9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097628, "uuid": "f59690d4-b509-4d6c-a1de-8798502939a9", "comment": "Malware payload (Amadey)", "value": "eb5da7375ddc26af5bbe08f94f5e69f13c12a49b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691097628, "uuid": "68eefb9a-405e-4b0a-8255-c12881a805fa", "comment": "Malware payload (Amadey)", "value": "a2f966b8783d134edf89e0fc82bded36d76b96512008baf24eedee792cbee44c45b9b46904fa6076c9977bd66363930b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097628, "uuid": "e6460f73-2bee-4483-90d0-e3e16cc1e69b", "value": "T1CEC41217E6D84163D9B217B018F611530F31BCA18E69822F6B81996F1C73BC8B97277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097628, "uuid": "b2fbefb4-a61e-4765-af4b-c0d60518711f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097628, "uuid": "50670f77-8cdc-47a6-b6f3-e00307279b88", "value": "12288:9Mrgy90GGZEIrNqwMH/uPepQ00iHOy82giSTT:1ypeNqwMfIep10SOyDgfTT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691097628, "uuid": "ebff1c5b-f768-49a0-a79c-7476011904c2", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691097628, "uuid": "c0370254-be03-418e-93a9-80747050a677", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691097628, "uuid": "18b16dd2-5632-4142-baf6-64d8ed212d6d", "value": "7fcddfdbb4274641fe030b6ecaa763f2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6edcdec-31c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691044862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044862, "uuid": "d4e51a5c-4f6a-49bc-a2de-91c111a27c22", "comment": "Malware payload (AgentTesla)", "value": "91cd93fba6b81b52a33be26725648ea3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044862, "uuid": "9dd11441-a72f-4c7c-b403-a19472b33db8", "comment": "Malware payload (AgentTesla)", "value": "f96299e1c7579d62b11c5f2699e9a15bfe3d945b74c30e1bdf986c3ab60f23f1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044862, "uuid": "a659036b-612a-4494-9d0b-b94565438656", "comment": "Malware payload (AgentTesla)", "value": "619c1adc65cc1e7c9cca4b7a9c38c471642512d8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691044862, "uuid": "69c697ce-d324-4bab-8c28-4c9ace1d00a6", "comment": "Malware payload (AgentTesla)", "value": "830e4b7a69de064ae4e984747f2a3a3e22ed4aae54bd00b4ed4bc1fdd314bc4f0453eb3b9557858601b10af3cba77a5d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044862, "uuid": "2df18bcf-f5a7-4084-8aef-7d3361c03116", "value": "T13115E726417A60B7DF197ABC5E23D83A35D96B40B1B6E198B72F28C3C5C61120D3B7E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044862, "uuid": "90a080d7-d6d2-4900-b28b-172b4adeebcc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044862, "uuid": "8bbb5175-9e55-4091-b666-d9316e717984", "value": "24576:Z3LpppNpppppoOQpppNpppppoOiuayAeUHe5vbZtNLS:ZqO7OiAAe1l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691044862, "uuid": "ca680217-37f8-44f8-a938-2d9234f4935c", "value": 898560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691044862, "uuid": "811bf09c-7a7f-4b00-bd7f-e414e01df179", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691044862, "uuid": "128902fc-dca6-4389-a57b-c74fbdfec0ec", "value": "Order # CCI-12623-28830.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ea74459-31c0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691041144, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041144, "uuid": "05ee012b-95ae-42f8-afc8-fd996e450987", "comment": "Malware payload (Amadey)", "value": "f06f0f0288cdc3abca062037eed25964", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041144, "uuid": "61f36233-47c9-4db1-83b0-57a0248135a3", "comment": "Malware payload (Amadey)", "value": "f991e808ed44c731fea1758fd6a275ec4e3ee66a5a691dbf1f9414a5faa144a1", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041144, "uuid": "aab71798-3d24-47c5-9e85-27761b67048e", "comment": "Malware payload (Amadey)", "value": "0b13302622c80b36385bedce93b999081ed20d87", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691041144, "uuid": "d6c3eb37-1bb2-42c7-baeb-cceba6f6220b", "comment": "Malware payload (Amadey)", "value": "15febe250bd5f013b555157f56b9f87d2054aeb0c9e295e965635d7bfe81bad44fe705a46c0eb65ca04f64ea9f8815c8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041144, "uuid": "7810598d-c093-4e59-9239-332aff974339", "value": "T1E5B4AC9823787369F1C19929D8E50EF2DE7D25097A13F7AE44E2A26D0D319C5D383A0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041144, "uuid": "953b17b5-e817-401d-acd9-2341b99a11ed", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041144, "uuid": "0051ff7b-1e35-44e6-a757-e4042d7da950", "value": "12288:OnDOS1B4EjNHiBWOB3o5GzxUiuJZHOifD:ODOojNHi0Mo5GzCTJM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691041144, "uuid": "dfe0bec7-61ca-413c-ae7d-a630fa81180d", "value": 508928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691041144, "uuid": "5ebad598-9625-4fb9-9b74-d56f8fee167c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691041144, "uuid": "c0b1a7e6-f5ce-45b1-87bb-783daf7deffa", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5403d0a-31ad-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691033236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691033236, "uuid": "b00c024e-3f52-423d-aba6-6652c9bf68c1", "comment": "Malware payload (Formbook)", "value": "d8b162a0ee3fa1231f4c1974ede9d4fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691033236, "uuid": "46859460-8961-43a5-9082-f71baea0a079", "comment": "Malware payload (Formbook)", "value": "fb6d0c9f8246ae9fafae10a3ed496220f6b2803e454a1da51f07a6dcda5df7b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691033236, "uuid": "211dedcb-6137-4215-a7b7-122f0067a8b9", "comment": "Malware payload (Formbook)", "value": "1cc5c40e0535ebd54440e1fe917d2d740aed3537", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691033236, "uuid": "0832d1b0-ba53-4b6f-9eba-5672f22f1cff", "comment": "Malware payload (Formbook)", "value": "01028b220d95bc8136aa3f0cd68c276cb50256931322cdaf63ddbc6f3a73d3de35dc3c3c94423dad0cc9d7b5482e6b91", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691033236, "uuid": "c9bf61c4-538c-4eab-ba85-0b4b9e081b79", "value": "T14115083804B80A12C135D2ADAAD4F513B3904F96711DCD9686C25FC90AD6E2F2DDBDEE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691033236, "uuid": "b043fa05-d858-48f7-8307-6df3c9d8ffae", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691033236, "uuid": "d4b9541b-a14b-4f0d-9a37-ca809e642975", "value": "12288:gEKaJPW5ZkAtuflksVk0xPapCPW8CIlqFDz5N1qoGSxLH/a3i:jlVk09aCRCIlqd5N1qByb/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691033236, "uuid": "05350812-d86c-4009-8321-38fe7e949f14", "value": 907264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691033236, "uuid": "8820f2f6-a36f-422c-8f00-9ee3c17c4b4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691033236, "uuid": "2eb2a213-c50c-4b16-9f56-0e347e23685a", "value": "SecuriteInfo.com.Win32.Malware-gen.9919.8426", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56cd18a6-31ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691068323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068323, "uuid": "fcb5940d-ea0a-4e7d-96c1-70b7dc7d2d5d", "comment": "Malware payload", "value": "f9da6808a957944d909ca342cfde42e6", "object_relation": "md5", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "IRCbot", "colour": "#70B70C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068323, "uuid": "1665bfb4-7ba2-40d4-8729-a453a83b9925", "comment": "Malware payload", "value": "fbcf5503e6bc2fdfc93a02713303bc0cab950e3012fc18544e2abc7e761a37bc", "object_relation": "sha256", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "IRCbot", "colour": "#70B70C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068323, "uuid": "a49396a5-d798-403e-bb9b-d77e99efdaa2", "comment": "Malware payload", "value": "b9adfe2f4aab3905112215e8c2892afeb3fff289", "object_relation": "sha1", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "IRCbot", "colour": "#70B70C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691068323, "uuid": "3096704e-55b8-4f1b-a7c4-cca3ef0d9a4f", "comment": "Malware payload", "value": "ad9fe9aad6516baa78c28220f533f64fc2d34c1f029376e802fc08072cd18a11eb912f5c93240ef3b2ce76e703858744", "object_relation": "sha3-384", "Tag": [ { "name": "backdoor", "colour": "#D18BB0", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "IRCbot", "colour": "#70B70C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068323, "uuid": "ec3bc803-7174-46e8-bc0d-2bb770474fb4", "value": "T125736B56F5C29472E12189FE4C0FE671D46A3F303F39256BBAE64F0958B8AC16E1D483", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068323, "uuid": "5b5fb598-86dc-4969-8155-767ebdddb8c7", "value": "ce59102490ad7a9e8f7935de71edda59", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068323, "uuid": "a67792de-9720-4664-8b21-6442a627681f", "value": "1536:ZWgf+T4ZbPCFhhBQ/S2TD4Rj9wsGgTZEw:ZWmrZzSvua2TD4Z93GgTmw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691068323, "uuid": "8d2dfd03-28b7-4f80-a0a4-0da8b63138a4", "value": 79884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691068323, "uuid": "b4b3e687-3862-4e44-a137-324be0e85a60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691068323, "uuid": "a2bb6085-02bb-4f86-b109-75e7273c9f8c", "value": "LuN7GqL.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d0fd66e-3231-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1691089916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089916, "uuid": "9827943f-0b95-4136-b8e9-5482b8f745bc", "comment": "Malware payload (Smoke Loader)", "value": "892f809cc55547c77cb06de196283340", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089916, "uuid": "d1890f71-765a-4246-b292-9c00cf9f472e", "comment": "Malware payload (Smoke Loader)", "value": "fbeaaccaa20daeb7e6bedae3a651dcc34f6bb55d382827a867627497da0fde07", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089916, "uuid": "db964bf2-6fa4-4b9e-93fb-660661661eac", "comment": "Malware payload (Smoke Loader)", "value": "6cc46eb5fd6360c55f7f8953c4dd8b8ef2cc2fed", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691089916, "uuid": "9985e26a-589a-454a-9c77-a4ef99fa2cee", "comment": "Malware payload (Smoke Loader)", "value": "1fa2512a0c15688a87325cc738805e4d688b3e69c29ac1e76fd7fd5f43e361d40a80d5dd4f4b19f2f25526d5c64ccf06", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089916, "uuid": "5ab514c2-d2bc-4865-b9bd-d31bc14a9980", "value": "T10D549E127291D872D6264A358D1ACBF46A3FB8708F596BC777443B2F19313E2DA72342", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089916, "uuid": "5670d76b-aadc-48ec-9389-7ea23f51d5f6", "value": "724ad9571755841c2e0f4aa3cd09706a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089916, "uuid": "58887c1f-7aa8-4108-9e3c-1716f77907c8", "value": "3072:g+KCiHyfoSA0MCLJwaRnxfIReI2tBJTrDPVNeO5fBEauGHKp8WaUwwY3:xieot0MCLVRnxbI29TreO5ZPuD8WXO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691089916, "uuid": "338f598b-ba1a-4a69-a3e3-bb0ab06a3d39", "value": 286720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691089916, "uuid": "2b010a61-4abd-4645-8080-ae00522be469", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691089916, "uuid": "977acacd-1c53-4155-bda3-49e88e57016b", "value": "892f809cc55547c77cb06de196283340", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42d5994e-3221-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691082893, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082893, "uuid": "9bae5825-7f94-4560-a7ec-4d59496a93bf", "comment": "Malware payload (Formbook)", "value": "b661633cfae6e392a3994073f6efc706", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082893, "uuid": "f06f1b2d-fa34-49a5-94c4-64fbe477563a", "comment": "Malware payload (Formbook)", "value": "fbfd173952479920e0f3a8aa41bdd2faea86d2de9a7080a023831e4769c94468", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082893, "uuid": "167927d3-a9b3-478b-b356-e0ee3040b714", "comment": "Malware payload (Formbook)", "value": "a81a13005df44e605ef3e17c05adb77b009cf774", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691082893, "uuid": "5e1337b8-8b3e-46fd-91d3-d9d8d4078080", "comment": "Malware payload (Formbook)", "value": "89c5536ecc41fa5600ede1cb7c26d6146dcc2edbabb39f726d4d1a8c64a0bf0a0f4541b50a20f1ec733bb75627f3e1be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082893, "uuid": "051d0f75-d33b-4a83-9c7e-bd4585bf859a", "value": "T125C423B3719DAD19CC4E927D59E35884133BAA06A4DBF6397DC831ACDDA6304B03213B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082893, "uuid": "0cd832c7-01a8-4123-bc3b-cd712ba4ee77", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082893, "uuid": "f58e2bc7-6af8-4377-bced-4d50f17bddd5", "value": "12288:xqDU6pqFdwBg8HT4zoYe1A5OTb8H8lrTDYnbE:gDRqMBnzFh1A55H86n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691082893, "uuid": "96dd250d-6114-4c14-bf07-cd0882c18664", "value": 558592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691082893, "uuid": "a81926a4-9f60-4dd2-be9e-1361f7650b21", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691082893, "uuid": "4f6d420f-ac9a-42d9-b1cc-a57e3e0cd995", "value": "obizx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "324de745-3245-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691098327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098327, "uuid": "7db18e80-3be8-4020-9621-19cd7d84eb1b", "comment": "Malware payload", "value": "4b3728f68b146d7b7cd75e4ac161fc4c", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098327, "uuid": "ef978de9-623a-4588-846a-bc947b179339", "comment": "Malware payload", "value": "fbfec78acd4e7bdd01056de5d866e26db68430bbdc3e0c58f7e123f5b1f3edbe", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098327, "uuid": "e6ceed5c-e181-436a-ac7c-3ecd4f596e66", "comment": "Malware payload", "value": "b95894e6a33acf53d3de7079d69eab143421d87f", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691098327, "uuid": "8ba0d46d-b0e3-4859-8075-53c599cf8385", "comment": "Malware payload", "value": "f13a96997b63085eef58b6207da5ff351b3879886c400882fa746e8a7daaf53dbc6c30a4a41913840baa114cd2b74347", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098327, "uuid": "cabdc9e1-f30b-436f-8492-59180906ece1", "value": "T1F545DB34397A7C2443EBDA1334F14B961CE9564FD1703A3B199AD8239A346C265B22FF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098327, "uuid": "9bfdedd4-8d4e-4ccd-8a77-1a3eb860e4de", "value": "3072:E/eWIZx0EKj13RLwHBuxgGHIlfh9nXQ8sU7I6W7ERhtlTJ5v:E/Ix0EKjBRWRlE8sCWAzfJ5v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691098327, "uuid": "c0956109-c162-4bff-a893-cfd85cf82a20", "value": 1258600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691098327, "uuid": "05984c14-c862-40ed-b9ab-ea6ba2172b82", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691098327, "uuid": "b0418f77-00c2-4cc7-83d3-20e8eb84d993", "value": "consciousnessx.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b6bce9a-3214-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691077404, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077404, "uuid": "6e216c25-b4fc-43a3-8580-4008d5772ed4", "comment": "Malware payload (AgentTesla)", "value": "334e9087cbd4291ddd9a8cbef5405551", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077404, "uuid": "ed0dae02-ac5b-4d62-afc5-1af857c1601d", "comment": "Malware payload (AgentTesla)", "value": "fd272b82f6a8bba4cf146ca17e16030eee6bca8df4dc58330a3721dddd79a43e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077404, "uuid": "16b51a15-e53c-4b35-9dea-a21f3b2ac9a2", "comment": "Malware payload (AgentTesla)", "value": "07e64f77ebcb3871043a7bc89f3ad1595e5325bf", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691077404, "uuid": "966eb15d-6bd6-4708-8da0-a6d795884cc0", "comment": "Malware payload (AgentTesla)", "value": "875dd0923c44fa24b1538cfa7d6f647b019839f78dde1106229172f05fdbf3c151c9b56f91ca564da2a4f8983c7cecf5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077404, "uuid": "6a27f2b0-3adc-4997-81d4-2c80fbce7da4", "value": "T1ACB423B13BBC47ADCCAB0BB865A5D21403195F52A2EEFA29D9D730CC6DC3305E601B19", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077404, "uuid": "96bd6d14-a981-4f90-8c83-849de50d0f9f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077404, "uuid": "80696a46-f2f7-44ed-b252-816c5da0069e", "value": "12288:cqkezt54uIFuMPbu4yMoA1IjtJ2ENKeE2Q745Z6:ZkeIuIFuM4A1Ij32iKr0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691077404, "uuid": "2224978c-13b6-4015-8ec8-8906c749e109", "value": 539648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691077404, "uuid": "a640704f-0252-4d0d-8223-62d333290981", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691077404, "uuid": "87b16b83-34a9-4f40-8b3d-02307f3c2b34", "value": "e-dekont_html.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }