{ "Event": { "published": true, "date": "2023-08-12", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-08-12", "timestamp": 1691884981, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "51ada8aa-6e61-4aa3-9119-7cb66cc595d8", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3b57695-38e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1691826085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826085, "uuid": "6b081287-d641-4f6b-8203-9020b5f7c6cb", "comment": "Malware payload (NetSupport)", "value": "ed2bf80368fac8647f298dad4e0127aa", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826085, "uuid": "81b44db4-4c08-42a8-8f58-8f48fafb2e88", "comment": "Malware payload (NetSupport)", "value": "001d9ce7786cbc6889e98703964f7904c7659fc891cddf4d5a25279c6f74fd5d", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826085, "uuid": "8bbd5b8c-c27e-4ab3-bbb0-eafca6f0a143", "comment": "Malware payload (NetSupport)", "value": "562e418fa0166f2146ae3434fbb4fcc1405859b2", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826085, "uuid": "ac062c87-789d-4cb4-b603-fca142346e38", "comment": "Malware payload (NetSupport)", "value": "de338f1792f1b56101e7ee9be1a3f135070c55ad95ae4ac93e6cf38a4364b5a324ff1f97e44323d25e2a51fb9e4e5819", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826085, "uuid": "f23c2e8c-ca73-4c31-9e37-a0a27eea08b2", "value": "T1981180181AE60715C6F18F3944BF630AD977BC43ED638F5E15D583CA1828A11B829E3D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826085, "uuid": "c79ac9ee-ec0c-425f-be01-c05bf5b51dbf", "value": "24:8AkJOglP2CQwUuAKO+/6ixbEDqQKaWMv1dab/2XT:8AkAglPQL1BixK20vjab2j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826085, "uuid": "7b4f8dd3-bc9f-4450-8ff1-336776b02efd", "value": 1048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826085, "uuid": "9fc7c1c0-1fe1-4d28-9396-32d0e65984c0", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826085, "uuid": "65e7a917-f536-4e19-9e85-d9b77cb7b918", "value": "ed2bf80368fac8647f298dad4e0127aa.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8428b72-38ab-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691802067, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802067, "uuid": "8ac83601-c088-456f-a352-1c616409462f", "comment": "Malware payload (RedLineStealer)", "value": "2daee1166df28c69487ddb0cb4351a35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802067, "uuid": "e6a3fc7f-6710-4251-8230-106906901d7c", "comment": "Malware payload (RedLineStealer)", "value": "010c9cea2ff9654508fdcaa62c724f62160d3b147629e50292a50d5be24b729c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802067, "uuid": "15216859-85e9-46c4-a0af-eb17be906b5c", "comment": "Malware payload (RedLineStealer)", "value": "161972fb8338702c9e0ce171cb435a43a1016bfd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802067, "uuid": "991c8256-f8ec-4ec4-a152-5cc67627b6e2", "comment": "Malware payload (RedLineStealer)", "value": "c8e4fbcb6d27c25c1ff96c8a2bc3ccd20031a39330159782d62de6b3e1439948e4c5737d10c2b0ea6f1142a12aca7d11", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802067, "uuid": "41f4463e-e309-4973-b016-9950b497f4b2", "value": "T1A2D41213B5D84472E9F9277019FB03D30B3A7C756DB4936B2786985A1C73688E932B23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802067, "uuid": "c14cbdcf-c755-4607-b716-b0d690e235de", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802067, "uuid": "804a6fcf-eeca-4198-b097-fc6dd6d3d14c", "value": "12288:HMr+y90I9gj9mg1FZqWzJv5J9GV5aq9iLlwE:RyJyjfVDzJv5J9exi5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691802067, "uuid": "78f0e070-3df9-4f7c-91a5-f18dca2f206e", "value": 613376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691802067, "uuid": "999315c8-a6f6-4189-8b5b-9c7a96ba6cbc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802067, "uuid": "91b5f609-afe1-4d98-ae9c-555b968c2f9f", "value": "2daee1166df28c69487ddb0cb4351a35.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e02e32f9-38fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691837782, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837782, "uuid": "6e1283d6-41c0-41b2-8a05-6882951f5816", "comment": "Malware payload (Amadey)", "value": "56a63d1bcfba7976bc4c3e014a548da8", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837782, "uuid": "4909795e-7bda-4de2-b3c0-2a3d928d663d", "comment": "Malware payload (Amadey)", "value": "03ddcf4dbcc210020ef23839626f15cf69ce9145bb61a7ea3b6626d49ab35b53", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837782, "uuid": "67755e6b-287e-4dfc-9a87-3ac66e796cea", "comment": "Malware payload (Amadey)", "value": "8c2a2d0bf7c0f359a62c530d0206c76d75603516", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837782, "uuid": "ae3e3f6c-12ca-48d7-a5bf-f1f2be6a833d", "comment": "Malware payload (Amadey)", "value": "a2928f4b87551bbaa0fa75e09fecadd905612d559333d091377b3b25a78cf223564a1c51f4ab788d831b169c6f922f45", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837782, "uuid": "04c4daae-fec0-4d96-9b36-d72d42312fb1", "value": "T124F41252B7E84562C9F91BB05CF603D30B32BCA15C74835F674598AE0C33A95A4B277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837782, "uuid": "66de445a-3f2f-4d01-9834-feb5215fe297", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837782, "uuid": "6bac9725-4ccf-42ec-a339-e72ed4c78ead", "value": "12288:TMrWy90U1UcbQl7ljXMruisqyNyweTuMEohz6JpLCcBN/VWoqpT6wIpxtd933cFk:JyHUd15w5weTuM1F6HCcBhQoahOxtzIk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691837782, "uuid": "6ef1b9f3-c6bc-49ee-aaa8-eb3dbe9a867b", "value": 749056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691837782, "uuid": "8892b33f-a675-475b-9dc6-5be80f5396b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837782, "uuid": "97adfec4-c6de-429f-9253-06dc73a82012", "value": "03ddcf4dbcc210020ef23839626f15cf69ce9145bb61a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d13085bc-38ad-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691802968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802968, "uuid": "dbaaef0a-0e5c-4ad1-8ae0-8129be0659f4", "comment": "Malware payload (RedLineStealer)", "value": "eac99e95d564c2fc80b7134df658fbfc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802968, "uuid": "8dcd97d4-9f62-4dbe-8d30-edf904e5686f", "comment": "Malware payload (RedLineStealer)", "value": "041ce1c21448f5db6c7bad53f1b3aae0c32d8af9d89ed326b1558a03de8b91d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802968, "uuid": "61151eb0-ce1a-4bf7-af1a-6f001384e542", "comment": "Malware payload (RedLineStealer)", "value": "9b0ea45063c064765642350ff10f022c56e9d9c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802968, "uuid": "0668ce09-5836-420c-800c-cdfa437c4dfc", "comment": "Malware payload (RedLineStealer)", "value": "080432b2c0645c832a28ec2d93edc03ea34af7b05cd27847f467d58d735adc5ea21ad301d26b74cbb6c0beafebefccfc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802968, "uuid": "817a9a7d-86ed-406f-82ae-6ed08e90c3a9", "value": "T150F41253B7EA8476EAF10B7048F7179316397CA09974C2AB2782C89A5C325C4A83577F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802968, "uuid": "57b526bd-a7e5-4442-9135-71a9ae6908f0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802968, "uuid": "126c42d3-af44-41c8-b27c-fb2211c3cc76", "value": "12288:RMr6y901Eko7qwsY/dm9q54aZid6y5mTI6ULTZtOBdY97ZKKn2i+pbdvz/amW:Dye2T/qp5VLdtydY9cpZpp7/W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691802968, "uuid": "57965a41-a0b9-42a8-8292-87dd7e8246b2", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691802968, "uuid": "e57b30bd-fdc6-492c-97b4-2c4038fbdd6e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802968, "uuid": "3ecdf975-b915-41f4-a118-538926c8aaea", "value": "041ce1c21448f5db6c7bad53f1b3aae0c32d8af9d89ed.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f8086165-3900-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691838681, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838681, "uuid": "98f44b4b-3ba7-4016-9114-42c73308df7f", "comment": "Malware payload (Amadey)", "value": "1f5358a71daeca892c4a0ca51deeab59", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838681, "uuid": "907a22d0-6341-4829-b752-f11efe6d3ea3", "comment": "Malware payload (Amadey)", "value": "04f3ab99a5a992bd395341338b5d66d94ea48930863540d061c899a27b6a2e6d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838681, "uuid": "3c45b191-43ba-4185-9f46-7672b6282146", "comment": "Malware payload (Amadey)", "value": "0af649abc3c4701a587bf2d680248a535f149e82", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838681, "uuid": "08cbf92e-b425-4b00-b945-042a8ffdd7c6", "comment": "Malware payload (Amadey)", "value": "1f1fd44363216bcf07241127c269be2d2cf98ec01919144db8249a55d9c4274ec189b340fa046bc5547611e09bdc6881", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838681, "uuid": "496a33fd-7436-4e25-9771-cf9f2f72d6f2", "value": "T188152313A9E88433D8E96B7518F302C70F357CA169B8C29B6B81D9CE5C63980F57573A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838681, "uuid": "a32b8a07-1bc3-46d2-b84e-f154324a2c37", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838681, "uuid": "4f9a83da-9ebe-4b13-a6b5-84e87cac6053", "value": "24576:zyawq1MQhV2t360TSrqnZTaVygXcc33T0/v:Gawq1MqVw2ecyQ3g/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691838681, "uuid": "b8d7af72-8b43-413c-8207-704afd79f457", "value": 876032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691838681, "uuid": "f2b2b21f-4ab5-4d2c-8f2f-3e1807d5b9ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838681, "uuid": "432c3a34-a332-4064-8aef-b4cf00ec56ba", "value": "1f5358a71daeca892c4a0ca51deeab59.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03161c49-3934-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691860604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860604, "uuid": "b31b83c8-2926-4442-95e3-76890b9ec0e3", "comment": "Malware payload", "value": "619390452cbabde5508d170ff91e5e4f", "object_relation": "md5", "Tag": [ { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860604, "uuid": "cfa6719e-42b9-48b5-93ba-18ff922e9ad7", "comment": "Malware payload", "value": "096cd1b5cebc5886e7417681a5cbc0727f049ce69239e88d68a5c4836cd145be", "object_relation": "sha256", "Tag": [ { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860604, "uuid": "8e276e65-3f78-4cac-8654-50716a00bade", "comment": "Malware payload", "value": "7c135230516a391497ccad64813913861ed111bb", "object_relation": "sha1", "Tag": [ { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860604, "uuid": "24102bd5-df6a-4e65-b5ab-23557ccfced4", "comment": "Malware payload", "value": "a62733893786f4d4315a667864812472587a10d5db78e279b3b02e48430fc90375b57ce1385c06e4c5cfd916767d1e17", "object_relation": "sha3-384", "Tag": [ { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860604, "uuid": "b8ae4504-3b33-4c9e-9913-40a64b044478", "value": "T131D15CC03FA2FDF60D98C4B9D018D40A396F1A6ED113E94ED539493D21A92A20EE6CC3", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860604, "uuid": "0d16eb47-9211-41a8-b0cd-7deb1495a406", "value": "96:DIIIIIIDlUTAFZwAzRX8TRDl7fKqATwAL8nAFw7ffY0FqcMwV0lARRffqVdZ2Dlt:5k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691860604, "uuid": "e1132b46-8045-4d7f-af2f-96119b2fcd18", "value": 6456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691860604, "uuid": "fad956cf-6597-410f-abee-11774f7bfd5e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860604, "uuid": "38619d44-d1fb-4d64-90d7-feb55a2d1f7e", "value": "Invoice-1636476797.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc367f8f-394e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691872109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872109, "uuid": "4569598b-e9a5-43ff-a73a-bca9c27d90ed", "comment": "Malware payload", "value": "2d8834f451959ad8115c56a28e9ccf60", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872109, "uuid": "acb8c569-6bc1-4278-86b6-c43bf17b60ca", "comment": "Malware payload", "value": "09ffb404af5b14641b277d255487e9056dcf9aba74bb062922cad18d38bb2c0e", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872109, "uuid": "7fde972d-0995-44da-81ea-cdb303ec6bc5", "comment": "Malware payload", "value": "063d369441e82ea65f3aaa6a01b9055390bf155e", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872109, "uuid": "ac810e12-e705-47bb-8c25-47c322a623cb", "comment": "Malware payload", "value": "596154dfef867fa7e7df29d4c3792af3f6ce46bd8cc58a4497d3ca20aad4d070f0d47e631d56560669062bab9bcef339", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872109, "uuid": "e414b549-00b7-44b4-95ac-5375649cef1f", "value": "T118D2B30276A1C32BE69E06350DD6D7FB36347C42AE018317B189B72E7E7AB60CA12755", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872109, "uuid": "9447eb00-81f9-480c-8327-59d18f6a3923", "value": "384:QLEuZLFXjJGOLdDGsSc1ELhJMFmqW2yVBvlewg00Wop5:QlJj5DGlJcowzlZp5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691872109, "uuid": "2e7f80b6-3b70-47f6-a9ad-7a7a21b5bfc0", "value": 29696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691872109, "uuid": "72adbf0c-bfab-4af3-b7a8-82f5519fe19d", "value": "application/CDFV2", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872109, "uuid": "3adbed2d-0ea4-41b5-b042-e79cc0c83130", "value": "SecuriteInfo.com.Heur.18571.20813", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26a754dd-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826304, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826304, "uuid": "4a412228-8d30-4d81-8835-2fa0d1690eda", "comment": "Malware payload (AgentTesla)", "value": "e7b2ca258ad113d3d484d48c81a5b196", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826304, "uuid": "1eeeda7f-b4bd-441e-981b-1fcc873ed0e2", "comment": "Malware payload (AgentTesla)", "value": "0cf86ea4ff0b275550e406f3d1b38126dc4d38fb82c70cb77ac7a8c306dcd9f3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826304, "uuid": "26b7ac89-7597-4efa-8997-c9855820b98a", "comment": "Malware payload (AgentTesla)", "value": "681271ef07c6320a76247f3b5559b4abccd626ac", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826304, "uuid": "8dfb39c7-1549-45e0-bb06-be21009435e3", "comment": "Malware payload (AgentTesla)", "value": "50f4514dedf8f2616f2583378133fd24ab33aefff19ddd853d12af5ffcbf2c41e3840ff306ab70b81011ea69bffe6b22", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826304, "uuid": "f0397225-54a8-4991-9da5-fb82401f66bc", "value": "T1B3E4338B543B02AFCF320E175252E9D1138819C8E3B9D617FD21901DA7ECAF905AA7E5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826304, "uuid": "4818d506-39ad-4caf-a66f-e11a514d2d84", "value": "12288:DjnW1tOwQ/fXdGzJVElctz1qO4E2vtsJoYwiSE5b/z2p8mXyqNmDZkN8wDs5:nHN/4tKF/EySjwix5zzQiUmSN8wDC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826304, "uuid": "aec67287-4c29-4fd8-92a2-8fe2cc57bef5", "value": 717709, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826304, "uuid": "c0db2bcd-bd1b-42a0-88de-8d0bdc7390fd", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826304, "uuid": "d1a2b2c1-ae0c-4a00-b824-5f4f788e1ff4", "value": "Credit Card Authorization form.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d86e95b-3964-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691881291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881291, "uuid": "ff022857-2521-44c4-aebc-3f2891f5772c", "comment": "Malware payload", "value": "aa93c7a064b5997a30b9412264a8d4a7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881291, "uuid": "f4772093-bce0-4721-9e8a-b4df7153beb8", "comment": "Malware payload", "value": "0f9b5e64f08329b2bc602f887ccc48ffbe528605b6fd52e02164fb0f11119d5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881291, "uuid": "72a2cc92-f201-4a0c-93d7-e7f067d287ad", "comment": "Malware payload", "value": "0b376f2f3b3e7a99cc81cf707bd6c72e1ac1ece1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881291, "uuid": "62ce0cef-efdf-4f45-af09-87bad0770d87", "comment": "Malware payload", "value": "2cba8b63f804a390e2fd71fc97f8a4341d2ee5eebb651eb75883d0c4e2d128a4631806dd72c6edc39be76daa92a35c3e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881291, "uuid": "472689ca-88e3-4dab-a183-01e2587580a9", "value": "T141840203BBD84473D8F5277158FA03831737BCA35D34932A2B8AA45F1CB2695A47276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881291, "uuid": "ba138789-40d7-44e5-9482-6e3a4ace28cf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881291, "uuid": "e393989e-ebe6-4860-9f1f-dedce20871a6", "value": "6144:K0y+bnr+5p0yN90QEV3nHELK8yJF2nWTp8lht2qxhGWgBZ+t4EDQmasl1NCqJ:QMr5y90Eny7Xp8lhrxhVgBYCEH3NCW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691881291, "uuid": "aa163658-4948-43fb-8bc0-a7629e5aae92", "value": 399360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691881291, "uuid": "3a78b9be-959a-4f41-b8d1-a99406888838", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881291, "uuid": "ef6660d1-b5c4-491c-a84c-f05f018e6024", "value": "x0448284.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31596002-38f7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691834483, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834483, "uuid": "095ab14b-a7a6-416a-ad61-163de7dc621f", "comment": "Malware payload (Amadey)", "value": "6c27d374936ee7d687508c73da080a85", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834483, "uuid": "f3cf5626-c4b0-4db0-a002-c0ae46f3fd7b", "comment": "Malware payload (Amadey)", "value": "1189d1311ab79674dee87d2422f6317ac3571bb30e465efbd1db4565c3f79772", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834483, "uuid": "2c893f2e-1a13-49c7-8dc7-d9d116dda01a", "comment": "Malware payload (Amadey)", "value": "2c13993cc3f3c7d88a3fbdfde651dadf40c24e6d", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834483, "uuid": "db1abddf-6bad-4027-8614-b0503250f604", "comment": "Malware payload (Amadey)", "value": "fec61089f518cb5ccdf32bf317ec3468e05896604b4396f0d43e9a37710954cf1d29917864f0deb9d6d56ce3427ccf75", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834483, "uuid": "701c6bfd-ea2a-49db-9b00-dca77418a033", "value": "T172F41207AAD48023E8B527B05CFA17430B35FDE4AE65877B2349A86B18735D0B97533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834483, "uuid": "5b3b7287-f8ae-4c09-bac9-4c4e1db993e8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834483, "uuid": "a1d43ba3-25f4-4fd4-a0bf-3fba64b66cef", "value": "12288:qMrMy907pn5i/I5gRuFey9AIOxEgbNOQmTe7BVeKRlSXzp7noY4yzT9H:eyS/5g+etIO9NHm67B8KjStokT9H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691834483, "uuid": "c4ad3613-1fe7-49d7-bc3b-60985930ee5a", "value": 734720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691834483, "uuid": "979f32e9-735f-4159-ae00-2e192dd1219d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834483, "uuid": "f109d6c2-b7d5-422c-9962-08eb77c044e1", "value": "1189d1311ab79674dee87d2422f6317ac3571bb30e465.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6014ee47-38f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691833273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691833273, "uuid": "025aea2a-19e5-4bd0-8347-28f8186835b4", "comment": "Malware payload (Amadey)", "value": "9ebb534a1fed3e60058c5211bef53bd3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691833273, "uuid": "663d5306-3501-4e79-acb0-cc32f21ac694", "comment": "Malware payload (Amadey)", "value": "142638c122d716a64e31a3ab55b215e7bf3a13ea454e266b9704d0ce4c724e97", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691833273, "uuid": "6868678b-f784-4932-a248-9681104f4cc3", "comment": "Malware payload (Amadey)", "value": "9fe1ac37ec30bca7655babb44a7306d4a0cd3b40", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691833273, "uuid": "a0cd46e3-cc86-491b-a73b-4e51cc30d9cf", "comment": "Malware payload (Amadey)", "value": "6bbeddbb000784321b3450295fc5bb11edb1f29196c9cf23add7e39aaab88d5336fe85d118cc2185537307d132d491b0", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691833273, "uuid": "a8919dd4-a128-4654-85b7-b29d1d10f6cc", "value": "T1C1F4220297CA8873D8F41B7058FA07C30B35BDA02D7447AF235A991A4A73BD8A671777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691833273, "uuid": "53599221-16b0-485d-b491-7f33563a8c02", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691833273, "uuid": "abdd14da-e64d-421e-b01e-7f87a1fde718", "value": "12288:pMrny9025PWDcEQm5hzqaFqL8zwE7J34Vme7Wd5KRxYX+p7QTtl305G6j+1O8nzE:6yx50SWhewE8cYmV97WPKrYeQtZ2j4I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691833273, "uuid": "19df50fd-052d-4096-8f82-a98985d566f5", "value": 723456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691833273, "uuid": "2d7cf5b3-30d0-41b1-9c5e-eb13c4e54917", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691833273, "uuid": "5aa7a72e-fa9a-43be-badc-6690e2b2e946", "value": "9ebb534a1fed3e60058c5211bef53bd3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33f8e84d-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1691825468, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825468, "uuid": "0da098ae-9cfe-4be3-beec-8abfb2a444e8", "comment": "Malware payload (ArkeiStealer)", "value": "607e6ab52c0ca1b20e60130ac9288c57", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825468, "uuid": "41f54796-0bad-4b5d-8841-1ffc8b2baa74", "comment": "Malware payload (ArkeiStealer)", "value": "190799d08ea8f5f3ff77f68c1fc6d2d231b3412c46407b9fa72bd485132de1c8", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825468, "uuid": "117cd3f8-b490-4772-a21c-e645a1fbb5e0", "comment": "Malware payload (ArkeiStealer)", "value": "2d8570c5c7429ea993e3f54723480ad3596a1efd", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825468, "uuid": "37efddcc-4e69-446e-ab7a-e91408fb47d8", "comment": "Malware payload (ArkeiStealer)", "value": "b9185272a9790b620c37981ef3eedb9bc839edfc3101e54d55a26d7cfed42f11fc2b4d8df26c1dafb86b4a566fa5f3cd", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825468, "uuid": "e7368059-d1dc-4e30-ba18-21ec7d407dec", "value": "T1B3C49D229B17BA7FF118973649584B130BC274DD71732A6BF9B2CEA9F2C0EE40135592", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825468, "uuid": "5471ab45-5d5a-4c39-a2d9-c4e162aa980d", "value": "9a7926a13a446b4e7cb403f27d8472ca", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825468, "uuid": "90172ac1-0ccb-4714-9a07-2110b6479c73", "value": "12288:89zqCMsFnpxyq5+/z+p/tIpVEOPUOKY5M9VuspJrnmcDhF7fsB:4zqGrxyogynLJY0PpVmcDhF7fs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825468, "uuid": "bddb2b38-9b61-4439-b3db-aa5baea044a3", "value": 547328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825468, "uuid": "0ecc9569-d373-43ec-b9dc-334176f346d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825468, "uuid": "02ed1007-c858-4bd2-9baf-8e85437d130e", "value": "607e6ab52c0ca1b20e60130ac9288c57.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "508dda64-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StormKitty)", "timestamp": 1691826375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826375, "uuid": "18046ea2-4848-4b82-a3d9-51c950f0a60f", "comment": "Malware payload (StormKitty)", "value": "6874fa404214cace1c3e0607f827e16e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826375, "uuid": "a2f59cee-7dba-4c7e-9e82-39131f5afbdb", "comment": "Malware payload (StormKitty)", "value": "1957dd6825a26dea37818afdad0143a9b12c2c2ec68ed0058d89b15d55c762f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826375, "uuid": "bdd182cd-79e6-442a-b562-960ab7d7a355", "comment": "Malware payload (StormKitty)", "value": "110ca7ad3965a397badae82729be1c43ede7c670", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826375, "uuid": "6d9c7c35-deac-4d1b-9d1a-2d72066ddda7", "comment": "Malware payload (StormKitty)", "value": "d47b7aece3921b58e21bb3a6b634c4c87db25f9e758e8d0ac4871f61398ea57b06617f26978821b58aa123bf3b1db53c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "StormKitty", "colour": "#922AAA", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826375, "uuid": "92abc0b0-9f3b-433a-81df-458cec573968", "value": "T170B412A216FC8E1CDE7A49799D700110BB31590D89A4F70F162C323A9B75F54BA42BEF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826375, "uuid": "e3c7e7ff-2a16-4d33-a762-7f7b183f4eef", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826375, "uuid": "c358c190-0e04-4284-8dca-cd993927f0bc", "value": "12288:2GTIYlV2h+RZu5ZcgnziDG/kYiOaONNoZiXL1MkrupND6e:hIYlVDK8m2SsOVNNWiRMuFe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826375, "uuid": "4a1f7367-6a73-42ea-9ebe-32783d19d66c", "value": 534528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826375, "uuid": "42cfb020-d761-4307-9f58-e96c928e14a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826375, "uuid": "4ee5d9d7-a5e3-4198-8dfe-f91d16e1d75d", "value": "hesaphareketi-01.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc19a074-38e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691824864, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691824864, "uuid": "970f0258-b0ba-49bf-baf2-af6beaed116c", "comment": "Malware payload (Amadey)", "value": "d284c1acef46d400574c50367a0a752e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691824864, "uuid": "422d695f-439f-4981-a692-a39bad0ae707", "comment": "Malware payload (Amadey)", "value": "1a8c2cf38916fc9d2c6888df45086df7ac15f1a73cf42e2d6a444e1beb0b74a2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691824864, "uuid": "3ad0c321-f512-47e1-9c38-7fc48d23d933", "comment": "Malware payload (Amadey)", "value": "9972c2ef931e316fde06ee40faba640f27a6062a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691824864, "uuid": "8d640519-2a26-4b51-8816-94400b6d08a0", "comment": "Malware payload (Amadey)", "value": "57cbe701bb495c0de9a799ae8a774c7453472d13f057091d767e9ef2001361921f44c7d3135d9c2261608b673aaa1dba", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691824864, "uuid": "8fcbdab5-e298-4fa8-a638-5d1123219fc1", "value": "T162F41212AAE94437DEB51770ACF716C70635FC628C784367278AA92E1C73AD0687173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691824864, "uuid": "20848dca-b951-4153-b439-28180a538590", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691824864, "uuid": "b606916f-92ea-4661-af83-09b2e19b1242", "value": "12288:5MrYy90ZsFq51sv0JXLTW5zW4Kgfe7Ox4KRwkX+p7wa86ZN1n7OusEyBMYy:lylFqf1hLTazlvm7OyK6k+edusQP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691824864, "uuid": "1ae9dfae-f38e-4497-872d-7619717c717c", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691824864, "uuid": "6df2182e-2b38-4bc9-9f5d-aaf1734a0156", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691824864, "uuid": "473332a8-5e27-43ec-9a6b-1e7b0d441d0f", "value": "d284c1acef46d400574c50367a0a752e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ccee3d02-394e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691872110, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872110, "uuid": "7f498118-b966-4b89-8e34-dceceab266a3", "comment": "Malware payload (Loki)", "value": "1879528b119111b609478a22a702cf35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872110, "uuid": "9e9f1435-c60a-4b1e-8e8e-2fc4f5acd81a", "comment": "Malware payload (Loki)", "value": "1b34d2afa6705ff6291bb774b44c4ef03f60321d63e34efdd8a07f512187c136", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872110, "uuid": "7f8c6ef6-68de-4d30-ab74-aae7120710f4", "comment": "Malware payload (Loki)", "value": "6c2574e6411157230f192eb8b6f7d8b53683c983", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872110, "uuid": "80e7cfb2-3463-42f7-ac49-24400e98537e", "comment": "Malware payload (Loki)", "value": "b9833875ee535895ac316f9ac8e62e6284f1cac813a4d8966c86f6839b5b5066f908e072273b34f85e42044fff767978", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872110, "uuid": "a8352caf-3e7b-4552-9587-9dc1a6722168", "value": "T1BCD46C59F60CE29EFD0903B021297CD425F80CAD196CFA27BEA6B5E230EED7551F1096", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872110, "uuid": "9c6ae681-5334-44dd-9e65-99c521e707e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872110, "uuid": "2556dde4-93c4-429e-9452-72d481d8de6b", "value": "12288:TD4VHfQe6ZyWshg+qbZxTZZWunAWvajgXk+fapiHcyMu/Y+RXFypZnlFH9Wd0c:TD4VHfQe6ZyWshg+qbZxTZZWunAWva/8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691872110, "uuid": "3d7d8d48-79a8-4304-891c-dca5aada8f64", "value": 629760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691872110, "uuid": "17484e37-7059-4342-91d1-959938f68c97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872110, "uuid": "cb1ad177-92dd-4297-ab43-ee9d94f54b44", "value": "SecuriteInfo.com.Trojan.Siggen15.15480.25923.22907", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94472456-38f8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691835078, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691835078, "uuid": "ab972400-7189-4af5-b295-e75bcb781ebf", "comment": "Malware payload (RedLineStealer)", "value": "666dce9abd3e5cbbd5214481f11fb1c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691835078, "uuid": "9c895f06-78dd-4a8a-8132-eb439e7a38ee", "comment": "Malware payload (RedLineStealer)", "value": "1e4adb7323febda74ddc0a06d2e18ebfd241fce73ee859ad6f400e1260885aa7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691835078, "uuid": "2e724093-faa0-4be9-a3f1-e5c97fcd7c42", "comment": "Malware payload (RedLineStealer)", "value": "d5efa852f7bc7798eb1563b9fe1b5d6082e12d4f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691835078, "uuid": "8717ab6c-d5b4-49a0-9950-e8e896c828fa", "comment": "Malware payload (RedLineStealer)", "value": "7d4ed0ed523ce881b9dbc104ef436c513ccd1e49533b828f163986c366f44f499a7a77c018882e9919c65143cc3aa43e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691835078, "uuid": "0e58f2fa-57a9-4b1e-8707-2ae63f95d9a5", "value": "T13CF41203BAE84523D8B11770A8F713C31A39BCB1183C935B23456A591D73689F97A7BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691835078, "uuid": "c96cc5c5-8829-493a-a142-49495ed90c78", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691835078, "uuid": "5f6e3142-2782-4f0e-9200-a5bee5394d73", "value": "12288:YMrjy908G5bqKyZ60N046vRGeFLx43KOpe7MVYKXXGXkp7Wj7OyIh9k/ZvwXHmT/:7y+ecio3U3Jw7MiKnGUOONGZvwXHQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691835078, "uuid": "03aca6fa-8052-491e-94d5-a0af8430c6a7", "value": 742400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691835078, "uuid": "4ff70e01-c099-42f7-a9b8-8f74cb6f99ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691835078, "uuid": "b0809e8b-b747-41b7-9474-c844500016e2", "value": "666dce9abd3e5cbbd5214481f11fb1c2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b189315b-38a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691799049, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799049, "uuid": "970261f9-dcdc-44a4-9a38-5fb96a4de5ea", "comment": "Malware payload (RedLineStealer)", "value": "5b91f54a62272115ab38daae417deae1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799049, "uuid": "f641e720-ded7-4953-a58b-96f21ae8bfa7", "comment": "Malware payload (RedLineStealer)", "value": "1ee58c19b2b34e6be97b748f752057fedba196a9a7807938f28628ff96f0a618", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799049, "uuid": "a26ad7b9-4150-4fc2-9ec6-b5894f3d13d4", "comment": "Malware payload (RedLineStealer)", "value": "e72ef059f864708338b71e5f080dffc88b3a93cd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799049, "uuid": "bf1ae814-e360-46e7-9889-bc5a55a2dec2", "comment": "Malware payload (RedLineStealer)", "value": "31f3ee3e6a1a73d8e09d2092c1064a1f4cbc3ec7526ae1f53d6b1776d38141e14531c76ce2e1ed183112d486d928d224", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799049, "uuid": "19ad50e3-1589-4b8e-9745-1f9d0c8f52b5", "value": "T11BF412136AD98463EEB127B05CFB07930A357C9128788B7B3396A82D09726C1F57573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799049, "uuid": "5cd82514-8efb-40fc-bddf-abdfdc175817", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799049, "uuid": "ebbddedf-5d32-48e8-b9cc-b72f6b5217c9", "value": "12288:qMrey90NAIB/AVlhpWagNsbPiWbAJ5K9+e7LtHKRinXzp7YbtMP/MLYABCUKq:IySAIBClhpWaWsbe5ml7LVKwnN3/AYAj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799049, "uuid": "c2c308cf-ade7-4551-9221-63d660d01117", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799049, "uuid": "654ac714-1e38-4fa7-97a3-cbb0f3b6899c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799049, "uuid": "a3ad4300-54f7-430c-9eba-504ab9674a28", "value": "1ee58c19b2b34e6be97b748f752057fedba196a9a7807.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aea3b121-3932-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691860033, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860033, "uuid": "e2139820-6b02-4da8-9c88-03aa3b8f541e", "comment": "Malware payload (Formbook)", "value": "1188a953c9f36b374ca3714c9de1763e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860033, "uuid": "13355b55-c57a-4bee-a0a2-5ebc606d1bf6", "comment": "Malware payload (Formbook)", "value": "20d45ab8062d59db6229e293a604f37e2760519894d07380288f0f8f5e2b5c95", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860033, "uuid": "ff055b5b-c81c-45ab-9d23-3731a406db3e", "comment": "Malware payload (Formbook)", "value": "8ed3947a1e45f67263327a020035765965951949", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860033, "uuid": "480e843e-2e3b-4172-b452-b7af45ce477b", "comment": "Malware payload (Formbook)", "value": "02e34f573eb4b40a7df4b62033f2dbe8f1feca053887108d4c0c1f6b8d53d9de19902265896b1ed2cad2298a8c14332b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860033, "uuid": "c0b7a23f-ff7d-4ff0-b418-f7b59b33b9d8", "value": "T15BA429E0317D93CFD0A28DB10FC98AB0B9F135AC98C4560DA0F69B2E93D6355449D9FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860033, "uuid": "e14b8e9b-2b90-4559-968b-bc8fd2cff33a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860033, "uuid": "09cb5ae7-77eb-4660-8af6-21780a8b08c8", "value": "6144:p7kv6HlSjbx+NOspNKz9l2jwawmz4FBFqF1V0KrKi:1TSncN/0T2kawmz4FBoF1V0KW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691860033, "uuid": "785fb1b0-6bad-4563-9dac-c4ae8eafbcc0", "value": 451584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691860033, "uuid": "3b54d15c-f2a4-474d-8473-df833da3c023", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860033, "uuid": "fbe16479-8158-48cd-bccf-8521bcb766c8", "value": "1188a953c9f36b374ca3714c9de1763e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7cd6a85-3933-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691860559, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860559, "uuid": "5205dde3-5e73-45e5-b0c6-eb892083889f", "comment": "Malware payload", "value": "7681f56541e316016e7f937feee5ab05", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GhostRat", "colour": "#66C979", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860559, "uuid": "63563a97-c200-4d49-b0b2-d63637c77e07", "comment": "Malware payload", "value": "21c3b30041dc16f6fb0fe758c4cd1767e272133ff45dd21aee22506e6d9199aa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GhostRat", "colour": "#66C979", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860559, "uuid": "06275356-4818-4edb-98a7-a1e557d1fc9a", "comment": "Malware payload", "value": "4d44161bed84bef3b0c63b503eb38556a5e28377", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GhostRat", "colour": "#66C979", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860559, "uuid": "979c6be5-8116-4fef-962a-cacb90eec0c5", "comment": "Malware payload", "value": "eeb5d9e5fff3816fd9948d28bdba7089314a5090b2bf888d091ef9d3c6fe9b641c4b9f1d6dde7acb60e2a8b4551cc812", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GhostRat", "colour": "#66C979", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860559, "uuid": "c2a05146-d46c-48e6-9027-9c57f9fc5170", "value": "T15DC31B04F68FC19AF8600934A4D53BF696B95C77210F967BFB08DB0ED4A30487946BA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860559, "uuid": "6a50e232-e1a5-430d-ad91-44a69eca18c8", "value": "62e37ac6c44b05b3af3d003bf26470ef", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860559, "uuid": "723ae679-d76f-4d47-82ce-cd2c527204a2", "value": "3072:FPuFP9wPK9fHwkDygAs8sslc7TsOQs5H6g:FQWCHwoQsI0TsOQs5H9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691860559, "uuid": "4be11dfa-5407-4606-a251-0e863d8125f6", "value": 122880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691860559, "uuid": "55ebc969-5715-4581-9273-d10f150aa76b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860559, "uuid": "cc21e6bd-5c29-4ff0-a152-c16c2e0be772", "value": "Google Service Installer.exe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57d27fa5-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691826387, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826387, "uuid": "a511a307-b2a2-4eef-b266-c2ba39ff7029", "comment": "Malware payload (Formbook)", "value": "187e3680b6859c4d059948b0a9e9a816", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826387, "uuid": "02cc7be5-dc06-4d80-a39e-5351452281d5", "comment": "Malware payload (Formbook)", "value": "22976d85639b00522de9050cb1178a85e14f7ebfa744a55383e4a56cdb21873f", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826387, "uuid": "106bec06-2d42-470c-8233-5abfdf3ae2a2", "comment": "Malware payload (Formbook)", "value": "5ebbc752e2ef8e0de23642d09eaef9f46308248d", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826387, "uuid": "ebfb622f-d35d-4635-8061-87e5370b6326", "comment": "Malware payload (Formbook)", "value": "5d85fbd24f43ea33f900532dac59c1fd90c7b90c5eecb3c9b2ba7294c6a2717277778816ad8eb728b06b49de9678871f", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826387, "uuid": "73f8028a-ec74-4e22-beb3-8fb7b5f3da4a", "value": "T162E4CF60EE38DE82E54F4B79108FC70E8271584A3626C63A6AAB51C5D4877C206DF7DF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826387, "uuid": "ceae1fd3-debd-4d85-8582-2da37584656d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826387, "uuid": "b6314cea-d7fe-4b98-a6a3-676ad0c6beb2", "value": "12288:ed0zBICR0US9FrUcub/iRc3UsXmfXMN9f4fUAFws8Tt+NlqTjN:EeiCmUkFcBv/f6FwnY+TjN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826387, "uuid": "ef6d4227-840f-4fa5-a57a-bafd9e313aa8", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826387, "uuid": "c8182fe4-18ee-4aa3-a1d4-34652af4e92f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826387, "uuid": "459de68d-01bf-49bc-9c17-6214fadcbd3f", "value": "DHL AWB 4500028900.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b50d40b8-38e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691826973, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826973, "uuid": "409ee0a4-9bb7-4c1c-af27-134d997d17f1", "comment": "Malware payload (RedLineStealer)", "value": "0760c2d9dc2be023dbafa1a7d4fb9221", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826973, "uuid": "06365391-2fda-4242-b45a-e7ccb73692f3", "comment": "Malware payload (RedLineStealer)", "value": "2425bc6011da22f26848e51eab857866a4b2448f1ff7880e657b096e9ca540d3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826973, "uuid": "a0c8be81-7322-4569-a64e-3125fb4fc6d2", "comment": "Malware payload (RedLineStealer)", "value": "603981bd68418e6c592fdcde7ae46fd7eaa3b06b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826973, "uuid": "1da9e3ed-216c-4f0f-8e5c-2bcf2daca594", "comment": "Malware payload (RedLineStealer)", "value": "5b3f0906411103d91c5eb05bd6657e82666f4c4f63aa75652d51f7af757d30e5a1915f19dfd1d0516953447d12733907", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826973, "uuid": "e58740aa-a942-4373-88e5-34a46d924152", "value": "T19BF412976AD881B2EDB62BB05DFA17C70F32BC915C75832B2315889A0DB2791D131B73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826973, "uuid": "0500ac03-4419-421a-b055-07b716e28bda", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826973, "uuid": "eae1bf41-d5b4-428f-85f8-80942cfa3f40", "value": "12288:7Mr9y908Sq58RfTx+FJXYb7cYi3OR7UMqMhNgWtUsn6NbeOh59AJi0imrN:CynSaabxUWbonTMqMP5+sn6Nb79cvXN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826973, "uuid": "99e4bf13-0f19-404c-bae8-f8fab415d2f2", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826973, "uuid": "f4d1e21c-3aed-4e38-a2df-bd71edf3ec48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826973, "uuid": "3ebed686-5f0e-4fb0-9401-e3e0169423f3", "value": "0760c2d9dc2be023dbafa1a7d4fb9221.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca31752b-3933-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691860509, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860509, "uuid": "a9cddabb-7467-432c-97ac-caab5b1640c6", "comment": "Malware payload (RedLineStealer)", "value": "f635244249cbfb941d5e731e85317cd7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860509, "uuid": "029d1364-1d90-4ff8-b1ef-a050596c8f6a", "comment": "Malware payload (RedLineStealer)", "value": "24370dee664ee20b21599b477966ea9a7654a1252c772f5afd50a83c427fa290", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860509, "uuid": "4f74c5fd-b472-4baf-af64-2efe0cdcaafa", "comment": "Malware payload (RedLineStealer)", "value": "18348912a1b40a932275dcb2385ff5605d282f7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860509, "uuid": "9cbaf585-8226-40f5-b966-7c30cea24aab", "comment": "Malware payload (RedLineStealer)", "value": "4746e354fd98b8518db30902f37801c1f256fc6c4e8b9dddf2261a587e4cffe0d27c564c6d8ef75df036adb32d79ad20", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860509, "uuid": "de31e56e-755b-4032-b287-ab5d8dd207f3", "value": "T13664E0363A82C032CD5B54B01930DBA16BBFB8326579C65B376807BE5F303919B7A359", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860509, "uuid": "dea507df-850e-444b-a5f5-25775c37f7f8", "value": "99e0faa4a816f66aee7c760f482140b5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860509, "uuid": "19cd0818-f0b1-4be5-bef1-7166a3deb1f8", "value": "6144:e+U+3LlWV4W8wrKLOq/5MDaQV7vhM+4V7StG3Byv:ed+3RWV4W8wrKL15Q9VJ4V7SJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691860509, "uuid": "4acc9c30-fa78-46d5-b0ef-d1708d88d882", "value": 335872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691860509, "uuid": "9ef1a965-df38-47e4-aa3e-134a4bd6451f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860509, "uuid": "f5d52784-2445-41d1-aa98-4f704bb2f760", "value": "f635244249cbfb941d5e731e85317cd7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff15a123-38eb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691829674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829674, "uuid": "ae02bbe6-1210-48a7-82f6-dcecb5864c0f", "comment": "Malware payload (RedLineStealer)", "value": "d5fbc84f128e2f19c3ec80b201475c3a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829674, "uuid": "0a28adbe-2cb4-409c-9052-2ba046b4ba0b", "comment": "Malware payload (RedLineStealer)", "value": "246580aed9d35564ddba5061b5ce2293a7daadd4f4dc4e8ec393130eea2a3469", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829674, "uuid": "88f1f104-c04b-490e-aed7-6551aba1b31b", "comment": "Malware payload (RedLineStealer)", "value": "922f95121467ec133ac1789aaa6f67fe1483fd36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829674, "uuid": "c37810fc-ce1d-4a81-8501-9d92d19590e3", "comment": "Malware payload (RedLineStealer)", "value": "0e5d3ff37295c854352337f15b271965525dc169d490536d3b544cca467d6575ead74d2cf2f45966eacb295b723ddb6c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829674, "uuid": "45b606b7-944e-4206-b1c4-9582794ea644", "value": "T1C374F1227792C071C98F05755D24DFA4AEBFB83126B4855B3BA8077E5E702D28BB7309", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829674, "uuid": "7db6d20a-7379-488c-be5b-cd7a4df72508", "value": "57c957ecde7ffcaeaa065ed04df47092", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829674, "uuid": "32e71c64-a6f9-4c4b-997d-9438359d580e", "value": "3072:S9X0nIuy25LruLSMcNOUzSVI+98otMYcMMhPpGzRRhnYtTAXupdLw9QjULARKqB5:G0n55LwSOUzb+9RMEzPhYBMydnUL/q3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691829674, "uuid": "76cf5015-2e47-461b-9715-2ca5de9f1060", "value": 343040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691829674, "uuid": "cec49959-854f-4ca7-b8d0-6217d56f072f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829674, "uuid": "55ade8ad-48c9-4ba9-966c-3c80f62f9cb5", "value": "d5fbc84f128e2f19c3ec80b201475c3a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3744bc0-38d9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (TeamBot)", "timestamp": 1691821870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691821870, "uuid": "cf8e1525-534b-490c-aec3-15e599691178", "comment": "Malware payload (TeamBot)", "value": "f484ecae35ba9e1d8db31a1aac500377", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691821870, "uuid": "23f6cce4-ae94-43e9-867b-14a7af02104a", "comment": "Malware payload (TeamBot)", "value": "279155f5ae5904f994db343dc511d83fcccf64a0a964f5564e8c04ccd209cdf2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691821870, "uuid": "3af12cf2-359c-4b46-9496-72f78c4e6477", "comment": "Malware payload (TeamBot)", "value": "02217bc3c4ea3c6872a9f8590dd53c120b64fa2d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691821870, "uuid": "0f75d6d5-e3e8-4d4d-84dc-f3c93d4a0ad0", "comment": "Malware payload (TeamBot)", "value": "d742d5ce082251d4a8be037790c45a258ca79e20082f3cc2ec1ce20dd5c35c821725ced10afcf117a965659747f55e11", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "TeamBot", "colour": "#0020E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691821870, "uuid": "d5c9464c-bef2-40db-9082-0b2f87f8839c", "value": "T11644DF313A92C0B2C45B45715925DAA0AE7F787593B9894F3B680BBE1F303E147B731A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691821870, "uuid": "3ad44e34-6d3f-4079-b577-4c233980c7f1", "value": "57c957ecde7ffcaeaa065ed04df47092", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691821870, "uuid": "9393b55c-fb99-45a4-a8fb-7aa0b7ad0b0c", "value": "3072:x9X0vxcsCL3CUkInJ/oyy3pq/+bdFatDsxs9p42/j09Eu4RACUVHJ:P0HCLL/oR35bnfxip42709prZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691821870, "uuid": "1c370505-aa25-4126-ba32-8057951de86c", "value": 260608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691821870, "uuid": "7a24b580-40e3-4d61-8276-f6c034432221", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691821870, "uuid": "e18d2b73-f73b-489c-99ba-48d260332f69", "value": "f484ecae35ba9e1d8db31a1aac500377.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "289437e8-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826307, "uuid": "2e473201-4559-45eb-8e9f-76a3003ab3bb", "comment": "Malware payload (AgentTesla)", "value": "48c6116acb69864092b058b1787a5d46", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826307, "uuid": "eba4e73d-fc61-4082-8bb3-0bc6ed87391e", "comment": "Malware payload (AgentTesla)", "value": "280b948371045e715108a5a0fa0c8fd5ef23ef916242da0bbce8188fa1884f51", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826307, "uuid": "e34746aa-c244-46fe-a16e-334688f650f9", "comment": "Malware payload (AgentTesla)", "value": "fe1de1401cb8613bad55e9f9111e5ae8a4271d37", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826307, "uuid": "6ea0b0d7-6f25-4e0a-a2f3-274ff9528554", "comment": "Malware payload (AgentTesla)", "value": "4a0a7cbf1859cd3c593c2e13c57d0c10c2ac0566452a4cdb704da4c6bd8fda504dcf03666c93248066bf7fe79ba4374c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826307, "uuid": "3a4bca2e-03cd-45d4-9472-4261d43de519", "value": "T1A4D423E851509FCCE246B9F013D1E8CFCE0FB6B8EDC3F6CBF968A9D8465658A4091119", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826307, "uuid": "8bd3cc54-6273-49eb-bf8e-2fd598c94f2f", "value": "12288:QSnWwbmte/4yMZ4vpCTMrCLwjBSoXQtdsZmJZ39ujLE8jMOzxOxOZlPbIemnAE:R34r4vpHC8jNXOsZ8nkLZM5kZljIey", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826307, "uuid": "dd91ee37-53c5-4bd8-afba-f9d28157b5a6", "value": 640419, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826307, "uuid": "995bb46b-fb3d-4b0d-a64c-33a7872d386f", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826307, "uuid": "09d8cac9-d061-4adf-a000-0463bbf60794", "value": "Request for quotation-202345BXL.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b71fe2fa-395d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691878516, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691878516, "uuid": "4af97a1f-1aca-4fe5-82f1-231b013a98c5", "comment": "Malware payload (Amadey)", "value": "02867fa8b443043ec0fe6af211c852aa", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691878516, "uuid": "0401a304-4877-421e-904d-aeb09bf5e13f", "comment": "Malware payload (Amadey)", "value": "2a72b302004c17baf6d69fa1c0559d2e10009643fd06bfeb29f0ab3edc531f23", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691878516, "uuid": "154bbff3-a1f9-4cd4-a209-a177a7914266", "comment": "Malware payload (Amadey)", "value": "a8d64ffde6c6379986806014737c20d7440e7496", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691878516, "uuid": "9731b02d-cb70-45ae-a902-83595c9fa15f", "comment": "Malware payload (Amadey)", "value": "7f1a2a012f85513078a9ac22c8ca8aed185cfdce28fa1fc294ed2560d3eb93843a291f609f3a275565cb4fd04e86e3d8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691878516, "uuid": "f64c07c0-dec6-488b-b8b3-ad3afc67a3e6", "value": "T15E643A517952C032DA6064721BB5BFF2C59D68259BB049DF7BC00EB7CA212E6B930F39", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691878516, "uuid": "4c1c8354-ecf4-4433-9be2-c575fa587c46", "value": "e828679bf7773c76d009985e1c81e0f6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691878516, "uuid": "9aa32e21-35f8-44a7-b271-b656ddc529ed", "value": "6144:Av0pRrVXa2sq6IhZSm7PDzsR3caCUidVZHePud7UYSy0AObhedN:S0pRrVXa2nSm7bzsRsePud7uAN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691878516, "uuid": "5b70e293-695f-47b4-b287-ce89be4930c0", "value": 328704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691878516, "uuid": "c3e801e7-8139-48f7-8d93-a49ab18c540c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691878516, "uuid": "8c27e08a-0018-4622-8768-b685872c7919", "value": "02867fa8b443043ec0fe6af211c852aa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c7c0948-38c5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691813161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691813161, "uuid": "98a4d008-ac60-4959-80cc-7f18cf816327", "comment": "Malware payload (Amadey)", "value": "449aeb10834ff63b65e27b3d5d4e374c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691813161, "uuid": "2af92d1a-e625-4719-aeb2-d8c093cce1ee", "comment": "Malware payload (Amadey)", "value": "2b2e4d2c56eeb6cc0dda396ed209c932465594ef5b773fdfc74382bd0a7ed94a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691813161, "uuid": "6dcc9701-6273-430c-987c-201050d4ae1c", "comment": "Malware payload (Amadey)", "value": "cc4d3f606de54084fd29bb08430f4327a7a117b3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691813161, "uuid": "e7ea2a65-8629-4d26-945c-c432a73b5641", "comment": "Malware payload (Amadey)", "value": "4f4901d64c8a9dbc6a561e34c0d312ccd3361b354f3ba8b49645c7c11e66583b51637f204d384cead7b269262f73ea00", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691813161, "uuid": "9d9d7fbd-c4e9-444d-b662-e84832cad5a4", "value": "T1FFF4120397D94032DCF93B7044FA16D71639FCA258F49BAE2341EA5E1C32988A87573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691813161, "uuid": "b2f382c7-5c87-40d1-88dc-9b38e136dd80", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691813161, "uuid": "1d96a46f-781f-4601-ba9c-6e2fd6a013b8", "value": "12288:UMrXy90/gIyLnOEVoINPKHm7NxzfchuiyZqocZij4VmBJMjdWk78Toy:DyhrOLINiixzEZysocYj4V608J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691813161, "uuid": "ab7e6cb1-0ee5-4e6b-80ed-a7cae1d1e98b", "value": 741888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691813161, "uuid": "4be8b736-37c9-4ebd-aec4-8033d3d93daf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691813161, "uuid": "b5648f5a-9679-4f58-948c-6984bb6701f0", "value": "449aeb10834ff63b65e27b3d5d4e374c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79b0e2a7-38f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691834174, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834174, "uuid": "15ce687c-ec95-44a0-a940-16f511fde478", "comment": "Malware payload (Amadey)", "value": "5b34d2a6188d9b2f9a190de26757127a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834174, "uuid": "4840353b-c316-4fd3-8453-27f7ec5c5865", "comment": "Malware payload (Amadey)", "value": "2bd33396766f1c8f78c397fcf13adf590f86746e04d2f00df1b8480d69b00b8f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834174, "uuid": "65ff4378-6f5e-4a1a-91e3-23fd6b01a091", "comment": "Malware payload (Amadey)", "value": "4fd8c30227dadf663953ef45c39c94790142d40c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834174, "uuid": "5eb3af4f-f64f-4d00-961c-78ae96845aef", "comment": "Malware payload (Amadey)", "value": "cb94973f879a2595010b5457926159369212a5aae9c333424a0e9629d7c19b9c107bbb565c165d868d7a42bb8689d260", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834174, "uuid": "433650de-7df8-4aff-94cf-3e6cefa138e7", "value": "T11AF422165BE94674DDF6277018FA02831B3ABCA25D71932B2751A49A0D73FA0E93133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834174, "uuid": "7f09d6d5-2079-4535-9a1c-7414cbbe6eb6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834174, "uuid": "8b9282d8-b4e5-4439-9673-641a594dc2c0", "value": "12288:1MrCy90bTMIrf9oCzbm5BLxq/3ipmM+GNo2s4oSphyS/kG6CppGqw5gNcAp:HysT3fdza5JcS4cNo2sMphycl3w+cAp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691834174, "uuid": "590b9c2b-729f-4318-9f44-2b65d1b51146", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691834174, "uuid": "e28e1eab-ca9b-4645-940c-5847c2235586", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834174, "uuid": "004c1637-862b-4ba1-8e23-dad4982d2d57", "value": "2bd33396766f1c8f78c397fcf13adf590f86746e04d2f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "959f3c00-38b0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691804157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804157, "uuid": "6c9a2cfe-2d4d-4a47-ab2a-e488efdf130a", "comment": "Malware payload (RedLineStealer)", "value": "c9b424f97b3c1993efb4fc4ab29ec241", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804157, "uuid": "0b334883-f367-4569-b5e6-49bf89b1a7c3", "comment": "Malware payload (RedLineStealer)", "value": "2cc2e7c27818a21bbcd41a56b34fd232a51f4e160aa0d52f1a92b4cd5111be26", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804157, "uuid": "ee928ee6-08e8-4d97-a0f1-4d93843a3256", "comment": "Malware payload (RedLineStealer)", "value": "0bb4e0ddc8f9db62dbc8ef890a0f67519f2cefcb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804157, "uuid": "9e0ef0ec-ac09-4145-83ed-5cd21e95d786", "comment": "Malware payload (RedLineStealer)", "value": "1d55540091f6a4d515cfd16413245cb97dec80905a367efc0b7f1baf4cddba34ce076b1b4e9b1a5b888e0f7f2d2fddd1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804157, "uuid": "2084e001-a4f3-4dc1-ac31-5f433ae858b5", "value": "T1F3F41213B6F84023EDE527B098FA13830A327DA4587097676286798D4D73AD9BA31737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804157, "uuid": "d34e6c68-bb53-4435-bb6a-2c2c9e8f2f4a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804157, "uuid": "a24a30db-5429-42f9-84a3-d5e0aac1742d", "value": "12288:BMr0y90k7FZKA27beuj5+84ph7keeOMNLH3YmXsGojzeEIe7QYQKRh0XPp7OT30n:ByRZZK9neq+84h7fzMlYmpueEn7QbKz6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691804157, "uuid": "c8b71264-20bb-4fa5-b28c-0eeb80a98c4e", "value": 739328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691804157, "uuid": "ec649292-7de7-4d6f-8406-ef36f227a648", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804157, "uuid": "0f090a93-eb0f-4a5b-aee7-6298da430ae0", "value": "c9b424f97b3c1993efb4fc4ab29ec241.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1872c3f7-38e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691827569, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691827569, "uuid": "e24d045a-0060-406c-8742-f0cfd793a4f7", "comment": "Malware payload (RedLineStealer)", "value": "96609549fbbe53f1579f98dd9186a85b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691827569, "uuid": "3582d942-12df-4756-ad47-3fe784ce9d1c", "comment": "Malware payload (RedLineStealer)", "value": "2d06c9868ec253ad3e2e8c379c1377fcac611f09150ac07569e272a5f4c8c26f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691827569, "uuid": "e90be3b2-a3c0-4cc1-b571-8ff0b025b186", "comment": "Malware payload (RedLineStealer)", "value": "6329c5feec4a5b2e6ceebeec2f56f4d3d5b3c09e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691827569, "uuid": "9baddfe4-e2bd-4d71-9914-304bd1d30045", "comment": "Malware payload (RedLineStealer)", "value": "42e0bd59cc0939ac11429fd78307c4c7c58ab7edbb4e535ba4083ff6b001065f24f442038576941580173b8e971c539d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691827569, "uuid": "9f7fa327-81ef-4251-bc24-6ede106934a3", "value": "T169F41213A3E88033D9B9277018F712C31B36BCB65835965B33A5A98E1D73594E93632F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691827569, "uuid": "9c10c13e-e83a-481c-9dfe-3e2098b3619c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691827569, "uuid": "763cea85-f676-4e95-8aa6-55c935163b28", "value": "12288:ZMr3y905X/ugP1KAiaswj6HgNFc+/RqYAecinQKuge76gtKR4NX+p7u/+sdkiUga:6yEXTtKBV0cfR5P76KKyN+8+sdk/ga", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691827569, "uuid": "d109bc10-fd10-4be0-864c-de5a74cb1c8d", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691827569, "uuid": "95202068-cded-4dca-825d-785a33f5937f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691827569, "uuid": "bff2a9cc-706f-4baf-9455-4119ece4b794", "value": "96609549fbbe53f1579f98dd9186a85b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "302f42d7-3935-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691861109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691861109, "uuid": "15b9586e-560e-4d44-8fa8-07d855cd2a80", "comment": "Malware payload (Amadey)", "value": "4fc8a187f6d2efe15e9d060bcf18c317", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691861109, "uuid": "e20747d6-862a-4a95-b3c0-c94e11e33c59", "comment": "Malware payload (Amadey)", "value": "2f0f60dbd1f37c1623a927965f7aed2917bfdcd81fb9af697e87afe47e55240a", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691861109, "uuid": "3499c720-513a-4486-849f-8118aa7f3a26", "comment": "Malware payload (Amadey)", "value": "d9f3c21ec0333287ece124b803c1ddec459249ad", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691861109, "uuid": "196324e4-7712-4fc6-acd7-7b09d5831afc", "comment": "Malware payload (Amadey)", "value": "60e215a82614e5b6dc872535c173c03bdf926bfa3904020dc81be07a38ca75dbbd4ec03ae9aa4bb541e64645120c505a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691861109, "uuid": "237e8f9f-4005-46b0-bbcc-d0441d93b20a", "value": "T12944E0323A62C072C95B40B49825DFB0AF3F78327774819B77650A7D5E702D19ABA387", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691861109, "uuid": "800e737e-90c1-41a6-b512-f8ed54372191", "value": "99e0faa4a816f66aee7c760f482140b5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691861109, "uuid": "07ba33e3-8a28-4907-81a8-edde43aedaa7", "value": "3072:VXXCgmLSwptV21MCLD1KA7NGBinarg5bHNYUlrRMBRc4H:RFmLSStVyMCLD1KdBinarIbHNRQBRc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691861109, "uuid": "0e236335-79e9-43b9-95e0-b7bcbb602614", "value": 255488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691861109, "uuid": "2d885fcd-6cde-4053-887c-98ac37227b4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691861109, "uuid": "9664335b-1b66-42c6-a39d-871d4b8a0e5e", "value": "4fc8a187f6d2efe15e9d060bcf18c317.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "246c7c6c-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691826300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826300, "uuid": "1f678904-020f-4f2f-a123-d961f5b160f8", "comment": "Malware payload", "value": "e93d755480c85eed3031653a3ed477c9", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826300, "uuid": "e386f8d0-8aaa-44e8-9e3a-6972d10316ad", "comment": "Malware payload", "value": "30175a4cdae27076cabcb5eb7106779cadc47113ef17a7b67d0e02aa840072e0", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826300, "uuid": "b0fd8108-f373-471c-a7f5-0c88f1695818", "comment": "Malware payload", "value": "16589af8e8786300063d1ed5badff8ff03303e3e", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826300, "uuid": "07202775-e2ad-498b-9714-cfe552fa1980", "comment": "Malware payload", "value": "99bcdc6af20cbd1b774274ce29ab2b461bfc39dbe5ae0067a65d32b877c41dc08c39afcd957f0edd4f931076f8c693db", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826300, "uuid": "83b1c4fa-3a5f-40c1-b877-7719b2191d11", "value": "T11575233985BD4BE6EB9D5AF715A60109CF7CD1B6B523FFC784C02EA292043B01A157B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826300, "uuid": "9c173b2d-7e6e-4894-b202-d9f4199b5f1c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826300, "uuid": "c9dfd457-9713-44b1-a5a9-41a1ce2317a5", "value": "49152:4iC2TK6JwkRX0VCuJPieKfPHSLuduxErgAYu:4iCR6JwfNQeKXHoWb5p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826300, "uuid": "10e9f1d6-0e8c-4a36-afc3-4affdd8f7b26", "value": 1643008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826300, "uuid": "f6a5262e-25cb-4c09-a898-9cb3301c3362", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826300, "uuid": "a40d1b32-4198-4c21-9970-23f2e82d6300", "value": "e93d755480c85eed3031653a3ed477c9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bd94126-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826286, "uuid": "95caed4f-ccf5-432f-8de3-3d41c754c6ea", "comment": "Malware payload (AgentTesla)", "value": "6579670bfc471264b8aa1572ee0e25ea", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826286, "uuid": "ee018ebc-410c-4e99-9371-425c2397585d", "comment": "Malware payload (AgentTesla)", "value": "30cb3ae593379ce4277572d619a27c40d812baf786f52d5ec2ff42f572bea7cc", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826286, "uuid": "e7d703fb-3d71-478b-96e7-2a1a41642e32", "comment": "Malware payload (AgentTesla)", "value": "58ab925d8cd626a5c59e2aaf08644f860a4844d7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826286, "uuid": "23f81c6e-801c-4730-9297-2e81e15a1c95", "comment": "Malware payload (AgentTesla)", "value": "93e39d258415a13858efa3d5fd2ea2ec07c1ba6505054aad6cceed6a6add9698c27c04007f1203cae7063047c0f57e7d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826286, "uuid": "5fad2820-5279-4fa3-bb27-98886a2f5a79", "value": "T107F423FCCA86810DE656D23EA5E06FC207BD19C871CF932755A39A1E01F9D12DB48C6B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826286, "uuid": "2ba5a5d8-fb44-4590-9d49-6e8d8f97b2ea", "value": "12288:WVnWxjJsqqChyie/E4HUVR8p0Zlz/EAFP5N8VEgyCM6vt2uvY4dIDdQXgRq:ayVyieHs5Pp52vyevydQXV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826286, "uuid": "3fd937d8-4c77-40a9-8cbc-7136319b5f46", "value": 732296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826286, "uuid": "1be8ccc7-8b97-4f79-a7c4-d9cf5dd8ac48", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826286, "uuid": "0daac3d1-f773-4e33-8813-d79f7cc48f7c", "value": "BS.BL8733822.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "340f03da-38af-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1691803563, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803563, "uuid": "1a57dabb-a45f-4d9f-a5e7-07b60ef7c64f", "comment": "Malware payload (NetSupport)", "value": "f12e4865211a5a01c34bf3e2d3f1be63", "object_relation": "md5", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803563, "uuid": "18707573-91ac-49d7-851d-68899f47f6b9", "comment": "Malware payload (NetSupport)", "value": "30da15d03861f7b938c42812dd999484c75911bca288401a28b6ec81b5be28f0", "object_relation": "sha256", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803563, "uuid": "c07384fb-86f4-414f-82eb-441319f845b4", "comment": "Malware payload (NetSupport)", "value": "40804728c6003d59369946573b9cd3d04a0911a2", "object_relation": "sha1", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803563, "uuid": "ec7fb25f-0fd2-45bf-a44c-5a26ad184024", "comment": "Malware payload (NetSupport)", "value": "933d94a29d5ca8287824e55a5b6e8e4aa28cee726c10fc0e0b782b2e86ab1386a6b9c1495e82062e8ed4afca8b64b2a2", "object_relation": "sha3-384", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803563, "uuid": "34872a0d-db7d-454c-a046-7c1797093ed7", "value": "T1DA163302952195DF91689C375EA77D1986C01F22A8C41F147CAE0F7642B8BEBEDC0FE9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803563, "uuid": "e5cc1863-d6c4-41a9-818e-1877bc08602d", "value": "98304:Lh9bubHRZyKtg8mN/qkIfJDZUZhh182K269ADJthIu8Esgqy:Lh0jDwNlwPG582kiGu8Esgqy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691803563, "uuid": "1ca7b8a6-4ac0-4a55-b7d1-eb6425b54554", "value": 4070814, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691803563, "uuid": "579e3acf-d199-472c-a79a-eeeef59eb875", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803563, "uuid": "fd2af4a4-486e-4c6d-93a4-1c664ac40bc1", "value": "FilanCorp.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97ca9a4c-38b0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691804160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804160, "uuid": "51f6a080-111f-42a3-adad-83aa07d39e28", "comment": "Malware payload (Amadey)", "value": "1f7bbd8a6acb441f90319e8637b22930", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804160, "uuid": "d13096bb-1107-49eb-b8f6-e4b42e04fb60", "comment": "Malware payload (Amadey)", "value": "3138a0cf41022ba5a36104bcfb9ba2b83bc98215dd4e216803f2f8c31916c3c6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804160, "uuid": "ad797aab-aecf-4a83-b057-c459b6635b60", "comment": "Malware payload (Amadey)", "value": "cb13272bb590b2e10c125b45b39220aac256f85f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804160, "uuid": "66b8736c-7ab5-4125-bf22-dd16f494c267", "comment": "Malware payload (Amadey)", "value": "bbc5249e1c40ad13927b916c8c30a70c71f2e061eee299bc3c9e083e7adc2701732978765b7cde4d40270d831b422352", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804160, "uuid": "d16b486f-7efa-4861-9b20-3e842bff1829", "value": "T143F412A3F7D99472D8B56B3015F60387073ABDB15C78836A3B48A94E4C73258E63173A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804160, "uuid": "f1a5c2be-43eb-4614-94d8-b857bf150190", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804160, "uuid": "6681d2ac-d9c0-4d05-b184-0f05bf20b81e", "value": "12288:KMr8y90dowM4yA+/nWF2jIUZJc8fsQmO2ZHW4VOwbmfQ1F3dhZuyi3atCL:iyLwMMmWFIJc8fsW2Z24XbmfEpdhZuyM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691804160, "uuid": "af835495-2781-4fd1-854d-3af69fb354ce", "value": 747008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691804160, "uuid": "5c2e0ea8-7169-4004-9326-c842fca50012", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804160, "uuid": "a75cc63f-f285-464e-8ce2-503a3bb900a1", "value": "3138a0cf41022ba5a36104bcfb9ba2b83bc98215dd4e2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a74306e-38f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691832780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832780, "uuid": "18c902ab-3b8c-4454-98c2-2b1e929c8708", "comment": "Malware payload", "value": "bff696bb76ea1db900c694a9b57a954b", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832780, "uuid": "55f5fd5b-54bd-499b-91c4-169edb86bc2c", "comment": "Malware payload", "value": "332afc80371187881ef9a6f80e5c244b44af746b20342b8722f7b56b61604953", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832780, "uuid": "174afcdf-7be8-4bb7-8b2b-249f5d69a884", "comment": "Malware payload", "value": "ca10c09416a16416e510406a323bb97b0b0703ef", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832780, "uuid": "93a5d473-7af0-4fa1-a87e-c1b60e948fe0", "comment": "Malware payload", "value": "a8e5011b094ca2e43321df02d7d499846620d850c951a3021edec7ad76b01a2520a59bdfb314fbee17c79a5f08ec6cdb", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832780, "uuid": "0c6f5dc0-9a9b-4287-90c9-f54e8cc6ce4a", "value": "T1EE7423B02D2C3D260B76502363F8C59D3DE97D3659AE0726B379D0E19A94FD4224F943", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832780, "uuid": "2d9e368c-765b-4d14-b9fb-d3f0f57ddf7d", "value": "6144:rlH1wh3kbzrALzYiR1TluF5vXxRER9VxDxb5I6ATsL84sL4QVhbIcb4s2Av74Y2j:rlH1w0z8zHnTlSB89/t9rATsL8mQPvbq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691832780, "uuid": "308dfcbf-ff1c-413d-aabd-dcd671e9f666", "value": 354474, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691832780, "uuid": "434a7cb2-d257-44f0-93ab-087148b19456", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832780, "uuid": "fa67b1b1-a54f-4657-ab43-1670b1ef1b59", "value": "license.dat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35b87658-38db-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691822464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822464, "uuid": "db0b0625-6857-44a2-a49e-5e9ccf457339", "comment": "Malware payload (RedLineStealer)", "value": "34270190ae089b2d558dc3c3ee4e42e6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822464, "uuid": "f033a156-c4ce-4fcd-b606-f54d4c6b229d", "comment": "Malware payload (RedLineStealer)", "value": "335e379d5bd7d6d0806496fb22e6ac26175cd18db545b9787aa103e600fbaf42", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822464, "uuid": "f1c4b8c1-90d1-46da-b22c-ff258f6a22f6", "comment": "Malware payload (RedLineStealer)", "value": "793483afee210ef0c6c725600c5d53bff7ebde5d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822464, "uuid": "24de2d10-9d34-4bc5-84b8-73575c73f69c", "comment": "Malware payload (RedLineStealer)", "value": "f5d615247aee773a3a8f8df4eee9057e6492049f21830f47e2998d2608433249ac92d34622b3892576010d5efc551191", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822464, "uuid": "5999ca11-2e1e-43e0-a03e-d570c08dbc0d", "value": "T1C5F42303EAD54033CEF627B464FA07830B36BD652838922F3699645D1CB3995F87276B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822464, "uuid": "c63d8bb4-4fe1-4442-bf77-ba990b97cfdd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822464, "uuid": "5065da0b-6b33-44cc-868c-840f02f1c8c4", "value": "12288:qMrLy90+m6uv4jFC3Xgf9GTdhwFK/pe7HiCKRIaXgp76LnycMgIMV5XCCOFqrVBm:9yX1aOCHgfMTdhwFgw7HZKGaoqywlOFh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691822464, "uuid": "63475ec1-3500-4b49-8aab-f4c72111b1b7", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691822464, "uuid": "589ee979-e41d-4744-ad6b-72010f192aa7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822464, "uuid": "9d8a67f0-008e-43e5-9dc3-adfbfe7b9343", "value": "335e379d5bd7d6d0806496fb22e6ac26175cd18db545b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e30920c-38b4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1691805835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691805835, "uuid": "13eb3c96-9c4a-4c50-9bef-36285fc91132", "comment": "Malware payload (Stealc)", "value": "7f84503a1a12b3edb0da052aad05e49c", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691805835, "uuid": "408a9dd6-dd83-4c6c-8892-88cd5a4c5250", "comment": "Malware payload (Stealc)", "value": "3454a03a003a23385521dae0e13fbe65211a9e9c590022dc906da7085ca71244", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691805835, "uuid": "cdb8f587-2eb4-4e96-be0e-38f63436d124", "comment": "Malware payload (Stealc)", "value": "15610b7896b980e913c07fa808ef89bf01853c32", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691805835, "uuid": "65810c2d-cdc9-4c59-896e-521f28d25f15", "comment": "Malware payload (Stealc)", "value": "9828961584e132e66656c926d8fac74cd1cbff82ad5a8a19608ed8c324b1940b494a6bb4ab755633a4be2f95903cf258", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691805835, "uuid": "0c441bd3-d4af-4663-bbcd-9f84c33a89cb", "value": "T10B44E11AA6D460BBC879837494E342A3D67078B45FA51BFF02D492BA1E133D5B136B0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691805835, "uuid": "54971c87-b823-447d-97be-9dde5121952f", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691805835, "uuid": "769168cd-6f04-4890-b754-33699157ba2f", "value": "6144:+ahOjMkHct6feKPM2kMGViJawMSD5GIMLzAD12k:+iypcmM2yfKDgpLzWb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691805835, "uuid": "6ab16296-f30f-4922-9c8c-67a1c1219305", "value": 256000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691805835, "uuid": "52919270-295a-47f6-8c2e-685411d3f6be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691805835, "uuid": "d05887a1-e138-4417-ae1e-1132e1447919", "value": "7f84503a1a12b3edb0da052aad05e49c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62de0719-3902-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691839290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839290, "uuid": "801d83a4-9345-4163-9c45-283f68e8eacf", "comment": "Malware payload (Amadey)", "value": "0605d11fc6100b1baec3c995cadd8725", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839290, "uuid": "0d67bbf3-ba32-444f-9e45-37a7806e101a", "comment": "Malware payload (Amadey)", "value": "34ae0fb3c76d1051dc2d70733e3d317ec1a995b318060d05a26571e207e5c1d2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839290, "uuid": "1b1e8542-b14a-4971-b4ce-a0ea6013abbe", "comment": "Malware payload (Amadey)", "value": "76c8be8ab96540e724fb41069aa7baef1ef2a242", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839290, "uuid": "5c398109-8b5a-46ab-807d-aef21ade0244", "comment": "Malware payload (Amadey)", "value": "93dc3675adf90efaa7276e7846747831d43f1e836023f3a78ac7f9fd26b0a697eabe2d205a41c01cca6c46083d7c472a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839290, "uuid": "8cc29458-a9f3-46a3-beed-215ea2e4afa3", "value": "T193F41243F6E9C433DEF42B7068FB47931A35BC91883887272355689B0C735A9A936727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839290, "uuid": "ca3b3822-d99f-420a-808b-79c4c4d22f0b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839290, "uuid": "060ac11b-5e6f-4bcc-8615-17751b67b282", "value": "12288:WMrSy903izi8AHgJRz0mBjTLPmdcKVre7B/xKRXtXtp7Xf2usGTt5tsSo:wyGiznPbz0mBTPmdceC7BpKhtPvQw7sD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691839290, "uuid": "e01108a2-676e-4b93-a919-1b75cf132786", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691839290, "uuid": "4cd4d990-3454-4671-af1b-74f481e126f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839290, "uuid": "8b8a5ddc-286b-4c56-815e-e410494b215c", "value": "0605d11fc6100b1baec3c995cadd8725.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2013c29d-38fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691837460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837460, "uuid": "fc5d79f8-e881-4b82-a8c1-b7ccb742a7a7", "comment": "Malware payload (RedLineStealer)", "value": "b00ac3364873c4a523f15fa75cf64c0c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837460, "uuid": "ed1fb9af-4465-4524-9c38-fca84b427878", "comment": "Malware payload (RedLineStealer)", "value": "35aca5b4562ea2e81a84ef82cdbfdbd56feb701b5e9521bf3b7b029241b1bfd8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837460, "uuid": "ef79e77b-bfc8-4dab-a02e-132fe0ebb738", "comment": "Malware payload (RedLineStealer)", "value": "ac13ea8fae6f10e1b58a17a889c398644c4dd675", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837460, "uuid": "01e8dc85-fef8-42a6-bae3-ae8554e1e185", "comment": "Malware payload (RedLineStealer)", "value": "d532519be0ffcf22ce724bb7a3f769b12b9756015b5647b64f088d40c97af17fcd81dda243aa3d212ce4a1b7aad9b6e5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837460, "uuid": "80d5836b-5d18-4332-80b4-9d8038e1bd89", "value": "T16B74F1217682C872C94F01758932CB919F7F74316679C58B77290BAE9E703E1DAE730A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837460, "uuid": "c47eb635-efa4-4500-a680-81a79121f81d", "value": "57c957ecde7ffcaeaa065ed04df47092", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837460, "uuid": "4c8411e1-9759-45c2-b463-32ad203c1888", "value": "6144:I0QQhLD+JWRIbvFQICivjhWLAtiRS6jBLb:IJyeJWRIbaI1hWLBDV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691837460, "uuid": "5470a550-ee2f-42d1-b82f-9f901289e241", "value": 343552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691837460, "uuid": "e3b35e86-cb9c-4f27-8252-0228786d5efa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837460, "uuid": "7785af32-290b-4402-8a60-1a85a0bd1dad", "value": "b00ac3364873c4a523f15fa75cf64c0c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b92f9f2-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826312, "uuid": "f91ce26c-bbb9-4625-8b9f-c6d64c92717c", "comment": "Malware payload (AgentTesla)", "value": "a6e19ca134a684f34e75fe81e5e25828", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826312, "uuid": "994506f3-afe7-4745-85a3-1f56839928a6", "comment": "Malware payload (AgentTesla)", "value": "370cb3be5f83b5963dfcea120fbd93e52933d1d43c6d8c771a406da165b06ae8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826312, "uuid": "a8ee964f-e46a-4c19-bcb5-a39bb5011a6f", "comment": "Malware payload (AgentTesla)", "value": "2aaa273bf4e72ae34b4abddf88dec767291216d9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826312, "uuid": "20261bca-8c77-404c-8869-b4223e49ca99", "comment": "Malware payload (AgentTesla)", "value": "dcf66aef996823775d63e603cfe7634a62f31b422ff0b0d0aa156588561a7100739363316faad695edbf859971d74fe8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826312, "uuid": "b51dcc0f-0777-4852-90a9-68aa3461cafa", "value": "T179F433E042BB2898F9563133F5A41C550EB7B599B86BF23D4E1CFDC86B331704AE8964", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826312, "uuid": "08681927-f2a7-4249-a719-374448945eef", "value": "12288:R25nWDu73VKezuKZEDHI0X6d6bu1Mkfgau/STaB582vDu9+SnASFosNsHLOrX:IbnzuKZEDoi64bcQqb79+1SFosNwA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826312, "uuid": "6b35538e-4bd2-41df-8d1f-ab61f8a8d817", "value": 760956, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826312, "uuid": "ac03d1d1-63f6-482c-82fd-d022e64dff81", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826312, "uuid": "a9a8dd2d-7261-402d-8045-5d21b4f95cc6", "value": "DAMAGED GOODS.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ce440ca-3964-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691881344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881344, "uuid": "553342cc-24bc-4a08-8aeb-a88d269f3ae3", "comment": "Malware payload", "value": "35b46a6a35ef18e2a7e8a545e6e6e0db", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881344, "uuid": "cd506655-7266-4121-997b-cd290d04e168", "comment": "Malware payload", "value": "382216aae0e70ca4f89b4868de911398c6e75743bc9538d08ff05a67568b55de", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881344, "uuid": "9c08bc33-dc8f-4e78-b5d3-5d91a6d9c541", "comment": "Malware payload", "value": "53984b0ad7400b0ab672e2a1f2daf97b1b3810be", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881344, "uuid": "d8b3aabe-d31a-494c-a0f7-b01efcb788f3", "comment": "Malware payload", "value": "8af326e2ee5df67d41a42008831e70a5735c1a2daf68491a00a4e28205a377249a7a2f843db79adfaf2547cedf96e466", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881344, "uuid": "1141bbdb-30b7-42b3-b1a7-caba4d832bd9", "value": "T18E418032163281589DB28C5D237EEBBC57F7C45437E4DB5EA39808986C01A7E8A3CC56", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881344, "uuid": "38ef75ab-8efd-4d8c-acb2-8bbb9433c49b", "value": "48:lwSIiXWu5gw/TAqgq2krMI0j0F5U0qSMIn75EYjq5IVakWqSItakb:KLC7/JzfMImCmnSMIn7KYW5IVakxSItB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691881344, "uuid": "70f51d7c-3ce8-4d71-964a-2347abac768d", "value": 2175, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691881344, "uuid": "d29f1d98-adc2-4cc4-a5fa-1f0da47a9cf9", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881344, "uuid": "8afdf193-f401-4e43-9bde-00e2c00aaaf6", "value": "imagine-produs-103c3g45d4e2d22c19d3f47611e2e.BAT", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31ded610-38af-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1691803560, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803560, "uuid": "19425acd-9858-48c0-ae63-dcd29c6e8038", "comment": "Malware payload (NetSupport)", "value": "27754575ecac19f9d1cfd2abb47dcfb3", "object_relation": "md5", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803560, "uuid": "a1b4eab0-f297-4b62-b29b-ddaf3af76fc3", "comment": "Malware payload (NetSupport)", "value": "388bd89487100b4c081ed410355b4e78ff2ec7b49786f7ab7fb4b80c911227d1", "object_relation": "sha256", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803560, "uuid": "2efdcb82-c2fe-4535-9791-b991bbceb899", "comment": "Malware payload (NetSupport)", "value": "09bd501a8848864fa2703d266b59ac3029b32522", "object_relation": "sha1", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803560, "uuid": "a54b68c0-36ed-4a7b-9172-2a20eec55f91", "comment": "Malware payload (NetSupport)", "value": "9cd0668ec0695a5debb51826ea5433b969a254124fe485e694c1d3ac846e7a415243a3c990e6480dd165a560e4eb6d4a", "object_relation": "sha3-384", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803560, "uuid": "0f138d73-9ee0-4695-842c-adf8ef7bc58a", "value": "T1A245CB3839797C2443EBDA1334F14B961CE9564FD1703A3B199AD8239A352C265B22FF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803560, "uuid": "b1483f79-3692-44be-bc84-cf90b5987253", "value": "3072:9JGTBCYbNM2Z1a+OENeREHUukydh/NcMJUPi:9JGTBrbNDba+Ov2Ui3/yYCi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691803560, "uuid": "334439e9-6903-4f99-9508-a3e476629af9", "value": 1253349, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691803560, "uuid": "f20ac9a8-3fa7-452c-862d-1046042e6f26", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803560, "uuid": "889ec5c3-40d8-4619-b169-0d8befcd4be4", "value": "asdqwe.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1add18b-38f7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691834778, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834778, "uuid": "f48363b3-7785-481a-ae37-85d2ca276ed3", "comment": "Malware payload (Amadey)", "value": "f172c0d1e3d3f04ded1320a6c78d0040", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834778, "uuid": "ee063989-0909-4d21-a2d5-b40f4eb0fb09", "comment": "Malware payload (Amadey)", "value": "39efbda4e43054f1240d3d4888cb13f83be9331bbfe6c351078ec02cb65ec14e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834778, "uuid": "1bf080cb-a2fe-47ea-9942-a4442ade7219", "comment": "Malware payload (Amadey)", "value": "96771aaadcd947862e7869f146620060fe0f22c3", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834778, "uuid": "96d611bc-697a-4a91-82c2-c946e295c411", "comment": "Malware payload (Amadey)", "value": "80b70d024d16640a3e960e33aee1be26234e337b414e44d8895ca6104aaeaf30d9090b66fad711f18aa77509ac44edb8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834778, "uuid": "a36e7d51-1df2-464f-93ae-f158ea84a508", "value": "T1226439417952C072D960A1721AB5BFF2C59D68249BB049DB7BC00F76DB212E77A30F3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834778, "uuid": "fc4a5ece-038a-4607-914d-0921f7b3f3c9", "value": "44e769941d2c6ad88bf42ac4adb36135", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834778, "uuid": "309b0efa-bdb1-4585-a192-b9411996df12", "value": "6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691834778, "uuid": "112fefd1-2d53-4da6-9adb-1f4b2660f97d", "value": 321595, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691834778, "uuid": "eaec8cdf-74ca-4dc1-bb97-b4d2aadeb7fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834778, "uuid": "6d7867e2-b3ce-4ad3-90b4-69e6853ee07c", "value": "f172c0d1e3d3f04ded1320a6c78d0040.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "303d8f75-38af-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691803557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803557, "uuid": "33b034e6-950f-4403-be73-892306f6e75f", "comment": "Malware payload (RedLineStealer)", "value": "041dba06082c6e7c670678a65e3524bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803557, "uuid": "c27b3dd3-27dc-4305-b4b0-b82d097f00dd", "comment": "Malware payload (RedLineStealer)", "value": "3a8f3572755a0c7a69bb6de0c9c0567487d55f4e9709efdb697cae074995349f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803557, "uuid": "d63bb2a4-42f8-4d3f-a2e9-f0311dec3799", "comment": "Malware payload (RedLineStealer)", "value": "c3447491d75f8d2d10c3987fe11f6d8cec8c52b7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803557, "uuid": "13d0e831-6b94-4d0b-a076-2de473d6e5d4", "comment": "Malware payload (RedLineStealer)", "value": "53d393d5363a7b77bdd3df2c53a61a0bdaf73d7271ce9733a93f66130e9f39e273b43ce9c28faa1e6a480433036c2ae8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803557, "uuid": "81fa94dc-15f9-4a00-9cc9-72dc8a250765", "value": "T180D41243B7D88432D8F627B19CF303931F32BCA15CB487AAA3856D5A5873A90D57533A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803557, "uuid": "e80f8e04-114d-4250-bbdb-fc30747b71af", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803557, "uuid": "413e94df-b1cd-4ccb-8f52-af2eb0faed9d", "value": "12288:LMrby90W8H7PQ3WndybSsazWwALLTTq+kFkSb6xab6NpV+3ZxYP:0yx8Hma8gzeLBkFzmab6NnzP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691803557, "uuid": "eed3436a-a6f4-4155-b1b1-6ff3abfc4e3f", "value": 612864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691803557, "uuid": "ca86177e-c009-41fb-b93c-2b7ed5603f67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803557, "uuid": "a5968205-dde9-42be-add6-8f670f29e4d0", "value": "041dba06082c6e7c670678a65e3524bd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9eda6bb-3907-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691841611, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691841611, "uuid": "1346fee2-d92e-40e9-b7aa-965cb3ae579a", "comment": "Malware payload (RedLineStealer)", "value": "36607a4cbdf71de0773c26a4b083b461", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691841611, "uuid": "39794696-7b62-41ef-9437-43eaec8deaf8", "comment": "Malware payload (RedLineStealer)", "value": "3cb7602998efd8e8243e1d3890c1d65adb3c335aab4a9c4a2f43c33df5349712", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691841611, "uuid": "63454699-f157-45a5-a972-0bb677314393", "comment": "Malware payload (RedLineStealer)", "value": "1419cc573e83cb62bd7b055a2f9851728c18b7f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691841611, "uuid": "2df01b1f-d718-4ef1-8e9f-7236487d7dd4", "comment": "Malware payload (RedLineStealer)", "value": "0c34bdb6f4006f078541cda23f7e54e302859d6e614a1c61871554d953b83bcfce919242435df01beeded66a2bea6316", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691841611, "uuid": "51594fd3-5a47-4cff-a2ff-2d30f1d8c0fb", "value": "T1FC64F1223A92D0F2E45B45314422EFB46AFFB4365574898B37D40BAE9E303D19B3B319", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691841611, "uuid": "92f6bb01-bbd1-45c3-b51c-992b3a6d9d66", "value": "f14eb02bc6e4e96d4b116ed67da9e223", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691841611, "uuid": "df3304ff-1423-4a9c-b2d1-df5d4413ef63", "value": "6144:1E4KLu0BUC++sBFGr/8/6aS9LomOZVpPN:GhC0BUyfr/8/69HOZ1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691841611, "uuid": "0e572d71-f22c-4abf-b0d2-6055e125371d", "value": 328192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691841611, "uuid": "0aca1c01-86c2-42aa-8b67-1d464b085655", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691841611, "uuid": "4c23232f-d41d-4903-b43e-28e12090b37b", "value": "36607a4cbdf71de0773c26a4b083b461.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3d045b2-38ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691829977, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829977, "uuid": "ee0ac910-3d65-4e77-83ee-72394192eda5", "comment": "Malware payload (RedLineStealer)", "value": "e7ea2735662e9869f57f8b8cbb0f89bc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829977, "uuid": "ea79c381-40fa-4769-857e-3e794024561e", "comment": "Malware payload (RedLineStealer)", "value": "41e1a2453123d4bdfb252ecb699cc1624b43de4edbe6cf81b5359357ba85c024", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829977, "uuid": "16f05920-f4ec-4fb0-8b4f-461e183595ac", "comment": "Malware payload (RedLineStealer)", "value": "8fcf373e32892afde47b5106eb3cee0916492087", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829977, "uuid": "00e53da7-fbb6-4e0d-8173-65987d4fd88a", "comment": "Malware payload (RedLineStealer)", "value": "df5b67bbfacc618b7ab592fb74426413da50224c54337191d1a6c2752036a923ae215ae2bb1221dc32a08f79b9be7a79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829977, "uuid": "4b7f359c-a13c-467c-8b69-efe9c9d36857", "value": "T1E944D0227692C0B2C55B00745C24DFA06FBF787257758A9B37680BFE5E302D19BB634A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829977, "uuid": "b710e70d-2145-4cb0-9cc5-ac0554a54c24", "value": "57c957ecde7ffcaeaa065ed04df47092", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829977, "uuid": "df99aa71-aa73-442c-a2a1-9c3d7b096fcd", "value": "3072:s9X03Rf9LeX8G5SPJ6eGYJnCrFTXDvdvO86i2gh8RKZC5:M0F9LiSPJJbcrJXDdO85ZA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691829977, "uuid": "8b17380c-4467-49cd-99ec-a63e572de36e", "value": 261120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691829977, "uuid": "439cdf97-dc16-4321-81fe-94e0bd0e40bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829977, "uuid": "5dbc8c88-b1c5-41bd-8dab-6e6acd8045c7", "value": "e7ea2735662e9869f57f8b8cbb0f89bc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f7c9aee-3925-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Gafgyt)", "timestamp": 1691854290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691854290, "uuid": "cde7632a-db4c-4419-bbc2-bb57c07030f4", "comment": "Malware payload (Gafgyt)", "value": "e84da301e4169cdc15ee63b5bdc961c9", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691854290, "uuid": "cc434782-d2df-48a3-8674-c6913c98b4a0", "comment": "Malware payload (Gafgyt)", "value": "420c09a0df1fed55c7f58f4b2197f4a6a5fa6fd816d85ed1a76d9109f1cd28bd", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691854290, "uuid": "0dc6c572-2e4f-4615-90fe-6c91ec6ab67b", "comment": "Malware payload (Gafgyt)", "value": "c0dfba1819f01b045b0d309049faa89d2ca8dbf1", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691854290, "uuid": "6413b633-2572-4e11-9c51-4dc14b99993c", "comment": "Malware payload (Gafgyt)", "value": "eed0a7528ec56bcb35c06db6f40e435f50cb61f3c8c10ae143c1383aeecf2da7e7d11e5c149419636d07a3f4138ff705", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691854290, "uuid": "8e89e257-cf5f-44d4-a71f-c878b01af465", "value": "T1C5C3492776D1CAFAC48766F52AEB95519823F8BE0B32310773D47CB42F0D8E51E69A40", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691854290, "uuid": "237dbbf9-b83f-49d0-906c-b0346e499a4e", "value": "3072:NewF9wZCrMiZKRPdg1uYOU9YAbipha1Fj9d/fkj0R5e2mEJe6/:9wsr3M1OnOUyjpha1Fj9ej0R5e2mEJem", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691854290, "uuid": "9f8356d7-3000-426b-a083-75861ef180e2", "value": 119814, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691854290, "uuid": "6d467a71-f80b-4b70-b422-45478011f87b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691854290, "uuid": "51149626-d0b1-459e-938e-a1e33df868e9", "value": "e84da301e4169cdc15ee63b5bdc961c9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27cd26b7-38e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691825877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825877, "uuid": "b5cee60d-659a-4aeb-9593-fdb40caee975", "comment": "Malware payload", "value": "3051980583bab4d26cc69b575c5f587c", "object_relation": "md5", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825877, "uuid": "865b1f27-8c0d-4276-ad00-0f70e9877da0", "comment": "Malware payload", "value": "426a569677f4e4bfc4b36d5446fe8e415cfcc75ca7343844a56ed5dbf2dfae2c", "object_relation": "sha256", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825877, "uuid": "135b28d6-3523-42bd-a522-48c2762af084", "comment": "Malware payload", "value": "4e8e57af26f25956d56b7aef800f2783d4d7e26d", "object_relation": "sha1", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825877, "uuid": "a29a32f6-b1bc-4a43-afb1-b4d741f0d014", "comment": "Malware payload", "value": "ee52616906b8a6d868749a37ea0ca46462652d85d4d81502325cf7e79bd0ef464c0f9d45dbb2a0ec7c7309c15be8f1aa", "object_relation": "sha3-384", "Tag": [ { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825877, "uuid": "aacdb0ef-d96c-40e3-be40-5c962b6b9839", "value": "T19355F103E900DBC3D41D83F87E530EE90F0A6F19E99569DB14663F9B3B70A72099A52D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825877, "uuid": "91a8c759-7cf9-4c9c-8911-e51b5fb48c88", "value": "24576:8aZy0w6VgjKaWlEzp7a7Zydw6VhjKaWlEzp7acrdq33bbQoYIh5cPnwcx:8E86VgjKjOzCJ6VhjKjOzFdMb/YPPnj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825877, "uuid": "c7e884e7-c08c-45f3-bcdd-52b1986b0a21", "value": 1330176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825877, "uuid": "4ea60a04-7542-405c-b1a4-11648e55a0e2", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825877, "uuid": "906badd9-a933-4f81-9977-a12dcb24c904", "value": "Draft Purchase Order.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e447c92-38ea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691829082, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829082, "uuid": "6fe55053-7a09-471c-bc11-548bb951b704", "comment": "Malware payload (RemcosRAT)", "value": "71f5c9fd9164173cb2bcbff0b14087ba", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829082, "uuid": "27dcf453-df25-4ecd-b836-50a6ede6bf83", "comment": "Malware payload (RemcosRAT)", "value": "43d2a1081b1fba2cee356ff5e0981d2f09900ef1b0b5f487ca0b3e96c8d11c28", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829082, "uuid": "9b6dc164-7f49-42a9-b9fd-9bbd8ebf9df9", "comment": "Malware payload (RemcosRAT)", "value": "d9073afa5b88ef43b1f2a9a04e8d81986cb3217f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691829082, "uuid": "87db92d8-185b-492a-97b1-eca2327ec468", "comment": "Malware payload (RemcosRAT)", "value": "01878c3a503fef50a5b22b7a583311ae7a18aa09667c00644cfedf40e1e667cb5e286463b0fd04ae5e1b9b13831222ce", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829082, "uuid": "3fbc64b9-50d0-4389-a475-7e68061489a9", "value": "T1E5250200FAB9DDB3C554837B835073196E7F0E50C59AF9DA194AB8661DB7E0106C3EA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829082, "uuid": "d3cb8e92-5db9-4a4b-96c5-4f630efc1dc6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829082, "uuid": "e06e2235-09fd-4fcf-ad84-815051bffa01", "value": "24576:WHcoxqeWYErD7cECRjc7cTUWUc4I/Hoa:W1cecRCRjc4QWeI/Hj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691829082, "uuid": "d3d4e989-e9a3-44fa-a170-8b4a7a36d4fc", "value": 986624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691829082, "uuid": "2d02b871-3f81-46fb-bb28-6147b1d07c61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691829082, "uuid": "5e52da6a-02b2-46d4-9402-7ec0cda6efb1", "value": "71f5c9fd9164173cb2bcbff0b14087ba", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aff5d9b6-38c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691814938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814938, "uuid": "00f00b64-a3ce-478c-88d8-1548157e4135", "comment": "Malware payload", "value": "d60926cbe4de77584ee8e5f7b8268909", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814938, "uuid": "c833b372-c535-4693-b7fa-c0b51f0b0942", "comment": "Malware payload", "value": "4412a658ff8b5e5c1048703b9307e62e7565834d1eaa5e0ad8db96ee72f9b162", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814938, "uuid": "787e933d-5a6f-41fa-af44-e5f3a8d07618", "comment": "Malware payload", "value": "04bb41d8317fc1af66ddaf8bbb92d1538d867199", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814938, "uuid": "f6e14f6c-243d-40a9-81cd-6631fb54151a", "comment": "Malware payload", "value": "8a83f619524b0effd1b0db5cde27f409c0b0c680a36af73ba125aa40aff1ee96770871dccca7eefb2264b4b85ee9c099", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814938, "uuid": "5be0fc80-4b07-439c-a52e-23d0da4e5485", "value": "T144C42316B6A48D48CBF543FF58E9C181067AB1A3AC8BDF890524B27E4CC66432577FD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814938, "uuid": "467ecee6-dae6-4a3a-b24b-2de419e4edc4", "value": "12288:vzXh8T/hsTtr7oXpGtDPZr2+QNhw94bQ/B+keFOHg:vzuy44DPZrnshS4bQ/BJeFR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691814938, "uuid": "2475f9b8-d3c0-47a6-97ee-1667b8e3f306", "value": 589312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691814938, "uuid": "4bc7d0ab-cd80-42d4-8b99-7d5466b9fd83", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814938, "uuid": "9e46019f-9888-4bcb-8920-6e9532d5369d", "value": "d60926cbe4de77584ee8e5f7b8268909", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9efd23f-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691825719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825719, "uuid": "8baa8839-fdcc-4035-bac8-166e4bc6b76d", "comment": "Malware payload (RemcosRAT)", "value": "7f0e05e93d2d19dcd40f3f3ad0a82103", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825719, "uuid": "d9382e2d-ee4a-40a6-bd60-a758872d77ac", "comment": "Malware payload (RemcosRAT)", "value": "455b4cd97ab95cd380baa5060f7cc787f917ddf1d03c873519b2394db4fe0302", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825719, "uuid": "2605028a-e0ab-47c0-8690-cd1e7d3cc6d6", "comment": "Malware payload (RemcosRAT)", "value": "6d3e0f21c3faa5522bd944bdfd59a4bbf49c99d8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825719, "uuid": "06db293f-25fa-463f-af2f-3e576b87661c", "comment": "Malware payload (RemcosRAT)", "value": "ab3e5f1c4fe04775a1279c0a4cba96a3b3b373818e2375e9028c5c262338941a8a72ab4da9ce46c7b87b511fe033e651", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "TNT", "colour": "#1DC8B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825719, "uuid": "e119708b-d106-4640-b4ee-0633992f5cf7", "value": "T1A525E060EE79CE82E58F4B78008FD74E92725C853627C53A5AAA50C6C0977C206DF79F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825719, "uuid": "5fb272bc-57d9-4350-8290-db86a9eb2607", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825719, "uuid": "b5e45be3-cb9f-45a4-bbf1-83a4a700ee6e", "value": "24576:KrcNussDa0k9xFtH/XUAYdk6yCXGfRwF44cOExxffhVcVTj:KraZ91vUvkPzPOExP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825719, "uuid": "f46a3700-6608-44b1-b0ce-4266c5313039", "value": 1009152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825719, "uuid": "78bf8460-8914-43e9-be04-b176cbcc0260", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825719, "uuid": "74fee33a-6386-4c03-8f68-b6c3fe3d993a", "value": "TNT Original Invoice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcc3e3f9-38c4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691812866, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691812866, "uuid": "434e2216-414d-4b62-adc5-1e96f757f14a", "comment": "Malware payload (RedLineStealer)", "value": "3cb6c48c9753daf44802749e9db5dff3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691812866, "uuid": "0dae6cc0-a9e1-4229-b916-11917ea588fa", "comment": "Malware payload (RedLineStealer)", "value": "458ff3bcabfb3f6cfa0e14d31512ddbe97665bd893c3d3c15a2f2466a6d85407", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691812866, "uuid": "ff222ed5-04a3-495a-b680-018336e1e82e", "comment": "Malware payload (RedLineStealer)", "value": "f255db9909a45bcc616fa3d47cadefd72dbe689a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691812866, "uuid": "c579e584-9930-4194-bea3-cfc49e9ec071", "comment": "Malware payload (RedLineStealer)", "value": "deba71414cbc0c97d34ea26fb5091db347a78bece154e6ba75e82d4dbe5bda6d8741a56176df39e309741ea6dafde263", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691812866, "uuid": "a9680d1d-e382-4db9-991c-9c7915a50357", "value": "T1FCF41243ABE88473D9B12770A9F213931B39BC714D34E63B2781E9974C72585E87273A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691812866, "uuid": "bd5f1b13-65cf-41fc-b18a-205a1bd4e334", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691812866, "uuid": "c36096cc-7e87-4ef1-b376-9c8b4f118edc", "value": "12288:7MrXy90Ew4a9dwJjhmZHU5MX/dUABxC5kymKhU+Jrnp3ZchS2ib9IkLIu4jstB2C:EymwJjY05SdVy5kuh/JrnFqxoIu4BC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691812866, "uuid": "5251c4af-5489-4c91-9b8a-0324bf7a7bbc", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691812866, "uuid": "94d39a78-8d37-4a9a-9859-ce4d08b4c04c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691812866, "uuid": "1981193e-a3e4-4b52-8b8e-25a9959efba8", "value": "458ff3bcabfb3f6cfa0e14d31512ddbe97665bd893c3d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bff4a9c-38a9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691801161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691801161, "uuid": "34df699b-9402-40db-b803-42d981a266c8", "comment": "Malware payload (RedLineStealer)", "value": "b2e07d481261ba1eab2057bb0ba76039", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691801161, "uuid": "3687dd4f-e073-4f84-8810-759433036d41", "comment": "Malware payload (RedLineStealer)", "value": "46ee904d8039794ac5164193eeeb3323beb68f7427cf178785862887f86d736b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691801161, "uuid": "bf3d9f73-36de-4022-8f2c-93e520cb6082", "comment": "Malware payload (RedLineStealer)", "value": "a945485dacdfefb2174866a6af9563bebfeeea29", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691801161, "uuid": "e11deb76-aa10-4c53-84d1-d3b1d7db0935", "comment": "Malware payload (RedLineStealer)", "value": "5fdf96584c53eada94cf7f14ba73c26e11e03fc95410fa76f20efe1b160a4fb6e311ec0cc1d2a0d651a37a3a11009ef1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691801161, "uuid": "aa87c138-5836-4fef-ade1-993b5a22f2bd", "value": "T1F2D41206FAE84076EEB4177128FB13830B36BCA159748B2B16C66C1A1C73695E83577F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691801161, "uuid": "18181ffc-3bcb-4cc2-8327-017389d67290", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691801161, "uuid": "21988fcf-b0a2-4fd9-90fb-4f1581553997", "value": "12288:vMr6y90El9GJ2wEgBVZ39LVe7R8Kw/e7+syKR3EXAp7TUnRXST9OBcqmFBtQ:JyOMwE4Z39CCDG7+ZKFEIwUT9jtQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691801161, "uuid": "ef20b6d9-9e61-429e-ac53-3f5a0aacddfa", "value": 612352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691801161, "uuid": "4a8ab909-f82d-4831-871b-303f79f4cd4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691801161, "uuid": "e6c4ba94-e358-4121-b811-52e55d1d58d2", "value": "b2e07d481261ba1eab2057bb0ba76039.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25e5171d-3933-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691860233, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860233, "uuid": "fdf68f02-be80-473c-b741-c6334f4e3aa2", "comment": "Malware payload", "value": "1e228375cfc233c9b0e7006feb5057f1", "object_relation": "md5", "Tag": [ { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860233, "uuid": "fa2c5d24-7732-42eb-9a89-c624a87b778a", "comment": "Malware payload", "value": "4817a61bd4ded918158f8ef5888d0b4750955e3acf1a5cfc4246635210afea70", "object_relation": "sha256", "Tag": [ { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860233, "uuid": "3f07563c-a164-4461-9078-89c4b7b85c33", "comment": "Malware payload", "value": "2ed2489601982e8fea67eeb061930ab2f6f62f2e", "object_relation": "sha1", "Tag": [ { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860233, "uuid": "9a545430-56a4-411e-b22e-e3dad080970d", "comment": "Malware payload", "value": "dda6da97d65783a538157ff00b1a25504114a78bbe7ad5a19b152dd3f0814d8c5015ac14f74637cb3c5da69d2d0317b4", "object_relation": "sha3-384", "Tag": [ { "name": "hagga", "colour": "#856BEC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860233, "uuid": "8711f469-90b5-458a-8ad4-901621fe6b54", "value": "T15FB2D279F7E3C304CB2789BC547C3E7763A891C1A1D6196F108B4D192A69FB0A11B17D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860233, "uuid": "edacf6d5-8ceb-4e19-96c3-e9e5a9685c60", "value": "384:BmwfwIiNqIBeQ0PBD6L+fAVaaki5wUEcJ4:Bf4Ii3eQ0P0LDp5wU5K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691860233, "uuid": "2b8d2856-5577-436a-bfd9-5a610c88963c", "value": 23922, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691860233, "uuid": "231593d6-deac-46f3-99e8-745df0dbcbff", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860233, "uuid": "5c461294-4674-4cdf-b6da-d198db883ade", "value": "Invoice-1636476797.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e3da226-38e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826720, "uuid": "782e72cd-7f2e-466b-92f2-65d4ab8e5c82", "comment": "Malware payload (AgentTesla)", "value": "2edf11cecdac96a7aa80057fd7f4c50a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826720, "uuid": "25692679-f60e-4127-afd3-0069ece344f0", "comment": "Malware payload (AgentTesla)", "value": "485aae62c781a3fc7ba88530b9ce5f78c6d4dbb1bffd9a03f298e08fb60de48c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826720, "uuid": "8efc42aa-62af-4190-a068-2c6af698e832", "comment": "Malware payload (AgentTesla)", "value": "8db4557b0f4a5682370299102cd64d392db6c704", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826720, "uuid": "87453a9c-e7c9-4c79-95a3-4f5ba7e13756", "comment": "Malware payload (AgentTesla)", "value": "59d34e6bc990d258e67d738e6c7726ce84a0d55989268df5bf535d64b1fc388c4d4d19f3d28f9f719d4963b8f6c08ff7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826720, "uuid": "66231948-204a-4e6d-ae91-322b09a1b0bc", "value": "T19494C55F7638A532CD44CA7814E69E11C6E7EE6D27E1A60A10C8B6AC1B323FD4F135C2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826720, "uuid": "e2e86c67-e522-498c-afad-56a0e9a93ebe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826720, "uuid": "fcedeb8f-54df-42f7-8aa3-bb3f9c503711", "value": "1536:emBLSwMXgi2nK0aLntTtMowx3k9tG8qWMm/GyRjkQ7qPpqOLy0uyL+fyET64:emBLqLtTWl+4NOYuytET64", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826720, "uuid": "7ac4c0e2-e721-4f8f-8f7d-3c4465441efa", "value": 412944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826720, "uuid": "89ac73b4-82e6-41dc-bafa-2206ca436783", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826720, "uuid": "f073476b-4575-4645-b531-b3cf6490bfb5", "value": "Oonup.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e792c12f-38a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691800858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691800858, "uuid": "4bbc0844-d63d-42db-bdf8-1d64bd538a45", "comment": "Malware payload (Amadey)", "value": "db5848eecbaaead2063028fb8d019fa3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691800858, "uuid": "81cb53ca-66ba-4055-9bb6-1321449fc71e", "comment": "Malware payload (Amadey)", "value": "491c3bf4d9b0fbd023ad2b1b44a1416cf9371b1506be7d9246cda1ffbe150847", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691800858, "uuid": "2636c787-eb3d-45cb-a594-3be38f5d39d8", "comment": "Malware payload (Amadey)", "value": "62de1cfba308cd22b521d2c6d423bfb3c7473558", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691800858, "uuid": "3bc1baa3-4847-4718-bd08-91bc395a32df", "comment": "Malware payload (Amadey)", "value": "b1168c53fa8c833b6189591c65a1121a6d826c91ac39e1428b78a09281139c871d6530dc82d6736124a2c2512e22d7ad", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691800858, "uuid": "6a099c0c-6549-4382-99c8-18d32cac569f", "value": "T1D4D41212EBE94472DDB1273068FB03831B367C619C7497AB2B80A99E1D73518E93173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691800858, "uuid": "bb1085a5-5d58-450d-8907-f348c5141a25", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691800858, "uuid": "be80f2cd-0c68-4d11-b4ff-b9642d2c7dce", "value": "12288:LMrky9074poBDVhTdrIyRDGjuaiKxJDFrpwHzWooxGie:fyal1rI2DAuaiaxkHaofR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691800858, "uuid": "41cae3e4-0fcf-4d4b-9f00-f28c0668a943", "value": 612864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691800858, "uuid": "6449734a-438a-4309-ad5e-9eabbe8a0e11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691800858, "uuid": "ef603ead-eb10-48f5-80c9-e8ba93bc1766", "value": "491c3bf4d9b0fbd023ad2b1b44a1416cf9371b1506be7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "932f237c-38f8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691835076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691835076, "uuid": "b8063e0a-560d-4817-b6f0-7be0a5cc23de", "comment": "Malware payload (Amadey)", "value": "eddea820625678c663c8733c2e880aa7", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691835076, "uuid": "7d6f7340-9793-4400-a8ec-cf6aadcaa99b", "comment": "Malware payload (Amadey)", "value": "49b037d37d3d74acd7c6ad472d4cfc3f6e4c55cb3a83e11f87b660f2d05b58d6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691835076, "uuid": "8e0f5c56-7f85-4740-abb9-1d50e35e913c", "comment": "Malware payload (Amadey)", "value": "6d5a8292bbd432eb7ad0ef01ca6a6746d88fd642", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691835076, "uuid": "eb12615f-2d81-4113-9d63-075743076854", "comment": "Malware payload (Amadey)", "value": "1c175523f489646214f26e5629c90ea60e32ca42872ddecb6d646117065d36c45914daee17a14bae118a9c8c044caa06", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691835076, "uuid": "d27d5b0c-d4fb-473f-92cd-61e2c02830c5", "value": "T1D7F42253B5D88462D9B927B0A9F703870F31BC60ACB5832F37169A6A0DF3544A87573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691835076, "uuid": "cc69d1eb-5bc5-47c6-a391-afe74190b49a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691835076, "uuid": "757a62a9-83b7-4870-b870-a42cfe552e7d", "value": "12288:xMriy90CzOd/qrxv8pZnnyaTu0OIIcGWvIOkb2EKsmr/LZq58Fn5cTd5xt4:3y0Crxv2n7TtOIIbWgOkqpsmfw5s5cTQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691835076, "uuid": "8ed68b38-8a0c-4e27-8d78-731807af1ea3", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691835076, "uuid": "735ebb4f-5bb0-41b9-94cc-a1c761126317", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691835076, "uuid": "246e18a8-a5ae-4f0f-a516-11ed9b6790b4", "value": "eddea820625678c663c8733c2e880aa7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cc33ff7-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691826368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826368, "uuid": "e4684dfb-a4c4-4cc0-9ff3-452274da240f", "comment": "Malware payload (Amadey)", "value": "836dd709c758e54d549b3cc2009bd59b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826368, "uuid": "6c8d8045-87e0-4d1c-83c0-7341b9ebbace", "comment": "Malware payload (Amadey)", "value": "4b8e0ddd59d9980f8273bd6cd4e9ee45e6033daf5936099975ec468eca3b4c74", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826368, "uuid": "b09e2f76-1e7b-403a-b35f-b554780b2405", "comment": "Malware payload (Amadey)", "value": "57d2097b9bdc5fd037b7834277efe8a83c40450c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826368, "uuid": "eb363afb-84b7-43d2-9f4d-6778076a8a3e", "comment": "Malware payload (Amadey)", "value": "19b09bfaa81bf6d67de24c05027295a54e96383f6fdae6370c0bbff61b12107e0cf46597a003056d8b31254d1679d64e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826368, "uuid": "ea068017-fdb4-488e-8be8-980f89afc377", "value": "T100152243BAE88135E9F42BB0ECF706D30B76BDA06C35769B2B46595F0C63A50A431327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826368, "uuid": "3879d075-c0a5-4a89-9d4f-c064ed66581c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826368, "uuid": "549e69b8-e23d-426f-bc6d-c86e890a8e41", "value": "24576:py9o+DDs6ekDbuL5e/RvU5W16Mjh//vT562cd:c9o6I6ekDCwiZOh//Qx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826368, "uuid": "0d4edee2-e952-450b-8811-9464f4cfd65e", "value": 875008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826368, "uuid": "ffbb7ca0-3f1d-4006-ad50-683bf9d01af3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826368, "uuid": "e43bf8ae-00ee-499d-afc0-725e97f90f85", "value": "836dd709c758e54d549b3cc2009bd59b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "20e70075-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826295, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826295, "uuid": "73966772-74a9-4443-975d-6461d8936e77", "comment": "Malware payload (AgentTesla)", "value": "391ff27a4c2e67eeddaea46ed437bd87", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826295, "uuid": "99e13ae5-eaae-4d58-b20a-cc7b2317ed0e", "comment": "Malware payload (AgentTesla)", "value": "4c2958984443e4946f0d62425c16c8a1fdcc3106b46d3b8d7a52a5ef4778162e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826295, "uuid": "997deb3c-f30d-4921-967a-7e6eb3f4b1af", "comment": "Malware payload (AgentTesla)", "value": "67e63ed3398114a794f27bd2a4d0fc6f52734ecc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826295, "uuid": "2f2be1cf-c228-46b9-9f12-14313b869115", "comment": "Malware payload (AgentTesla)", "value": "92c2165e0f1ba93acc314979347404ae69a6456073e050e5e851e7340bd15b58003487ec0764b3174c8da4145f63c7c3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826295, "uuid": "ef522d24-9e8d-421e-85bb-8ece83eb3d79", "value": "T1F5F4335F581E69965EEF057983A2AEBFD58C20CE01C70639C81594FCCC67CA62BDB903", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826295, "uuid": "765e2a43-12b0-49fe-bacf-26e4c55dad6b", "value": "12288:NdxcyBj9YYqSWeQrxdSxZf5IZ92oX5h6sIyy/0EkHaAvxOnmalNHThI:nx55YRoR5IuO5IsIxMEaaaHENHG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826295, "uuid": "15afe8f9-1963-40f2-ba41-d36e586fc016", "value": 745156, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826295, "uuid": "29e8a646-cee4-409a-a42e-4c1cb09bf366", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826295, "uuid": "d3be5e74-30f5-4809-9097-28064631a063", "value": "Quotation Request File.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f0b84ea-391c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691850531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691850531, "uuid": "396ae7bb-7ddd-4566-91f6-dcfb4fe8dc31", "comment": "Malware payload", "value": "5447dd964bc7cfe3fc899c3cdb2780e5", "object_relation": "md5", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691850531, "uuid": "a081723f-f3da-4015-8051-35e186ab2dbc", "comment": "Malware payload", "value": "4c4ca01e2ee44a44a93c7da0bfcea3aba6fcf71f05d374f95401ec8bc7547376", "object_relation": "sha256", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691850531, "uuid": "c8e09fc6-d79a-470c-9242-8991513ad659", "comment": "Malware payload", "value": "0b8a2e35454796a31bf9621e2e2e0bde3b6df3cb", "object_relation": "sha1", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691850531, "uuid": "de171912-9891-43e3-936f-1d85425f9018", "comment": "Malware payload", "value": "8923b0e11348f8eb3f493fb280d66edd51ac6e9454b456feeb0d314457787b32360445185d0a02a0ab109583b03506cd", "object_relation": "sha3-384", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691850531, "uuid": "936dc444-f09f-4c18-bd12-7c4e50b3f88b", "value": "T11A43A23CA321C44DA9736A3BFCE42F655109AF97EDC9B7C9041880973EF067A71146EA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691850531, "uuid": "f0b81d6e-bbc1-4019-b100-3a73e501a4b6", "value": "384:lLGWxhyvUvO+nNxGjVNN0kfGgy9/DEAtsOa5OLJCr1WOLuPlROH0a9LVoLyFSHr7:l0vKEXSkOWU+iVFF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691850531, "uuid": "24a22a64-928d-4ec5-ba3e-596d6d932542", "value": 58738, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691850531, "uuid": "30f9a3b3-7281-41b7-a507-50eda1887c2e", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691850531, "uuid": "338cc457-dc80-458f-bb6e-f5006a5bbeaf", "value": "SecuriteInfo.com.HTML.PhishingMS-AOQ.18293.636", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56234455-3964-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691881359, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881359, "uuid": "e2614de3-c544-45b2-9e79-1bcbded12131", "comment": "Malware payload", "value": "d99ba50633f73f8ee719ff026ba69937", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881359, "uuid": "22b43967-b177-4ac2-b8fd-d88c48bf0373", "comment": "Malware payload", "value": "4c9f5d36ceeae70848cdca9329cee05c43421a64d1d992593953a257c6901505", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881359, "uuid": "20eaa0c5-da5e-4691-8a73-ca9c483c831a", "comment": "Malware payload", "value": "0b8b315e047c50520138e09ca3b0a300a0766577", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881359, "uuid": "1d7e9948-2afa-465e-98a7-f8bc55eecc00", "comment": "Malware payload", "value": "f3f2b329f06b8d3bdab2d0ab35b23dfb83929853420f4329d2234183b73fe9fe50c92791bd07a69dc1d1700d08064f07", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881359, "uuid": "f3effdfe-aade-47e1-9bc3-23c211d32dc9", "value": "T182545B1423F44B59F6BF1B7DD870200487B9F523A95BF35E5AA050EA2C63B90DDA0B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881359, "uuid": "a1e1a58c-ffdf-4ea0-9123-5a5a795a0dcf", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881359, "uuid": "39617dbe-0c2d-462f-813f-64512cb20e02", "value": "6144:/Cqqq3sQGimeXs3z8p9LW1l8USytJMbrQkfxd:qqqq3mim/z8Il46qLd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691881359, "uuid": "2e5d710d-7889-4d1c-932c-b86dec0c0a38", "value": 302080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691881359, "uuid": "fb4f0e1b-184d-482f-8231-81c2efe13e61", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881359, "uuid": "5d8526a2-41b9-4c30-b977-145fe80d6da3", "value": "VCRUNTIME140.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b4a7765-38a6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691799656, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799656, "uuid": "837f2594-2872-4fa6-803d-b71ecf645890", "comment": "Malware payload (Amadey)", "value": "6bab0ab07e7ea8a6173868ae271ceccd", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799656, "uuid": "f7f1b780-03f3-45da-bf03-6fd572100a54", "comment": "Malware payload (Amadey)", "value": "4ce2bb5714f74ccf1603a9bc53292aa994f9fdbdf014732c779449a9d538cb98", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799656, "uuid": "8bbbe20b-a51b-4dcf-a68b-623cbcbacbd9", "comment": "Malware payload (Amadey)", "value": "0af1dce9bc67e0f62ae8b8b736cb2ca87ac8135c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799656, "uuid": "e1d8fcd1-11ab-46f7-a92e-665280478231", "comment": "Malware payload (Amadey)", "value": "e6cfb341d6559b96e495f979c0667ab03bf0f2f50892211d938664d4b130c42ad24917d660039a7c99ed5b1f35e558f1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799656, "uuid": "6d91cce0-3d23-435a-884d-912f399d2579", "value": "T144F4229263E84075D9E937B018FA07E7073A3DB48D349A9B335A980A4C73584E67B737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799656, "uuid": "840a1ad2-270d-43c7-8dfe-56f074a7a094", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799656, "uuid": "9c2ef8a8-6a92-4f3c-8d06-a5fb790d989a", "value": "12288:BMrZy90fAPaqSIv8EEnxfCNXbNPM1H7ibWv2IS0qNGlejsNsd7OZD:IyRaB3EE9CNXbNPM1EWv2IS0qNGEjsNh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799656, "uuid": "c18b6fb6-e869-452e-9bae-e265a918ea16", "value": 740352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799656, "uuid": "abbeaff7-0da3-406e-bce3-5aa3c5ec8d3e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799656, "uuid": "7850efa7-ed40-4246-82e4-91b6064ba9b9", "value": "6bab0ab07e7ea8a6173868ae271ceccd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cea14a2b-394e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691872113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872113, "uuid": "a7f88e48-7b76-4e59-a5aa-dc0d07299cf3", "comment": "Malware payload", "value": "a93dac647ee7cddb93f549dcd783b323", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872113, "uuid": "415d2075-0581-4dee-8f91-9f7638182ce2", "comment": "Malware payload", "value": "4f6eb0fe1f4cb547cf03ff19f9a1c051bf0cac1c793b88650f174c360ded3e39", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872113, "uuid": "04823d18-ed86-4fca-a341-e5ebd4c054e5", "comment": "Malware payload", "value": "8569eeb79bf29c67b8bb4aeaa305f37bb3288ed8", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872113, "uuid": "4513a3e2-ba7c-4033-890e-bf4f5891fef6", "comment": "Malware payload", "value": "5fb24e8bf15b48aee2b23b69e1994e4c431c18c7ac3b2681b74ae9e57afda3a1709931c3948b87e5890f965547224143", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872113, "uuid": "5b0cf753-8f33-4412-b05d-53675759d62e", "value": "T13A14272463EC4B1BF5AE4B78D0705521C7F0BA92B76EE79E8E8194EE0C577909D10363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872113, "uuid": "e74583f8-e824-471a-b9d5-507db1d5808d", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872113, "uuid": "618b7ad4-376e-47b3-80ce-821ab3462a2a", "value": "3072:5K1c/KCOAUXk31Vv91GOtJJKuE1iA5mGPB8qd9OTymIpn+64kRAclDwRNG95ZI4e:Ue9OAQsFtJrGPBnmIRZI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691872113, "uuid": "1b59cef4-d091-4c44-b97f-2256faa2023c", "value": 208816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691872113, "uuid": "8dcb7adb-c2f9-46ee-9378-b8f0136eb0d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872113, "uuid": "48f38c14-01dd-4570-b9f4-1327096b421d", "value": "SecuriteInfo.com.Program.Unwanted.4990.32521.7334", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72e5914f-394b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691870670, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691870670, "uuid": "648a15d6-0d2f-4608-a9c5-aed675a0594b", "comment": "Malware payload", "value": "b0bed133fa08e36d05f0361aefa5cbd1", "object_relation": "md5", "Tag": [ { "name": "APT37", "colour": "#C3214C", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691870670, "uuid": "ee1e920f-ceb0-48f1-84cc-b331af83a875", "comment": "Malware payload", "value": "5071a29f42689c6d83de6fc16bbc6272b50ff06a53c721f34b0d94a29112bba6", "object_relation": "sha256", "Tag": [ { "name": "APT37", "colour": "#C3214C", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691870670, "uuid": "0967f295-95c3-4050-978c-fab91b022e4f", "comment": "Malware payload", "value": "4474f7c8b1ee45d868e201de900f6a3d85e75ca4", "object_relation": "sha1", "Tag": [ { "name": "APT37", "colour": "#C3214C", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691870670, "uuid": "43df89db-95a6-48d7-806d-f910e55e988a", "comment": "Malware payload", "value": "def65963336ebd8bdb06e2b4773e6466d078f625e3791c8607aee2e6a47cf5be81a0e04765de7a9e8624b55205b2254a", "object_relation": "sha3-384", "Tag": [ { "name": "APT37", "colour": "#C3214C", "exportable": true, "hide_tag": false }, { "name": "chm", "colour": "#080B02", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691870670, "uuid": "38bd4ca5-ba4e-4018-9dec-8a1b10ec38a1", "value": "T184C312720A162BCCDE818BB63DD561CBBE36BC1C4F040BC9E6458366E5C56208FA56DB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691870670, "uuid": "4d06529c-dd83-4af1-8995-1fccf558d8c8", "value": "3072:xf0tfMRtl3VczVsG2sUhf8HxwGVokgk/Dz6PRRIJ:x8xMRtl3+z2G2RfAoIqPRiJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691870670, "uuid": "3b74801a-bf6e-4987-9922-55ff39e722ff", "value": 119533, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691870670, "uuid": "f10f8203-fff6-4e70-9818-aa2ff5798bec", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691870670, "uuid": "a22600e8-21c1-4752-8f63-8b359b91c012", "value": "sgic_info.chm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c315adc9-38e1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1691825278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825278, "uuid": "fcd0bffa-4237-4070-90a1-8fd16aa4376a", "comment": "Malware payload (DCRat)", "value": "48b598a832346849bff25f2b4ffaa54b", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825278, "uuid": "e606f37c-96ae-4bd7-a3b9-ad9bddd21121", "comment": "Malware payload (DCRat)", "value": "527234f5558a6c599683b088626528bf7cc322eb47b98441622c3f55656f65a5", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825278, "uuid": "14552706-9c6a-455a-a190-f0b9c648dcb8", "comment": "Malware payload (DCRat)", "value": "dd59613c8d057c5783eea1916bfb5ee838a3284f", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825278, "uuid": "b3fc52ac-59e7-495c-b6b3-fef0cd614f67", "comment": "Malware payload (DCRat)", "value": "c877e4b0828adb4a548b86c32f4144f2f5937dc10011a6a861b28e16c7b1b76d5408c4ef2b8fd045f4f2f102fb6332bb", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825278, "uuid": "a1ad7b12-d779-4e28-adf1-89850faf9b69", "value": "T1B62633503A40C279F67F967408DBC62147B425A24FB9A4E3A33D36903B935D2777A2EC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825278, "uuid": "98487119-8c9a-49e4-b475-66271fcfc526", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825278, "uuid": "fa231b61-a646-4a40-b468-28eb4bcc27db", "value": "98304:3a785Mbq4OPcPk4EGPxVdHJ1vC77A+5ZheyLLuYZUM7g4fevfkEFxol:3pTEs4TpVdfu7A+Rv3qMUOevfnFxol", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825278, "uuid": "f2991588-275b-445e-af1d-41914f7b6fd4", "value": 4783488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825278, "uuid": "953f2482-45a7-490c-8003-a5c3f981a061", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825278, "uuid": "354cd421-4799-4677-b659-3c0e4846aac6", "value": "48b598a832346849bff25f2b4ffaa54b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f1a194d-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691825459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825459, "uuid": "512feaed-4eb1-4459-b3a3-3ac806895712", "comment": "Malware payload (AgentTesla)", "value": "5c0f65523f7ecb773c599b59d5cc3578", "object_relation": "md5", "Tag": [ { "name": "5c0f65523f7ecb773c599b59d5cc3578", "colour": "#7649BF", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825459, "uuid": "14cbb034-59e2-4a82-98db-ce0303239f9c", "comment": "Malware payload (AgentTesla)", "value": "560017cc0ca317e8c6437ed46a417e782f02a860f917d6fa682bca26158d1cf0", "object_relation": "sha256", "Tag": [ { "name": "5c0f65523f7ecb773c599b59d5cc3578", "colour": "#7649BF", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825459, "uuid": "81e7a5e4-55dc-4574-9712-96719e903987", "comment": "Malware payload (AgentTesla)", "value": "3830039ada6bb8d3050dc7748d77bcb7b0cc003f", "object_relation": "sha1", "Tag": [ { "name": "5c0f65523f7ecb773c599b59d5cc3578", "colour": "#7649BF", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825459, "uuid": "860b3b5e-b0ee-48ce-8325-357b247ccc9f", "comment": "Malware payload (AgentTesla)", "value": "143749732947325cc32d45f95bf8e6c47c86cd00802e4490382ef7f4adfd436375bfe77795ab1267008d1d0dee5ad51a", "object_relation": "sha3-384", "Tag": [ { "name": "5c0f65523f7ecb773c599b59d5cc3578", "colour": "#7649BF", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825459, "uuid": "9913abe1-2e50-45e2-b739-833e0439d6c9", "value": "T17CE3BA9CB21472EFC85BC476DEA81C65EB6024BB930B9203946715EDAE4D997CF180F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825459, "uuid": "8aca443b-06de-4fb1-9169-63d6ed309478", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825459, "uuid": "1d335555-457c-4d05-866b-be691b188d3a", "value": "3072:8XltdJIEndsusp5POGuuCnk/SMucAg7BIDmxCM:81mECuyOGuuCnk/SMucAg7BIDmx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825459, "uuid": "b689e6c1-7d0d-437e-afcd-e2b5b78f434d", "value": 143360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825459, "uuid": "8177b759-de65-47ef-9f8c-3b586f9978b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825459, "uuid": "fe539e40-3260-40c0-95e6-e6ef7c023224", "value": "5c0f65523f7ecb773c599b59d5cc3578", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b537d576-38a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691799056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799056, "uuid": "2bc1679b-e8ce-4503-a4cf-58f9d5e9f7bd", "comment": "Malware payload (Amadey)", "value": "620faddc38ecc654b48ccd5b58d17cd4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799056, "uuid": "d376cebb-c9d5-4e03-a607-e96184d40077", "comment": "Malware payload (Amadey)", "value": "587a5a69d4194b229496894445cea2270b9cd7046107afc4dbe2b4dcb5758d85", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799056, "uuid": "c63dc77d-509c-4e96-9c93-7e84d5e39132", "comment": "Malware payload (Amadey)", "value": "58b6c8230be1f622f392b0d9b109f81db0eff6ba", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799056, "uuid": "3c8f5ba8-6fa2-442e-a20d-c04271f7c884", "comment": "Malware payload (Amadey)", "value": "de2a87e61b20392a5613f600a1775ed568dae9b8352daaacf5ec6e045bab47c54106a42fc417c5de790d2d5bc240b811", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799056, "uuid": "85329118-448f-4678-9f50-40fc817b7dc6", "value": "T183F41202A7D88472EAA52BF05CF712D70A327CF1C8B8936F6745685E5DB3680D87172B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799056, "uuid": "07bb21c9-87a5-476d-9de7-e53cd0b7ff83", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799056, "uuid": "657253a2-f707-4339-ac75-19683f91db6a", "value": "12288:4MrDy90sF5I7BqeX/F425ENwXMAiMx1ZG1Xm/60N2dgn5oB+EtkkazFWH:bydUtq8N42mNGKQ1ZGU/60N265BEp+MH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799056, "uuid": "a80f02ad-96a2-4f47-b13b-eced04083c35", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799056, "uuid": "24d71eec-8c17-40d4-8aa4-23b1c8709f94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799056, "uuid": "2facd475-154d-4fd8-bd87-64680d9691fd", "value": "587a5a69d4194b229496894445cea2270b9cd7046107a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42b8c9e2-38f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691832794, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832794, "uuid": "5b149970-7424-4ba0-8870-09a3fad63902", "comment": "Malware payload", "value": "660fb1c48b4e76caaeec0d001315ac86", "object_relation": "md5", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832794, "uuid": "7c0fe628-7429-4d3b-8e05-d6426e1f7d41", "comment": "Malware payload", "value": "5ba6fbbfebbc31b41ecca7e2669b1dda41839a571b672d6ac430b291974a03a5", "object_relation": "sha256", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832794, "uuid": "fb8ea1a8-0b46-42fa-891b-1f569f4cff8d", "comment": "Malware payload", "value": "b20aef71ac6aba6816905c528177f7d70fe3ff37", "object_relation": "sha1", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832794, "uuid": "28882c1d-c4a6-4e70-9368-1a69807cfdcc", "comment": "Malware payload", "value": "ad074f32aca7410fe98f7e50bafc9428c880aa4de383b227ec958178de517ad552ffcdb5301cefbc8aa67d82bf83bec9", "object_relation": "sha3-384", "Tag": [ { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832794, "uuid": "731da573-a26c-420c-bad9-9566067a6020", "value": "T1FD210E23128EC3E4EFE56599E475FBCDF421B54240C7A8587AF6C1E8B043AAC83588E5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832794, "uuid": "edfe9fc1-d530-4bb6-998c-bf310237af0a", "value": "24:8dbFBCkhyrUkoCYuRLLSWPMOuS2ntYmKxw6PAkqriR:8lrgl7tLhks2sweAriR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691832794, "uuid": "77d939be-b40b-4998-a342-a5302367897f", "value": 1345, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691832794, "uuid": "c47ac56d-84a9-4c75-ab38-f919be73e671", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832794, "uuid": "b339c4e2-5f8b-453e-9579-a0b9eef32140", "value": "NEW_User0_v2.ps1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60f2b63f-3964-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691881378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881378, "uuid": "b92a542b-4c4e-4113-92cb-814b5041fe93", "comment": "Malware payload", "value": "c86fdacd8af28cb08ef406bc6d4fc5a7", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881378, "uuid": "2c1b43b4-a29f-4f06-95fc-2bec4a01a563", "comment": "Malware payload", "value": "5ba97da57e01390ebf681c96bc5c68d600b06e8d70e92cc3fa4dfcadd02889e5", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881378, "uuid": "4231acf4-928e-472c-bb40-da109e8c52e9", "comment": "Malware payload", "value": "a9d2d2709cc8dab2e893de6322ed0093af5bdd95", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881378, "uuid": "ba419c18-480c-4cb9-a889-d823a977f6d0", "comment": "Malware payload", "value": "62e88136f7981d0ad0f50dd814f468fb310f71bce92ac3d69803155b809a4097235fd5eef9460dfc6110646564ed4429", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881378, "uuid": "5501d5a1-5069-4c2d-a6f5-c4dd3d36c49e", "value": "T14B72F8A52C87855405F60945083D8C1EC505B9C3A310AA8E3F0E66FE3B3AEE7799F386", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881378, "uuid": "a095b4cb-7ace-409a-99eb-85a25f6d2a10", "value": "384:4ebIdq/H3ohdBhdJ3C5jpr9UORpcZh3hp+6+Hmo47Rm470fh1NJ3vB:6x563h1NJ3vB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691881378, "uuid": "c2d0b1cc-7b72-444d-a1d0-76ac305445b8", "value": 17374, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691881378, "uuid": "50da15fa-5a3b-4e62-afb8-716c42eeccc9", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881378, "uuid": "37bd1b8a-27ae-438f-a063-f23d4cfa0686", "value": "Fac12285GasolineiraGrebjeelkjeBUWCobroGrebjeelkjeBUWnopago12285GrebjeelkjeBUW10303.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ce0cf07-38e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1691825831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825831, "uuid": "cbf9d439-0d71-4938-aec4-ceb26d89caca", "comment": "Malware payload (SnakeKeylogger)", "value": "7e965187d7f81bf3f6b90e36851cac80", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825831, "uuid": "1fa59136-0f38-40e5-8d13-d94a8fab0e0a", "comment": "Malware payload (SnakeKeylogger)", "value": "5bdc507a5fbaa95fa0ae02fda710c7663c18ac396e9f7b518c21453a83c8acad", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825831, "uuid": "4825313f-04a0-4d12-b5cf-3c3622a68209", "comment": "Malware payload (SnakeKeylogger)", "value": "a80021eaa674086c91235f98d090ad670cab0233", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825831, "uuid": "77292f7d-286c-42a2-9642-738c3e3a67ac", "comment": "Malware payload (SnakeKeylogger)", "value": "2053625bbf1f6eaa46498607eedb702ae623d3fdcc6306383c06e257b1c5f4e2f9a4fa448019362eaa51e0ca141463c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825831, "uuid": "f6157188-2653-41bf-9c2e-eed71872b949", "value": "T1AED4CF60EE79DE82E54F4B79108FD70D82718C993622C63A5A6B50C6D4877C206CF7AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825831, "uuid": "09bc76f8-e77d-4180-aac6-8f7825ff39f8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825831, "uuid": "35553fe4-0028-42ae-b82b-1dc37c22d07c", "value": "12288:GXkSCV/92yQiPCJwQ2r7snXWnltMCQ3efFlqTj1:PfV/92yQWgwQ2XWXsGCYefGTj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825831, "uuid": "916fc822-0fbb-4848-aed6-aa1cf12b6f28", "value": 632832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825831, "uuid": "31fbeb4f-55d1-46a3-8179-cd79442a723c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825831, "uuid": "56607dde-eaf9-4085-b610-6ff5732645ed", "value": "kuuXXJF9hgrLnCv.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "23d4089d-38e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691825870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825870, "uuid": "9fc379cb-4db5-4347-88a0-3f04e7a59d33", "comment": "Malware payload (Formbook)", "value": "4e97ce850e2481922fdface20241012d", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825870, "uuid": "743e8094-277c-41fd-a6ff-83450934f98a", "comment": "Malware payload (Formbook)", "value": "5d5acc394aa305d757ca774ee503bcf7809577f83a834fe4f5a9620863d4245c", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825870, "uuid": "843c22c2-a9dc-4645-9850-93886b4ed47e", "comment": "Malware payload (Formbook)", "value": "0c6ddf8acafdaa195fad5c8e2a23a5d88eda9f04", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825870, "uuid": "dfb5f63d-b933-432f-ab0e-ce61ade5e37e", "comment": "Malware payload (Formbook)", "value": "d3f665c681f062cfdf71f520bdfefda918e562e5800bdc2296fb729b4913cfa086cdc00d894f24628e3ec7a3cbf5b186", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825870, "uuid": "25a2fc72-16d0-4b5b-9220-c139a814951e", "value": "T11855F103E900DBC3D41D83F87E530EE90F0A6F19E99569DB14667F9B3B70A72099A12D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825870, "uuid": "ee696f55-3e54-4b61-bef5-4a14f38044d2", "value": "24576:IaZy0w6VgjKaWlEzp7a4Zyaw6VtjKaWlEzp7aczdbiMb7QA5Qp5E/kwnx:IE86VgjKjOzJy6VtjKjOzBdd7/5X/kE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825870, "uuid": "f04fbdbf-cb0d-474b-bdc9-2c3892be8f9f", "value": 1329664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825870, "uuid": "e155be30-6d5a-47fc-b27e-a7a0d2756126", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825870, "uuid": "116a74eb-2633-4490-885e-3edb59c4a918", "value": "especificaciones.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2db30990-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (WSHRAT)", "timestamp": 1691826316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826316, "uuid": "72e67d8f-1cde-45df-aa0b-5f8e43d15154", "comment": "Malware payload (WSHRAT)", "value": "51187adf1d5ff97f0b21e1fc8aa43b85", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826316, "uuid": "4a1bdfa0-4956-4ae9-9ec0-28dc24def6e9", "comment": "Malware payload (WSHRAT)", "value": "5dc516929410514ed7857d8edb5fb1950ec77b89581fcb96fb276afb49014e25", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826316, "uuid": "b1ceea7d-2623-4a74-9152-60ab908439e8", "comment": "Malware payload (WSHRAT)", "value": "bf95405c7be4dcbb41d7c570df3bf9eb742a5234", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826316, "uuid": "0c2d51c9-d63f-46fe-a647-54acddc52d28", "comment": "Malware payload (WSHRAT)", "value": "502c25bad5dc06a46eb566b29afc78df11c278dfe8d05e6f32eb525c5e2871b19e0be4f48b9cd2c7ac7abb51d7b9aeea", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "wshrat", "colour": "#3E84A4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826316, "uuid": "eaf0a73e-53ec-4ab5-a46f-3235fdec766f", "value": "T18C3527C865F01E1ED3D7D46DC312EAA39470322B2D73AE44BD85DB0D9E78D88BDA8521", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826316, "uuid": "81260a9d-b413-48fb-92a0-b8485ba04a85", "value": "3072:QQb0KluJtAkudkjY4zeWMnzeUexGESemtfufIXRzduqR:QQb0KluJtAkudkjYBjexGvemjRN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826316, "uuid": "98fbbb83-dc96-412a-9403-0c7c2b1af0f3", "value": 1068516, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826316, "uuid": "5df68c00-d893-4442-b456-b1547e1ab50f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826316, "uuid": "4cfc6013-0254-4cc0-b386-41787bc31ebb", "value": "Tax Returns of R58,765.50.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97f574e3-38ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691838091, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838091, "uuid": "03bf5cd9-223f-4c46-a98e-a109c7ac7ebf", "comment": "Malware payload (Amadey)", "value": "9e3f71b4a851fa9d83611091b1ef2390", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838091, "uuid": "5367a736-0a84-4ebd-8203-ed61c11981af", "comment": "Malware payload (Amadey)", "value": "5effd65eee9e31b8a5a133284face14095903d157202465ed885aa19a0dffa4e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838091, "uuid": "a0087f0a-dd52-4d95-ac1c-c0f2a37380cf", "comment": "Malware payload (Amadey)", "value": "9b006caf92fbb132493b0932e0cae764a676da1f", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838091, "uuid": "982a9dda-5f64-45ac-b5ff-bd0398b3549b", "comment": "Malware payload (Amadey)", "value": "f2eb29dada284eac2d86c9b57735afb8fc46dd70deb20ac39387a58ae4debb36368e8cf7b74387a02ad9a9906632a3ba", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838091, "uuid": "60809f3f-768f-4cfb-8715-80ffe10eaf46", "value": "T1036439417952C072D960A1721AB5BFF2C59D68249BB049DB7BC00F76DB212E77A30F3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838091, "uuid": "db0894c5-0fa2-46b5-a3a0-d9d166454375", "value": "44e769941d2c6ad88bf42ac4adb36135", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838091, "uuid": "fea73abd-6704-4db7-8c9e-ed2bfd2c491f", "value": "6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691838091, "uuid": "2882e68f-4409-4a32-9469-71da21c00f39", "value": 321618, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691838091, "uuid": "b6c45f5a-234b-47df-84f4-bf272201368a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838091, "uuid": "7bfd2e7a-a205-4f61-af97-87408a5171fd", "value": "9e3f71b4a851fa9d83611091b1ef2390.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42b1e3fd-3964-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691881327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881327, "uuid": "c629ac20-b6ba-4457-9c89-4abf81b76f93", "comment": "Malware payload", "value": "fe3515e9015c1f7f82a9ecd1fd3cef17", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881327, "uuid": "67817950-ddc2-42c6-9ad7-af90d5458087", "comment": "Malware payload", "value": "5fa9988ea6564a8c19c0f684afdf22d9c865e660cf3cdbc72c96f6a8294eef3b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881327, "uuid": "70a8ad69-1742-4942-819d-e09b7de05c1e", "comment": "Malware payload", "value": "d72d55a7242ab9de6582ce27f2ae5c35f3612220", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881327, "uuid": "fbb3b6aa-2420-4ed9-949f-172ea456c7bb", "comment": "Malware payload", "value": "ba9d05efa9c39d2840916bee19c7f1bbbbf8c155bed19183e489585cdc4f94f50871d55fde4488f674ca2349eefe3bbb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881327, "uuid": "f1267089-3034-490f-9667-ddd678242d77", "value": "T1A604C458364BA97EC96F487D9C600CD47A7CACA31246A7079C8FF4E8393B7819B051F6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881327, "uuid": "08b907ec-02ef-437f-b5ef-1adbeafe6e8f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881327, "uuid": "a5c8eb2f-9a35-4533-b2ae-da483f0c90b3", "value": "3072:9lTyN561wI0XAU7cOcaO7GvrLLyRE0CPDlR0emE//7JZ8e8hb:jTyYwI0XAU7jXORE06f0emE//7v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691881327, "uuid": "dcf073be-5c5d-40f1-9df1-376cbebe37ff", "value": 179128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691881327, "uuid": "27eeba12-0ae7-41e4-b6b9-a51acb451173", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881327, "uuid": "11d163bb-79ee-4862-8e34-a5384569c056", "value": "i9441574.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a07c50b-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691826390, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826390, "uuid": "ec02cb8a-c493-4905-98e7-2c4e306ea92d", "comment": "Malware payload (Formbook)", "value": "718fe0ac5006da606ede5118dc30f4a2", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826390, "uuid": "6f4464cf-f610-4f44-b9fa-2fb5d6d15640", "comment": "Malware payload (Formbook)", "value": "60d2e11869e4d694980871079494ffce73eee8d7735c09bb52fbb281998e0ca0", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826390, "uuid": "49c9fe3a-801f-47b9-8a0b-f864c18f352a", "comment": "Malware payload (Formbook)", "value": "58e3fa722a59e05af17699d9b40645066979dda9", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826390, "uuid": "311ceb1f-8174-4c23-8310-c49aefbbfb79", "comment": "Malware payload (Formbook)", "value": "675e86884a815d25a7dab1b4de1cdefeca33f6f49137008988bcdcac471fc277aa0d6e4b892de4231bd272458ebda228", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826390, "uuid": "a1632f9b-963f-4a03-8c76-197f60d53877", "value": "T197D4234A1351A357C8B087F6749361426376760F40F1FFABB8C638A69A39BD60F02F56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826390, "uuid": "f1ebd78b-6628-4052-824c-eb8db96ae1d9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826390, "uuid": "8c440ab0-dbf1-4bda-b04a-2940e54d6a46", "value": "12288:63L87+23cszNyL2v+CU6emWSZu9KlyAV/8368vPayv0evSxRRL8:wg7+23csJUuva8Nye8pvCyv0MCRRg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826390, "uuid": "ecbc70aa-90b9-40ae-86b3-e5c73cf4d5c6", "value": 624128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826390, "uuid": "5d98e72a-bf32-49b2-b7b5-044d2975b322", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826390, "uuid": "ab4bcf97-0404-490e-abb7-75c9da05a26b", "value": "DHL_AWB_907853880911.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e2756af-38dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1691823391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691823391, "uuid": "58b3f2fd-f771-43f6-ae4d-f9463f21bfcb", "comment": "Malware payload (Smoke Loader)", "value": "2c7411e29cd4a548e25b3fa50a71aa04", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691823391, "uuid": "fb18529d-34ed-40bc-8fba-11cf0d1b2a0f", "comment": "Malware payload (Smoke Loader)", "value": "62600a3d570dd2096f9eb8bb18b7d4b4844e9c603182529dadad8831f8a067a7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691823391, "uuid": "0783b0a7-f706-4c53-a991-316bdbc2e6a4", "comment": "Malware payload (Smoke Loader)", "value": "1fc2abf3a17f7ed4ab6199f4709fb91135d7d168", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691823391, "uuid": "f7ef71ae-8dc6-4272-bc49-fcac43d29858", "comment": "Malware payload (Smoke Loader)", "value": "e62d53e29b33eb7bc746d4ecb4fcc9f82ab9acb905e83defcefcc05348a889c7bb76e968ae822f46b63b803b92050cfd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691823391, "uuid": "e77ad89f-3a66-4f81-8ea7-1a591706af5e", "value": "T164252218072C8B93CB7F557EF2A42149D371B2EE2356F35E508854E42A87BC25D43BBA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691823391, "uuid": "491eae52-3da4-4cc8-83b9-01fabf063481", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691823391, "uuid": "5afb77a7-f16b-4469-93a9-2e740c87e3bb", "value": "24576:PWC4u9bgXh80y+4FDMomqdwo8ISAO43lk7CZNhUSOtJ1CZk:P4uM1mdwo8Zjs1nDwJ1CK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691823391, "uuid": "94c3d122-6748-4c4a-bdf0-e7c6745d0744", "value": 1047552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691823391, "uuid": "e6e206f6-b650-42b2-8b1c-322a99c54e85", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691823391, "uuid": "bb26bfea-7131-47f0-98f5-04fde2b8936e", "value": "2c7411e29cd4a548e25b3fa50a71aa04.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f691d1c7-390a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691842974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691842974, "uuid": "358a9c6c-99d6-4cd2-bd7f-8798aab8f270", "comment": "Malware payload (AgentTesla)", "value": "86ee347279e32641070f69e669ec98e2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691842974, "uuid": "36091bf6-4d4a-4714-98fa-4243b3d1aea6", "comment": "Malware payload (AgentTesla)", "value": "63af1bc6256086131314311b5908c85399b95dda6c4c6e84c8d77bd1b4d1fc43", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691842974, "uuid": "9a8a1015-8915-4347-8ade-e13207642c47", "comment": "Malware payload (AgentTesla)", "value": "b4635032cee3fd5da08d630159a254d2ed7a51fa", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691842974, "uuid": "70c049d2-2c55-4d1b-8865-416f31af19d5", "comment": "Malware payload (AgentTesla)", "value": "4d75bf6b0a0d73eab60aca0303d1280d95ec3003915b81dd31725c8d535c28cede961973a7460e91cc99fb939adb0ba2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691842974, "uuid": "6dea9603-9c7a-49ac-a9cb-c4d2d02df5dd", "value": "T13524305FA47064F2C638FEB45F481CD4191DA86EFBE7F42A090974E62B8877543878AC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691842974, "uuid": "0e4061c2-52cd-4394-b9a9-dd34fef05ea8", "value": "5980dbc90a26d848f180dd5be5bcd2cc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691842974, "uuid": "585b8f33-2c86-4f2e-a86b-928b0d3280f8", "value": "3072:ZtKXz5gnSEACcYDY3MO8XqHm4ujDtyaAvgSzjhvG:TKX9MNAu0jm1jDty6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691842974, "uuid": "3b3a492d-edd9-4a20-82f8-8e47ca9c116c", "value": 218112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691842974, "uuid": "618a679f-af2b-498f-9ef1-c85d74d23567", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691842974, "uuid": "81c4e9c0-03af-4917-859e-2d5132cd1091", "value": "86ee347279e32641070f69e669ec98e2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b807121-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (OrcusRat)", "timestamp": 1691825427, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825427, "uuid": "0bd26aff-f97b-459b-9735-bdea4cdb3df7", "comment": "Malware payload (OrcusRat)", "value": "9f5f36923a97868da6f381ec7f85fdb4", "object_relation": "md5", "Tag": [ { "name": "9f5f36923a97868da6f381ec7f85fdb4", "colour": "#DB2327", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825427, "uuid": "8e9ac47c-f94f-47a9-8c7e-1a10cb7d4141", "comment": "Malware payload (OrcusRat)", "value": "6411297a76cea629484ea212545c8e4026e8cf945743c83a1635c834298acf0a", "object_relation": "sha256", "Tag": [ { "name": "9f5f36923a97868da6f381ec7f85fdb4", "colour": "#DB2327", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825427, "uuid": "dd007db1-3608-423f-90dd-fa0190ba4c82", "comment": "Malware payload (OrcusRat)", "value": "de9e5132d3470caa68c8365176d0bcb567414330", "object_relation": "sha1", "Tag": [ { "name": "9f5f36923a97868da6f381ec7f85fdb4", "colour": "#DB2327", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825427, "uuid": "99d583db-827a-41e6-a7a8-ced432113577", "comment": "Malware payload (OrcusRat)", "value": "fee5245dbb4b7f10618467938fcd855cb4378a0c49934bd453be755274a8d520b6779544301b58e2d452dc4df79235f5", "object_relation": "sha3-384", "Tag": [ { "name": "9f5f36923a97868da6f381ec7f85fdb4", "colour": "#DB2327", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825427, "uuid": "1da95e69-a8eb-411f-9640-eb64e3b6754d", "value": "T18FE5124AA6695DF2F51A9BB01DE3D1D48268C837AB0022EFE7D8F776C9462E53377400", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825427, "uuid": "183c030e-55bd-4495-aeb8-09d50e079908", "value": "40cc8923f767ca66d1e3caa32834f9a7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825427, "uuid": "dd5c6f8c-9cb2-4f3d-96b7-2f4b74d15505", "value": "49152:PSMLdYPqAhiIavkDTh4zTrTXopFD1/p6JzpVkO9CRtS2RGiChyRgrPgohS:aMLdYiJDK1wrUnhsp/sRRG9hyKnw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825427, "uuid": "ee7a57c9-b81d-4d5d-9e25-0d392813fe4a", "value": 3307736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825427, "uuid": "25de3b9f-4b84-4033-85a9-8372d51372b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825427, "uuid": "aa696228-7a52-4c31-af2f-01decc338936", "value": "9f5f36923a97868da6f381ec7f85fdb4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2c1c199-38a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691799051, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799051, "uuid": "66656e71-7d26-4678-8768-d7d5346158ad", "comment": "Malware payload (Amadey)", "value": "8818f8aa316aba84213860278591e2d6", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799051, "uuid": "1f6fb567-2f8b-4a28-9898-105977f35937", "comment": "Malware payload (Amadey)", "value": "6431634cc590e7b85bb0ea74d6de23a5ca98ab968808250fcd56d729b2de3391", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799051, "uuid": "3ce286c5-fc48-4247-b349-804a7a7793bc", "comment": "Malware payload (Amadey)", "value": "50893dd11326e5800962f2333ec8bd3ed32508ca", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799051, "uuid": "26ea19ea-1e67-4a21-95a4-ccdd687af715", "comment": "Malware payload (Amadey)", "value": "8812e697f65c5868c071260df24c4732e6ff03e18bc659535fac8d0e9f25c65ffe8adba74a45d5a9febb01aa629ab728", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799051, "uuid": "21619c4a-0a13-4a80-9b66-6029d7a475ea", "value": "T1F1F41213F7ED80A3DEB12BB098F312930A367D708DA983372A4B559A4D72694B531367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799051, "uuid": "e8cc1196-e912-4fa3-a871-2cdfbd9d0f8b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799051, "uuid": "fd1e5c3e-ca44-4677-84b7-85a3b4e5dce0", "value": "12288:HMrZy90ODai2M4ha+9FvVcNM83SkVEZnKRnmXKp71hfM7Kt6Gm0ST1i:KybvB4hD95VcNM8XEZnKxmy3YPGm0e1i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799051, "uuid": "b27b352d-9c61-4aa0-ba8a-a40b6411ef71", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799051, "uuid": "c7d09d16-29d0-41db-8d37-2175ef94f4c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799051, "uuid": "cb073a38-1b4a-475c-933e-587da489eac6", "value": "6431634cc590e7b85bb0ea74d6de23a5ca98ab9688082.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b219f46-3934-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691860671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860671, "uuid": "59d82194-540d-4319-81da-b243921a816b", "comment": "Malware payload", "value": "e7aa7436d5d4a54f61e1c976745c0a58", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860671, "uuid": "e914c0ae-9e0e-4e6d-8d4f-929bf11596db", "comment": "Malware payload", "value": "65c9bc9f7354b974ed016c1b181bd5ce618da4aa7a129d83f4b257f41c67530a", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860671, "uuid": "c7815022-afce-48a4-bb3f-9f970389f286", "comment": "Malware payload", "value": "f95a86b0fb5e90c42945f184e1c56457862ca80e", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691860671, "uuid": "c93f61d2-2109-4294-91a5-cd5a1bdf4a21", "comment": "Malware payload", "value": "eb8b6ada806adbaa35c0613f3d9cfbb23c15c90007417059c5e8c9bd2821c580fcf5841692092dbc0a865dfcc51e216f", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860671, "uuid": "a87f7288-dc53-45fe-ad26-220de999135b", "value": "T177E2E0AE73DC39340CF131CB7D93DAF2966510299702E7A8697BF92352CE41214923AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860671, "uuid": "7786f91d-29e9-4797-921c-ce46e95b51d3", "value": "768:IawXnS87QoNOoO6Iqu4sYsREvkCsrlBi8kOjN:IawD7QoNOoO6BGRQLsBwkN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691860671, "uuid": "94924ccc-9ec9-40ff-b508-4e326dd80c7a", "value": 33106, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691860671, "uuid": "602f82a2-3a9b-4be7-8bc6-8eca46a76089", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691860671, "uuid": "4527f38c-896c-4811-8c25-99df809deb6f", "value": "lcx.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57d1fe05-38d9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691821662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691821662, "uuid": "f212588d-3993-4d37-b789-5d932f95275e", "comment": "Malware payload", "value": "0f849bc43ffe1bb5f29aac19f11f6740", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691821662, "uuid": "c586823a-0ac7-4b97-a3de-d70eda98bd95", "comment": "Malware payload", "value": "65eb8d11d173cc5c330a2a87f602e2140c1a73b7cda6eb8c46b88ed2ff093860", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691821662, "uuid": "6684e5bd-2938-4722-9751-357e886434fc", "comment": "Malware payload", "value": "2bb74d7772c4b7cae2571e5751914e267b482002", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691821662, "uuid": "54ecbc11-091a-42ec-933f-d3a3bddb5461", "comment": "Malware payload", "value": "6a37953e7b4733f1f70000eb7bed24062129f2c62a662e5cfa57c743142efdb8257acc047a60437103ca24e9aae05849", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691821662, "uuid": "3dd437f8-7355-4986-8002-cc6fc94706b7", "value": "T123457B41E643E1D4C18565B1342AF776CA287678036C89E7BBDA0F16AA397C36DB3F01", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691821662, "uuid": "7ba57286-412a-4f41-9b28-77679e5ed3a8", "value": "0ca475a61f664c680cbabf26ab70022d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691821662, "uuid": "7ab2928b-e34c-4e53-8820-edc725187232", "value": "24576:QzuSOk3y0BYrmb4Ow90RHawa9IjA4XaiSEeU6pTi9kF10cidMyEYPiB:6iGMuDaiSEeU6pTi9lOyEfB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691821662, "uuid": "ff36aeb6-9385-41c2-bc32-5a4beeac530f", "value": 1268400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691821662, "uuid": "2c277119-5849-4f68-b4d5-996d2c0617d2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691821662, "uuid": "b9d342a4-9be2-49e5-afe2-ab7741ffeca8", "value": "SecuriteInfo.com.Trojan.Win32.Malgent.MSR.9890.26444", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d8ecaf8-38aa-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691801459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691801459, "uuid": "57299108-3f5c-4d02-8813-c7d4184c275f", "comment": "Malware payload (RedLineStealer)", "value": "0cbfdeccf25f3a9ca2b0ae424ade548c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691801459, "uuid": "832e73d4-2033-4cf1-b001-3f6a209123d9", "comment": "Malware payload (RedLineStealer)", "value": "6b54e9eba507b31f121f5912a1eadd1c2d9c275de5c6a6e931c171c6577496e1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691801459, "uuid": "5717c2f5-389a-4a55-9ea5-79bddba6f4ca", "comment": "Malware payload (RedLineStealer)", "value": "72de969ae8694a68ccaa20f073b9036d1a9ea8de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691801459, "uuid": "79519fa2-b464-493b-8c9c-b767099fecb1", "comment": "Malware payload (RedLineStealer)", "value": "88412ad3bbf70ba3af2653f9515fd25f55c88cef3f3c05b99934e1d870dd94bbb5ac60c5fdd236dde2fad480eff830a5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691801459, "uuid": "1476455c-32b6-4e31-9398-30a374957484", "value": "T17013F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691801459, "uuid": "2d5be04f-34f6-4fbc-be62-efe164d71b0b", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691801459, "uuid": "645c557a-9abd-4837-8c6e-e4df0c67c53b", "value": 43273, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691801459, "uuid": "51638c36-68ea-45dd-9193-0c3c42e933b9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691801459, "uuid": "c378c293-e743-45c5-aa81-96bfea43817c", "value": "0cbfdeccf25f3a9ca2b0ae424ade548c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24387c03-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826300, "uuid": "4dad031d-77cc-4f5c-8ed4-8af1dcae4246", "comment": "Malware payload (AgentTesla)", "value": "6a373679c025b8c65a2fc48d4d95fc23", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826300, "uuid": "be89564d-dd8f-4545-984a-029e34b379a7", "comment": "Malware payload (AgentTesla)", "value": "6b94359ff9e52e68ff9b8baacd1a4e8bc85e796be02e1dcd47e74d72f666ccfa", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826300, "uuid": "3fbdada7-56d8-4b6a-9300-6e647e5dd4f4", "comment": "Malware payload (AgentTesla)", "value": "2e12a7c1d945e52572d9a3d4eea05130229c6d5e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826300, "uuid": "4cf4382f-aaf0-4281-a684-efbc5a986861", "comment": "Malware payload (AgentTesla)", "value": "8755ce69173bd4ed11a37ea10394be783b170da262d793067a2a9da2ab1376b05748909aa33793c5d1b74d63f9eccc75", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826300, "uuid": "f0f29615-632a-4bba-9c22-8720c091090c", "value": "T1EBF42398F4929143E26E32E48B64F94511FAA79CCF473731BC6EAC6E6E0CF8550136D2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826300, "uuid": "2ed71d6b-14d8-4e25-82a9-9c08886b3c22", "value": "12288:JU7c288aDr/R1wsEVdQFeFN+rwy0q/aOG3XcQxh9c66dugose3v0hExVUoSN7D4R:AcikrMTXVsrwy8TZf9c66du1h3vHxVcC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826300, "uuid": "c224415e-0624-46a2-b905-02efc2078859", "value": 728142, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826300, "uuid": "b57d61d3-d6c9-4e97-95e1-ca78b3e89dbb", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826300, "uuid": "b9cbc709-d8b6-486c-bb3e-f5412f89037a", "value": "FD008395_cotizaci\u00f3n.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ece03289-38e1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1691825348, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825348, "uuid": "d91c1c89-1814-4d87-b323-d2a7982849ee", "comment": "Malware payload (CoinMiner)", "value": "810518cc7d11531000d504da0d087c1f", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825348, "uuid": "79a18158-93a3-4bd8-b7e8-366f3dd9bd6a", "comment": "Malware payload (CoinMiner)", "value": "6c31ff32f4f4dc7e707065823f269e16aa6d7f76cf3593857b3e4d6891354c26", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825348, "uuid": "50c8dfb9-a98d-422a-98a8-e1d5eed91256", "comment": "Malware payload (CoinMiner)", "value": "897ff03185fb5fe91015cf456b3b0c2170550878", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825348, "uuid": "b696d0e8-d5f2-4906-89ea-25dd99ee0fe6", "comment": "Malware payload (CoinMiner)", "value": "b86534ccf381b8c341220cd72253e48040ecdf61adaf5b39c1315ad57927eede4c92933867b6d9a47b7489186675d7cc", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825348, "uuid": "e4df3a51-ea61-4834-a6bb-84a61229d5b3", "value": "T179863343FAD659F2E1611D3727695E253ABCBD100BA8CECB7BD02C5D8E212D1E234978", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825348, "uuid": "a638b023-4a0a-42e0-8ec0-c479211f6dee", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825348, "uuid": "e96ce40f-b538-46dc-9904-c40560d2f318", "value": "196608:XS8slmuPLiUOcoJQ74I4Hcgtf3VYgM9gQgqBVENq8Cjood+0:XSOQi6XsTRVJJQXoBg+0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825348, "uuid": "658edf01-4c4f-4580-9acc-aa7399ba474c", "value": 8411308, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825348, "uuid": "2e2d909a-f707-4986-bc46-5520e739b7c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825348, "uuid": "440ee90c-5bff-4893-8428-281e22ee9ef7", "value": "810518cc7d11531000d504da0d087c1f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06d118fd-3956-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1691875213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691875213, "uuid": "d47abdb8-677c-49c3-bc2a-01bbb26e8c28", "comment": "Malware payload (njrat)", "value": "052f3b585015dd971a1fbe4c6b5c01b9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691875213, "uuid": "e5d2dbb4-04da-4d75-9193-d8628900be8b", "comment": "Malware payload (njrat)", "value": "6e5e1c10ad406e21bb7cf2dc08f63c1f5c2a63c5655e673050dfc246252cb170", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691875213, "uuid": "5250dc26-7cc3-4582-b534-a9c169bcec73", "comment": "Malware payload (njrat)", "value": "695e0fd8d7cc2e20ac186f52d52187014a80164d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691875213, "uuid": "f7edbd51-e66d-4c69-9ffe-0a8ae1a12d91", "comment": "Malware payload (njrat)", "value": "ac9a9035351f86c2707b14366d92c56912a38e949128515de647bf8d7fa189126f116a954b025ad34804f929a64a8261", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691875213, "uuid": "b5f9d659-e8df-4c0f-91ca-b00c01497b29", "value": "T13EC22B0B3FB88856C9AC177849A5975143B092C70422DF2A8CC564CBAF73FDA6D4C6F5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691875213, "uuid": "e253f516-df41-4b3d-a949-7bdd118ee91a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691875213, "uuid": "cb9e382f-af92-4a02-a6ef-addeed1d97f7", "value": "384:HsqS+ER6vRKXGYKRWVSujUtX9w6Dglo61Z5DVmRvR6JZlbw8hqIusZzZyHUFB9zW:cf65K2Yf1jKRpcnu/UFHzLgnG+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691875213, "uuid": "292c2d07-5dfd-4021-99f6-0fbbd5e4ecb5", "value": 28160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691875213, "uuid": "b549b7b2-6285-4daf-a306-40f18ecbfd5c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691875213, "uuid": "4d50c90d-8e88-4ec5-980f-61a6e5d98cf7", "value": "052f3b585015dd971a1fbe4c6b5c01b9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e575635-3945-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1691868005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691868005, "uuid": "85ad42a5-e82b-436a-b4e2-f450e1ebf69c", "comment": "Malware payload (DCRat)", "value": "24799344c63492769083cf7170695781", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691868005, "uuid": "793298ed-008f-4f0d-8a1c-a55b8cc30bee", "comment": "Malware payload (DCRat)", "value": "6e75fc4a13aa217ae0cc30d9f83937b3afd094d72e1cf1822e9824c956855c6c", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691868005, "uuid": "27cd393d-7553-44fe-8621-6eba2a6f87c9", "comment": "Malware payload (DCRat)", "value": "54492bcc481528c0949760b148cfa1a0bd65c916", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691868005, "uuid": "77a647bd-0a90-4ffd-b0c3-ea69fdd3dbc4", "comment": "Malware payload (DCRat)", "value": "28c3b83389381431b46bc4a3c3bd57b148f77a444e34fcaa260fce33f12a75e379eca8c12ad1c7970b027da66e689fec", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691868005, "uuid": "e54f295a-9463-4c55-ac80-d3b43ccabd87", "value": "T1EB35333A5B37A734E59ABF39B4711422900578F88FE4114B4DFACCD93987EA6CC905B2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691868005, "uuid": "90a54d36-48f4-4448-8974-3b52ea951aa6", "value": "d5d9d937853db8b666bd4b525813d7bd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691868005, "uuid": "0effc7a2-6e77-48fd-bf9e-45a551f25fc9", "value": "24576:Lwg1i+l3pHXT1Tb2HGzZgSi+HGpdfESe1/D5erve4wkd7c:L91iG3lT1WmzpildsRD5er/d7c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691868005, "uuid": "0f74bd89-0b84-48ed-a516-ca6b8e3652af", "value": 1127424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691868005, "uuid": "efaf0f97-7216-4d42-9b55-d780b9b57a03", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691868005, "uuid": "9c20b353-72ac-4ef1-81db-ce8de2754a3a", "value": "24799344c63492769083cf7170695781.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29818419-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826309, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826309, "uuid": "ddbc6214-923a-49fd-8d0c-1245b3314ab8", "comment": "Malware payload (AgentTesla)", "value": "98a4186a1ccfadb25b14720703ca5a2b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826309, "uuid": "16149fef-84dd-454a-89ba-261503b9e8a1", "comment": "Malware payload (AgentTesla)", "value": "705e99b7d24df451ab51ed24b04547e20d24aead3404c6e32891069c07c3b998", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826309, "uuid": "0f22d430-f89d-415d-a017-7c54b9bba4e3", "comment": "Malware payload (AgentTesla)", "value": "f24fb763798acb3d233eb7afa391823817ba2161", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826309, "uuid": "2d5dee11-0418-464e-ba91-aa1d2e98bb9e", "comment": "Malware payload (AgentTesla)", "value": "3bd67b7edf079b5a670de381b78cd583d9dd49bc15b61b6831c8df18b7405d8754ed5ba7f86e3b5bd964175f5f17f476", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826309, "uuid": "71661b90-2049-47b2-a2bd-d379ef198dad", "value": "T1CDF42398ABD888C199FE31303A02F596CA9714F0DA38B33075D71DE6061CB6EAF75817", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826309, "uuid": "f3fde508-17c3-40cf-bd64-074196066780", "value": "12288:ztGMFnr4W7SBlM3Qly+wQx4cnlf8yC6ZRUuvXA2+nSkLcufpNwCjD6K7jh5T:ztGMFnr4Wse3QKwtlEyC6ZRBQrLcufpl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826309, "uuid": "08c31248-0ca1-4219-87a3-a0bc8d1d7666", "value": 739299, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826309, "uuid": "99249cc6-7ebf-49db-ad2a-d14a844cd9cb", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826309, "uuid": "75c11b25-15bd-403d-be36-91d55a913572", "value": "Purchase Order.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "484c7aff-3964-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691881336, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881336, "uuid": "ed2eec8b-f807-4877-80b5-f5209af9e035", "comment": "Malware payload", "value": "0e9483d049f6ca3f44bd214c6a3775aa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881336, "uuid": "b7290825-604f-4464-afbd-203b08d0bc10", "comment": "Malware payload", "value": "71719b9ece17408bc46d9918e248df9724566752b268fa32bae0fb6bf25580ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881336, "uuid": "d28e5c01-0107-46d1-85d7-50305356f47a", "comment": "Malware payload", "value": "bf446fb5620ed23e059b958ab1b99095ca1a2e5f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881336, "uuid": "d902074a-6741-4a37-90e8-d4c20c81abc5", "comment": "Malware payload", "value": "5b5e9ab776cfadc5d8abebacc16cf6cf18c13e43a47782f69b572cd0f4ba8b1acab109dc6106b2c45bbed298d51d2894", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881336, "uuid": "81adb9e4-6b31-48e6-a6aa-ea790274b56b", "value": "T1EDE38E01F6C2C0B1E9F3157511A1A260DF3DF9304AFD5EAF5BD80FAA1F311A0E52996A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881336, "uuid": "ec95bb63-6ed6-4e92-9f4d-bcb6438d1cfa", "value": "0139538a651a21148db92c7ae213c5f3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881336, "uuid": "d58d19c4-b54a-47e7-a738-56108344956a", "value": "3072:D3A8KrSuTojO/pLY0Cdsxge9BO009oviZI+WSDrkwmZzPeaVVJ:DkrSWM0vgSF0V+SDrk1VVJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691881336, "uuid": "6c0359e4-fc81-4525-866e-7e4d46488480", "value": 143360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691881336, "uuid": "6e2b0cd2-4f79-46f1-a18d-0544ef3dfe9e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881336, "uuid": "c1cdaad6-eeb2-4192-95b6-cc62410b772c", "value": "j9022960.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2d31bef-3958-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1691876415, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691876415, "uuid": "f6deed30-203c-43b0-b67a-10d305ef8176", "comment": "Malware payload (DCRat)", "value": "2714f7564c2d27dc90ebb8c72ce0cdce", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691876415, "uuid": "eba6333e-f98a-48c4-8df8-188cba5b5f61", "comment": "Malware payload (DCRat)", "value": "71f798cd30bc05c6e63dea617d76e14173af4fc672d3dd9e3882e627a980fd69", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691876415, "uuid": "0ebbb270-c295-4b32-a13f-e61f815ad1c5", "comment": "Malware payload (DCRat)", "value": "e0d9176ef6da54fa19e2914a3881a9484fa17e82", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691876415, "uuid": "ab6f5d11-18d2-486c-9794-79dbe03330c8", "comment": "Malware payload (DCRat)", "value": "d8ac51afc8a0373d9fef52aab2e71928d90312d3ebc83ff2adfd694244b28f4a82ffb3fb0a6ddb867735426866e1a1ed", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691876415, "uuid": "7b3330bc-68ee-4c23-bd09-1e256203008e", "value": "T161455A02BE44CE12F0191633C2FF451487B4AC516AA6E72B7EBA376E55123977C1CACB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691876415, "uuid": "99bdf0b2-be5a-417c-b490-e73574c41246", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691876415, "uuid": "e61ea1f1-9a82-452d-8e3f-e57bb4421235", "value": "24576:u2G/nvxW3WieCuzYoTpfDQo3RLy5kOoUlIf0:ubA3juzYoT53XOT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691876415, "uuid": "b01ef68a-d323-4b26-9373-f14e27c1383c", "value": 1164862, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691876415, "uuid": "646a0038-bef4-4b60-8a53-bb426bd6e53e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691876415, "uuid": "56cd7a11-e1c3-4e06-b56d-ca0288b2f9c4", "value": "2714f7564c2d27dc90ebb8c72ce0cdce.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60adc1e8-3902-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691839286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839286, "uuid": "de3e2e6c-e587-4077-aa04-54fd6bf6f81c", "comment": "Malware payload (RedLineStealer)", "value": "8c9c4acc7704c3cf7eaa319c21cf9b39", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839286, "uuid": "97843d98-0907-4a11-bd27-5ec89395f076", "comment": "Malware payload (RedLineStealer)", "value": "73d494a84a3da3250d7ff455be976be33f9923b59ef66b3fd0c0496e538401d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839286, "uuid": "990303a0-6d05-44e7-94ed-3511b08d4a37", "comment": "Malware payload (RedLineStealer)", "value": "768cc487b37f5131a3ee8aba04d3a9bd90429beb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839286, "uuid": "e1045314-f633-4238-b947-270f81c4c047", "comment": "Malware payload (RedLineStealer)", "value": "8874e5d9088d9ccdabd2d98816b95819f9b8443a1ad417829375599af59f724675f554ceea9aca2cd2dbcef0e2fb6408", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839286, "uuid": "8d53db0e-dc51-4b18-8e13-6b18e3d92442", "value": "T14CF4129366E8D172E9BE57B029FB13E30B31BC75AD7442AB2251D88D1D32684D43273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839286, "uuid": "8cc6eaf0-de47-44e6-9b6c-6c0b38584137", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839286, "uuid": "645e780f-bff5-47d0-85ba-a372066d243f", "value": "12288:MMrKy90yH4JJtukODtJ+5KMW3zu3iSX7/JiSm6kzbjGfdZNCOBRrJf3:GyCJ+HrqzBrBiSm6kn4dZ4aRx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691839286, "uuid": "ff1a2578-b5af-42d9-b5e7-eb6508729294", "value": 749056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691839286, "uuid": "41553215-0c1d-4376-8eb6-d43603418292", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839286, "uuid": "ad1e254b-cce6-432f-881a-7f8e115e6f38", "value": "73d494a84a3da3250d7ff455be976be33f9923b59ef66.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "250cb4a2-38cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691815564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691815564, "uuid": "04d18ff5-611f-432f-a938-2fc3fb380796", "comment": "Malware payload (Amadey)", "value": "4730b7d502640a6423351b336534bd86", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691815564, "uuid": "33c54ab7-83f5-46e5-9bc4-35f001dd3838", "comment": "Malware payload (Amadey)", "value": "7513bc9ba9b31a826ff140ea1c2bd3c9beb2dc321da0e3624dd42c27d8187379", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691815564, "uuid": "a9265480-d360-4d24-b6f5-187425f4e16a", "comment": "Malware payload (Amadey)", "value": "28a3431a7f21f06c0333c73e09ee7965c9fe04fd", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691815564, "uuid": "3b76a453-9e17-456f-9e6c-e2431c4cf9bd", "comment": "Malware payload (Amadey)", "value": "d9823b40d178a101eef43158bdbf2a98ecce457523519d90dbf74964d3931ba1a59fd94c2b8967492dddbc1e6046bc27", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691815564, "uuid": "7995f69e-b35f-48c8-8cf6-e852b27747fe", "value": "T1E0F41206BAEC9063DEB527701CF713C30B3ABD6259B8466733826C5D08329D5A57A37B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691815564, "uuid": "15d825ad-2a0d-4814-bfd9-8ac75f721148", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691815564, "uuid": "4d0fd1da-d844-4476-9de4-f954ed7f6f5e", "value": "12288:7Mr8y90yBvr9qf2zQ5GhHpFtebW1/uAfKw0e73QEKRlUX/p7NtkAWqyxVbN8FCcO:Ly9kMdpFtEW5u2zz739KbUhPTWRum", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691815564, "uuid": "4cbc1dbb-ad1a-414e-bd80-58a2d5f7cf37", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691815564, "uuid": "789a7ef7-4811-4f86-969b-04ff9808ff0c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691815564, "uuid": "ddbd570f-73f7-4463-aabf-9e3fb8544706", "value": "7513bc9ba9b31a826ff140ea1c2bd3c9beb2dc321da0e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cac5212-38fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691837481, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837481, "uuid": "81157269-5ff2-46f7-8a9a-77b035977d1f", "comment": "Malware payload (Amadey)", "value": "8e6a92e377293aaa9361c032abff894d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837481, "uuid": "668a8388-403c-48a3-b0f9-393a9fe0da42", "comment": "Malware payload (Amadey)", "value": "7516c2eb326a3affd1fe4cfe67fc4860c2bddd2e894e1c307f088d4b58c36348", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837481, "uuid": "2aa3727e-e4fe-4c7e-a725-12ac33bac0e9", "comment": "Malware payload (Amadey)", "value": "b9b79af3d3a921339d8da0c9891152c41c4dab13", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837481, "uuid": "7b6beab9-484c-433a-ba1e-e6f98e6ff182", "comment": "Malware payload (Amadey)", "value": "9ba3530a50c1fba3cfb275e0b75c66a3ba9c529d125d624cae5df651c57643189c155f8f3867d50f611e0ee94bdbe2ef", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837481, "uuid": "14374af2-2a75-4440-b8e1-ef0aa821237b", "value": "T1A76439417952C072D960A1721AB5BFF2C59D68249BB049DB7BC00F76DB212E77A30F3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837481, "uuid": "dea562c4-5f41-4884-a7fd-c2724f802035", "value": "44e769941d2c6ad88bf42ac4adb36135", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837481, "uuid": "7519db63-f58c-4249-a23f-117a834e5621", "value": "6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691837481, "uuid": "907761e1-02f4-46c5-a8dc-80239f75105d", "value": 321614, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691837481, "uuid": "5d1003aa-48e6-426a-9ac9-b1b94d530f0f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837481, "uuid": "d05514bd-80e8-4e37-a6c5-a3abe508030b", "value": "8e6a92e377293aaa9361c032abff894d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0560a296-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826248, "uuid": "130b9446-3e4a-45a2-98ee-6e59ff2d2fb4", "comment": "Malware payload (AgentTesla)", "value": "7c24f75651a4800eef5176acbc65a95f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826248, "uuid": "d75e2f94-82ed-469c-9128-c02a889d6e7d", "comment": "Malware payload (AgentTesla)", "value": "76a66f7fc55ad34fec963c42be5a025aef31ed950c2f1bcca415d2754572213b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826248, "uuid": "ec6ddb97-34e9-4bd4-ac7c-092b30716a5b", "comment": "Malware payload (AgentTesla)", "value": "7d95aae35597da982ba6e54d97825c9d4f88f9b4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826248, "uuid": "6b955a92-1c87-45aa-9a5b-090941ce1145", "comment": "Malware payload (AgentTesla)", "value": "a031e20c1bec9eafce6fe69cf1f9d2eefcfb2d9f808a6dbf3c28a96a3aed1844d08b3707be154e2b7f9b329f9469bc1f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FedEx", "colour": "#D1A78F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826248, "uuid": "61ce5059-ee68-424f-b008-a90020157d40", "value": "T11015D060AE39CF85E56F4BB9008ED30D83765C593562C23A59AB50CAD0937C207DB7AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826248, "uuid": "0a5e3ab6-fa87-4b76-a0d0-1a77f591f739", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826248, "uuid": "eae7d258-15ce-4121-ad42-c027a50f6d60", "value": "24576:akhbYaU8kyWdq0ODYBUSpyjkyb1Y5Jm6SfRDYTj3:RTWd8YBUyqyJ7SZDm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826248, "uuid": "01bec06a-c7fa-49f7-81a5-1228cf87c816", "value": 915456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826248, "uuid": "1b0092e2-9b76-4adc-af0b-bbf6e403d692", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826248, "uuid": "2dac96cd-cafe-428f-9127-a5e86c0ec6fe", "value": "FedEx_AWB# 108235019763.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cccc0662-38ee-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691830878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830878, "uuid": "c033ef40-0876-4899-b506-b9f1a73b00b1", "comment": "Malware payload (Amadey)", "value": "4d91cc891281427f7fd180a2cac6f914", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830878, "uuid": "0d743a33-6138-487a-93cb-80651d0c3328", "comment": "Malware payload (Amadey)", "value": "7804df2b47fe28a9801028d960548cdb9dca7fba588b60a5f5a74386234e8a12", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830878, "uuid": "b9353f66-371c-4119-967d-1e6adee3cb77", "comment": "Malware payload (Amadey)", "value": "143910cd9a7414826eb7f003b607a4be6942666a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830878, "uuid": "50670500-7e93-4a88-8755-6438120ba33a", "comment": "Malware payload (Amadey)", "value": "b304100541c584045069997013b20f3043423b2311fbbcd5b49aecc4d9f4c2d9eff27078c418ede760a3039bc760c121", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830878, "uuid": "86f94c05-eea5-49b8-b3c1-bbeceec3217f", "value": "T148F41303EEDD4463EDB517706CFB23830736BD601DB8866B23899C4A1972A91B53173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830878, "uuid": "fe99828a-20c4-40d4-8f0a-c017f4e042d9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830878, "uuid": "561ea4b6-81c3-41e4-8cf6-4c39bfd5ae04", "value": "12288:eMrVy90u46gt8WRfxqWkoy5IOR9yKMke761RKROUXPp7zV2GSviOEpQTMm8:fy1dWBQWW5zREPj763KoUxyvi1m8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691830878, "uuid": "084b4ffb-b517-4cbd-ac95-5f3ff19a8124", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691830878, "uuid": "49c99879-50c7-4d2e-9a0f-c133956caf55", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830878, "uuid": "1b9118d7-14d0-4e2b-8e68-d39b42b977ef", "value": "4d91cc891281427f7fd180a2cac6f914.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "181fc069-3907-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691841312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691841312, "uuid": "575527eb-a419-4952-8290-e0e7fa893abf", "comment": "Malware payload (RedLineStealer)", "value": "b192f51a9a9b24335343f938ec013807", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691841312, "uuid": "e9bff845-7aae-49d1-9362-d3088f5f52ad", "comment": "Malware payload (RedLineStealer)", "value": "7ae0605aec439455add9082308a769a1cb0b48d8d1ee8f94bd1710a41d268adb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691841312, "uuid": "0dfc57d1-b6af-4608-9299-da13872a8273", "comment": "Malware payload (RedLineStealer)", "value": "fc9bf988de04d3aaca9ad58a560ce692bd3b3f19", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691841312, "uuid": "49f40a37-24d9-4691-b168-a8b365a2126c", "comment": "Malware payload (RedLineStealer)", "value": "71d7b17487d719e083fd500668f9a0e0cf595bf26a63ac3bdc1c9de518e0a18afffeedb3abad040be7a900e881990977", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691841312, "uuid": "b748a382-d5f9-44a0-8e77-03b762cbbf73", "value": "T1BDE5AE116BA9CE5AC3E62A37647743244731D515B702B71F2F2E262CBCB27B89D803D9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691841312, "uuid": "8352200d-702f-4e7c-a430-0f1dcc217d03", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691841312, "uuid": "9681cc4e-2658-4d14-a6af-2d48629bedeb", "value": "49152:nb1M1G3PTXchznEJuuGHefKs2F9Oi3Tqs5nZBjdjo+BVQ2X:nbAQGd3TLTqs5Z7s+BVQ2X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691841312, "uuid": "a4ae16ce-4e77-4097-bf4e-d76d3b984106", "value": 3245912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691841312, "uuid": "ddb60ab0-bfca-4625-aae1-31ef607205c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691841312, "uuid": "113d82b8-9036-4975-903e-1e5e1ac0f98b", "value": "b192f51a9a9b24335343f938ec013807.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "063c85f6-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691826250, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826250, "uuid": "5451b144-2548-4a5c-bc58-7789718d84e4", "comment": "Malware payload", "value": "48f7ee7ff8711975b3531d3fb2f2252d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826250, "uuid": "ed9c9d7b-2d87-4985-a1d3-8edbfb1aea37", "comment": "Malware payload", "value": "7b2c5e2b81e66a363f29e2ef2419eb84f9cb471c66cb6843d16fcb79cb45fa5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826250, "uuid": "188ed00f-9589-4e71-b32a-53a27e953f72", "comment": "Malware payload", "value": "9361fcb4a14f3112cd5545a9f296d19b617d3d72", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826250, "uuid": "9f78a295-d366-4ad7-8c45-a221d535b9fc", "comment": "Malware payload", "value": "e0676d9fc2804ec1deb90c124fa3507abcd69ab30c98f7f0e8218314ff4cbcd808cdeebcc6672332913a00716abb9cf6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826250, "uuid": "4f77416a-554d-4f48-a1f0-c2ebcc74dbbd", "value": "T1B863E1B99348C975CDE950316C503B9CA6A5E0F29FB5AD812700F0E71CB6A902F7EF02", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826250, "uuid": "2d8651f2-f98a-4ede-87c6-6ecd965f7ad6", "value": "5d0036c16dd6a8ed9446297d982e8562", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826250, "uuid": "918709bc-7e24-440f-a76a-c86c8d9586ab", "value": "768:WOmf4MDD17TzXMsrnChvkzOp8W0daMAOVyQ38UyyLA3stq7:QfhTzXZqvkar0dFA3QnyyLTt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826250, "uuid": "00a94640-2072-4d80-81c9-eb59543b6aee", "value": 70656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826250, "uuid": "3a6eac61-46f8-4c42-94f1-99b14b8b73a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826250, "uuid": "99f1afe2-7412-480a-9477-e32dd34f59e9", "value": "INVOICE_87402.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32c014ab-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826325, "uuid": "6783ed06-f11a-477a-ac46-335621ce0a31", "comment": "Malware payload (AgentTesla)", "value": "6e5be75b681991b7e6a399b31a18892e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826325, "uuid": "e618e951-f8a7-41f0-b390-42247fbe0d58", "comment": "Malware payload (AgentTesla)", "value": "7cd5926e7175cc8ca9f17a3fdd665c0718ccaeb633b3389d76d28db668a4a9b7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826325, "uuid": "38a041d0-f413-474c-829e-0cfa0a666573", "comment": "Malware payload (AgentTesla)", "value": "6389ff61ae4941fb0e42bc48d2ff4c652aa39032", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826325, "uuid": "a9536106-fb4b-4124-b832-83ce9524e255", "comment": "Malware payload (AgentTesla)", "value": "3e6442421a3d7ed87ff41dd835006fc95e2f82f770ae0e6f525144035df352ec17d970f6c4dbcc0e066b3e987a92acdf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826325, "uuid": "01e23fe5-99c3-46a4-8135-fdef3f82f5c7", "value": "T1B314DE1025DFA48CB2B23F6317DEB6AA4F6BF7B61B3A515C250443075AA6C44CF94B32", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826325, "uuid": "7b3b65c7-8d57-4d20-956b-5954193e518c", "value": "3072:0boB3t3t3t3t3t3t3t+c5hMV+UCGYYYYYsI+r3:0boB3t3t3t3t3t3t3t+c5hQI+r3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826325, "uuid": "ba1173a8-cce8-4c3e-83df-c93e6367b4b8", "value": 206942, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826325, "uuid": "094b5ea7-06cb-4ec0-9a57-d2c1c8a32f76", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826325, "uuid": "2dfcf3bb-9d99-4c9f-8091-6f3b0fea140e", "value": "LOI-FUEL OIL-8723.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "622d4426-38ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691830270, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830270, "uuid": "8283f83a-cf4f-42f9-9835-780167e8975c", "comment": "Malware payload (Amadey)", "value": "e7451563ebdc097f4b3c1c51ee6949f7", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830270, "uuid": "25c0ec34-2611-4df7-9b35-4863bfa57373", "comment": "Malware payload (Amadey)", "value": "7f86468f67c7e0f6ff08770e550b49d460e7c111a4edd8ae884e54dbf4675bb5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830270, "uuid": "cec9c1b6-7a65-45a9-ae9a-b3c62edee078", "comment": "Malware payload (Amadey)", "value": "d59be69466b9fad1c945ba51dd9d91507ee2fe77", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830270, "uuid": "0bbb0619-6ce5-4b07-9eb1-500b35d8d075", "comment": "Malware payload (Amadey)", "value": "8da6bedc32c6601185fb8324c799d2766fb48d81aa693ee88005f6c52f99ffd2135b62d16fa24ce5d96044e6d39b548b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830270, "uuid": "bfd4266c-97b8-440d-9aea-166d71658547", "value": "T106051316B5D94032D8F52BB168F603C31F3ABCE59CB4936B2B54751A0D33680AA7177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830270, "uuid": "6dd5dca1-7d7f-470e-bf7e-19247adc1424", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830270, "uuid": "eb89dc6b-6018-4e67-a568-8e772a2db2b8", "value": "12288:ZMrfy90b09uNBCdFPOyIcHBLboY9ncnSaCHyJpJnbxbh8I7TJcVzKih:CydrNLboY9ncnSaCHyJvnbxbh82l6J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691830270, "uuid": "f2818b7b-0b72-4550-8aa8-1db3720b4124", "value": 868352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691830270, "uuid": "e009b237-7394-44ea-8d17-d20969ecf2f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830270, "uuid": "4dc034ad-43d5-4cc6-9b2c-2e64540403c6", "value": "e7451563ebdc097f4b3c1c51ee6949f7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e07b37ca-38f7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691834776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834776, "uuid": "f81c672a-5d65-41fc-be26-3073ca1161e8", "comment": "Malware payload (Amadey)", "value": "01d6b7a31694d96c9d30bc6263ec27b1", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834776, "uuid": "c753d83c-4749-40c2-87cc-f0ea22959fdd", "comment": "Malware payload (Amadey)", "value": "80d1f0621a20f6821cf829d7619f7811e6191e104b078c737cb6c985f1c105f6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834776, "uuid": "0c7db1de-adbc-4be3-ad31-25f4e18b2397", "comment": "Malware payload (Amadey)", "value": "f63aba391ea983012c483856d9b63e7009e0d85b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834776, "uuid": "6af6e083-42ab-43e4-948a-e129c15eb8c8", "comment": "Malware payload (Amadey)", "value": "2e1169616a8720a4ae62c05492ee394291c0d596ee11ee6bfa4cb3e7e72ff572f4f3cf54efa2c3e5d140ca2ea22270e0", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834776, "uuid": "c262ce08-688a-4518-856e-2c2a4d3fa197", "value": "T11BF4235693D44272C9F527B02CF702C30E3ABC60ADB097BB2B95995E1C7178295B273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834776, "uuid": "89985923-54db-4eb0-802a-784e7fe8cce6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834776, "uuid": "52b617a0-6fc6-4a7f-af79-c62dec7dfc60", "value": "12288:DMrIy90rPq7bTfev1OA87iGvfKX3bL9GZPjYNcl72PbaCkUXm:/yoq7mvcAovfKX3bL4VFB2W+m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691834776, "uuid": "96590ff4-db3b-4e63-8b8f-de07081a903b", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691834776, "uuid": "52b096ea-4d4b-4fec-b92c-7dccc2c6c532", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834776, "uuid": "095ce094-1a8b-48d0-9af6-81ae7d99cf3c", "value": "80d1f0621a20f6821cf829d7619f7811e6191e104b078.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43ce7ee9-3945-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1691868014, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691868014, "uuid": "dec80b23-1ae6-4189-8c19-a9653e6230b3", "comment": "Malware payload (DCRat)", "value": "28f8380255816a0bbc2db16bd74314f0", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691868014, "uuid": "a0e8e9db-6671-439d-81d9-68c1f2e6ad51", "comment": "Malware payload (DCRat)", "value": "82e00d432b308940e23522863d889ffc905a42b7a00c67bfaf39e4812bc1f6cf", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691868014, "uuid": "6d6a6dff-8c41-43d2-8676-47c9b7aba8bd", "comment": "Malware payload (DCRat)", "value": "35f98f4789736a833ab717b3ebffbd295dbea5b4", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691868014, "uuid": "45bf64a9-9791-4216-a536-c3427af13473", "comment": "Malware payload (DCRat)", "value": "1f8529ce87904ea6164a0e7ff441d8cc5271646c1109c154c7cc23456dce16b9a8e908a181f4792de4489e6e64c0588f", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691868014, "uuid": "84a6cf5c-8e76-4041-9e14-c6b0398e4813", "value": "T1E4856A017E808911E0183E33F6AF753447B4AC5326A6E71F7AB93EAD15123927CDD9CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691868014, "uuid": "ba9d9308-b212-419e-addc-d02778770418", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691868014, "uuid": "ec74f0a2-c9af-4748-9e51-9a683e0b6e13", "value": "24576:C2G/nvxW3WwoWesIbmFYdJHWXsynOPjwO4wz7ZkMkC0NTPPBnkG3YBoRGP:CbA3beXbm02XPQPZZkpTPPBn7oiR2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691868014, "uuid": "292892a2-c8fd-4f27-aaa7-dee3b9693230", "value": 1765511, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691868014, "uuid": "04ca992f-3390-4436-a88b-9802c98091a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691868014, "uuid": "13aa9d26-8516-46d7-857d-ed8c26d42608", "value": "28f8380255816a0bbc2db16bd74314f0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3a52090-38af-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691803858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803858, "uuid": "4460b564-dad2-4e4b-a759-386c130651f4", "comment": "Malware payload (RedLineStealer)", "value": "65b69381f847c3493af7e4256b86c862", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803858, "uuid": "156e09c7-2ded-47d4-8198-94e0dd735437", "comment": "Malware payload (RedLineStealer)", "value": "838c8235aff7169fb5ffae794a4edd12b3e5f69c533e121abbb159367533aee0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803858, "uuid": "8bdbb852-6bb1-43df-a08e-d9dcb28b92aa", "comment": "Malware payload (RedLineStealer)", "value": "2d205d4d13107216b767e6a18019a10b5b24bf69", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803858, "uuid": "f55a9ec3-bbb0-4a6c-8ca7-ee6b1b0f8faf", "comment": "Malware payload (RedLineStealer)", "value": "19af98cc5d29de85ca01979f6d824bb37717efbe45edc3b57da51021077584f51bd96254ba94a91d15cff3558451e503", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803858, "uuid": "835ad046-e2f0-415f-bc75-1510e3c46a3f", "value": "T118F41267ABE84172DAB65B7028F206C72B327C615D34935B23C9E41E1D73B08A836777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803858, "uuid": "29506711-aec5-4454-970c-ee59d04803dd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803858, "uuid": "d18c1b40-e23e-4150-8995-98b3d6d096e1", "value": "12288:aMrKy90NmNMWwBQUFI9tTwm5EiqjmtQU+xmb6eMSrXt5WVwFp24v2atRk:EyOmuWwI9tmfjmSbxmtMSrdhpv2atq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691803858, "uuid": "11bb5053-9cdc-428b-a5cd-c4f6a4e0578b", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691803858, "uuid": "415e1c10-b448-4eb4-bd02-197e882ed4c4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803858, "uuid": "dca64d61-9888-46db-9563-50ed8a53fbea", "value": "65b69381f847c3493af7e4256b86c862.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c04d7841-38e1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Babadeda)", "timestamp": 1691825274, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825274, "uuid": "9c79d371-22a5-49f3-956c-96480a9afed2", "comment": "Malware payload (Babadeda)", "value": "525da297d07c25fdbaf25c787ddec586", "object_relation": "md5", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825274, "uuid": "7bb1e4f6-3a10-4a79-9aba-3f642a5aefcf", "comment": "Malware payload (Babadeda)", "value": "846e40f11fd137bb4d91726d4d9a75ea4771534ba1551e5737ff1f86f319d464", "object_relation": "sha256", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825274, "uuid": "78914ce5-856e-4b1e-b01c-853c74f0895e", "comment": "Malware payload (Babadeda)", "value": "362da9ac7308fd1416798d015beda5bf26ff78b2", "object_relation": "sha1", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825274, "uuid": "499bfb1e-5cb1-4040-9fef-db3d98a998ae", "comment": "Malware payload (Babadeda)", "value": "a6a666ded3f1b5af03b6f3055288f3e13a18985d3122208dba62107ebbc5bacbb87f08246cf891c90c962cdce3749876", "object_relation": "sha3-384", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825274, "uuid": "e69c9fb8-7631-40a7-ae6e-7a42d0e1fded", "value": "T173936C41F3E642F7E6F2093201B6716FA639A6289B14EDD7D34D3C025A51AD09B343F9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825274, "uuid": "391bc615-465b-42a6-8905-33541f61c1d1", "value": "5877688b4859ffd051f6be3b8e0cd533", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825274, "uuid": "949ce82c-545c-43d6-b569-b77e9869da0f", "value": "1536:87f9h0UPJP/CpICdikMLMLv5PFNg1qrX+VIOlnToIfAgIxj7fO5:SliUPXC8k1nJrX+fNTBf0o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825274, "uuid": "1a435546-88b6-4e6c-86b3-0d3eea623f1e", "value": 90624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825274, "uuid": "c6fde995-9465-4706-b79a-fbd68744942c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825274, "uuid": "1dccb6bb-7e65-4171-b8d4-d53133fe49ad", "value": "525da297d07c25fdbaf25c787ddec586.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f9c6cb6-3902-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691839285, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839285, "uuid": "3ba6826e-24ed-498a-b347-0bbdf223041c", "comment": "Malware payload (Amadey)", "value": "6fe72050356e67d5c58b38ed45ff7fdb", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839285, "uuid": "588d6df3-643e-4103-8800-374c7d80c451", "comment": "Malware payload (Amadey)", "value": "8c84bb79c9b22daaac95f8a39eb46c58ff95bc7dfb92594b173ac429ffe00aee", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839285, "uuid": "a7c9cf3c-5f91-4021-9c84-4af2d9878174", "comment": "Malware payload (Amadey)", "value": "2f5290697a070e89a1d5ea567cb1d0e9d378a0d4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839285, "uuid": "b65066a5-99f2-4569-9a0e-394bff3cd6a8", "comment": "Malware payload (Amadey)", "value": "17ab279c92a53a80df3f50334a541284cf258e5010b60c7e98c71e87d3e4a7ae1321321c0d9aced153da7bfdf52f9374", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839285, "uuid": "6bd8abec-3ef1-4895-8e17-53271a5ce804", "value": "T162F41216AAEC5476EDF12B701CFB03C30B367C115878976F7655684A0CB2AC4A9B633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839285, "uuid": "bda6d183-985b-4b68-86cf-2b0df96d689f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839285, "uuid": "c70afadd-c15d-4f5c-a077-51a9312f00fa", "value": "12288:bMr0y90HOc0bKZq0KIF6quM1NEK5wx3aNJKg8e7a++KRI7Xsp7SUcnny2RB2s5Ip:nyPKY0tF6uQ3aHvL7aHK278Cnny2H2uy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691839285, "uuid": "f0da5a86-9472-4fe4-b17e-9b57a76f49e9", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691839285, "uuid": "35ed9848-5d26-42e5-8e34-0233f9e6efea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839285, "uuid": "c19a8e49-b413-4a39-8ea6-8b3a9a931e93", "value": "8c84bb79c9b22daaac95f8a39eb46c58ff95bc7dfb925.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8b921ed-38a8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691800860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691800860, "uuid": "4ffabb06-625c-40c6-bdf6-00603b4458f6", "comment": "Malware payload (RedLineStealer)", "value": "91fa74d1bda737faf9c7a71ab510e73e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691800860, "uuid": "4bf545bf-edd2-470a-9bcf-305743c7cb45", "comment": "Malware payload (RedLineStealer)", "value": "8ea8314c26b4cea6df4b5006a23792e770ed32a917f935319d09b17530703fb3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691800860, "uuid": "418c2fed-f82b-4d89-90f8-da225c1e2f1f", "comment": "Malware payload (RedLineStealer)", "value": "38e5eddf75c21f42dffb0a461499fe6efd7f2861", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691800860, "uuid": "6237db7c-6208-4f1a-a908-8f249c40839a", "comment": "Malware payload (RedLineStealer)", "value": "80b35d93e02d5b0abaa5062bea5f13f1bcb1729189d89e85f9a8cc9709efbb703f608a03b7ddd35c6c544d9303a5c95c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691800860, "uuid": "6a1748c9-2286-441d-9360-2ff1bb7e0c0a", "value": "T1B2D41253A2E880B2D9B617705DF603930A3ABCB10C38E26B3786994F4D73995E57133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691800860, "uuid": "d47f7edf-b5bc-43e2-854c-422ab82f2b70", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691800860, "uuid": "6a02f10b-347c-491f-b92c-284d1475ec94", "value": "12288:zMrMy90UNOZS8s4YXfBslvRSkyr5oRvQSLfSNaz:3ymAHpXfWlvR3zPL4E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691800860, "uuid": "f81f8d6f-9726-45e4-a78a-8762102fa78f", "value": 612864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691800860, "uuid": "d423677e-973f-45b0-a5cd-2caf4bd8b912", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691800860, "uuid": "48fdb788-2fcf-4424-8099-a41d879d311f", "value": "91fa74d1bda737faf9c7a71ab510e73e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f45efb5-38e1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691825164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825164, "uuid": "054896da-989a-4923-a1ec-d65f365397a6", "comment": "Malware payload (Amadey)", "value": "da1dae0618a036011c05480f5e89bec0", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825164, "uuid": "48835254-e13d-4079-9461-8da140cc93d2", "comment": "Malware payload (Amadey)", "value": "8eaef685792b70e28620ea44d31b130157cbdd725c46c40ce9a043362d938fdc", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825164, "uuid": "459a1b02-edd2-4d65-bdd5-2b11773807a3", "comment": "Malware payload (Amadey)", "value": "541052b609ac0970b3eca9add52183a84dcd5c80", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825164, "uuid": "6b650132-c276-4da2-aa6f-5fd097f17cae", "comment": "Malware payload (Amadey)", "value": "f828389aea958f9a57af83fd3b48b6de1bd3b4556292e8ea83e39db80af393f8f3abfdf8f8aa8397ebf9f70b3b4fa59f", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825164, "uuid": "2e896c55-bc81-4215-b5f9-c42e462e4956", "value": "T1146439417952C072D960A1721AB5BFF2C59D68249BB049DB7BC00F76DB212E77A30F3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825164, "uuid": "59f50e17-5cb0-48f5-8ec0-a9ca51b6a4bf", "value": "44e769941d2c6ad88bf42ac4adb36135", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825164, "uuid": "d4b8954c-57f2-4004-b64e-b6b4505dfde8", "value": "6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825164, "uuid": "6e5ca22e-a3c8-4b5f-a0ba-590a8753b400", "value": 321490, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825164, "uuid": "715db0ec-ee64-4445-a778-487257bf4ca5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825164, "uuid": "00d70c72-3dc3-45af-9c68-1e3afbe0f166", "value": "da1dae0618a036011c05480f5e89bec0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ced4a14-38e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826717, "uuid": "5ed8b3b0-b67b-446b-8f66-7c30dd1fea2a", "comment": "Malware payload (AgentTesla)", "value": "e5336c88d7ce2047ba1e616d279e4514", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826717, "uuid": "5b1d1844-a196-4032-96de-74974230bd2d", "comment": "Malware payload (AgentTesla)", "value": "90c183ea6ea59b3bac9dc0e44e449fd950e642ab4127de320ab692bc01136d5b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826717, "uuid": "49aefad0-c833-438a-be81-6349d6c47340", "comment": "Malware payload (AgentTesla)", "value": "6f8a9eeac7b4d4c4563b9f306cc930c02e3cf4b2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826717, "uuid": "6cce58ce-cb8e-42b4-8a1c-5133a1c4aaf4", "comment": "Malware payload (AgentTesla)", "value": "e1c7527e6b20eec4b3df3cf13b4e1ecd3a77c25b0f6f5b5931abb051beb36bb8668344e8da7c7a1cd72295bbcf59bf1e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826717, "uuid": "41ec19ea-52b7-4a90-9620-bba3c036e800", "value": "T1C094FD157389CF21C61F15B9C8A2D2F81727AE01DC01ABC766C9FEA939F33E65A51183", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826717, "uuid": "227554a1-3d33-447f-ba76-a52dc6c377e6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826717, "uuid": "2bd3d4d2-a377-436c-ac6e-cec1f8592f38", "value": "1536:WqvT76fI89HuUrm5GjAY6Pge1hEX00zugXDtqSjpPRXy6:WqP6fvH+5G034uh6jzjXR5FPRXy6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826717, "uuid": "7f7123ed-636b-473e-8167-104f84edbc71", "value": 444416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826717, "uuid": "6f82b086-5de6-4b85-8a83-475bea3c6fc5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826717, "uuid": "e2a4a3ed-d749-473f-961d-f78f4d99825d", "value": "QUOTATION_AUG7FIBA00541\u00b7PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "52dcac52-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691826378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826378, "uuid": "acc55b96-ee4d-4f03-8e77-5689e5ef6a1a", "comment": "Malware payload (Formbook)", "value": "eb49f0bcc56cd884c4ba090863329fa4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826378, "uuid": "eb4bc290-73e3-4db0-ac5d-7a9f30ad0601", "comment": "Malware payload (Formbook)", "value": "92e21687b37b476900df3490fc348c318f94b8359e39fa0f98dc00b444f15b00", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826378, "uuid": "302e39b8-b602-48b5-8b99-fc588c606fe7", "comment": "Malware payload (Formbook)", "value": "a0def7e3790b6e3a70e1e64a70833762c3e21211", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826378, "uuid": "026c2b49-9cf9-464a-9f42-d973aa9beeeb", "comment": "Malware payload (Formbook)", "value": "f42971a1d96535e80a1b2bc62461ca040dde45243a6ba937122bb0af29b39ca708fe58f35fff2056c67bba79bfd059ef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826378, "uuid": "3356f901-edf3-424f-b9f8-0149e65609da", "value": "T118D423B523076A17CCA447F05917861763BCBE4B8190C6CEF8917D9EAA1FED08684F1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826378, "uuid": "46b039e7-d9fe-43b6-b8a7-bdd954158936", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826378, "uuid": "c7223637-cebc-4fc4-ae56-618ba785ef58", "value": "12288:UQL87+2p6QW1RAGq0NKHqlSEp9dc+BXuY0x1o3//DWlLbCdl:Rg7+2sQyR60NKH6SEpLVXufKrWlLbCd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826378, "uuid": "0ab52582-ab7c-4378-82d8-97409d5b3dc4", "value": 642560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826378, "uuid": "8bae0842-24a2-4710-bc74-b782a209fe7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826378, "uuid": "b42a93cc-7f32-4fa4-8945-8fd4f5038bbd", "value": "hesaphareketi-01.xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be15c2bd-391c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691850610, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691850610, "uuid": "a4c01e56-044d-4d1b-8b22-dc88ba05bc69", "comment": "Malware payload (RedLineStealer)", "value": "b2cea271a9a86385fd6a9fed011763c6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691850610, "uuid": "aa268fd8-e0d5-4f25-aba4-1afbc14db2c5", "comment": "Malware payload (RedLineStealer)", "value": "960df7d3c618c90075d56b4da9d86a6a00fd8f8b48622fda33938e04356b08e7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691850610, "uuid": "ddc9e8f4-6e63-4649-9667-cbbe0627d650", "comment": "Malware payload (RedLineStealer)", "value": "87708f998dc9764ec0a795d86c25bbc82b542521", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691850610, "uuid": "97999780-a6a3-4c2b-8959-af7e98a3ebe9", "comment": "Malware payload (RedLineStealer)", "value": "0b623ce80caf066cc01b155be13cc1340ed773ab937edd712faa163e507fa99cb09ba6d9c93b224c77e5053ad852e885", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691850610, "uuid": "17c07560-3f0b-4b13-9143-b39efd48affd", "value": "T13864F1227A92C071C05B01749C31CF70AF7FF83159759A8B37A48ABE5E752C19B7931A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691850610, "uuid": "9d814f7b-2862-4f44-ae0d-a4b1d6c7dbb4", "value": "f14eb02bc6e4e96d4b116ed67da9e223", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691850610, "uuid": "2bc3da42-3775-4f00-a950-468ad82ea524", "value": "6144:1U92WLc38mkQbr0/WH+HHikm1//ozCkE2LG1K0lnOq:+JY38mZcuH+nikU/z2GnlP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691850610, "uuid": "6754ed7c-64ff-4545-8c9f-9f754a68f161", "value": 328704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691850610, "uuid": "033c3248-b54a-457b-9cda-8bdb510225c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691850610, "uuid": "9e0d8e0a-9043-4d9f-9f84-d37e4ede465f", "value": "b2cea271a9a86385fd6a9fed011763c6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0741c801-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826252, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826252, "uuid": "99f1d987-5947-46a7-a0e0-b784312f215e", "comment": "Malware payload (AgentTesla)", "value": "9552c796f4b735b0d152348b95426ae8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826252, "uuid": "e4a9c7cf-1a75-4237-bff2-59deffdf7281", "comment": "Malware payload (AgentTesla)", "value": "97b7128a3f768e5724019eda6dcac016ddc3afed305487f0247a2bad67ff62ce", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826252, "uuid": "4b2511db-ab9b-4a42-a63b-ece431431264", "comment": "Malware payload (AgentTesla)", "value": "f2ea8be1d1f4584f38e979338e46fc3c19b8d6c0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826252, "uuid": "4a7f0dfc-0870-4a80-9a42-35df2c916daa", "comment": "Malware payload (AgentTesla)", "value": "60593fdb0cb459e7280d6a6052618b5f28a22a825a19d5f00e3ff942b4eff442e02c3b1ed7e1a408479fe190cf6f2e06", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HSBC", "colour": "#21B471", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826252, "uuid": "560eef98-7ed0-455d-9ef6-f3def796a6e1", "value": "T146150725E77B245AEF29A1F85E2F847239D6DCC0F1B1C588A7E7280385C23514E35BE6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826252, "uuid": "6c30e48a-99a5-4291-a72d-a77d52c037da", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826252, "uuid": "ff2ec2e7-d542-4942-bca8-3443e774eb04", "value": "24576:jkNRs6CE3jLMpppdpppppUO9Rs6CE3jLMpppdpppppUOYUFRPraD0pWp2yF:j+Rs6CE3jLbO9Rs6CE3jLbOYMPGAopR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826252, "uuid": "2dfd456c-a136-4610-83f6-620cbebf8f4a", "value": 882688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826252, "uuid": "588feec2-4eae-460f-8f3a-ae8fca02f699", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826252, "uuid": "d9618e69-aab8-4cd3-a917-da55807a7f29", "value": "HSBC Payment Copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1fe7e2f7-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826293, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826293, "uuid": "076b7f9b-f118-4f1d-80e8-1e56a4b9efe4", "comment": "Malware payload (AgentTesla)", "value": "6fc3fd9f1b832e3435d856577be09bd3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826293, "uuid": "41150309-1d98-41e4-b396-6adadc5ed787", "comment": "Malware payload (AgentTesla)", "value": "99201b6c953c36b62d198db5769dfeb783aea1713f16aef8106f5e92a53e9477", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826293, "uuid": "6dcf041e-a3e3-43fd-a4da-52d073043c73", "comment": "Malware payload (AgentTesla)", "value": "dd9e719a50bb3d738ba311144f6d2dd8810c0ac8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826293, "uuid": "3f6c58b9-c9be-4da9-982c-54d91e35b3ee", "comment": "Malware payload (AgentTesla)", "value": "5c2d102b13e8ec2e540c7e1d8a809a19ec6a62689d215f845db8b466e9529c7b4991c0a205bb3a29d1721b15f117d7b3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826293, "uuid": "42cf81df-0a5d-4497-961e-42017124b455", "value": "T1B8D4339A0F9E45A7C73EE738AD2A8016FD1DD13CA806FD46C1756AED211B1C833B16C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826293, "uuid": "e1d4fb2c-2aa9-4cbb-a9df-37277edc1310", "value": "12288:cinWqOarnuAA0ve9y18Hr7qCOmRCb4nyPIM3jubZJDkcHjc8:jNjuN0vgy18fgGCcYjuboid", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826293, "uuid": "ae65a013-e65b-43b4-a973-89847bb36f57", "value": 624916, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826293, "uuid": "9520db8d-c671-4cba-aacd-75ceed1f45c0", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826293, "uuid": "751abf2d-b49c-4a47-9ccf-aa10aba7f9c6", "value": "$10.370MTPOC.INV.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a4e0e60-38fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691837182, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837182, "uuid": "d914c308-a717-4ffa-92e6-3c7f9b02c914", "comment": "Malware payload (RedLineStealer)", "value": "fe8af92e7d8c43a95d5bcd1d7631a9c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837182, "uuid": "dc0977ab-e26b-4d04-94f5-b815b299c7dc", "comment": "Malware payload (RedLineStealer)", "value": "9955ad0390cfac53afb1eab2a69dc75a607cf65c8679c1422dad51f5640d42fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837182, "uuid": "d0fd8dd8-5539-4c75-b450-b3b48858098b", "comment": "Malware payload (RedLineStealer)", "value": "e067adb4cd168e5d00a203215d4be5f90c275b11", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837182, "uuid": "b074deb1-8d95-4ebb-a079-c2451e912bf9", "comment": "Malware payload (RedLineStealer)", "value": "52563aa8b68ff0229108cf9058d06a35c2d44d3db5c35fa4bd8f263e3dbbada140fa735f2b3837e2c361d4660d69c749", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837182, "uuid": "8f098229-76bb-4986-8913-9937eea1cf92", "value": "T172152312FBE88132EDF867745CF716C309767CA18CA1927E2781680B2D33A45A5357BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837182, "uuid": "40f5b75f-17dd-454c-8675-5c50c933af6b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837182, "uuid": "7b8e5212-329a-4e34-9415-41e71c921297", "value": "12288:rMruy90OCeFkHMQeWgG6xHPvIfvZxiyC909Q+5Pgb9XZKVvS4W2Qb0cobbmo:9yQeF8gG4fv9x+5P22s4W2E3ob3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691837182, "uuid": "275d616f-5228-4da4-b847-edcc9023ee37", "value": 876544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691837182, "uuid": "089bb0e7-d58f-425c-8b58-78cb52e49297", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837182, "uuid": "63875066-fd80-46e8-a04d-ee675f3daf07", "value": "fe8af92e7d8c43a95d5bcd1d7631a9c4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96ba0c82-38b0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691804158, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804158, "uuid": "5ef9a0a2-a257-4fe7-a466-17a53b6c6d1a", "comment": "Malware payload (RedLineStealer)", "value": "31c24cb8c1b4ac1ae499f6d5349db0f6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804158, "uuid": "61fff781-aa4f-4f8b-be29-c88909f07018", "comment": "Malware payload (RedLineStealer)", "value": "99d50ce969ce4e922d0e00907d51b150fdb9862bef4b8cc9f6212dafbe2b58f9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804158, "uuid": "5cd9e623-45ca-41ea-818e-95b09131495b", "comment": "Malware payload (RedLineStealer)", "value": "79cb4025b3c2759a809b8beb3f9b7f74a15c1fab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804158, "uuid": "e469e83c-eb2b-4804-a36c-e9d70bf69b7e", "comment": "Malware payload (RedLineStealer)", "value": "a0ce21e5da691311c27457603e67a8ee7e02fd3c06c7a433c97d430c57f990c4de747788c182ac659ff2e164d46592ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804158, "uuid": "95d0c8f3-d0ec-4f11-ab81-6b58c4b628cb", "value": "T111F41242E6C98072D9F81B705CFA03830B36BDA45D349B6B279BB94A0D716C4B53637E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804158, "uuid": "f7d6dc8a-86cb-4bb0-8dce-c1c880af12de", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804158, "uuid": "3cfddb6b-43ed-43f9-92bf-aedddf9d9a63", "value": "12288:SMrAy909a0Fpv7JEjTt6pkBBXSzSyHiq3PRK6fe71wQKRThXSp79xmYA5HIS+ag:uy0LzJ2J6pk3XCNFpm71DKtha+sSi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691804158, "uuid": "beee6fdc-6172-406d-a39f-7d89c7297696", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691804158, "uuid": "0eee94c0-4fba-4814-a45c-f423a966bf28", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804158, "uuid": "ab4878c8-f0fb-49ba-9a57-c065d8dcff2b", "value": "99d50ce969ce4e922d0e00907d51b150fdb9862bef4b8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49216eaf-3900-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691838388, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838388, "uuid": "3021a538-26f4-4433-bdab-ee85a211575a", "comment": "Malware payload (RedLineStealer)", "value": "eb9e51be55560028ca4dd3ca94a812dc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838388, "uuid": "713fcb7d-e00f-4fc3-82a7-8add1d0474b5", "comment": "Malware payload (RedLineStealer)", "value": "9af062ba6115ecc226e666e0d43dfd1a4f5b5e7bcca2bc8a864cfff1b8d149ea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838388, "uuid": "2cc3629d-c132-4bf8-bdca-8b183f550f6a", "comment": "Malware payload (RedLineStealer)", "value": "0f17ed77390a3a9b8a5462fa713250184726fa8a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838388, "uuid": "df61e2cb-2002-42f2-9f01-a97c4fb2449e", "comment": "Malware payload (RedLineStealer)", "value": "e7d94483a87870505309c1e0cc0bc6f9a6f9e638f50e769da859013ad0f0c7f36fdd4b99795277bd0ecb601da1d91114", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838388, "uuid": "c3c28c2c-dcd4-4dda-bc7c-77087c472e2d", "value": "T1C7857D203C9284BDDDF350B686FCB724056CA0B30B2349C776DD46FACA156F1AB365A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838388, "uuid": "a619d9c1-0361-4c94-9aa3-3d1044099806", "value": "8154024e0ed58f1180e3e46cb6ff5402", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838388, "uuid": "c10d8251-47c0-4660-8b13-1bced5d83ec7", "value": "12288:9B0H+lvVkhHExtXb1v28f6JoOGkpBQr8NftyqH1gYSuczYnGR6+jZs6BCLn:9B0+lvChHExtXbwBQQ1tdgYmjRBG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691838388, "uuid": "64c7fcc0-ef11-451b-9aac-7fde04885382", "value": 1717344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691838388, "uuid": "041a24f3-7a8c-4996-9d45-3425cfb3bc4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838388, "uuid": "ce6e848b-589e-4c0f-bf7f-ea8f5f703d97", "value": "eb9e51be55560028ca4dd3ca94a812dc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30397d0f-38af-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1691803557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803557, "uuid": "4d1eb08c-6ad5-4b42-9ed8-ecf2409f00dc", "comment": "Malware payload (NetSupport)", "value": "2ee01cb29293d39a55bf67393a6b2ac8", "object_relation": "md5", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803557, "uuid": "580ba7c2-3f2e-4358-a389-36eae25f6d39", "comment": "Malware payload (NetSupport)", "value": "9e13f4551b3c5fe408f746b801ae4bc003a4f25170358944709ffb4462a9a626", "object_relation": "sha256", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803557, "uuid": "6be3c73c-e52e-4496-b3c8-63cfa4eea0ca", "comment": "Malware payload (NetSupport)", "value": "f7b296cdd3baac1f550c37dd6123ca8c7bed8a02", "object_relation": "sha1", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691803557, "uuid": "e4797e44-e5ca-4661-9191-b52d6e1a704c", "comment": "Malware payload (NetSupport)", "value": "4e324614ea6190af74a2b7c847f18045fae51d12955b883a36eda687ee361ef1081cd70c2ca8d1dd9208936dcc78d836", "object_relation": "sha3-384", "Tag": [ { "name": "FakeSG", "colour": "#824C9B", "exportable": true, "hide_tag": false }, { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803557, "uuid": "d2f28c18-dea0-4607-ac2b-86e9160185a4", "value": "T13B318F3636B5030CC2B29A3758B17A13973AB50DE90B8B8A32515A782C581DCB924F2F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803557, "uuid": "acc4b5e6-8253-449c-ab6e-0a41b81a1e3c", "value": "24:8NYZsxEeG0RN7oK9aghW82A+WUV+/CWsyPdvxEXl7pEQeyTppTpZab/2XT:8y68jeeM1Zi7iQ9ab2j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691803557, "uuid": "71997b6b-b1e0-4715-b805-543dd9e54c71", "value": 1581, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691803557, "uuid": "247e3f29-48bd-45bb-b2cb-eb0234e37ff2", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691803557, "uuid": "b91c2103-b5f8-4333-aff0-83e468b26eb0", "value": "bld-upd-stbl.lnk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79321337-38fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691837180, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837180, "uuid": "752d5add-b7f9-4593-a75d-321d1e15516d", "comment": "Malware payload (Amadey)", "value": "eaaf3f53882fed207dd7d4faabfc25f0", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837180, "uuid": "ce360fa3-37bf-4b41-8703-93ce093c30bd", "comment": "Malware payload (Amadey)", "value": "9e7be7217509182eeeb83732fafecdb2a875fea748b5cae88441085db7f5d039", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837180, "uuid": "8a6e2228-a917-4094-86ad-4439189acc64", "comment": "Malware payload (Amadey)", "value": "680a20ae63fd821bbb5ec64f9e93a06cde3b2b66", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837180, "uuid": "637d1053-7f7c-488c-b2d0-e4457240614f", "comment": "Malware payload (Amadey)", "value": "f9244d9c98ee94b5b52d14903d351207c9903c4e4ff7277467192628e88ba6ec2d4bc4680fc65fed11a9dd6e00f89705", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837180, "uuid": "697aa56a-9be5-4599-86ac-9848bbfe7ec4", "value": "T1E7F41253A6CC8472E9F92B7058F213D30F367C328974A3BA2745A5094CB3698E936777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837180, "uuid": "25e53d75-ec40-40f2-8bfc-f1d1a68fc33f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837180, "uuid": "1b615892-daf0-4f6a-8204-1b8dd8f29bb3", "value": "12288:PMrMy902yFDdGhG+IU4ir4XhXaotaXZWBcNKF66cROXa/k232ZHiHypc/8:vy9udQGnue7txCH6cwqc2yIV8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691837180, "uuid": "99a83dce-45bb-4705-a275-ee8ddcfb6c43", "value": 749056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691837180, "uuid": "ebaa29a3-9346-4957-b73c-e429627d09fe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837180, "uuid": "3fd40b9f-5f51-4d8c-aa75-217a52378d4f", "value": "eaaf3f53882fed207dd7d4faabfc25f0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbbe548d-394e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691872108, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872108, "uuid": "471597f4-70ba-4312-8be7-ebbfb127ab06", "comment": "Malware payload", "value": "5b8d251f81b7f537f862d9ccd536a0bb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872108, "uuid": "0701c767-ea00-43fe-b818-0c5cc4941249", "comment": "Malware payload", "value": "9ebbcba823ca3d8f8498f7e3b35b575340fcf4ae4bbfb0325c8e3e2c1e65f3d6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872108, "uuid": "f7f1d866-0d5e-4fdd-9c3c-2d8dd442277f", "comment": "Malware payload", "value": "2b24456fd2397de44220470b6aa898b5eeecc8df", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872108, "uuid": "9c831b5d-4a0e-46b1-a647-5fb415159dc0", "comment": "Malware payload", "value": "0efa68af8f80217cf1a86323bd2b6216f32e68ad07982f41bc30b05dfb98a59f37cd42c273fc3164309db81bd40e2f09", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872108, "uuid": "6a6d40c8-6f3d-41d2-944e-eacee487a513", "value": "T1A1D41211BAE0C431D86A27390639AF21167FFC324BB1985FBBA4528E4E724D05735BE7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872108, "uuid": "4ad1039d-2eed-484f-a9e8-59da8c3b95d1", "value": "25cc79adbcb88188390979df7c22e767", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872108, "uuid": "89b247c3-8b3a-4662-bd50-70b86ac159a2", "value": "12288:TyGj77HalSmqjLErC7bsrccDH19ohUj17yzMKcWV4yOioMXn/QXX69tQ:TyOHalQzYjoUhUMKH4VlMvPt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691872108, "uuid": "da4ac5cb-3699-4932-8130-3831fa11abd4", "value": 604288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691872108, "uuid": "6bfa0a58-0fd1-4c6e-bc28-367fcf7ee502", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872108, "uuid": "cea924d3-dbe8-4a72-96f2-121d793bf764", "value": "SecuriteInfo.com.Win32.Trojan.PSE.M62GXR.17379.32145", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b70c03a-38c5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691813159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691813159, "uuid": "81f34847-c447-4a43-9f52-94f7a16b44ed", "comment": "Malware payload (RedLineStealer)", "value": "0d57287ac0419bdd0eff05f00df07114", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691813159, "uuid": "750adfd9-14bf-4c2d-b1ef-426f62e522a7", "comment": "Malware payload (RedLineStealer)", "value": "a2fdf432888f1a636d7e03510d52200e7a1203686464e9618f1c2b7a6593623b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691813159, "uuid": "d3eeb7d4-cc30-41e0-a634-490c8fe22d57", "comment": "Malware payload (RedLineStealer)", "value": "1fab03f881416ee8c93acb5462b93303b460212a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691813159, "uuid": "20470a4a-22f4-4209-a3c7-def4bd808895", "comment": "Malware payload (RedLineStealer)", "value": "218f5522922623f68e0b163cea78c3a975472314c54de15203f4a9a43bd0fc7a1e16d3675b618c9194c5d2653c3b1d17", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691813159, "uuid": "d3367448-b211-4bf6-8f6a-90e3272edb2b", "value": "T1ECF41303AAF99062DE7177B06CF312D30B39BC90153857BB36A9680B0C71695A875B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691813159, "uuid": "51388581-b01c-48e6-9e75-1be815ae6cd8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691813159, "uuid": "126d78c7-d6a0-4c4f-8ca3-02b2e35c1853", "value": "12288:KMrXy907H2Memjq1cYb0lePVMENK0de7UNHKRANXKp7IkGyw919fvzRbRac:xye291cYb01MfU7UpKuNSRGyw919fvNx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691813159, "uuid": "f5d4f1ec-d286-485f-968d-e51133fdd285", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691813159, "uuid": "541c9d87-88ec-4f0d-926c-7c597061f160", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691813159, "uuid": "0d3e9cd4-ae29-4577-8ff8-46b8df1f25b0", "value": "a2fdf432888f1a636d7e03510d52200e7a1203686464e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94290e3d-393d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691864713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691864713, "uuid": "0cd7f68e-c4da-408f-864b-43e526f516bc", "comment": "Malware payload", "value": "0eb8db3cbde470407f942fd63afe42b8", "object_relation": "md5", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691864713, "uuid": "a875aa01-4d1a-4841-bf46-b515b0d1a38f", "comment": "Malware payload", "value": "a39831ecbe0792adf87f63fb99557356ba688e5f6da8c2b058d2a3d0f0d7d1e4", "object_relation": "sha256", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691864713, "uuid": "8557f7a6-152a-42b0-b11b-3482d5fe5cd6", "comment": "Malware payload", "value": "b93c13204acb4819c7688f847b1470ac25df52b3", "object_relation": "sha1", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691864713, "uuid": "0d097b16-d90b-4348-8aa7-d8d3d394ec4d", "comment": "Malware payload", "value": "6328d407355f147983d27bf6c9dcff567ee916f0b7066f47532d319f573aa606bbf82bd676a6601b082c368c8a9fe096", "object_relation": "sha3-384", "Tag": [ { "name": "lnk", "colour": "#358D31", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691864713, "uuid": "5a4767ae-8644-4935-a84b-99d560a23e36", "value": "T13E4707B8A69FE0D5D5F262FC986C97C116322F51D0754A6E7027B408DBF121224CAFEE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691864713, "uuid": "e1a3ecae-606a-407d-9511-d76b74d60cb9", "value": "384:8+8+ba0vH3XVgL/mYIDm/QuG/bSbiNsvidDTn1VhGiplDQpB+H:pbXvEtIiQuGTUiSaVcw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691864713, "uuid": "450e8d23-2bbd-45a5-a638-58d4f95cddb8", "value": 25952256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691864713, "uuid": "d26758f5-f756-4eb4-859f-2bbc8b0fbe65", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691864713, "uuid": "acc791e2-90fa-41b0-b139-9ac99fa04807", "value": "\ud604\ud669\uc870\uc0ac\ud45c.xlsx.ln#", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96e37a8e-38ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691838089, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838089, "uuid": "a84ec485-a1f8-49fb-a98a-c2c725ed20b5", "comment": "Malware payload (Amadey)", "value": "d233749e2239412f83314863ee9efb70", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838089, "uuid": "5c97ecea-568e-4c0b-ad58-6774db021c36", "comment": "Malware payload (Amadey)", "value": "a447913bc34355af06ce35e760c44f77a2ba65544e8f2ee6dcbe2776818c0120", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838089, "uuid": "69c93459-3ce9-4f1d-bfdf-b3808a2a4f5b", "comment": "Malware payload (Amadey)", "value": "42de286ddbc1db7e3d885a3e8dfb572ae66ba154", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838089, "uuid": "5e95ac5e-8877-42d5-9d99-40bf4aacbab0", "comment": "Malware payload (Amadey)", "value": "80181a2f6d0c471d5a61d73800cdc5a76307b224a6993587769c4c39da09e09e7783d45c499c7627548dc0648fc7c25b", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838089, "uuid": "479ebcee-f022-4c53-877e-d37b45165412", "value": "T1BDF41263A7EC8476E9B9173048F302971F327CF54C7497A71386A88A1DB2989E57132F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838089, "uuid": "b7a2d457-0075-4b18-81fc-16402cc32dd9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838089, "uuid": "c807162f-6ed1-42a4-a912-d10d2039655b", "value": "12288:LMroy90Tdr8BZ5/Nn0ejXo9OObsWfGK0A/Y3aBpPWi5csU6XzAP36m0We:Ly2dQBdSHYA/JBpPlaZiAP3y/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691838089, "uuid": "82b8e59f-3263-41b8-b211-8ad7cc6e8f44", "value": 749056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691838089, "uuid": "2cdd9f90-198c-4b59-bf72-c2cfddfeb4e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838089, "uuid": "8c56abef-2cf0-465a-80c6-233bcf658b05", "value": "a447913bc34355af06ce35e760c44f77a2ba65544e8f2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2d6f1cc-38e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691826969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826969, "uuid": "5440ebad-1462-4f5a-8a40-e3fb054fd1e3", "comment": "Malware payload (Amadey)", "value": "b6680ff6c14764332c2998382498fb1a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826969, "uuid": "17de0a02-2e6e-48f3-8902-0476cd6b91c2", "comment": "Malware payload (Amadey)", "value": "a47d83fbbd9f92ce9ffcb57754e8dbed1d18beb69504015af6b3deacc21c14bb", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826969, "uuid": "25ab1622-38dc-4fbf-8176-e118d7832b91", "comment": "Malware payload (Amadey)", "value": "9b29f15f888598080f7b74a0d197afaf69534143", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826969, "uuid": "08d5eccf-933a-4c00-9bf1-281af574f8d9", "comment": "Malware payload (Amadey)", "value": "a651fbccb91e617447885705e8a72f939c9ef964b0bbe462ce4dec3bea6576720386d4533ddeb7cde9a3b927ed25fab7", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826969, "uuid": "b41a2d3d-cbf5-4907-891f-786b14285a27", "value": "T139F41253D6E88472E6F41BB008FB03D30B3A7DA20D6596AE3B40E85E4D73189E57572B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826969, "uuid": "f4fe8d2f-b583-4cf1-8dee-3cbd8b26be98", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826969, "uuid": "80d10739-accb-4733-9f98-1aa25349a12d", "value": "12288:CMrhy90wlkJAGYGdOpeckwQ4kssGDnxujW1thg5z1cvZtxg9wwlT4AeJcGkIy7N:fybqKGYsUk55OxujW1t69ItowwlT4ATn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826969, "uuid": "5226b9cf-9c28-4769-ad3f-740b67f27685", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826969, "uuid": "01a7cd73-0b39-4d38-b51d-60916b9d144f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826969, "uuid": "ab71bdaa-01b7-4ce2-a64a-1f5e9a8cf765", "value": "a47d83fbbd9f92ce9ffcb57754e8dbed1d18beb695040.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da8aff20-393d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691864831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691864831, "uuid": "535d631b-3f7b-44b7-95ca-5e70350a9e7b", "comment": "Malware payload", "value": "455c7a283a4295549511f339bc41d7bd", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691864831, "uuid": "018700e2-c85f-42d4-8100-fa123e5ceab8", "comment": "Malware payload", "value": "a49955cb026e4b7b53fadad706aa389633f8fba528b2340f6ca1203b0451e5ca", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691864831, "uuid": "ea1fba96-aa1c-4475-b9be-60691efcc54f", "comment": "Malware payload", "value": "82273d33d7fa88f39337e8fe10921419bda6ad69", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691864831, "uuid": "81aa457a-7cf8-4be6-88e0-b84ec7328375", "comment": "Malware payload", "value": "0bb17280dfbe01d87822f283a74527ea34017ff31a9a16b4d2f48ec040f3727725ae2bf7b16443f4ddedfba4ad561da7", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691864831, "uuid": "0cacbb50-de18-476a-a5bd-6a49d2f52cae", "value": "T14192FD7CDA71F9E003BDB58089612E5B20D89A22C3B24EB8D9050DFA5D65745EF2B38C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691864831, "uuid": "73496aeb-2833-4329-9b68-d7a4331879b5", "value": "384:6Q2BKzOVryTbPFrAqwlhH0b6h3sYFdeMho3uwt6rOAhCf30uyb6h3sYYBhrHhoRV:6Q2BrAPVtoH8YDH+uwtUiL8Y0rB8mFny", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691864831, "uuid": "ec5d1765-4296-4662-b2a2-51aee40cf03f", "value": 21200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691864831, "uuid": "1459b294-43ac-4b3b-87ea-aea2c34bc254", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691864831, "uuid": "27f9bebb-7013-40e1-9ca2-d4a4f07edf82", "value": "view-source_ableinfo.co.kr_member_1.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28c2218a-38bc-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691809128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691809128, "uuid": "ac59d629-7051-44c6-a112-714486b12c94", "comment": "Malware payload", "value": "11746e92a679b202ffc31a9397db030f", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691809128, "uuid": "d8436e23-96bd-4bc9-8850-30e767572298", "comment": "Malware payload", "value": "a511fac843b237992e58bde1e41ec271891e96c9e32279687c058baea9f005a2", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691809128, "uuid": "8fd4705c-2b87-470e-b3af-7f934711d945", "comment": "Malware payload", "value": "9d883f2630909a57bcad737638df0f2ef99a430c", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691809128, "uuid": "4e22900f-c105-4bb8-b29b-a786ad9bd29f", "comment": "Malware payload", "value": "9042aa09effa511f5627f4b537481ca5f4f1152d17ac54c47ab06f8608404dc025f2fb822807a3d17c3df5594bfbc9e6", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691809128, "uuid": "84e02084-6de8-4150-850d-54197f63d345", "value": "T14B335A4D33A144F9E1935335C9F28A15EBB2F8521779434F476882A62F63382AE3D772", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691809128, "uuid": "36f036eb-ae40-4ac6-affe-aede6a610e6a", "value": "4ecd752f2d70ad77939724fa31d997d9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691809128, "uuid": "d0d14032-bf23-46ac-aac1-4fc51cf433f3", "value": "768:V4f9SsBo7cTlFWT8llD4zAA8lU6ez5cIgQMzKHMcTzH5iakD0XdLIsybqvZY:2foF7cvWTEPUP5/gQoqZTliIoeZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691809128, "uuid": "ddda1cd2-edb7-44b1-b6fd-4f6e75a87a5b", "value": 53760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691809128, "uuid": "1f86b609-17ce-4dc4-8199-49cae0ea9072", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691809128, "uuid": "210aa4d1-8965-429f-81e4-1e6e2ffb2968", "value": "11746e92a679b202ffc31a9397db030f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b7a8c305-38a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691799060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799060, "uuid": "2d62f7ee-b966-45a1-b7a4-99f7a8504840", "comment": "Malware payload (RedLineStealer)", "value": "e7e4030e0fbf3899126b0563e3a0ebf6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799060, "uuid": "46e1c348-3f24-4c09-8140-608625f30577", "comment": "Malware payload (RedLineStealer)", "value": "a69bb669fe29c2f1e4d1fe359be72c14dd706d9b8b104fad238ecfd520f857f8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799060, "uuid": "e5daa8ea-7fb9-4b63-91f1-dca126aaf60d", "comment": "Malware payload (RedLineStealer)", "value": "e7533656d3f4559421dc279ffa60d377379ab93e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799060, "uuid": "86ec4d49-e926-4875-b93d-3e8f4af01e21", "comment": "Malware payload (RedLineStealer)", "value": "66d5d032d5df0ceb0075e6ed4cb8a375a94c0eb48ccb1d221a3aa848f474b61db86af5fb2a86192171cf81f0472977f0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799060, "uuid": "ff23e589-b86d-4a08-afc4-cdfc2070d1f7", "value": "T195F41212A6D94073CCBA17B09CFB03831A353D905978966737D6AC9B4CB3784A93A377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799060, "uuid": "e81cb241-0a83-4289-bc76-823284e82f3d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799060, "uuid": "2beea4e5-1740-4187-9a6c-10aa58111eee", "value": "12288:3MrYy90577AJnQbOCyKhO0t1L+d1STzaKRy4Xmp7yhby1EH606Grzh8ug1:ny4fAJQysHgd1EOKg4mey/GPxs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799060, "uuid": "54d0604c-57b7-48fc-b6fd-fa3bf2e09188", "value": 740352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799060, "uuid": "812d8e3e-2429-4211-992b-db84b5ab09c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799060, "uuid": "0c191f09-128b-4d66-8950-f55888cc1738", "value": "e7e4030e0fbf3899126b0563e3a0ebf6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "302a49e0-392d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RiseProStealer)", "timestamp": 1691857673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691857673, "uuid": "783d9afb-95ee-4cae-b9fc-dcc2700546b4", "comment": "Malware payload (RiseProStealer)", "value": "b32993bbc179373ea4bd3c4e55f0bc45", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691857673, "uuid": "8455bacd-b79f-45a4-b6bf-4458926ab608", "comment": "Malware payload (RiseProStealer)", "value": "a7655e6138351b583484d0312b1720dcc893915297b4226594d77551103b0b0d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691857673, "uuid": "75a3c005-2890-4389-9645-4b2a1e2a692f", "comment": "Malware payload (RiseProStealer)", "value": "1336b3d097b0ee9bb7419e0b799140ef24b4ad57", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691857673, "uuid": "0e1f3b8a-33cd-43d9-bcbf-0d57df8223a5", "comment": "Malware payload (RiseProStealer)", "value": "f0b6725198b15872cb430f1e20a13ac17d8702e1f95b30e1bf6fcfaf0703590618c045b2e431e4f44d0b67a4cec24c26", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691857673, "uuid": "d98cf4ca-f3d1-4199-bc46-ff23314ca82c", "value": "T158359EA5E001606BAC1AB3B3E7781C896B0BD0DBC177964927DCE53C1B1AE91798DF1C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691857673, "uuid": "c2ba49df-0cd3-4328-a826-a67283272747", "value": "6f3a3b1f35abcaec67f2042bb5e71fa9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691857673, "uuid": "b34e1347-92c8-4c23-9f4d-4564646578ce", "value": "12288:uKesw5sBotnpeSi2BixqhisS0diT79sLzdUBBRhYmz9o+rdEdqKbTG/FZKXoTOgr:uKhmnnB4qhxS0dUe8NF9N4TeqoagQI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691857673, "uuid": "94e81dec-a6c5-44c7-983c-ee04417b983d", "value": 1106432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691857673, "uuid": "267bf823-7f19-4ecf-9ac4-a8e297aca33e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691857673, "uuid": "8f408c1a-95d8-4ad9-82ac-4ce5bf0fa1b0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7ce7fcb-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691825742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825742, "uuid": "531ec61a-9104-4bce-a0a4-c7375fcb5920", "comment": "Malware payload (RemcosRAT)", "value": "bfee2fb29a4215e5bc824355ce2fdc08", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825742, "uuid": "a019d126-e2d8-43d2-a4fb-0272df0396d3", "comment": "Malware payload (RemcosRAT)", "value": "a935e075bc67eff291a72a5828107cfc2da5ede24be470f279c107c396e783f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825742, "uuid": "7e88cc4e-db1c-4f91-b148-46be9d068545", "comment": "Malware payload (RemcosRAT)", "value": "6bc1034cada85efb6dd77a4da9931191b292b562", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825742, "uuid": "d5726146-904a-403f-9fb5-7e0922f93d44", "comment": "Malware payload (RemcosRAT)", "value": "38b31efe5a002ffe0a3fc5cc0b4a2daf093cd43b74cd8a7f68633cded0599e0fa9e6f53bb862cbebfef59d05d1f970f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "scr", "colour": "#9C5D43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825742, "uuid": "debc0931-f6b4-4f94-a955-de90a0136a33", "value": "T15645E160EE7DDF86E56B4BB8404ED74D83724C593122C63A5EAB50CAD0933C1069B7AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825742, "uuid": "78de6c3a-358d-413b-9915-6b794980bafd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825742, "uuid": "97d9beef-e906-4daf-be97-e1725640b89f", "value": "24576:HBn8CUk/09eJP7QmlRh8VVwYvwCceZyxtdTj5:hn83HCP7QmV8VRw9ict", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825742, "uuid": "2b22892d-8539-4b0f-b2a6-b461e5fbe906", "value": 1164288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825742, "uuid": "0c208d07-0189-4c14-bbd6-f683a1b2442d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825742, "uuid": "8a65552d-28fb-42b8-84b3-d4fd3ca25edb", "value": "CLS 8-17 KEE-TAICANG SO0903.PDF.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b627e52-38fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691837184, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837184, "uuid": "2c1a5023-cdef-445e-a9f4-d898b5701cf2", "comment": "Malware payload (RedLineStealer)", "value": "2c7a9b2bf864af1e24b8a89c26107a48", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837184, "uuid": "007b85d1-ebda-4831-b052-a6fc04fcc5c8", "comment": "Malware payload (RedLineStealer)", "value": "a96a8f31803ef77cd7b7bf69423d158de3268efa0b61ab17b1bc9b4a765e2af2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837184, "uuid": "b444a066-9f74-447a-968b-a2a147289517", "comment": "Malware payload (RedLineStealer)", "value": "8bbc93245704a06d02b7bef76a6117ef5f28db2a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837184, "uuid": "096b50e2-62db-4026-aaa7-08977ab557f6", "comment": "Malware payload (RedLineStealer)", "value": "dda3230807dc4a6712385ca7d7fdf59a13775276dbab81a6585b3ccf43d0ca0c26004a7eb84d975a94c914508a5dc618", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837184, "uuid": "c9b1745b-f3df-40b4-bddc-98e86285e2fc", "value": "T17D151202ABE84672E8F92B7519FB13C30B357C639C3493573B86681A5CB3755A832367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837184, "uuid": "e317d39b-6d57-40da-add5-797ad7a9bdd1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837184, "uuid": "1660538e-aa61-42e5-aa8d-624b7d4431df", "value": "24576:1yVgUoii/4PZVXsFCzZ2yk1rY0ShFh+3P/NdiF:Q+U1i/O3gLtShbCP/Ndi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691837184, "uuid": "a61d1d71-9ff7-4ac6-a0c5-b08c7328d163", "value": 876544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691837184, "uuid": "1f5bae9f-1427-465c-baee-d3b927ba15ff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837184, "uuid": "52e28c71-fe45-40cc-8e6b-eeb73c2d0476", "value": "2c7a9b2bf864af1e24b8a89c26107a48.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8eff320-38db-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691822765, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822765, "uuid": "7d826a7f-7cc5-4769-8645-31f12d281d9c", "comment": "Malware payload (Amadey)", "value": "2725988783c0e807a5175ae830862798", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822765, "uuid": "2c752f6e-f357-4c2b-b4eb-ff04f1df409d", "comment": "Malware payload (Amadey)", "value": "a9b7c4bdf039b147aa2e00379056dfcbfa96a643e434c0801b16191bd7850294", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822765, "uuid": "5ca8b11d-f55e-4b1c-ad99-90df960a42c8", "comment": "Malware payload (Amadey)", "value": "8841c65d2c8a93bbe6d66abe325018956b21f027", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822765, "uuid": "26c9647a-62f1-4474-a256-b0d57be062d0", "comment": "Malware payload (Amadey)", "value": "4b5d824b36fb2d19470cb9d5b50e6baadde9bcdb4b4fb1b73f748cce6249b0a18b615798dda2f88554e2c7607cb1f257", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822765, "uuid": "5a14833d-3eaa-46f4-bad8-6011f4421398", "value": "T175F412039BDD8033E9F92BB098FA03D31AB4BC719978872B6751995E4832595E83173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822765, "uuid": "7b6339b1-819f-487b-bb4a-51cc03e01529", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822765, "uuid": "8c2c65a4-bb86-4bf1-bcee-2ede0a2b7ac2", "value": "12288:rMrZy90SkUKQxR1lwrn0mOQnJY+AQ7/RU7kERlVl++55H9tY1vbbS:6yVklQ0r/x5mkUlVlRVt8bbS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691822765, "uuid": "8fa43e7e-5622-4955-97d5-2933aaa7091f", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691822765, "uuid": "e9f72b30-ddd3-4ff3-ba28-5f0d447d1900", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822765, "uuid": "501fbfd2-f3a0-4f71-ad47-62996eb3f1cf", "value": "a9b7c4bdf039b147aa2e00379056dfcbfa96a643e434c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "080dc6e9-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826253, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826253, "uuid": "6ccf1481-0235-49d1-8ee9-9047a35cd706", "comment": "Malware payload (AgentTesla)", "value": "780a393d3e5edfe2a46b1bf13087b0e5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826253, "uuid": "7b38b64b-2af7-41e7-ab43-afe38fec90da", "comment": "Malware payload (AgentTesla)", "value": "a9fa442c7e56486753d03f2420e970df0abd9914e4686a24eeb3e55feb458d08", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826253, "uuid": "8cc242a7-e6ca-4636-bd44-340f0c0e12de", "comment": "Malware payload (AgentTesla)", "value": "0750952520633cde5864f4abccc44d2ef58572e9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826253, "uuid": "794f5227-9b3f-44d5-9f6b-8955f30f31b9", "comment": "Malware payload (AgentTesla)", "value": "976483d2cefa7311ab4fc75a356852a4830704eb1b524145b7c4cf486c6d4b9c0ee1422fa3abeccaf5c021036f0cdea6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "xll", "colour": "#EF2985", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826253, "uuid": "0956d01f-5f29-4a4a-aa14-075c4c11c929", "value": "T145C3F2C47775BD6BCD0018B8B9FB84D4FEBA79A19B63C82680517A7A5C1A9E04339F01", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826253, "uuid": "7b105bf1-6b34-4c8b-b980-36e95ed67088", "value": "48e789b5d42458f044065814bdbbfe58", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826253, "uuid": "5a600843-35d7-44b0-a2df-78fae2600b89", "value": "1536:1nKXOZ3tfyjBvpuxfTWKJQfKbM39Dg0J9KHTWikCjV/S:LZ9KNvSfTXJhO95UHKrCp/S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826253, "uuid": "2965516c-38ed-4fc8-af3d-04f3162c4c51", "value": 129536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826253, "uuid": "940fffd8-98c7-4d3b-9098-fd766831d46c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826253, "uuid": "eada6019-6ec5-4b07-b2ca-a594d4ef176b", "value": "SWIFT_251017_WA89023.xll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08ca8afc-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LolMiner)", "timestamp": 1691825395, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825395, "uuid": "d805861d-7e2c-4418-bcb8-09fd2840f4f8", "comment": "Malware payload (LolMiner)", "value": "816f71c17288861042d6d63292a74649", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LolMiner", "colour": "#0DE95D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825395, "uuid": "6a3c9066-f6f3-4ae1-8fbc-b4046595a001", "comment": "Malware payload (LolMiner)", "value": "aafe94fe2ca6210fde8f5691c066dc128090b097a7d45a69d7ccc977891e08b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LolMiner", "colour": "#0DE95D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825395, "uuid": "4dfb1050-3727-48cc-82e5-834021a34b4f", "comment": "Malware payload (LolMiner)", "value": "3f5e01c2493c5b2ad2fd2ad41bea974317eeaa27", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LolMiner", "colour": "#0DE95D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825395, "uuid": "82119d75-b28f-4554-827b-62913dbbda1b", "comment": "Malware payload (LolMiner)", "value": "075900b48fa74953c0eb5270507ce1538df298655c618152f7d67673d42268703c1b093a0be7000d1f5e56dc42784764", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LolMiner", "colour": "#0DE95D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825395, "uuid": "d3633156-4806-4e7c-97a1-c4a0a3ea2f15", "value": "T15E863306BA86CC33D51A0C318A1DC7021A6C76A03F298FDB43D95E5DF461AF35678E6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825395, "uuid": "8914545d-dce3-4b5c-92ff-c44907620889", "value": "12e12319f1029ec4f8fcbed7e82df162", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825395, "uuid": "fabbcc3b-4a6b-4128-aed3-ddb431664b21", "value": "196608:uezyzK1mjs+7msxkIJHy0NKGlJhWtNvEzKBL57glP/:u/KGHxPSWVl3yVEOd57+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825395, "uuid": "b46c3e0c-4ff8-401f-a63e-9641a4bdbb7e", "value": 8607183, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825395, "uuid": "c238194b-6bca-4773-aa9a-d4d9ca8ffe7f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825395, "uuid": "185d1aed-465a-4fb6-9f39-0eed6c11aebf", "value": "816f71c17288861042d6d63292a74649.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3f44877-38e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691826971, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826971, "uuid": "b34292df-fcca-4d28-bef1-75baf5ef2340", "comment": "Malware payload (Amadey)", "value": "b46eb606da87b0b8f4af2c6a5300206f", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826971, "uuid": "176b114b-a92e-4727-a04b-10a780306b9c", "comment": "Malware payload (Amadey)", "value": "abe54beed630eb9ae07bd299461a9c649cb3f73188ed5e790cd860a49f72b4ee", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826971, "uuid": "ec084c94-8db7-41e7-a516-b45a500b1c0b", "comment": "Malware payload (Amadey)", "value": "8a83933bbdc7ad7096425e768bd97ddaf75b75ad", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826971, "uuid": "0a442432-6087-44b6-ac38-8e04c4a306dc", "comment": "Malware payload (Amadey)", "value": "38ba642a1cdfb7974d024ed824d2423ca3d5b73eb1d259b67205543acba5a40854240d32e037e35c49b73ff19a1ba19c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826971, "uuid": "3d9d48b2-856d-498f-a933-9c7fa9909382", "value": "T17FF4225B77CD4067CA75273064FB02871F39BEA02879872F6355A85A0CF2A84E93533B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826971, "uuid": "74f2a937-7be2-48a1-9f0b-aa89c2879c7a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826971, "uuid": "6c5ed45c-1562-429b-98ad-24198edb8b7d", "value": "12288:0Mrwy90Fyvrk2V3/nBKTNGg/s1XucEsKLbe7XH/KRPUXQp7HhNlX+tOn0N0WujE:0y9vRZPaNGKs85sYy7XfKdU4Tn8bsE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826971, "uuid": "17afc02b-ec62-45cc-9559-a47e23302e84", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826971, "uuid": "06753fbc-f780-419b-8464-76e20fd5fbae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826971, "uuid": "aa947441-de81-4c7d-b43a-34f9bc5fc840", "value": "abe54beed630eb9ae07bd299461a9c649cb3f73188ed5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce04fe36-394e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691872112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872112, "uuid": "0e12085f-d72f-43ab-a1dd-007c31f68c13", "comment": "Malware payload", "value": "39ec8f6d0af36a45b05b82cf687ae9f6", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872112, "uuid": "994e2c9f-4b5b-41e4-bd04-5562de94dc08", "comment": "Malware payload", "value": "aca22cb90e4481dd45874c106ccb39f09d5caa55ca0da00b5789394f19aff29a", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872112, "uuid": "3e1eb15f-9079-461c-b992-f5468d6e4a77", "comment": "Malware payload", "value": "30bc54ad2d467bdc582657b5731f01078fcb68f2", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872112, "uuid": "0f73eb66-77e8-4696-a946-9d4a982b1b58", "comment": "Malware payload", "value": "633c1b6e9c7740dd91843828a81ea6d19282a8b611c9d150bda545c20b26aaeb66c532d1653223bf84177cc0b0ac737e", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872112, "uuid": "7c190bb5-5e7f-45d9-9c65-29c70dc5edb8", "value": "T1FFE2C4017291CB2BE6990A350DD6DBFB3734BC41AE018727B148B72E7DBAA60DD12725", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872112, "uuid": "9b8561a0-6ded-4147-a25e-222398d3ad41", "value": "384:x3vnLmZ8uZLF/jJGOLdDrsSc1exwhJMs2yVBvliNJcgB0W/PesaKnqo:diZNJj5Drlnx3xhxlaK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691872112, "uuid": "facc63ac-147d-4255-9304-bf8944006e9c", "value": 32256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691872112, "uuid": "91373b40-486b-4917-8d18-9805b773394f", "value": "application/CDFV2", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872112, "uuid": "d54985f0-efaa-4f39-b6fa-13ab14e22592", "value": "SecuriteInfo.com.Heur.26837.12838", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f26df73-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (OrcusRAT)", "timestamp": 1691825433, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825433, "uuid": "78c3fb4c-b660-42d8-b34f-4d64d3e7a4cf", "comment": "Malware payload (OrcusRAT)", "value": "db4e7c3a3553dd0355c43162b490142a", "object_relation": "md5", "Tag": [ { "name": "db4e7c3a3553dd0355c43162b490142a", "colour": "#FE0872", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825433, "uuid": "ed133ac3-ae96-4cf1-99a7-0af23af67e53", "comment": "Malware payload (OrcusRAT)", "value": "aef80451792e9ac3dea38a82f6dafaf5b7c8b6171c4848e02716c7fe1238423d", "object_relation": "sha256", "Tag": [ { "name": "db4e7c3a3553dd0355c43162b490142a", "colour": "#FE0872", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825433, "uuid": "2a050ce0-44a4-442c-b77c-9fb266377947", "comment": "Malware payload (OrcusRAT)", "value": "a909ff86ec019a247908fc623f723e2855715245", "object_relation": "sha1", "Tag": [ { "name": "db4e7c3a3553dd0355c43162b490142a", "colour": "#FE0872", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825433, "uuid": "49bc7bb8-0d67-40c1-bf2c-f63363a2dc3d", "comment": "Malware payload (OrcusRAT)", "value": "77c0cfe0578802a6380c1884e1707ba4cf6f4cececf0882a4b64545ace1180e206db9421bd476b58e44f2356d12bf016", "object_relation": "sha3-384", "Tag": [ { "name": "db4e7c3a3553dd0355c43162b490142a", "colour": "#FE0872", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825433, "uuid": "acd33366-dc84-4f96-98ed-91211fbaca2c", "value": "T192E533AB36493A67C815D6B1B881A7C04A1E3C3E7E8697F55F04385FFC3B584889701B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825433, "uuid": "32ce0b6d-ed02-4abc-bb37-2f7c6ba28d6c", "value": "5efd333698985e0c33bc01c25c971347", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825433, "uuid": "5b6bf723-c815-4aa9-a83b-63aff35966d8", "value": "49152:BBzR+1Qs4mqR/hpVQ9uzn+BLNEdrRSbr7/2kHWlJLXQ4Yu+y9cOXdt+RNev88ZM:7zR+1R4LJXu9uzn+kdoj26YLXQ4HFdtS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825433, "uuid": "5e55f428-76da-4631-9a76-14a24bc72432", "value": 3117586, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825433, "uuid": "e2fc4148-0587-4af4-85d1-c14388263419", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825433, "uuid": "9e1a2241-3548-4182-9726-fb9f3344da08", "value": "db4e7c3a3553dd0355c43162b490142a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4e125d0-38f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691834381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834381, "uuid": "60c2a6d5-c73e-443c-944d-26b1f6788dcc", "comment": "Malware payload", "value": "3f46f6572dd89bf584fd2a968c076719", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834381, "uuid": "5ee52d20-b0c0-407b-a676-87b7f5c4622e", "comment": "Malware payload", "value": "af49c2371f41ddf56b49c56fc24cfb929a19a8c15fb035689d1bcdc1f8578857", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834381, "uuid": "3c78f50e-eac9-42d2-b090-d6336f89a6b9", "comment": "Malware payload", "value": "e70a37198efa7a38817ac30230adb6ad91dcfda7", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834381, "uuid": "a4a0d42e-99bb-486b-892c-9cfc152d8856", "comment": "Malware payload", "value": "b7d47aef0ac5bd35f6897448d43dd706fbbf7e24a900b0847e90c07906937ddaf449a5692015d29945576734ac978246", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834381, "uuid": "eff2eb3c-4f6b-49c3-82ae-6a92a38bbcd6", "value": "T167272312FACFC632FA6E4175A968FB2B207A7FE2077184D763E4399A4D704C15275B02", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834381, "uuid": "0ee924f0-2d0b-4046-8209-09b6922adf5e", "value": "393216:RNBfM2JcMPL3u88GTpEPvXOZ+NCZsmYdz/OHfUCznh6VzQ/+Npxp34bAvkmA:RzMWPx8sWvXG+UmmYdz/6n4VCAp/IbAM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691834381, "uuid": "a7612a2c-ab77-4ea0-94e9-0019ea14ea4a", "value": 21034496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691834381, "uuid": "50457847-fe54-4150-9aa3-17fdb906a867", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834381, "uuid": "316e7a70-f179-4aec-b7d2-f40f17f5eeaa", "value": "Psiphon 3.179.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25471ed5-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826302, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826302, "uuid": "bc916e47-bff4-4304-a010-4b68d4032933", "comment": "Malware payload (AgentTesla)", "value": "19031df96c86dc2254dc6903ee52656c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826302, "uuid": "6cb1072d-5bd5-4c3a-bf60-783c742d72ee", "comment": "Malware payload (AgentTesla)", "value": "b121d68b9df8a21a56cd0aee4c7b99272794e68887b37866622e5855cd44c8d4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826302, "uuid": "2cab2924-0e48-4150-8cc8-65456a628ce3", "comment": "Malware payload (AgentTesla)", "value": "0fe9fb40e06b264d5a4a473a61f59239a11c2649", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826302, "uuid": "b013538e-c937-4f81-aa0e-909668d50293", "comment": "Malware payload (AgentTesla)", "value": "adc2f3f3c97b8ff4eed5cde6acaa27bf157856e88ec70a03385df853614d1680c880c2775242e3296b7f9895d97ecddf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826302, "uuid": "4997cb45-8868-4cd3-81f2-d7211e03f835", "value": "T1EED4239C49736095FD298D8B8D8BAC9CA6DC35F28FE5417DD4106CC03BBF091AB8B5A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826302, "uuid": "7244b69f-1745-454b-ac69-d2054f1952d2", "value": "12288:ru0XHBQrxyFkWjZRyXFLJm/7T0L2Z5JfIpoKyH7Pq7FiuC4FQTau/Y:a0x8yFkWjfQFF2X0Lm5JwS5H7PKFiuCc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826302, "uuid": "8417095f-2798-4e5b-96e1-a4dc7e52b464", "value": 613561, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826302, "uuid": "65f1bd15-d358-46bb-aa10-da74fa0afa09", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826302, "uuid": "2048f0f5-784c-419f-8748-ad17d8552cd0", "value": "NEW ORDER - CF0002.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0801a1e4-38f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1691831836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831836, "uuid": "6be376a8-129c-43db-bdea-c3a9811b7408", "comment": "Malware payload (AveMariaRAT)", "value": "4ce7297247872bc04141ffb84d1220d0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831836, "uuid": "974e58df-fd74-4709-991c-227eff0b2b26", "comment": "Malware payload (AveMariaRAT)", "value": "b1f5b69916a43546092eb18b1c523ba5adfad77a6715fcf6482ab0fbbbb1c329", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831836, "uuid": "ee07308f-7e64-48a1-9bb2-6bc7e5a9b719", "comment": "Malware payload (AveMariaRAT)", "value": "0ad16f9fffa58e5d67e057259c95799231f1d0da", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831836, "uuid": "ada6b186-a275-46c2-a253-4a6efe477bbe", "comment": "Malware payload (AveMariaRAT)", "value": "a0e7ff1f08b0e9bdc603957b18e0c6245b55ae254c850463c0df92b75d17e38b4369fdc580ccef4ec575dede5999d712", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831836, "uuid": "df4fba7e-5561-4ab6-8540-cdd83ef45fee", "value": "T12AC4E001FAB9DE73CA2843BF871072255F7F1E41C4A2FDCA2849B4691EF6F014192A97", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831836, "uuid": "1a38bdbc-657b-4eb2-9b24-b0b4614897ec", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831836, "uuid": "73b8836e-82f1-46c1-88f8-d15032f350b5", "value": "12288:1MH9qT9q4xqysfO7FWYEkG3mSQWjVTG4WdKsPaK:mHcNxqeWYEiSlVMa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691831836, "uuid": "fe1db53d-7b53-4f91-800f-343072449f7e", "value": 593920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691831836, "uuid": "9e93bc73-5b98-4a01-a1d7-8ca7d61a9b2f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831836, "uuid": "b134b88e-2e7b-40f6-a307-2284846ad622", "value": "4ce7297247872bc04141ffb84d1220d0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4b97b90-38c7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691814060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814060, "uuid": "7eb1442c-39f4-42b3-8292-bc38b5bb3889", "comment": "Malware payload (RedLineStealer)", "value": "09d783d19b336ad553f3484852efb7da", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814060, "uuid": "407a61fa-1f75-4276-ad1f-adfa7b1b400d", "comment": "Malware payload (RedLineStealer)", "value": "b2844204a3fd76dc4522274cd7c31b0fbee58050b596328a438ae7e28e3a66e8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814060, "uuid": "1570bd41-abfc-4c4e-9485-7bca856b9240", "comment": "Malware payload (RedLineStealer)", "value": "63c5845e8156f05643e3e2ba9f9abd4541d53911", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814060, "uuid": "12d02fd8-ba9f-40f8-9b2c-c465d881ae00", "comment": "Malware payload (RedLineStealer)", "value": "0c8140975cc46078f4e68ea9aef0f02fc2a452eea56750d29315b4926280260100adc4f6819615317524d5dfb4cc58b0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814060, "uuid": "8a3009b3-cd16-4c37-82ca-efc947bd7a2a", "value": "T148152242EBE801B3E9F537B25CF217A3073A7CA5983CC64B2B44A9992CB25C09575737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814060, "uuid": "d6f2ed7c-7dbf-406c-ac98-99812b4a7935", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814060, "uuid": "803f7074-5009-41cf-9a55-9b8064b6b537", "value": "12288:GMrcy909zEW1LG6KHvw+MZNqm+xkWxB5owJRUAgO1QJ6Jju+UKNeHY+MPzM:WyGBLGLY+MzBejuwJRUAn1QGjusM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691814060, "uuid": "6116ddf3-4622-4396-9363-a8ac7c9ce8fd", "value": 876544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691814060, "uuid": "b70aa7c1-1e9a-40da-8291-6759d5d3c18b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814060, "uuid": "865f33a2-8bf5-4afd-a765-967198e88352", "value": "09d783d19b336ad553f3484852efb7da.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcfddb29-38c9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691814960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814960, "uuid": "4f210ead-9a51-452f-9640-698cd8a48f91", "comment": "Malware payload (Amadey)", "value": "a4c9c180f624acb34fb1f98dd9510f77", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814960, "uuid": "68e7c152-1ee1-4e22-85d2-be92ee92363f", "comment": "Malware payload (Amadey)", "value": "b30f6d084030ea37706e2966c9d918fbac31473ffb57eca064e2de3582a55466", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814960, "uuid": "c6933073-c815-4ea2-8540-3d78c3eb48df", "comment": "Malware payload (Amadey)", "value": "795074da31c66d9c428aa287afd339faed8fabe2", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814960, "uuid": "e85cfb18-bf4d-4d31-a19e-ed959ccbfba8", "comment": "Malware payload (Amadey)", "value": "684fe705663db7664c395aea951a4e47dcfd7d3668a3f8b1535262451965ab2ddc90bfe68247142b2c64a7a1d177220c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814960, "uuid": "4cf4502e-89ca-4f43-9904-c0eb196c2893", "value": "T157F41267B3E991A2C9F51B7018FB03872736BC918D74936B530AD98A1E332D4987173A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814960, "uuid": "347cc0bc-6180-461b-9b74-941a16a699b3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814960, "uuid": "da6ac110-5a9f-4135-b571-303b272783ce", "value": "12288:AMrmy90op4xH1IXHjm3TTNu+F6AGzmVjl++5AVA4wjAJ/fzpad9uXBcPVC:WyfGHeHqjTc1RSVjlHAVA4G2fzESXaP4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691814960, "uuid": "5040582a-1866-4a5d-bceb-5f4aca23b358", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691814960, "uuid": "07b34dcc-f046-4cf0-af06-9e037c5b5d1e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814960, "uuid": "a595d890-fa8a-4918-8c88-dcc3caee608d", "value": "b30f6d084030ea37706e2966c9d918fbac31473ffb57e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af5e4f3c-38f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691832976, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832976, "uuid": "8ec74ed9-aac7-45db-a5b2-d5c86706a48c", "comment": "Malware payload (Amadey)", "value": "8b88185efc30a7cb56dd771fe713cfda", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832976, "uuid": "0a901ffe-fba0-4f8d-9961-430d5a0b550b", "comment": "Malware payload (Amadey)", "value": "b37fd51d15401121de1c2977bc4f4413766acabbd5f38882f2b4d6778f85fef7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832976, "uuid": "ea7510ba-1501-4e3a-be19-b4a31d4a5577", "comment": "Malware payload (Amadey)", "value": "a6d76f30cfa84cdead1b7ab5aff2a94f977ab61e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832976, "uuid": "78e0c93d-43bf-45b2-8883-4ae0a250f2b8", "comment": "Malware payload (Amadey)", "value": "ebc3cda7b514d2d7dd7ffda620fa3997b029f4005d1e1c1e4d25971aec0a564f2bacd83cd39735838833dfa37cb42a37", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832976, "uuid": "d1777bd8-0c8b-4ef8-8cf8-0d5ace245448", "value": "T1186439417952C072D960A1721AB5BFF2C59D68249BB049DB7BC00F76DB212E77A30F3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832976, "uuid": "45b8c6f8-24fb-4e33-8a6d-b5588b62135a", "value": "44e769941d2c6ad88bf42ac4adb36135", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832976, "uuid": "15e4ac58-0636-4dac-a680-1b7f3c822f68", "value": "6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691832976, "uuid": "53272764-2811-4572-b472-76027e8a81b3", "value": 321586, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691832976, "uuid": "3420d79e-4d0b-4fcc-a100-1fa4c026c107", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832976, "uuid": "37e5bdd2-e329-4f21-84c8-bccbcb472dfd", "value": "8b88185efc30a7cb56dd771fe713cfda.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58f7fd92-38f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691832831, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832831, "uuid": "de041737-601d-4279-8f3b-af12da9de38a", "comment": "Malware payload", "value": "814786aa53d93c7fc4917bc713de7b2b", "object_relation": "md5", "Tag": [ { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832831, "uuid": "134a0b85-f35c-4b10-86a0-a3c5cadb312a", "comment": "Malware payload", "value": "b44857ba393ee929625a2328ded86d1c6d3d63119fb16952c35d35a9711121f4", "object_relation": "sha256", "Tag": [ { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832831, "uuid": "ee1ce174-fd16-4933-9b66-3e426bc810bf", "comment": "Malware payload", "value": "ba4eab30a4dcfeb0704f4beb5442f325a2f76900", "object_relation": "sha1", "Tag": [ { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832831, "uuid": "ac811b8d-ad99-46ff-b153-834e6a511c86", "comment": "Malware payload", "value": "cef94b28f507166b65514f3451458ac8ecc692591560268b2bc557837ca11f9d18ad1d140352706370b28bf13a438066", "object_relation": "sha3-384", "Tag": [ { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832831, "uuid": "5cdcc039-e4c0-4942-b923-d2103222fc75", "value": "T17D6733EF54A7D22DFDEF35752FD9A354D024498AE864182F4CCBB7CDA00E4B6109C2A6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832831, "uuid": "fc8a37fc-e70d-4ee0-91dc-4c0855e9cbc7", "value": "786432:+X24krZclsEcTznscqDv0v7OAi3HOE91qvfggqt/:+9krFPjwDcDj3E91qXgg0/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691832831, "uuid": "04eb212a-28d2-4e6b-8d44-2ac188cc6a84", "value": 32166635, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691832831, "uuid": "64fc5bae-5fbb-419a-b819-6ca8420d1f61", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832831, "uuid": "b41483ad-d35b-4893-b4b6-665c3e28f4b2", "value": "Webex-x64.msix", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3061b66-38e1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1691825305, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825305, "uuid": "49733049-8e3c-4824-a15a-b8a4861933ec", "comment": "Malware payload (Rhadamanthys)", "value": "0869a8b39091bdbaad0953f0b71f2379", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825305, "uuid": "a63ec0c6-3f92-4b24-82ec-f6672ef72b9a", "comment": "Malware payload (Rhadamanthys)", "value": "b45536b641815e8e230c3519ee7b9dcb4bf186ed2f4dc73b4be00066550731aa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825305, "uuid": "153a98e1-1e49-41a6-8f34-0031178bdedd", "comment": "Malware payload (Rhadamanthys)", "value": "cb7910f65434cff0dabf3dc72bcfe6803c0a101d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825305, "uuid": "1fda195e-9ade-49e3-b70f-6c9476e4f055", "comment": "Malware payload (Rhadamanthys)", "value": "907ce949096b3d2699a48c3f4e37f06ecb1a062fdf4bb5971a7f3a1b44a92c49ec771dd25af60cdd180328633e6a84d9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825305, "uuid": "148d222a-8fcf-4a80-aa38-0496d6a922cf", "value": "T1FE2523692A1EC522D5EF09FE94D612015B31CA9BAF43E34E998D5EF418C3FD22D0523B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825305, "uuid": "1d94d5d1-5438-4f3e-be49-b570a8c0fa86", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825305, "uuid": "a4d2ca1c-1e70-4589-af00-014ef13d985f", "value": "12288:+8OQZ86nvGjpFZ8PeblZKxaffJwQvevJ95BNUq/caFPIy8d5LFNOsKNlcW/7V9j8:QQKdpFZ8PFUf1WLNUaFFT0LrSp/8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825305, "uuid": "68d06bac-dfb7-4db6-b08b-564ab75a7630", "value": 1051648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825305, "uuid": "8e51a06a-b4c3-43fe-9240-ea56f5328dc5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825305, "uuid": "8fda06c7-f847-4508-aeb9-5667c507c64d", "value": "0869a8b39091bdbaad0953f0b71f2379.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3114ecc4-38e9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691828469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828469, "uuid": "a6bd7459-f98a-4642-92e8-82a562c407da", "comment": "Malware payload (Amadey)", "value": "2628ec94184bc9c8b399ca2f59c800f1", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828469, "uuid": "59dc1ecc-0b8f-48c8-ac0d-65310f6b14f6", "comment": "Malware payload (Amadey)", "value": "b4b6b0380baf1c0961ec80d441929d95d8e8e59104297d0e0cd71d0b968134d5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828469, "uuid": "dcef6594-b630-48c7-af8b-64f86f95c275", "comment": "Malware payload (Amadey)", "value": "053dda12a6184608fecd7699b496f7a96d96f8af", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828469, "uuid": "30329e51-dae9-4744-9358-fed8b6910e74", "comment": "Malware payload (Amadey)", "value": "cc7d937881d7c2c9949d3c4472e2f48b53d72e8e713148ea50f1daee5dac17a935dbeaba1af21c464985121498497d22", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828469, "uuid": "f67ed8f6-4e40-4dd7-95e4-f77787713407", "value": "T11A6439417952C072D960A1721AB5BFF2C59D68249BB049DB7BC00F76DB212E77A30F3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828469, "uuid": "673788d6-6c72-4d2b-829d-1103650b6f3d", "value": "44e769941d2c6ad88bf42ac4adb36135", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828469, "uuid": "391c5c72-0adc-4666-bfd4-e8fcb0b05be8", "value": "6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691828469, "uuid": "24de3821-3db4-4b5c-9653-fe4f7f51feab", "value": 321550, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691828469, "uuid": "98dff000-eade-4044-87b8-1aaff86e313d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828469, "uuid": "381a00ff-e9fa-4123-90d0-47239462cd08", "value": "2628ec94184bc9c8b399ca2f59c800f1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f9ddc3b-38e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826722, "uuid": "adedd88d-5bb8-45a9-9ba1-73def058f3a2", "comment": "Malware payload (AgentTesla)", "value": "5dee9d8d2500aae0e4088f1badae666a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826722, "uuid": "789f0e86-a1bd-4f1f-a68f-b758dd50b843", "comment": "Malware payload (AgentTesla)", "value": "b74886726207fd58bd94f10ae0bcb9ab980102c4230b5e7127703ea3fc3e8807", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826722, "uuid": "fbe8f61d-3890-41da-9ef4-65557ffa1d36", "comment": "Malware payload (AgentTesla)", "value": "f5439503a82d935a2a9eaa35e5d81f81bede0155", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826722, "uuid": "0f388956-154a-437b-809d-54cd05b6e7d2", "comment": "Malware payload (AgentTesla)", "value": "44d3e31d1920116d2ddaf042e3081f320588ad16d75b3eda17c6455caed92ee1d5cd8d748cb07462f0e7c646525b8a11", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826722, "uuid": "8be3cb93-bbcd-4688-8cba-f89363e657dc", "value": "T11205CF60AE7CDF82E56B4BB8408ED30E83755C593122C53A5EAB50CAD4937C106DB7AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826722, "uuid": "51ddca23-fff4-4ef7-9f6f-c163a5146d6f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826722, "uuid": "45d30325-673e-42c0-99df-032e41068d9e", "value": "12288:w1PDogFxFwb0tigX9+6sPDB54XYZC6dV9fFv3bL/5X4WotlqTjB:xL0tigtOPMI9Fv33/5UeTjB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826722, "uuid": "7f889cf0-15c4-4552-b270-96c98a87e618", "value": 842752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826722, "uuid": "67b57fad-567a-4151-a532-c423ec0d18c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826722, "uuid": "23479df2-1cda-4c5d-b94e-c9839750f074", "value": "DE 3693046299.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ce04268-3904-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Rhadamanthys)", "timestamp": 1691840059, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691840059, "uuid": "a8ac8516-2739-4670-b780-ace084e4f009", "comment": "Malware payload (Rhadamanthys)", "value": "a569e2d9851e1c8fa540e7ae58c5e0e2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691840059, "uuid": "f9abfa86-f08a-4452-86f4-0a5a187ea754", "comment": "Malware payload (Rhadamanthys)", "value": "b76d7c7450892b61891be2cbcfdb364e7b6f3c39a30ea1a3727d57b5683cd237", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691840059, "uuid": "bf738d5c-9b10-47c5-9076-a2bb5d833396", "comment": "Malware payload (Rhadamanthys)", "value": "38387ffdd8a55673de06924607e4e18a9be82564", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691840059, "uuid": "40d60561-9c92-4c84-9e7a-59bec610ab2d", "comment": "Malware payload (Rhadamanthys)", "value": "d62ae266f5479efd840426d1f8e93406edfc2e3f1f282f63574566cfeaeaefac51127dc11f13519f935fcb4d9919752a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Rhadamanthys", "colour": "#3D95F5", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691840059, "uuid": "9c3f9281-e41b-4114-8a6d-8f62a990deac", "value": "T194A412227CD3D031D25B05B04928CB662B7FB43546B5898B77414BBEBE203C14FBAB5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691840059, "uuid": "036b3d1c-8148-4f05-a892-46bca804bf03", "value": "f14eb02bc6e4e96d4b116ed67da9e223", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691840059, "uuid": "0cd227c7-4c96-4555-ad17-041b102b5bad", "value": "12288:PGTl103uL6dAcgm6Ez+e2LpoXDNz0CZPL:PoD0ZdARm6y+9HiL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691840059, "uuid": "faa03ba9-031e-4492-a4bd-acaf1f4e3193", "value": 469504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691840059, "uuid": "89f3086a-d56a-47da-8637-b89b0b402c01", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691840059, "uuid": "90826fef-26b5-44d9-8ac5-7069abf3d753", "value": "a569e2d9851e1c8fa540e7ae58c5e0e2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cf7b75c-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826288, "uuid": "c74d3c04-bbd0-4f4a-95e7-dcd61795f793", "comment": "Malware payload (AgentTesla)", "value": "35b9425ec2c8192b08bf3d72ff45ae20", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826288, "uuid": "5f07b1a8-52a8-480e-a241-54d9b93026df", "comment": "Malware payload (AgentTesla)", "value": "bb04873f71f5135a43c5abdcadf114c9258250b08fb75a83f6b431e40a5dc3cf", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826288, "uuid": "73dbbb18-b0cf-4978-8da2-508e530d5a3d", "comment": "Malware payload (AgentTesla)", "value": "94c953149a8c8b520d073ac516efe223092ffd1e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826288, "uuid": "3dbb22ae-c54a-4b53-a9bf-57ff42ff67e2", "comment": "Malware payload (AgentTesla)", "value": "9f7c39edae2572560d4e44498db9a406252dc07686e73cb438dcc364442234dbcd86ae0ff4a9773a314ed45a5f6eee3e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826288, "uuid": "e70ffce8-501f-49be-8c23-c6d5a009ac55", "value": "T122D42344D8834944DF5AA8B6D5DDCE7FCAB9312C29B1098D3EAF9C25FD8B8B291C3141", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826288, "uuid": "e117d0d1-6e94-4848-b9d2-b30c7e2fafb8", "value": "12288:8fCkibpxvoiwyl0BClIxr5McMsByamKMbcG7xUQMehGJrkW:D/oTPB0mkqxvG7xOVJrkW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826288, "uuid": "e3dffba1-5726-482e-8aa4-03964a9e6980", "value": 630648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826288, "uuid": "51d9967d-15c0-4027-a14a-d02d85215152", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826288, "uuid": "71ef00bf-cf66-426d-86f7-da68aa42496a", "value": "CF.0083420documentos.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b400f389-38a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691799054, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799054, "uuid": "6af08ed6-ed04-4db2-bca9-79dfc3d15979", "comment": "Malware payload (RedLineStealer)", "value": "184e21c488b8ec094b8213800e567470", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799054, "uuid": "f895c284-7193-4afb-8c51-7e95117f72f1", "comment": "Malware payload (RedLineStealer)", "value": "bbddc31b1781832d094a913745fc2eead35eeb8a21add5814f61db70e5083667", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799054, "uuid": "b3ce2690-60f3-440c-8b44-eec4765ea280", "comment": "Malware payload (RedLineStealer)", "value": "78040bb3909d0448680a2981893c1bf0cf565ea1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799054, "uuid": "5e641a29-e77a-4db4-b190-ac141a7eecb1", "comment": "Malware payload (RedLineStealer)", "value": "1efc1579b563fe387b3de751ef08bc6d82d3182dbbf667ea4c647a719136933d6804235cd7752610c8ea46eceaee3608", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799054, "uuid": "118202bb-1bf8-480c-87ca-0e652e30912b", "value": "T18FF41253E9F99132DEB81B7068F617831B367D780A78936B32D16C0A5C32585FA3533A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799054, "uuid": "516f48af-9a2e-4125-93c4-91122ab405a1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799054, "uuid": "ebc4bbb4-5af0-487e-988b-b19387311ecc", "value": "12288:zMrfy90O2gY4zUEX1JrZ8+iVKlAqKhWe7aWqKRqCXrp7ooEaiGsQ2madj:syb2gYcN1BZ8jIldet7azKkClKab2m+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799054, "uuid": "83680491-7b52-4b40-a52a-dad08c7f816c", "value": 747008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799054, "uuid": "d379d76b-f7f5-407f-bbe8-d64181240d86", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799054, "uuid": "65810826-89a7-4af3-a70a-42eac1989b28", "value": "bbddc31b1781832d094a913745fc2eead35eeb8a21add.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "439a3983-38cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691816474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691816474, "uuid": "45c378ad-24e2-41e1-9abb-8437c597ff6a", "comment": "Malware payload (RedLineStealer)", "value": "38484b1d577ecf98fed9e4eab2ada142", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691816474, "uuid": "e097f611-9c9e-4418-82f7-6bac806964ae", "comment": "Malware payload (RedLineStealer)", "value": "bea60a6d436d1d750f83f0df89dce0367822b76b3c67acfd95ff038870930789", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691816474, "uuid": "be6ef640-e538-4a33-811a-f6934ea40f3f", "comment": "Malware payload (RedLineStealer)", "value": "ece6dc7f8b098151067d66edbbf10a7730bc725b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691816474, "uuid": "a8f475aa-6b3c-4fa3-a1d5-c96fba67e355", "comment": "Malware payload (RedLineStealer)", "value": "6bcc82d8d9c32fd17f00b3283b5b675ec8ad57384b24a457da5c73270229aff7eb7c18188c6072895e0b44301c5bb8cc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691816474, "uuid": "270615e4-fc18-44c8-b326-34103b531bba", "value": "T1F874F1317A95C0F2C58B40794420DBA0AEBFB83166B586573B6A0B6E1F753D1CAB730D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691816474, "uuid": "660f421d-f3cf-49a1-9d7e-b5c3b3426e01", "value": "57c957ecde7ffcaeaa065ed04df47092", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691816474, "uuid": "fa4f7298-7d04-4b68-baaf-e3ce91ecb936", "value": "6144:80Ai+LVGEleBgfZ/NsuD3tpCuedtjUHY9E0969:8VDMElFZ/NsuD3tpC1QHY9E0e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691816474, "uuid": "6dd0bcfd-cb36-474e-8984-4adf0642f865", "value": 343552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691816474, "uuid": "ee05c588-92aa-43ba-9dc7-a824371fa69e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691816474, "uuid": "f034d038-d60c-4ca9-b66c-c759c76e6532", "value": "bea60a6d436d1d750f83f0df89dce0367822b76b3c67a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c757671-3964-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691881316, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881316, "uuid": "8f5eeb16-ebd1-476c-8b9b-ad8c72610edc", "comment": "Malware payload", "value": "3a7986fad22b18f7eed93849cffa40ea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881316, "uuid": "12c285ae-5d86-419c-bf9b-26ffb0c35655", "comment": "Malware payload", "value": "c188aad47b8b591ec90dc48df5934085f82c73e2fdfaccce4e95ffc80a8c9dc8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881316, "uuid": "7945d4c6-9631-45d5-8258-f7cc8323b4ff", "comment": "Malware payload", "value": "7cce05867a132698ee4f0b5a4bb57121a1cc13e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691881316, "uuid": "3472bd21-e8c4-4607-a1d9-a43cd69bf8c6", "comment": "Malware payload", "value": "92e3d9bbd71c46ff15a036168f664b7351a9d6e79777c60e1456918ca2e72fbe1f0696ac0d8609b942a7771a910d4994", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881316, "uuid": "167b8c2c-b50c-48de-9355-f8f17ee57a72", "value": "T17234E013E7E88072D9B5277058FB13D30A367CA15D78936B2789A86A1C736D4B87133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881316, "uuid": "0452e370-6d45-4469-a866-03a387d9148a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881316, "uuid": "8e393737-ea32-4999-abb1-c615e1ae9e78", "value": "6144:Kcy+bnr+mp0yN90QEMWkTnrhjB6gBZ+t47DQ:MMrSy90KJXhjB6gBYC7E", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691881316, "uuid": "8dc55e97-37e0-442a-826d-083f96c9f035", "value": 239616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691881316, "uuid": "d5692ded-0ad7-4168-b79a-c892444e0e9a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691881316, "uuid": "f46c89df-fa82-431c-a775-a44229a8b323", "value": "x0193916.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a932fc1-38b1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691804460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804460, "uuid": "5d92a1a5-d274-46bf-8dfb-e6fc57969f7a", "comment": "Malware payload (Amadey)", "value": "d86f13dd60d1df053cb111b77b3b4310", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804460, "uuid": "4251c3fa-448a-4b75-bf70-771d12659309", "comment": "Malware payload (Amadey)", "value": "c4cd006f283c997151f48306abe2a39e205766c3cd7ed6145b73bb67a27494e3", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804460, "uuid": "1bb4b499-4e31-412c-88af-48a3213f0840", "comment": "Malware payload (Amadey)", "value": "ad42df5b481e7848ca85393aee56ce7ba9920f82", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691804460, "uuid": "b0a257a2-eab3-4a3a-bc61-caee1515bce2", "comment": "Malware payload (Amadey)", "value": "ce4f59782213ae97ff6354153e484fbe4d65a351e200ff55a5967ad7b66e72dd8204d417035f4a3b2bc555f85ca3c741", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804460, "uuid": "7831f48d-8455-4860-bc72-40c736078546", "value": "T14F6439417952C072D960A1721AB5BFF2C59D68249BB049DB7BC00F76DB212E77A30F3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804460, "uuid": "2c7e28b0-7f5f-4f7c-bda8-98d15b10dfa2", "value": "44e769941d2c6ad88bf42ac4adb36135", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804460, "uuid": "746ea7a3-3425-41ef-bf3b-f99b321d575b", "value": "6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691804460, "uuid": "300d7e2b-af76-422b-b825-2a78c8389e81", "value": 321340, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691804460, "uuid": "617d55d8-af00-4650-a391-9195904b3f3b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691804460, "uuid": "402a1c66-1e7e-4bde-a551-01e346180eab", "value": "d86f13dd60d1df053cb111b77b3b4310.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b4cfcb2-38ef-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691831171, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831171, "uuid": "550aa6da-ae85-4b55-838b-8a2243529b62", "comment": "Malware payload (Amadey)", "value": "a7b3b93f973371417289d4ee4122e817", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831171, "uuid": "6ec8d672-e61f-4752-a6f0-d74a82ab0ee8", "comment": "Malware payload (Amadey)", "value": "c4d2373c3bea11455afdb55c3b35ce7e5d79dc29f31399a6c2ec1c1fb5e364b6", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831171, "uuid": "41c4641b-bedd-4386-80da-463967be9884", "comment": "Malware payload (Amadey)", "value": "048944913a10d42b887029dfac26f6f64e6b3969", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831171, "uuid": "74bb231c-48f1-4153-978f-b28810cdc5e1", "comment": "Malware payload (Amadey)", "value": "78788c3b1af8291fe7280b7671964a3774cd8a9b4fa2c3a39bbabb1c2970aeda46b077fcf9ea774b29424c9794114a45", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831171, "uuid": "227e97ed-d98b-4a0e-bc24-c82a9b4fc6cc", "value": "T1CB6439417952C072D960A1721AB5BFF2C59D68249BB049DB7BC00F76DB212E77A30F3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831171, "uuid": "7930ea5e-1d23-4c68-8516-a2832ef9a58f", "value": "44e769941d2c6ad88bf42ac4adb36135", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831171, "uuid": "520b1e7c-dc28-469e-8ea8-a03fb4974a80", "value": "6144:SR9eh569+UR6P3zIwkp4p2k/DPaZHwc3eoe6u17MgAOIMs8Bq:Sfm5BB7kpi2k/ae6u17pa8Bq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691831171, "uuid": "edf1fd90-6a69-47a7-a2a6-18bea8a27802", "value": 321572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691831171, "uuid": "857e7d34-3621-46a4-8577-46793651e459", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831171, "uuid": "4523c1a3-23c5-493c-8b68-be8946034564", "value": "a7b3b93f973371417289d4ee4122e817.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ead3444-38f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IcedID)", "timestamp": 1691832787, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832787, "uuid": "4dac9b6b-0814-4e43-9070-db7c7e1f67c6", "comment": "Malware payload (IcedID)", "value": "08fe8c55de15a15dd4583255fb5d6a68", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832787, "uuid": "cdeef1ba-633b-48fa-b23e-9c5df059fa60", "comment": "Malware payload (IcedID)", "value": "c4ea6aec4f71e0a39407bdf76f00d3e6bcce95f01bef35fada84717b3cf6dc1c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832787, "uuid": "5ad360e8-8484-437e-8489-9e77dae0f7fc", "comment": "Malware payload (IcedID)", "value": "73658a7e655716e22713c0c842aa1ccc73c6bff9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832787, "uuid": "cebedb9d-5404-41f3-91b1-1ac4764f237c", "comment": "Malware payload (IcedID)", "value": "fc0c843379eb8d891ca8cea75cca1a3c6508eb7d00d58a47d58ff9353606cabe5e39ef326640572406d995d7733f5a5f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832787, "uuid": "7cff4491-2fcb-42d3-8a27-4adf76b99872", "value": "T167144A2EB2F294ADD9A7C13045BB81316D31FC751B30DA2F27D4EB350F22E20965AE65", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832787, "uuid": "3b103e17-8e5c-46cc-948c-c7f7bced7be5", "value": "a56f115ee5ef2625bd949acaeec66b76", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832787, "uuid": "728e5fbc-6707-4151-b83e-8e19ce7e6091", "value": "6144:jZU+Q0/Xns9tMKN1fPRqTBNB8nX/A2JpiF69:jS+Q289tMw18B8nppiF69", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691832787, "uuid": "b871bf1d-d402-4758-b77c-38e715085627", "value": 196984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691832787, "uuid": "41d2cd6c-8ccf-4498-9422-3560f3b321b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832787, "uuid": "683fbc8e-95fc-44db-88f1-7de253934060", "value": "udagqoaw3.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c05d120-38e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1691826716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826716, "uuid": "2bfc8488-c2e2-41a6-8c3e-03910cba4aa7", "comment": "Malware payload (Loki)", "value": "4fd404e77ada95151e738dac2213b49e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826716, "uuid": "5339c35d-dcd7-41dd-91a5-e0a28414a6ca", "comment": "Malware payload (Loki)", "value": "c51f33d84d7370895b668c633028a7fce82eeacedb2175ca8cb41fa14a61d644", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826716, "uuid": "c4d28c53-9fd0-4b76-adf8-0902f1f701cb", "comment": "Malware payload (Loki)", "value": "c4c19ea0900fbab7b667110181df7248568a63c0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826716, "uuid": "44c61537-6596-454e-b077-b92ada9ef5c5", "comment": "Malware payload (Loki)", "value": "f066e6554816451f65dd4222eaa10ca88eb1e9fcde65dd8fbedf51e4ae02e3c8dc3e63a0afb6755540f7184a76e6c351", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826716, "uuid": "47ebf552-4a32-42e3-bdb1-1beda2600807", "value": "T14A2501C7BA465513DFC9CBF81A128E26191D7F300B28DB09C2297B1BCD3E5A175DA272", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826716, "uuid": "7be4c68b-c643-4311-ae78-562a5adecc7f", "value": "7fd61eafe142870d6d0380163804a642", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826716, "uuid": "cfe2f0b6-6561-439b-91ba-0e5ebef8a560", "value": "24576:sFiS4TYTH21F9FMUlqrhirNJvnlItEoxI4UwxG7n2:bSiYD21FHMy1rNJ/mtEjcY2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826716, "uuid": "4adf0988-2f02-40fc-a756-3e8990e06870", "value": 1003216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826716, "uuid": "ccf5ff0b-94d7-4017-9140-aa690daae01c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826716, "uuid": "715ead8d-3913-4dac-8a1e-a8e8942674f4", "value": "\u017d\u00e1dost o cenovou nab\u00eddku (MUNI 1011-23CZ)\u00b7pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02b670ce-392a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Fabookie)", "timestamp": 1691856309, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691856309, "uuid": "9074339b-7bc5-4d2f-a040-6f7bffa7a243", "comment": "Malware payload (Fabookie)", "value": "3745852d8e2b4f6846d4133f11bd8865", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691856309, "uuid": "641a1ef8-4522-401f-95b8-a16c11b34abd", "comment": "Malware payload (Fabookie)", "value": "c584c7651362204e41f82b9c0c2c562d5022d5c30f1339a393d9820c25079dbf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691856309, "uuid": "827a37a7-ed4b-4c6d-ac7a-d7ed9edfdc5b", "comment": "Malware payload (Fabookie)", "value": "0fffa9475ce5b83265a590ec60212b1895dbe92d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691856309, "uuid": "a272f52c-c211-453e-9ef6-d9d67ad24d7f", "comment": "Malware payload (Fabookie)", "value": "e0c82a9860b06de6ccc47e4be1771f194df59bb1cd38dc5acc86df4a8780c3919e63d401622b39eafa876f4bd8bde4ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Fabookie", "colour": "#289638", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691856309, "uuid": "9df7aaba-4593-46e4-96b2-d6b55b1aa9de", "value": "T15734D0327A93E172C55B04705820DBB03EFF78365A75858B379846BE9E303E29B36356", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691856309, "uuid": "0909659c-2b6b-40b7-9f2e-5f8b3a75448a", "value": "f14eb02bc6e4e96d4b116ed67da9e223", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691856309, "uuid": "8214bb3f-743e-4845-aca3-ec66a528f0fa", "value": "3072:NyXqsaTaLroCgH8AWBLk/0TIWg2hLszrGYzmF8A/TkRkmu:NyATaLrsDWNk/00WJhLAGYM/btB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691856309, "uuid": "4e135c66-9d95-4436-8364-56d978b3681a", "value": 246272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691856309, "uuid": "6b7e8714-5c6b-4fd6-ad80-019c11e0d09a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691856309, "uuid": "b1088aa9-ec7a-4b3f-aeee-1aee0a5f5c32", "value": "3745852d8e2b4f6846d4133f11bd8865.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27b19674-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826306, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826306, "uuid": "958cc0d3-d819-4a5c-801f-d3ee4788148b", "comment": "Malware payload (AgentTesla)", "value": "0137b3ecea2c0e75ae9e6553b4508abc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826306, "uuid": "76fd1f58-5ea4-41dc-95da-db82db4a92b0", "comment": "Malware payload (AgentTesla)", "value": "c5daed8b0f7b946a0f56b0b7ade63423eea5c37391bcec98cca36bc043e648ad", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826306, "uuid": "372f61c3-7842-40fa-8749-dfd635fd331f", "comment": "Malware payload (AgentTesla)", "value": "cacc898d7830128322f940dbcc2ba3391acc1bf4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826306, "uuid": "922a81e8-0503-4cfe-ba8c-71c765a88c01", "comment": "Malware payload (AgentTesla)", "value": "f591fef5591c9459615029c1dd30da8b943a4973ecb20231cd0e26d55768880ad314ccbaeed3a88e96cc7ec3da95ca49", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826306, "uuid": "2641233b-37d9-4564-aba0-ec78645f5aed", "value": "T1B0F4230C23923C389F0B3C5779A9FBBCD332755B5429FCDA46144CB5E2968C55ADC2A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826306, "uuid": "cf3e3607-ef1e-460e-8105-1432e3484321", "value": "12288:U7nWiABvCkny42oJX27/+rL332yxIy3K0KXcWMwcPkjVOTtvqM5pJW30jaiZ2ZK0:scvzP2Yq/gFGy3PKMWcPkjVktvRJtaG0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826306, "uuid": "3980ac8d-44bc-4e51-868e-266968cf6674", "value": 742710, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826306, "uuid": "dee9d6e2-dfb8-4b5b-9a24-bc987fa6a83a", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826306, "uuid": "477a8f65-076d-4fe6-b490-c9378e144fa2", "value": "Invoice 215431 .xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f7c9b6c-3914-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1691846935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691846935, "uuid": "606cc5f1-a1d6-4956-9f6a-8378a4b3d24e", "comment": "Malware payload (Smoke Loader)", "value": "a226871f5a2443327583bb5748442ea9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691846935, "uuid": "f96bf778-d6ed-4dea-a8ac-bc2f09ec2002", "comment": "Malware payload (Smoke Loader)", "value": "c80e0c9b8b23e5c826674e6b19bd814e2796a539aeb9d47fc2df898d44232e53", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691846935, "uuid": "e3e20d86-21cb-4cdd-85d7-d4fcfc82f252", "comment": "Malware payload (Smoke Loader)", "value": "57615d67a310eb860f793146f242e162ea9a15b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691846935, "uuid": "7c8cc890-9db1-431a-88df-ba09b3b5997e", "comment": "Malware payload (Smoke Loader)", "value": "59c553c9a80e1366304f990dde2455d0c1f6aa5c1a8d70155648aac9bbd968de49d78491038a576a4066f50b6deca223", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691846935, "uuid": "4736ed78-4bd2-44a2-bcdb-78e265beecd4", "value": "T17DE39E01F2C280B2E5F3147515A1E251DF3DF9344AFD5EAF6BD40FAA0F311A0E62996A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691846935, "uuid": "f9c667a2-818a-4dd9-9979-30387a23dcb3", "value": "0139538a651a21148db92c7ae213c5f3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691846935, "uuid": "2485570a-5321-438c-8f35-b80ac7b3b419", "value": "3072:e3A8KeSu5u+O/pLj0CMAlcdjrsKxOia+0Mb9vmZzPga9gVJ:ekeSbf01di6YuVJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691846935, "uuid": "165545f8-cf28-475c-8741-5ce5696d85cd", "value": 143360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691846935, "uuid": "dcf1c092-dcf5-4a8a-88bc-df42ef9cf2aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691846935, "uuid": "2f62036e-c702-4f7b-979f-d561d73d4aa1", "value": "SecuriteInfo.com.Trojan.PWS.Stealer.37347.16351.32481", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fba4eb66-38f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691832675, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832675, "uuid": "e219a7c1-9253-4984-9279-72ec03157183", "comment": "Malware payload (Amadey)", "value": "ebab8143f2ae2006e460a784b1b51dc7", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832675, "uuid": "a7fb931d-5e5b-4196-999e-e994ff16c40b", "comment": "Malware payload (Amadey)", "value": "c99fea30244719cd2bcf35e1b53b47a98e38a5baffeeee94aea68a6ff7e8a5b8", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832675, "uuid": "c5826388-c4a0-4ae4-ad1d-bcc1d1f2c181", "comment": "Malware payload (Amadey)", "value": "149cf354b4d83e82175c7986effff4bec577bf56", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832675, "uuid": "18e66d36-c145-4694-b0c7-16e6dde2a900", "comment": "Malware payload (Amadey)", "value": "f851858147cc2318fe8234287240bc5fe647870e6ed44c1771218564f02182634e2df62c59070f1c3c77bccd0ed04ebc", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832675, "uuid": "af1dab4c-a75d-4e53-82b2-7d1deed9f586", "value": "T181052316B7D84133C4F62B3068FB03531B3ABCA25C74C77B26812D5A2EB2595797632B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832675, "uuid": "b98f90bc-0a7f-4064-bff2-99be668cf953", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832675, "uuid": "9dc18db9-9d92-4988-9351-d08a1db02ebd", "value": "24576:Uyf/w6G7YVBxjXPkD/P65Jurvl8rUjajjdwwGnUWq:jf5sYTZX8DK6ZBO9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691832675, "uuid": "15c1cd3b-28bd-4027-8384-c675040abe1d", "value": 867328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691832675, "uuid": "67ce9fd5-ae40-484e-a31f-4d3202fbf502", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832675, "uuid": "7e042c48-cb32-42c1-91bb-abc1cf7f5247", "value": "ebab8143f2ae2006e460a784b1b51dc7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b674ba9e-38a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691799058, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799058, "uuid": "cd9b12d5-74f0-4442-93e8-68198afa00a4", "comment": "Malware payload (RedLineStealer)", "value": "e2791e0ef9cb2a984718e006f71eaac7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799058, "uuid": "a85104cd-4dcf-4ed3-89c5-195bc9185ebb", "comment": "Malware payload (RedLineStealer)", "value": "cb71cd598de6347d1203f5a2c1cefcc11d7c512476369265f364a114ad676711", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799058, "uuid": "32900f77-1513-47d1-8543-6b2aeaef32e3", "comment": "Malware payload (RedLineStealer)", "value": "e35b1d786eb89e03f103dc47c1c77b81a113e03b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799058, "uuid": "2e209e5d-0a63-43c5-969d-5ccb71eb09db", "comment": "Malware payload (RedLineStealer)", "value": "071be7b82c69db1342743a086d9673d8cf44250934621ed21a34b035eda6cfefb8565398befef123111cf5377504e2c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799058, "uuid": "4c85b4aa-6966-48b2-84d2-68d853154293", "value": "T167F41217B6E894B2E8F9177164F712970B32BCE218B8872B2B09545F0873794EA31777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799058, "uuid": "aae5e040-a56a-42fe-ba4d-12ea746fc2ba", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799058, "uuid": "1c6d5ad0-d81c-4f94-8d27-62066403393c", "value": "12288:dMrGy90LbBh/GwYHZicGz4dlxt/ZX2S3Bo1FU2046dDnR2KRmlX4p7BhHfOZEi2c:/yEBh/FYZGMJouBo1FU20TTQKIlAzOWm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799058, "uuid": "835fc354-18d3-4ac6-a23c-c9b1d638b196", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799058, "uuid": "11baecd1-8da9-4291-b1ce-0d8cb3eaab76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799058, "uuid": "08434edd-d99f-4080-b3e5-688d50311481", "value": "cb71cd598de6347d1203f5a2c1cefcc11d7c512476369.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba355273-38a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691799064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799064, "uuid": "c6f9835c-c63c-4377-b061-3723976a56f1", "comment": "Malware payload (RedLineStealer)", "value": "c08ec0e22f7113482a11e95999b8cb22", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799064, "uuid": "bcdde62a-6d48-4bec-b121-38ff966e9f46", "comment": "Malware payload (RedLineStealer)", "value": "cbcb41d6cd35c527b68df09792dadcd3d496032ec4357a769eae95a3aaadd505", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799064, "uuid": "7734396a-463d-4f37-9ebf-23a5aeb13ec5", "comment": "Malware payload (RedLineStealer)", "value": "057ba29184e2ecd258646973ef0b585370c57ad3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799064, "uuid": "ee135334-0a0c-4974-bc3b-ff3d0074f327", "comment": "Malware payload (RedLineStealer)", "value": "3fb76906d276204f925e6bbf783a4cbd2653d44759dc1af2a56c617942fce49e5c6ac4ac327a67c3e2dc8062f03b0768", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799064, "uuid": "5038591b-1618-4588-a4a9-25c71d221a8e", "value": "T1F6F41252F7D84426EAB5177128F2038B1B337CB55828D35B3B94A89E0DB3590E8B573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799064, "uuid": "38132245-c310-4fd5-94de-6bffb798d772", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799064, "uuid": "1c72f793-22b6-45cd-a18a-47864886fcfd", "value": "12288:XMrcy90sOm82wBNo5ENpkjf0sCwVNe/Xge/Fzbf9jKUwI5tSL04O9sfmYF:LyBOT2wD+0sMZ9z5jKUV2L0b6X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799064, "uuid": "6f91d06f-ea5e-4f53-aa4c-2dea2406153a", "value": 744960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799064, "uuid": "59fe662b-c3ac-468d-94e8-fd6a87f8f8bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799064, "uuid": "ab4fa69a-45e0-4bc6-86c8-f1139e29580e", "value": "cbcb41d6cd35c527b68df09792dadcd3d496032ec4357.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6c2b776b-38c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691814395, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814395, "uuid": "2460f4fa-6c49-4e7a-b949-293e8a1a4687", "comment": "Malware payload", "value": "75bd1384535d144dac3817b457526119", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814395, "uuid": "3efbb4e4-a81b-4684-a0e6-a39ed4b8afff", "comment": "Malware payload", "value": "cefe011ba17f61e159dabb3d5863c9b1f00571790028e40d443100e1c04c0ab6", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814395, "uuid": "0862b583-d07f-4502-8eac-01b268f8291e", "comment": "Malware payload", "value": "ed24eaddf2739fccd448cd1386b1506e5af75d97", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814395, "uuid": "9844ab5f-fcb2-476b-ba2c-88153bcbffd4", "comment": "Malware payload", "value": "89d742d498ddd027ff2dc00b7820464ea968c5c9312ed995bb872ca65f7b6b71294a7aa2953f7fc91585ebc33c92d9cd", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814395, "uuid": "2ec10507-ad13-47fe-bc20-ff89cb8ed777", "value": "T12543032D974F02A9CF6243379B1A0E4542FDBB7EB39552A1306C837533EE82D91252BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814395, "uuid": "332a5db3-2e1d-476b-9db7-d2bd4bdaafd2", "value": "768:pwAbZSibMX9gRWj0vwqjtNwvwBuBsQ3EUoR:pwAlRXvhj8Iysyw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691814395, "uuid": "eb12f015-715e-43de-8db5-1db5d7cf3da7", "value": 55682, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691814395, "uuid": "c79b3c57-8127-475e-b5d5-688391bfef41", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814395, "uuid": "1b8a750e-589b-4023-993f-3d637a468a0e", "value": "75bd1384535d144dac3817b457526119", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61c24962-3902-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691839288, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839288, "uuid": "07c4458e-4211-4361-9a81-7b35defae251", "comment": "Malware payload (RedLineStealer)", "value": "833b1d5360ecbf02a3ebb976a5ede314", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839288, "uuid": "4b27af3c-d9d8-4e6f-a1c7-65697c363d00", "comment": "Malware payload (RedLineStealer)", "value": "d0c016b685dea3d948f17f8159634da2f30b399f681ac47b770d969d3ea27144", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839288, "uuid": "1c0e32bc-0942-4b2b-aeee-a5305d72fe18", "comment": "Malware payload (RedLineStealer)", "value": "d80434f1d6dfb6a2133de72fa41615b1e612f3ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691839288, "uuid": "a12e5fb6-7f13-4702-ba29-e26d276b82e2", "comment": "Malware payload (RedLineStealer)", "value": "10f608eb06af82f8f2e1b7a6c9ceca1f309dcc460f0c69313414c601e5dee60c669a5c2dde3ffcd5155bb529f8471927", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839288, "uuid": "1c365eeb-1f64-46b5-b8d0-11253c67a710", "value": "T155F41253AAED80B2D9B92B7048F703E30B35BC76A8B4A3EB2345985D0D33585A475377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839288, "uuid": "df352719-eb94-42b3-ae7a-6c91ffae3305", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839288, "uuid": "24dc1ed6-9232-4870-90cf-49556513d838", "value": "12288:yMrEy90Tw0qBYlU7GH+B5jLQIfVWVDHAKcG4QaEHPZmT9t7RPh:qyH6C7FB5jsINWVDHHXHPSfPh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691839288, "uuid": "94b50bec-3d33-4a97-aca7-27ed1e14a535", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691839288, "uuid": "9f8c867e-bcf7-4134-a6ce-5096e5c7d8eb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691839288, "uuid": "b2081995-856d-4546-88c3-c8372c086220", "value": "833b1d5360ecbf02a3ebb976a5ede314.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1413eba-38fe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691837784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837784, "uuid": "06993d0a-8433-4e9f-b10b-cbc08dca765d", "comment": "Malware payload (Amadey)", "value": "f380d753dc52f31140c0ea0cca0856a0", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837784, "uuid": "7c7624f4-0fed-4b84-b0c9-a7e56df134d4", "comment": "Malware payload (Amadey)", "value": "d126d510d5c177c4ac453fa21d574446320fe00d8cdb1ae23db37f92645398ce", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837784, "uuid": "8ee7d900-4aa4-4d5c-be7d-97a82be82bb3", "comment": "Malware payload (Amadey)", "value": "de7b127c7a057771326d33a88d741e17d589116c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837784, "uuid": "cc83a4f0-7f05-4262-bb90-4cac953780b9", "comment": "Malware payload (Amadey)", "value": "013a355a232517cfd39c30e3d4ec9abc56586951a13261c3cd5fedd35e2c4279f4952a296760474439d1fe0e522834be", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837784, "uuid": "11793275-9d37-48d0-8683-37140534b8de", "value": "T18AF41256A6D98433EEF523B05CFA03830B3ABC654C389A6B33455C4B5876B91F83572B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837784, "uuid": "17c2c1bb-09cd-4289-93bb-914a96577e1c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837784, "uuid": "92660b42-d6d2-46c9-9d25-dbc4ec22c9b7", "value": "12288:FMr1y90y45eLsn0Ey/1Xvn14iQjtKHVe7ViaKRikXlp732DVY+wmgdBXvTlItqDb:sy/4kHtXd4bjtIc7V1KgkH0/gbJaxy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691837784, "uuid": "6585cedf-f780-4ee2-a2ac-21a54578a43d", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691837784, "uuid": "52fddf15-245a-4a18-a90f-0754c97753bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837784, "uuid": "2fe2e285-10e0-40c3-81d5-3bd548e53bcf", "value": "d126d510d5c177c4ac453fa21d574446320fe00d8cdb1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55776899-38e9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691828530, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828530, "uuid": "246df092-12be-476c-90bc-559c2f2f801d", "comment": "Malware payload (RedLineStealer)", "value": "c186adbf9fe8695646e486edd4482412", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828530, "uuid": "306dba42-6adc-4ae4-b4a2-9abd789328ad", "comment": "Malware payload (RedLineStealer)", "value": "d432320a7de0a91212d72b08be48ba8731a00b336d2777377e5632bd17ee4a33", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828530, "uuid": "d6d07058-cc43-4b38-ab78-2cf08c7f37a3", "comment": "Malware payload (RedLineStealer)", "value": "39599ad3c88c465385747932ea69122a9f97aa91", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828530, "uuid": "089f7238-e189-4071-bf11-98bd1ec4e70d", "comment": "Malware payload (RedLineStealer)", "value": "19494c221d7c2e529439081d78ad76cb849d772cd153a8a7344a8edd581bf082b4390fe5b08c63d8cb10dc86fc74f81c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828530, "uuid": "51d2e318-5149-44c7-a301-55cad6f60e22", "value": "T1B474F1213AA2D072CB4B41345934DBA1AE7FB539277986A737680B7F4D702D19FA230D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828530, "uuid": "21877f9e-cdbf-4a4b-8214-7aca53673e1c", "value": "57c957ecde7ffcaeaa065ed04df47092", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828530, "uuid": "8f962a26-0631-43b6-bdd1-1f276cdb164b", "value": "6144:Q0gi+LlmkVA506gvj1c81Kh/jky1VRMkRi:QJj8kVA506a5chrkOVRMn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691828530, "uuid": "4c3b95d8-5a3a-46fd-a194-47291d6eebff", "value": 343552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691828530, "uuid": "82ce8b5e-817b-44cf-afd3-5aa7e1d42626", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828530, "uuid": "f75d9d1d-de18-4c99-b8c3-17ffc8926944", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3fc2ad1-38ad-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1691802973, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802973, "uuid": "c814a602-c479-4623-854c-b9b36959d64b", "comment": "Malware payload (DCRat)", "value": "0222939585461ba490cb2922dd4884ca", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802973, "uuid": "c4914625-f5d6-4dd4-962a-a02038331c4e", "comment": "Malware payload (DCRat)", "value": "d66ff44fe35bb80175e9cd1ecb424f2d2eafb405c0d10ce782b2378bc34028f2", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802973, "uuid": "9851d61f-b5a6-4bb6-91eb-951401f33e18", "comment": "Malware payload (DCRat)", "value": "2ae4d96685f2cc680895bc759c4fb9dd07e60195", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691802973, "uuid": "4f6e49aa-ca00-4e1b-9251-5702394eb1ae", "comment": "Malware payload (DCRat)", "value": "cef222b2ad8d88aeb5355563158d78602456f42d76250fae47e2fc084783db8a98ff8333d04b5c07198b79fce83f17fc", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802973, "uuid": "bd7a40a6-31ec-40a0-bd44-645d94aed2b0", "value": "T177454B01BE44CE11F0191633C2EF454847B4E95166AAEB2B7DBA377E59123AB3C0D9CB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802973, "uuid": "e7ead010-7e6e-4a8b-b838-c4720f71cf90", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802973, "uuid": "e6485be9-13d0-4cef-a630-b7b24b7b5813", "value": "12288:uGt1No5WbNZpadhP1gg3ArUuiZMXLQaebQZBYLtFW+CY74bSVc4cbL0WJ+P5u1cU:5NoKNZpadtV5GsaebQXotFFXvcH74aX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691802973, "uuid": "4d04a4b6-0e71-41cc-8830-c45a16294fff", "value": 1171456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691802973, "uuid": "c6f78dfd-a9e3-4154-a95e-44c5ce085f65", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691802973, "uuid": "6ac1366b-a3bf-4609-8381-b2d2538688db", "value": "0222939585461ba490cb2922dd4884ca.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df4e0689-38f7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691834774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834774, "uuid": "6a585626-2fb3-4340-b532-408157c23025", "comment": "Malware payload (Amadey)", "value": "e0f9ed52ea26fdc8454a76d2f318c4f9", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834774, "uuid": "703729c0-fba3-445d-b8f9-b1568e85f9bc", "comment": "Malware payload (Amadey)", "value": "d68e4588b01722a3841147bd9ea89fb56c9e022ac2a1d25341d5dcaf214873f0", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834774, "uuid": "f637ef17-03ed-4180-805a-156fa5a6a991", "comment": "Malware payload (Amadey)", "value": "f02d13a3497f0b53e5a958ca6ec5543117d3b2be", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834774, "uuid": "d2eab726-cc16-4f9b-aee4-8068762b285b", "comment": "Malware payload (Amadey)", "value": "b601ee07209ad1c302cfe1052fe651010106fdf0bf8c2b252340f0d16a036fd7b11060e272c43f1820c33e9669374947", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834774, "uuid": "be5f45d4-4670-4ea5-8933-912d8828a3af", "value": "T10BF41243B2CC8866ECB57B3028FA13470B39BD511E2C8B6F3349554A4DB36C59935B6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834774, "uuid": "74173dce-7a73-40a6-84e2-1cac6ebbeb2b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834774, "uuid": "e7a82eb7-a27f-4015-80bc-324f4e1785a9", "value": "12288:9Mryy9072QKUuyeNcGMVXC/3jwIVXCoaQJnmlvirARnoKRpYX0p7KIwVbz9pNIeM:vyk+NcGo03jzJCo7NmdirgoKDYEN8aeM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691834774, "uuid": "bf821c97-28b4-4e1d-b192-78d5c09abfc7", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691834774, "uuid": "ce7636cf-153d-4c4d-8a43-a9ff3668f391", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834774, "uuid": "90e6c8c5-2117-45c0-97b5-fe61e8aca1d8", "value": "d68e4588b01722a3841147bd9ea89fb56c9e022ac2a1d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb1d900d-394e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691872107, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872107, "uuid": "20792bce-060c-4c41-be41-059c8bc22fa9", "comment": "Malware payload", "value": "f73b5e7eddc73e30d9a5d2fb3574c498", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872107, "uuid": "4bb192b8-d8da-4a78-9869-022254938428", "comment": "Malware payload", "value": "d6947e63590fbca2ae2c4d97a0c5ccea987d7e6c593bf6423e5367d471fd438a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872107, "uuid": "1f69d7bf-3473-43d5-b1de-efbe6e3ecc83", "comment": "Malware payload", "value": "e9b1f284c95d9c438c880693de1dc0187fb20aab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872107, "uuid": "ac3172c8-dbfc-41df-bd0c-b639fe74764f", "comment": "Malware payload", "value": "6d5951bfbe98232d91aa5695b57269220d5ec7c0c022e76a29f18540c9a93dac90b7da04957da46e9aff9c12e501f294", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872107, "uuid": "0d24752d-081a-4dc8-993a-c760798b06f4", "value": "T190E2C75BF9000AB0D4F389B60EE5601BA6E3A23197B826C3E75B49140B32DD1FF34665", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872107, "uuid": "48bcc0bd-7c27-4352-99cd-45b197c6b810", "value": "96:YB/zHkPdWGPjD5dHk948YePwoitz2KMvf5LiO7wH/eON/y6/HVSi7gUn:eD4dWI9dHkMeIjEHwOEH/1/yaL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691872107, "uuid": "82b309dd-cf5d-468f-8efc-78418dcff939", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691872107, "uuid": "3e5501e8-945f-4097-a7e2-05598648d35c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872107, "uuid": "d38d8694-dc9e-45df-9fae-cf6f94267d4d", "value": "SecuriteInfo.com.Win32.Evo-gen.4517.30442", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "114c9645-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (PovertyStealer)", "timestamp": 1691825409, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825409, "uuid": "ad3082bf-fc4f-4521-9dc4-dcb85a2c9f6d", "comment": "Malware payload (PovertyStealer)", "value": "714721f7ca8aa91ece3ab0716cd34f84", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PovertyStealer", "colour": "#D911E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825409, "uuid": "fa97e77f-b5c5-4239-a45c-7a07134d8798", "comment": "Malware payload (PovertyStealer)", "value": "d781b7b78acd5226e08ea048cd35d70b2b2344ef67c76fae2e9cf524940a472a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PovertyStealer", "colour": "#D911E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825409, "uuid": "3aafc99a-0636-47ef-965d-63c6aff050a8", "comment": "Malware payload (PovertyStealer)", "value": "e615e807a28308788ef9b52d3a6adeaa4cd4bffd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PovertyStealer", "colour": "#D911E9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825409, "uuid": "91721b05-98be-4092-a2cd-fa0cb63a5816", "comment": "Malware payload (PovertyStealer)", "value": "6997336c60d44fbea4ac4f640a0e1a13c1556c42b7be8e7eaa89a25c33f2e277ee5205d19dc6aaecc09fcd658d7e18ff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PovertyStealer", "colour": "#D911E9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825409, "uuid": "f290c075-8cea-4192-af16-e7250724e4dd", "value": "T1B654F15BA7D4A4BBC069437498E342A7E730B9B05B891AFF02D4E1BD5E132D17136B0E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825409, "uuid": "ea0c4f20-57ca-46f3-99c2-26687266853a", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825409, "uuid": "4e8ffc25-ddef-423e-980b-83966b149aaf", "value": "6144:kahO/z6feKPM2kMlDfvIMi5TTJH2OmB85BgrZLvga:kiWsM2dLLi5TEOmB85sT9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825409, "uuid": "9a7f2c09-9fc2-4530-b566-6b12639147b7", "value": 297984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825409, "uuid": "e76da956-8546-4148-97fe-97468086105c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825409, "uuid": "e605cf9b-a409-4355-b6d5-90eef038ec31", "value": "714721f7ca8aa91ece3ab0716cd34f84.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cffa585-38f0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691831469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831469, "uuid": "627417b4-729a-4274-8fa3-ced749d18971", "comment": "Malware payload (RedLineStealer)", "value": "98ac309b315c6e180e517e1b579ffc3d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831469, "uuid": "a94ff5fd-711f-4e15-996c-8cdc806bffee", "comment": "Malware payload (RedLineStealer)", "value": "da8edf6431c56f323d9e6bb682b91a22f66cb81422987a7b953a892b78bad41a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831469, "uuid": "847a4da2-ddf9-4339-9e14-35144af3d29a", "comment": "Malware payload (RedLineStealer)", "value": "c77a95289595a657bfc3ab1fb2a0bcc6cbd61957", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831469, "uuid": "7ca89b1c-4c9d-49ff-a08e-5a278ee2302c", "comment": "Malware payload (RedLineStealer)", "value": "c046a7a431458da7bf75a1c5de49be547195ed4bb59ac2444a51a870dcd1aa600eeec3e28270fe7c695a6b07cc693d5c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831469, "uuid": "be1485f2-d499-4223-8cd0-7896bf1c691b", "value": "T1C0F41253AADCC872D8F15BF05CFA12D30B347CA19A3483AB6684559E4CB3696D07272B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831469, "uuid": "5dc03403-7327-4008-b722-deb79013c1e7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831469, "uuid": "ed8caa7d-cfa6-4c53-a3b9-b67552ebd53e", "value": "12288:sMr2y90ZQgR8wYT23Bktkj+AGJkZNIv6LZCm6kHZfdzFNcrm+E+VRFAvO+1J/FD:qyAGx8BTqANc2Cm6k5fdzFKa+JRFdUB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691831469, "uuid": "c7c76a64-7264-4914-b229-f49b11c68ef4", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691831469, "uuid": "673df68d-6dbc-406e-99af-c191c343cabb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831469, "uuid": "9903bc3b-766c-4353-a8b1-542884ac3234", "value": "98ac309b315c6e180e517e1b579ffc3d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e05c1ca3-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691825757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825757, "uuid": "2d50e7a7-e733-4f5c-9389-70691a54b892", "comment": "Malware payload (RemcosRAT)", "value": "f7019bd66542cb3f9a242a6525fadd9d", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825757, "uuid": "aa997801-eebe-40f3-bbd0-5024a0c8949f", "comment": "Malware payload (RemcosRAT)", "value": "daa1c4a2689a05f152ac4da2ee61cd212d5dad4c83cd73b001b5d82d9fa0a529", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825757, "uuid": "411641f0-f687-474b-93c7-e6a4d94f9e86", "comment": "Malware payload (RemcosRAT)", "value": "2ed246c178b6b1fed8b339b61c69658215284691", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825757, "uuid": "94290caa-9ae0-4737-b4ea-14d863c41fff", "comment": "Malware payload (RemcosRAT)", "value": "afddd42100bf5fb60e2b06a8e63ecb658407e71dde57281b8072724cea10f41ff69a8dab64b8a77428b0bccc62b529d2", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825757, "uuid": "a641f5c0-cef1-4582-8818-2cef31f05a68", "value": "T1DCF1D73BDADC5FFCB3766A6B21FF2AC85773CB984653B482900165F3E50102B62B9061", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825757, "uuid": "e7ea5af1-2977-4a4d-9a09-4ccd610f7bfe", "value": "96:tgUV800bDY6mlgooIqCkGgBDjAkXDUYq9:2UR0bDNm+o2CkGYDjAkXDUYY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825757, "uuid": "6e0acf26-98f4-492e-821d-8894f9f031e4", "value": 7907, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825757, "uuid": "2c103e5a-543d-4965-890a-f683a565ad35", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825757, "uuid": "d0a0f95a-b4aa-49ea-9df1-2f48e1b35f66", "value": "ORDER-23788.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ca9ebbe-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826314, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826314, "uuid": "2ee2824c-f539-40dc-ab5d-646fa6b1ca79", "comment": "Malware payload (AgentTesla)", "value": "253c794b4fbb1a984a529124f293a395", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826314, "uuid": "e1ede30d-4310-4acc-a1f4-e675ba10d9bb", "comment": "Malware payload (AgentTesla)", "value": "dc82ef52c92f8bf03ed5e3f14ae24b0e3fa06696ac1996ec7f2e33faed119831", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826314, "uuid": "7bee681f-d1d2-4dc6-bba1-63e745cb1a66", "comment": "Malware payload (AgentTesla)", "value": "6634fea1966118eec51ed017705b9239bf618ea1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826314, "uuid": "e521c726-3bf8-4836-8ad2-b09996215883", "comment": "Malware payload (AgentTesla)", "value": "edf56d8b19250064c22120e74b70a54f743fce3e854830ffb6dede36adfc0a81a740579b3b80812c6c2c807397eee755", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826314, "uuid": "d580f5c3-6f48-4b30-95c4-1319cf5c2cff", "value": "T1EDD53335B09D5A57A2F0E5746A8BD91D86353240BCF5EB720A40F7A7272D8DFC88B0D2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826314, "uuid": "9accae5a-2747-4f33-bba7-64c8bd7e6874", "value": "49152:ciVyGyAwVZnuXhg+dEubp8EJRyE+6UHXaZTrtXIXZGFzG410tMnCSIfDUE4V/j5S:NyJVg338xE+3XaVFIKC7tM78UEusm4ac", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826314, "uuid": "eff24657-ce83-433a-8f99-ac8e9f6240de", "value": 2914501, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826314, "uuid": "6a311bad-1c55-4ace-a592-b2bb482bf458", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826314, "uuid": "111ad400-3a9a-4a91-806e-4591c1e3facf", "value": "#RJ22674_100823.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8c456318-38cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691816167, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691816167, "uuid": "547ea0a1-61bb-4eb7-8229-8a2c42220252", "comment": "Malware payload (Amadey)", "value": "2e97b0bc5b4b30039d733288de5dc3e8", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691816167, "uuid": "0c65f412-42d0-4760-ab46-64ed83b924d6", "comment": "Malware payload (Amadey)", "value": "dcfdb1754a496415ec52bc74ad605e3d16ad4d8a0d1299ec35cff5e86dbdc179", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691816167, "uuid": "673892a5-12d6-43c6-ac9f-50dde901d5f0", "comment": "Malware payload (Amadey)", "value": "09496bf600ed6085218bcde2d644c96a0cb1b998", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691816167, "uuid": "7d1ec05d-1803-43c7-857f-eaf908b503ed", "comment": "Malware payload (Amadey)", "value": "d0ca9d7dd2d0549aae90572c62c2fd4eceb66b955fd6dcb50badb8e0151a5b11d5620856d03edbcca10ff613e3c7c5a1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691816167, "uuid": "eae669bd-415d-44ac-b610-c39ec17403fe", "value": "T196546DD366E17861E6274A327E6ACAE82F1EFC614F153BDB13546A2F09712E1C632701", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691816167, "uuid": "688754ed-2a5a-4d18-a1f5-bf82b97669fc", "value": "268a6834b101fcaced36ebaab65755d9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691816167, "uuid": "8d6fb615-fb51-4fba-994e-807f87b882fb", "value": "3072:ZAZz5I/WXXNmP6sj9TDa3j/MjIBPBQD+e/V2J42Duj8fFkwd:yT1XNmP6S9faDM4PBQDPr29Ow", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691816167, "uuid": "ab324c11-aa60-4787-a6ec-778d33e0c098", "value": 296960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691816167, "uuid": "46c5bbe7-ba0a-46b7-b8fb-1f1c3e987f14", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691816167, "uuid": "d5e9f1fb-56ad-41f7-af43-a9f194fa5ab2", "value": "2e97b0bc5b4b30039d733288de5dc3e8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e8d3619-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691826291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826291, "uuid": "3ddb6995-c0e9-4f78-8a82-997011679f2e", "comment": "Malware payload", "value": "ea112727dae92c94e5cff37f9e96af73", "object_relation": "md5", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826291, "uuid": "9f4915bf-6f20-42d9-b7e6-cdefb9111e04", "comment": "Malware payload", "value": "ddf9444370c5232babff95cce04ef2105bd8265ce460bf8c2e6d3b08c5686f64", "object_relation": "sha256", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826291, "uuid": "2e3f4995-3e21-4090-860a-dbdbf3ab6359", "comment": "Malware payload", "value": "85cdf5a19f4b083f9b4429e41d1d561c627c39f3", "object_relation": "sha1", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826291, "uuid": "84b2d714-3e33-4599-821b-9b6e6397ee39", "comment": "Malware payload", "value": "017049ad354004e970ebc174b0982dc5252b5ed4686aec639a2e3925df53b0e3387b85104fce6d0ab252bbe85bc00ab0", "object_relation": "sha3-384", "Tag": [ { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826291, "uuid": "eeae0258-d0c1-434f-850c-71dd77c1a579", "value": "T12FE13B5E80954CE9EBAAD4F0B2C4540417F77AC1849F360B3EB18B585ABEE9912DE708", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826291, "uuid": "8330f698-e825-46ae-b710-6e21ed73928c", "value": "96:j/e9YiTjz2Kddd+zH9mQxRg0nkP3WlEoQXBKQmmXPIrC20RUsfLSMPAvejS0ZdF:zejTjz2TpmQLUKqXdXQrkTLyK3dF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826291, "uuid": "bbce4be8-00fb-413c-bb7f-d99dccfdc5e5", "value": 6925, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826291, "uuid": "27ee3a1c-c779-41a6-85b6-b526a32fa4cf", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826291, "uuid": "4b8eb0fb-5dea-458c-a5d0-700df9da7c9c", "value": "#RJ22674_100823.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca820196-394e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691872106, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872106, "uuid": "1722d0ad-85f8-4db6-9352-56f64e588277", "comment": "Malware payload", "value": "fb2ce6e0d7d5944e86697425c10cd11f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872106, "uuid": "61d3a9c5-277c-4f20-87fa-27531d4ace39", "comment": "Malware payload", "value": "ded4d86bf32884b7ad4639e26b4c79c0140060b8bca23660d31ebbcd66fa25b8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872106, "uuid": "01674dd1-ce73-41c6-b084-35db230b1bf9", "comment": "Malware payload", "value": "0d4bee7a0b9350a3906bc4704cae72159dd83729", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872106, "uuid": "fa7a2c53-bd40-4396-be77-e474dc15df3b", "comment": "Malware payload", "value": "a41e276b7c84bfec454eb083c79232e80a6d527f3167b3e4a0f41fc9ad42d7e61fe416a350dfc22031faa290846d5ef9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872106, "uuid": "ab29e602-faa5-4fc5-bd5e-93e0aea14c1b", "value": "T19BA47C4023D80528E5FF2B38F47949214B76BD57A562FB2F06897CAE3B633029921777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872106, "uuid": "7bec7f34-5c01-4573-b630-328b8c8d438c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872106, "uuid": "6e467744-a107-4e34-8d13-d1ae0882aee4", "value": "6144:zzsbWuMUgI6kGwOFVVw/c/1q26nQuAa+iZKY619WveNL1EApFV9f1aiVtZkyK/N:zzn0vkzVw/c/g26nF619WA1EApF/VZaN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691872106, "uuid": "ba193cd6-20de-4c51-96c0-6f4e21df50ea", "value": 462256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691872106, "uuid": "2fd9e96d-1b4e-44e5-b6f2-2ee89af117c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872106, "uuid": "bf60dd81-a2e6-449a-9a96-d19bd66b4315", "value": "SecuriteInfo.com.Program.Unwanted.4990.4694.10757", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff28cfe9-38f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691832680, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832680, "uuid": "4aaf5c2f-a130-4b07-9bf5-bcf35f3f45c4", "comment": "Malware payload (RedLineStealer)", "value": "c3ca44024b40807edabdece5567f9d49", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832680, "uuid": "302f504a-868c-432a-9944-6c546e7a6fb2", "comment": "Malware payload (RedLineStealer)", "value": "df7f2e6ddcd36317ab3cc2a30dde7b75676fd166ed4d5a94ec58803e1592968b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832680, "uuid": "66cb8828-4ca3-4492-9824-f6c3825a85e8", "comment": "Malware payload (RedLineStealer)", "value": "bba3b12ef99407b894605bfb744003128daf010e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832680, "uuid": "513450c0-2c22-4e74-9027-55bf436406ba", "comment": "Malware payload (RedLineStealer)", "value": "484fc40e77fafc261895f614970f27e289ecdd9fae4f3cf0ed9c07b770d1ad788102128630784a585cdb3b76df2c5b96", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832680, "uuid": "ebaae270-8a11-42d3-a041-85009576d276", "value": "T17A44D0317692F071C05F00706920DBA0AFBF7C71977989573B6907BE6E706C25BAA34A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832680, "uuid": "1f9c5c1e-ec85-4fb8-8c8f-e138bbd85a19", "value": "57c957ecde7ffcaeaa065ed04df47092", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832680, "uuid": "274227cf-6dca-4520-b9bf-5c4ce4b790ee", "value": "3072:V9X0AQOdl+LeG8Zmijp6F5zKxQzzUX2L/C5EhBqGj1eT1Sk3GK39zARKkyxE:r0e+Lrij8XmqnLKGkaexSkJ39Tko", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691832680, "uuid": "aa8b0233-030d-4a0e-80f8-c647d513cab6", "value": 262144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691832680, "uuid": "1fa233c5-659a-4de6-a0df-318821dedad3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832680, "uuid": "6b778f1d-6086-4b54-ac56-4424d956630f", "value": "c3ca44024b40807edabdece5567f9d49.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "369139ec-38f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691832773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832773, "uuid": "6b74495b-d5ae-4ce4-8c49-cf55c7b71d0a", "comment": "Malware payload", "value": "6779daf60f7aa4bc357b264f32ff6cde", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832773, "uuid": "b49529ae-3caf-4f7c-bf85-9798524e22ed", "comment": "Malware payload", "value": "e1d2c95eda751901a4bdae7ba381b85f5d7965b05afe245b5cbaccce9ecfb0bc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832773, "uuid": "704355c7-c0fb-4225-aff7-9010e9868b89", "comment": "Malware payload", "value": "1c6e76af95f2a17b8e518965d62b3c9d7ecba6d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691832773, "uuid": "d198a275-68b5-4a74-bea8-925599269cdb", "comment": "Malware payload", "value": "bc416333c11577e6b4722eaf2f890cf73f5928611462fe13b3534a16e31ecb052d973449dd60399ba1ccf87daeecd071", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832773, "uuid": "c6c5c7c8-ac73-46ea-9cc6-46a145311bd3", "value": "T119144A2AB2F294ACC9A7C27041BB81316D31FC751B31DA3F27D4EB350F22E50965AE65", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832773, "uuid": "e54fb504-5ff2-4868-8dd4-0a0d44fb1cc1", "value": "a56f115ee5ef2625bd949acaeec66b76", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832773, "uuid": "b6da2929-e909-4426-8ec8-94d0fbe7ea57", "value": "6144:oZU+Q0/Xns9tMYN1fPdqTBNPenpNgpiF69:oS+Q289tMq1oPenPgpiF69", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691832773, "uuid": "a2b35120-5925-4f38-bb13-3e35a6de523b", "value": 196984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691832773, "uuid": "089eb4c6-58eb-4063-94ac-08193da49063", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691832773, "uuid": "5073b9f6-63cb-4191-97e8-a388e81402d7", "value": "r.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "181c198a-38ee-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691830575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830575, "uuid": "6da28679-5b54-412f-966e-9ef182e12d8a", "comment": "Malware payload (Amadey)", "value": "b678dff35a584271bd654361ebe6ce28", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830575, "uuid": "ca4a9724-e888-4a57-9fb1-df1f79090756", "comment": "Malware payload (Amadey)", "value": "e268fc85180132ffb869da862b0b813b924fcc1dda54a1a0052b4933c2aab6db", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830575, "uuid": "68d0d670-2b36-487f-952e-a34c79ff1784", "comment": "Malware payload (Amadey)", "value": "897adc63d1caee11e375cc8ee7a1a90d87a1f164", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691830575, "uuid": "af19b1d0-f027-4658-a365-8c1d1aa2c227", "comment": "Malware payload (Amadey)", "value": "faa39d0fb4b5f62115049e5e2f868bfc5f6b425dd63c2037fa4fc2bd6ccc78b8883f00253346633d172e16e7c355d3ec", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830575, "uuid": "31729aeb-b24b-4025-9d42-49e42af5f135", "value": "T1A3F41287A6EC8172E8FA17B058F323C70F307D605974937B6385A9895873A94B0753BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830575, "uuid": "827dceac-2122-485c-bec3-2770b881e9aa", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830575, "uuid": "590a120e-f038-4dcb-9f39-b5c67a92ee9f", "value": "12288:TMrRy90Kp8VE5udso1c17TtRz1onql2lfxFrqgcjDFwxt:Gyvp8S5doGtxj/0lfxh1wRe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691830575, "uuid": "c7638c3c-3533-4899-ac66-a635f203e841", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691830575, "uuid": "d5ad8f47-b538-4ca1-9dc5-5c298abe4f31", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691830575, "uuid": "2bcaae1c-1fd2-40df-9da9-d5de57f1237b", "value": "b678dff35a584271bd654361ebe6ce28.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "357e93ae-3900-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Adware.Generic)", "timestamp": 1691838355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838355, "uuid": "cafc6574-87bc-47b6-9d5a-51a8edf3d1fc", "comment": "Malware payload (Adware.Generic)", "value": "1fe97398b67bd17b9dacc347da9d5aec", "object_relation": "md5", "Tag": [ { "name": "Adware", "colour": "#00D21E", "exportable": true, "hide_tag": false }, { "name": "Adware.Generic", "colour": "#7894CF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838355, "uuid": "113d5702-3e29-42cf-97e4-aafbe26ac89d", "comment": "Malware payload (Adware.Generic)", "value": "e384df976f21e80cda75ebfd070f3ddf564b21d313c198bec6b3d8c1c84c36d5", "object_relation": "sha256", "Tag": [ { "name": "Adware", "colour": "#00D21E", "exportable": true, "hide_tag": false }, { "name": "Adware.Generic", "colour": "#7894CF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838355, "uuid": "3ba2dbda-132c-4c9a-87fa-9b4a5a8e5ce7", "comment": "Malware payload (Adware.Generic)", "value": "59411d138e4a77895e5f280ea63f2b47fce00723", "object_relation": "sha1", "Tag": [ { "name": "Adware", "colour": "#00D21E", "exportable": true, "hide_tag": false }, { "name": "Adware.Generic", "colour": "#7894CF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691838355, "uuid": "9b784915-62d7-48d1-aada-e827dea79a58", "comment": "Malware payload (Adware.Generic)", "value": "06bfd5745e5d833edbcde3b87720e593248d56b27a97cb014458e5794e1dbaf0f2f80e45f6280151602dc3c8bf201e59", "object_relation": "sha3-384", "Tag": [ { "name": "Adware", "colour": "#00D21E", "exportable": true, "hide_tag": false }, { "name": "Adware.Generic", "colour": "#7894CF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838355, "uuid": "ce00ffc2-14a1-4672-95d3-d28857f99e01", "value": "T132C4F1113DE680B5D5520131DE716FE1A2F6FE520E61486737983E3E7F3A682C236E29", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838355, "uuid": "43322ff3-4276-4010-a515-de92294cfb20", "value": "e00de6e48b9b06aceb12a81e7bf494c9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838355, "uuid": "bab64840-3354-407e-a232-d4f2f534e434", "value": "12288:/G5knZfFKesKImXPiASR2ru2sjNkEpb1A17toXPwvgAp:/G50ZfFKdUXRSR2h6duufOp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691838355, "uuid": "41458616-a95a-4f8b-a9e0-67685bc16e0f", "value": 555248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691838355, "uuid": "fa8864c1-1b78-459d-881a-3b9cab79a1cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691838355, "uuid": "8e8eeb0e-6fc4-4271-9d56-3b05965fb71b", "value": "WcInstaller.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a9ad1e5-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826311, "uuid": "1a8d06f3-7fba-49ba-9045-c89145cdf836", "comment": "Malware payload (AgentTesla)", "value": "27d62cceddad6407cfdf3bf1ff577150", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826311, "uuid": "193b08be-399c-4195-b82d-39e120d700a8", "comment": "Malware payload (AgentTesla)", "value": "e66575bcc491dc28e95d06c7d0ced0f71fc8ff32ed6652b88cd6a7a92cc80939", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826311, "uuid": "4848236b-8fd6-433a-b594-aa7923fe8200", "comment": "Malware payload (AgentTesla)", "value": "19482d341a687038a267cf5d168492f96e9360b4", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826311, "uuid": "b23ee2dc-7b94-4eaf-bd02-7a783fbeda24", "comment": "Malware payload (AgentTesla)", "value": "44f5a00007b25b0655ae86ca20f3141be9fecd1aa451ba43f061bd7d0ec0da4d7ec98e4ae23c926f8a3df4676d8072d0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826311, "uuid": "c01a5081-d4a2-4cee-85c9-3ec826fa9ea3", "value": "T1E4D423B109A01489D16855339D38ECFBE8FCF21CA3E7A7BE4369571554EE28D2E88F41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826311, "uuid": "f2c66fcc-b824-4375-963f-27bff9ae4a99", "value": "12288:8IbnWcHHs2E9QuIbZmUYv0HIvh78nvjFJJcSPVmqgHHLHcHOkm0mA1Kd/l:8okbXqUUnkh76LHJhm/HLHcHOz0mGu/l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826311, "uuid": "931991f6-77a4-4893-8f55-8a36a3d35d0f", "value": 648034, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826311, "uuid": "9fa1c13a-a3e2-46c1-b317-a11621c4fdcb", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826311, "uuid": "f2d66299-16b1-4515-9698-702176f1d8c6", "value": "Anam Abid. CV.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a9ef6f3-38a5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1691799360, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799360, "uuid": "19c2eb75-aee6-4e49-bd7a-418e17df4271", "comment": "Malware payload (Amadey)", "value": "e4566293c260bc27f1ac81b8ca8fa460", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799360, "uuid": "720a9bfd-1c48-470f-b360-77b502eb8321", "comment": "Malware payload (Amadey)", "value": "e8678a90e751e2074af18add600c8251014b2795da6dfb52bf05a39b82e63c70", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799360, "uuid": "30a494eb-c114-4ede-8a89-d4bf26259f9a", "comment": "Malware payload (Amadey)", "value": "8a465c787f1d157480c81184364820cc1f14b619", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799360, "uuid": "a5ef6949-9e73-4ba0-a974-3d392717946a", "comment": "Malware payload (Amadey)", "value": "22c693b3190e0e6c2ad7e0043233616df14a9b31befaa53552f425e2187b8abc8edc467858f131c40718c3914b11e9db", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799360, "uuid": "d2690e1d-ff8b-4649-bdc9-a753236cce33", "value": "T132F4121BA6FCC4B3CAF6077169F207930B3A7CA099749BA72708649F0D73694593532B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799360, "uuid": "d3f02718-efe8-4d6f-b706-939a8a7694d3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799360, "uuid": "5f671f55-ba08-43d9-9a7d-93b91765acb0", "value": "12288:8MrUy90igH9D5qP++S5Kt6LfzdenOi4tIUKDjGxaNjWYZeonqhLLEwxzluU:gy+dq0xenO9tI7yxatOon+kwZV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799360, "uuid": "54cd5be2-1cda-4012-8ee6-cdf154ac40b8", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799360, "uuid": "4d4a7e35-d6c8-4bd7-9d45-3676bae02aa7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799360, "uuid": "00731caa-3d17-40f7-9c51-2b4204661e36", "value": "e8678a90e751e2074af18add600c8251014b2795da6df.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "554e51bc-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1691826382, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826382, "uuid": "9e2324bb-1ed7-426c-8fdf-6fab6d98e3a2", "comment": "Malware payload (Formbook)", "value": "ef10c80e97c6eaa8b9fb15f427fac0db", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826382, "uuid": "4f4fa6f5-9edf-4188-9344-de5015acfc41", "comment": "Malware payload (Formbook)", "value": "eb24fab8968acfad6a1a28b2399fa0cb0b7dd6e2135116312d8ae0412fcd0543", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826382, "uuid": "f077b920-8371-475a-aac2-603b6cc3e065", "comment": "Malware payload (Formbook)", "value": "9a827d524d09119a34086b875f57073668643d13", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826382, "uuid": "f9890d91-bb9a-4a0d-9e4e-168a10745cf5", "comment": "Malware payload (Formbook)", "value": "145827f446b0b41d3abee1ecc2f2fcd69646064bf1fe83eb0d8832e267b1ac9033bb6579e5beb9c12ae0ddf684788b12", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826382, "uuid": "0642ea28-10b6-46fd-b2bc-55e839e46e32", "value": "T1647412141AD4F872E8B64A333C763527EBEDD51728B6CB1327F42F983628105D50EBA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826382, "uuid": "8f914036-b38d-45f0-a90f-a0d208b517e7", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826382, "uuid": "fde45a68-ec17-4bf4-8e32-766eca13653b", "value": "6144:PYa6MB3pP53e9oaxB9MO0yWdwOjcjFGCIAC2fl7XeEHMMkq9YwWejyrxNr2naX:PYiB+RB9rFKUGCIAC2N7eEH7VWeAGaX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826382, "uuid": "cfbef1c3-45b2-4a13-ac2f-418231c9df33", "value": 363371, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826382, "uuid": "2dc13ba7-23e0-4d37-b2d9-3823eb796139", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826382, "uuid": "5b83a72c-f566-4495-896f-7ea7b44dbe8c", "value": "E-dekont.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b05d55d6-396b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691884517, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691884517, "uuid": "93fd34c9-986a-4a52-960d-74a5101e4510", "comment": "Malware payload (RedLineStealer)", "value": "a5b6b4f84b6f68a49626862e7d68ee3b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691884517, "uuid": "f891c0f8-ac36-4876-82d2-6402b6e70dcf", "comment": "Malware payload (RedLineStealer)", "value": "ebcad8758c000304d86b7a43e2755bdf656cd477a9390fd483d18f24a03edda9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691884517, "uuid": "07f73003-688a-456b-9c08-fde4f51b03cb", "comment": "Malware payload (RedLineStealer)", "value": "49f4b1cd4aeb2de493dae5170bb18ce990005b86", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691884517, "uuid": "e6a8a080-0189-43e2-9ee8-ba10f54f2a97", "comment": "Malware payload (RedLineStealer)", "value": "516a4f8266cafb9d2cfc0baa4dcddef655b2b1d42f65aeda07b7587d891c693c9c0c60532890b27288aef37c949a2cfd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691884517, "uuid": "cb3be299-de6e-4b17-9902-4fc5e3def765", "value": "T1AA85CF3FF268A13EC46A1B3245B38350997BBA61B81A8C1E47FC344DCF765601E3B656", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691884517, "uuid": "29df63d3-9422-4553-b46a-5d722a3f2922", "value": "e569e6f445d32ba23766ad67d1e3787f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691884517, "uuid": "2c3d9922-3215-45c7-8d42-69a9f66948ba", "value": "24576:s7FUDowAyrTVE3U5F/cRZPn2jKic6QL3E2vVsjECUAQT45deRV9RW:sBuZrEUVjKIy029s4C1eH9U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691884517, "uuid": "57938a6b-82dd-4bf6-8224-235137996c7a", "value": 1795973, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691884517, "uuid": "bdbe4e45-5836-4d05-9580-a44bb691d1f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691884517, "uuid": "08f513f5-384e-418d-a965-06c1d5c058ee", "value": "ebcad8758c000304d86b7a43e2755bdf656cd477a9390.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d10e164-38e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1691825859, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825859, "uuid": "e23d0938-39a4-40b4-b0ac-d77d8140a29e", "comment": "Malware payload (RemcosRAT)", "value": "e22464a3f95df021754dc799fb2568d5", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825859, "uuid": "59ccbc1f-16a4-42b2-879b-4a202ca3c30d", "comment": "Malware payload (RemcosRAT)", "value": "ec3a19c7a82224c2d94312547172adf2222fc8dbf4a687d1f009161aa397697c", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825859, "uuid": "61440cb0-515b-47ea-9259-8a19c16ac609", "comment": "Malware payload (RemcosRAT)", "value": "61cf423ae0b5d05ed7541b693491e6faa036685a", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825859, "uuid": "7e1ed808-c20f-468e-9c8c-f419569f091f", "comment": "Malware payload (RemcosRAT)", "value": "2e8075b69a8e2fba5656063cf068de9bc3aadd370ec5973d88d014c9c72bf291bc9a5b46cc0fc94dc8e4fcd51ba09147", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "xla", "colour": "#172DED", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825859, "uuid": "c3ca7a86-ac9e-433b-b62b-e72993563f1b", "value": "T16145BF039D599B43D06893F8BD034EAD1F0A3E1DA8827AEF55626EDB3D702215D8E06D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825859, "uuid": "d3175541-2238-4fc0-a9bc-ef7e0233a42d", "value": "24576:aeixOP6bvdXXXXXXXXXXXXUXXXXXXXXXXXXXXXXw8eix0MIbn+k1UvwZ0GrLRte:d61MO+k1UC3b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825859, "uuid": "024487de-0476-4678-a762-8fd44efd9ca4", "value": 1199616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825859, "uuid": "6792ac6f-38a2-433c-8933-115d73e84b1f", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825859, "uuid": "46015fb7-9b39-4ec2-992b-e258e0a4c990", "value": "PURCHASE ORDER ENQUIRY.xla", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd8e8887-394e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691872111, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872111, "uuid": "47272b03-cf56-4b84-a958-b49b3deb3e56", "comment": "Malware payload", "value": "32d2b354d49a144ad9cc73fda584c11c", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872111, "uuid": "f598cdf1-9811-4eac-b239-64027235c152", "comment": "Malware payload", "value": "ed30e38e44c49b859b801d05621d8e902d04d502ebf5de676de04c23825b0290", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872111, "uuid": "e59ae64a-7f73-4da6-9c95-68889dd84ede", "comment": "Malware payload", "value": "8024998509d082f984b84f8235637b626944ba78", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691872111, "uuid": "5e0f99ac-9465-43a1-9227-933cd1fd7786", "comment": "Malware payload", "value": "cb97d06ba719847217b52804426f6f464ed7e425358ba41822eced639e377e1e67d69e0f6d7815e069c5ac63c096150f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872111, "uuid": "a9f3f90c-9fd2-4cc7-81c2-bcdac5f34f57", "value": "T1E4945B01A7FC8725E6FE2F31A0701A255BF1F806A67ADB9F5E40A5EB2C5775088407B3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872111, "uuid": "9b294e40-00ab-48fc-902c-4d41e8891e75", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872111, "uuid": "091c6baf-6797-4879-ad0f-b5b1c7e2ba66", "value": "6144:6HerwzLkqCG3uKWf4g6tUwoOkErUx5/Rsnaszr0tZDPEaN+YB5+Gonc:6HerIacuKUtOkESbKQrvB5+a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691872111, "uuid": "671f7958-95a3-4af1-8495-341c9c4074bd", "value": 433584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691872111, "uuid": "632846b1-642a-4dda-986e-3e41b34b62ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691872111, "uuid": "b0d6bbb0-61ce-4ad4-9723-9b262f104982", "value": "SecuriteInfo.com.Program.Unwanted.4990.840.4184", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11f18788-38e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1691825840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825840, "uuid": "ca65c803-f477-4553-aeca-5be208116fbc", "comment": "Malware payload (SnakeKeylogger)", "value": "026690576653473717bb099cad05c635", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825840, "uuid": "94204949-d3e2-4d45-9871-b55f8aa51a65", "comment": "Malware payload (SnakeKeylogger)", "value": "edbc1f63e5f0fbd49dc66d9cf28578621fa82c164f58fb7d52acf0c6ca3c0b1b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825840, "uuid": "207d47b7-578a-4c69-b61a-905d77aa30f5", "comment": "Malware payload (SnakeKeylogger)", "value": "ae0ccb347d194ca461688f614c2b694f68adccf0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825840, "uuid": "b9915080-964e-4ad6-91be-30e613de920b", "comment": "Malware payload (SnakeKeylogger)", "value": "eebff7452ee1b1b6019191dcf311b0fbb59d2e1d7cf8c75b3cbed8fb5658007c02e71c59d8f320ce230a55f5f761cd42", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825840, "uuid": "483a405c-d8d5-4b96-ad32-4125b6e57d36", "value": "T16754125276AF8A71D056B1B5CCD397041931AF42AADED38F25483FDF7472B0A081A63D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825840, "uuid": "be9fe4ac-a06f-482a-8a0a-d8c877450065", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825840, "uuid": "8c3abdb7-a539-468b-9d8c-e2ebaea3d516", "value": "6144:GpBRbrWvs2eMBvPdCSHFXGBKqBcRjdPaAW0K0m9S:TRdPdCmFXGBDBOYlEm9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825840, "uuid": "1eda825a-4ec1-455c-9f85-4fc95bcb2953", "value": 283648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825840, "uuid": "f2cb4232-de90-468a-b312-b512c918ea02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825840, "uuid": "e78ab303-18ff-40c8-a86d-9030eee46f11", "value": "026690576653473717bb099cad05c635.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69913885-38e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691827275, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691827275, "uuid": "bce96d64-77d8-44e9-8671-fc44c43a551c", "comment": "Malware payload (RedLineStealer)", "value": "501b8154836e0173691b5e876685fa56", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691827275, "uuid": "168797a0-8385-4c6f-a3a1-fbb27c4a8a80", "comment": "Malware payload (RedLineStealer)", "value": "eed0007293dc4ec43955de9ba2ee7b3fbc98d9d45cf318c61b4f9ef22f7fc7c9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691827275, "uuid": "99002a60-e634-4a55-aa7c-bdfe0b025072", "comment": "Malware payload (RedLineStealer)", "value": "8f2b2810d8c1adcfd9824d38a577b8872ddda631", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691827275, "uuid": "92ac1685-2655-448c-acaa-e3c3788eb526", "comment": "Malware payload (RedLineStealer)", "value": "4d7cb75e9c83b077db8cf88b848a2d9641df436594474ea8f0cf0d6787860914744649d0f246c661a59791756416e8c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691827275, "uuid": "8c6f2c92-57da-44c5-ba5e-e767447d3cd3", "value": "T17C152313A6D8907BD9F613705CFA47A31B36BCB1893097AB2789299F5CB3485E031727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691827275, "uuid": "51f3b962-efeb-4ce4-a2c6-2debc7b9eb3e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691827275, "uuid": "44857ae5-9148-46ca-a43d-74454c10cf8f", "value": "24576:iyr+LpFL57zzjAV9wQtG75nBPreWX8LC6TaPT:Jrct0kn198BTaP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691827275, "uuid": "dc85c589-2c7d-48c8-8b43-51335fbff4a3", "value": 875520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691827275, "uuid": "dafd19eb-19b1-4dd4-bf51-5658cfcf70ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691827275, "uuid": "eebdcea0-ba71-4325-b2c1-1f37dff27a23", "value": "501b8154836e0173691b5e876685fa56.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "980cb005-38c8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691814469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814469, "uuid": "638acef0-4027-46b0-898e-70907aa25406", "comment": "Malware payload (AgentTesla)", "value": "6ca31304786cedf04c630a9034eb065c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814469, "uuid": "ebb34aa8-98e8-42a0-abea-69ce73e891f1", "comment": "Malware payload (AgentTesla)", "value": "ef0a41bf12a3085143abafdd6a05753acdfa9359cf4bd682d85b565fdeb00a22", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814469, "uuid": "41056eaa-2809-4210-93f0-a357b2c56c81", "comment": "Malware payload (AgentTesla)", "value": "6e481a0561d930cc036d24ad090ae63269381096", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691814469, "uuid": "6518c702-00ff-4b7a-b580-abe9ab4d0989", "comment": "Malware payload (AgentTesla)", "value": "81d7bdde2a58dcf74098a13b687a1a4531cac25289365a5f2bc7e00504f473e1be3b50a58bc1c33139de6baae7e4e7bc", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814469, "uuid": "13242567-6e88-4578-bd80-9fff3b93478c", "value": "T13FF4CF60ED399E46E54F4A79108FD74D82714C5A3622C23A6ABB50C6C4977C202DFBEF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814469, "uuid": "21410bd8-9ad0-474b-8d90-535b202a085a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814469, "uuid": "de07d12a-914b-46f9-bf0a-18f7794eef40", "value": "12288:FeCLcbl9zgF3o151pXmmjw3VPaO8U2o6D1XslqTjDX:4Ycbl9cSXmm03FaO8Unu1fTjDX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691814469, "uuid": "d72d8c4c-8ae6-435a-8bea-d7584d11ed7f", "value": 758272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691814469, "uuid": "5774fb35-a2ec-4b78-b1ec-50e1b85f7e2a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691814469, "uuid": "dda93a42-c9d7-4246-99c6-375cfbd125ff", "value": "SecuriteInfo.com.Win32.PWSX-gen.21960.16998", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69692db5-38a5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691799358, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799358, "uuid": "d1bb11a9-4f8f-4aa3-a459-46af646b8159", "comment": "Malware payload (RedLineStealer)", "value": "9900efffbb55d5e8bb81b7fb43be1e5a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799358, "uuid": "f7d8eb89-8c57-4370-8789-424f13afaf06", "comment": "Malware payload (RedLineStealer)", "value": "ef988eb35edf3fface9432252f324a4bd2fe092c8db8cdd3dd683268f5a1e729", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799358, "uuid": "a944870f-368b-4cc0-835c-dbb91baad06d", "comment": "Malware payload (RedLineStealer)", "value": "21a04c245b47c38c909eafa46c7ab7f2c5510df5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799358, "uuid": "21565523-1e93-439f-b79a-afd13aa23e5c", "comment": "Malware payload (RedLineStealer)", "value": "475031b654451b628b9878bc3f4cc7acd0d883d6c4a910af71a017b8c89a8bec9e96fa8b23a3248d9bf67b49e0ab4a31", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799358, "uuid": "77b20ed3-fd9e-4e20-ad78-41be439e720b", "value": "T1E4F41202FAD99423E9F42B7078F603871B357E714978D3B6334AA95A1D32A90943637B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799358, "uuid": "f579e681-a6e9-4c04-b125-5d64eefe8bcb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799358, "uuid": "ff123a30-ad18-46ed-8e9d-14c50cbd7b3e", "value": "12288:EMr0y90a9g9h+uWLO3ZNr3EeCzg1SKDPe7rTsKRr1X6p7MkJgx0F3s6BJKRLPm:YytK3+teZJ3ncsW7rAKV1CsmF3YRLPm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799358, "uuid": "b7f7b92a-0bf1-4513-9bc0-69467f38953e", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799358, "uuid": "e74fbb4b-cdc0-4172-956f-12fc18c4e945", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799358, "uuid": "7e913b4c-ac12-47d1-8db6-a1e0364c4064", "value": "ef988eb35edf3fface9432252f324a4bd2fe092c8db8c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a2b45d0-38e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1691825827, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825827, "uuid": "84136412-ea82-4891-b0ad-4327d2eda0db", "comment": "Malware payload (SnakeKeylogger)", "value": "9f13b05a5e0bf3fb5c3addd0f92e29d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825827, "uuid": "b16fc91f-77df-4842-a69a-3b1a18f48835", "comment": "Malware payload (SnakeKeylogger)", "value": "f0c3960a145e3610156ce2cd4fc990543d50dccd1fde1e241f8e78a3fdbe4023", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825827, "uuid": "a4aef53e-d12b-46c7-ad04-5f683cfe2dae", "comment": "Malware payload (SnakeKeylogger)", "value": "d3c98d8fccedff8d3b80197f309ea39acc03017a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825827, "uuid": "0184cb9c-ce34-41ab-8d64-fcde37ddd072", "comment": "Malware payload (SnakeKeylogger)", "value": "9f8407bb2022d41428d7a5573841d65de8d877d2394b2e4e9e52f9bcf7f764fd13d86165c7f50f4606d19232ac6e6164", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825827, "uuid": "7fd277cb-a483-4d56-bc13-d1cca6b113cb", "value": "T1DB7422466090D0FFE8B346B01E38465B36EA383178B25B0767D8AF1A7D956A3CE5D313", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825827, "uuid": "9b3ac58e-974f-4a8e-a0bb-5f53a657c9c6", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825827, "uuid": "e2d3a418-a200-4b2e-9a91-7b3f2dc47766", "value": "6144:JYa6wXlsgpAAH6+l9SVsQU4u7MflNjbnA3Todb44j+ivCN1FrmrRhh:JYCl/3H6+l9SC7Md104Nvy1FYh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825827, "uuid": "5f425a9e-5be0-4598-ba0a-b9d977d7406b", "value": 357972, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825827, "uuid": "462abdcd-61a9-4800-9da9-4fa34596813b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825827, "uuid": "4df2a10d-d874-4a5a-a6aa-4115fd28cf1c", "value": "S876545780000.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0af06670-38f1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691831841, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831841, "uuid": "61aeacfd-183f-46d6-8e83-63bc6f2c8506", "comment": "Malware payload (RedLineStealer)", "value": "3d6110a0f3f8ae7db70afe657b2e9369", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831841, "uuid": "8753e410-d405-4e4b-8a3d-07890eb523f7", "comment": "Malware payload (RedLineStealer)", "value": "f3638ea5bceea11c864c8293efb30d65a853532948976bcbde714c59d3d9b404", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831841, "uuid": "2d3030e2-1292-4dea-bad5-59d00093244c", "comment": "Malware payload (RedLineStealer)", "value": "c0fe7ee5986cc0bf8ea29e34eb051057fa648513", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691831841, "uuid": "237b1e00-fd36-49ea-b2b3-8e8a7541b7e0", "comment": "Malware payload (RedLineStealer)", "value": "53c2057fa2619f56214328e596aa8f3496b4d434e36a6bc9eb9e6302b524059b52198eb36bf22da8fd40fe0a091c97e7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831841, "uuid": "f4db44f5-2844-46ef-80b7-d0fa3a08b262", "value": "T1D874F13136D2C471C68B11B94425DBA05ABF7831637DC69B37990BBE5E723C18BA730A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831841, "uuid": "a31ca3bf-cdb3-4489-8070-172e1897541a", "value": "57c957ecde7ffcaeaa065ed04df47092", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831841, "uuid": "d13c27c5-f8ba-49fe-b805-3ba5e3c2ecde", "value": "6144:30k9fLAsE9P8fdlTNfNBAczj0BW/PSZ3+/bxkv:3lNRE9wT1DAccE/sOTW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691831841, "uuid": "217445f2-6ad8-4ea3-a365-857b917dd9b3", "value": 343040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691831841, "uuid": "9a7ac922-7f22-4e1d-aebb-1671ea921eb7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691831841, "uuid": "a0682a08-d4f5-4627-8b8b-22d3900507a1", "value": "3d6110a0f3f8ae7db70afe657b2e9369", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "01891a64-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (UACModuleSmokeLoader)", "timestamp": 1691825383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825383, "uuid": "48d6d53a-1089-4f00-aa14-faa1bc81a021", "comment": "Malware payload (UACModuleSmokeLoader)", "value": "205300ce322012c6bd9bf36a2a285ed4", "object_relation": "md5", "Tag": [ { "name": "bin", "colour": "#618E3F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "UACModuleSmokeLoader", "colour": "#8170F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825383, "uuid": "ba31f9bd-900a-46f6-be6f-8d87adeedc23", "comment": "Malware payload (UACModuleSmokeLoader)", "value": "f3cc24a419c6822084fbd496d4d169b61d7ca28b31fc6d1032d6255179521a68", "object_relation": "sha256", "Tag": [ { "name": "bin", "colour": "#618E3F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "UACModuleSmokeLoader", "colour": "#8170F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825383, "uuid": "8063f615-3545-4fe9-82c5-fa2a8cd4690d", "comment": "Malware payload (UACModuleSmokeLoader)", "value": "b6e05885342b8e8573ad8f671de94a74969cd727", "object_relation": "sha1", "Tag": [ { "name": "bin", "colour": "#618E3F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "UACModuleSmokeLoader", "colour": "#8170F4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825383, "uuid": "1b3a026e-2d98-470b-b314-1f568defe1c4", "comment": "Malware payload (UACModuleSmokeLoader)", "value": "a90a3e2eab19081ef7a67dc82b5bfcf6d30cf992569ffc6b62391521f0b6ba72a2c091b0582d2b42612d977a10eea4e7", "object_relation": "sha3-384", "Tag": [ { "name": "bin", "colour": "#618E3F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "UACModuleSmokeLoader", "colour": "#8170F4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825383, "uuid": "481e832f-20dd-467e-8830-196b2580f4c6", "value": "T12CC4122339A2C071C98B84355511DBA07F7FB030187AA9CF7B6416BE5E707C097B6B5A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825383, "uuid": "a7fbf5ab-e5d3-479c-ace9-577df40a194b", "value": "d7b081df5aeced7021cc9bd078a5fcbc", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825383, "uuid": "ca4dd415-7169-44bf-840a-7823ebb3c0e6", "value": "12288:Gwb3DWgWS3IfHSWanKSBao75jEMoGWCcMQq+q:G+DtN3If3anV0o1/XWCXQq5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825383, "uuid": "1db4b676-6ff5-4888-871c-86f0640507ef", "value": 559616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825383, "uuid": "42f10d50-899e-4d53-83f7-5a98d4b03709", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825383, "uuid": "1928fa3a-c9b8-437e-ad33-fd2676265cbc", "value": "205300ce322012c6bd9bf36a2a285ed4.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "892f0f92-38fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1691837207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837207, "uuid": "43c28fd9-11ff-422d-9a83-ee198bc6f182", "comment": "Malware payload", "value": "c165a936f4be41979495abb139ce0b92", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837207, "uuid": "e9815918-a7aa-4524-86cd-15b157ab24ed", "comment": "Malware payload", "value": "f58ee9d6f276f787dac4f227f31ea0aa0d28dabba7a686ab77e2380b44cea4f9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837207, "uuid": "e184c5b9-a426-4321-9a48-1f0d80bdac95", "comment": "Malware payload", "value": "2c2808dd270020f572c1a0ed38e9f92b0b4ba28c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691837207, "uuid": "8d9e27a3-31d9-4403-b882-5cc5727c5a97", "comment": "Malware payload", "value": "cb2ea7495c0a4552fcb4822de98b6384c9862322b03a7e0449bc393ff0dabece9c362852150f78eb3fa7ed82d8aad61b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837207, "uuid": "881740cd-a194-42f1-b6bb-c37ea2608a76", "value": "T132A401313693D032C55A46704938CBA41FBF783667A58ADB3B5917FD6E302D18BBA309", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837207, "uuid": "9a2a4b27-a2e8-4a57-ad2b-7b133dae1399", "value": "57c957ecde7ffcaeaa065ed04df47092", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837207, "uuid": "33ec48c4-90c4-4ebd-aa88-e7de83f73e23", "value": "6144:a0Gk6L0SNDCWFxnHLzVMcUAFPMPA6+k6G/jWkanGZEkMxR61Mt:axgSNDCuHLxMc32A6j/LkEJMxRoM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691837207, "uuid": "caf23f3a-09dc-47f8-959e-af55df743e13", "value": 476160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691837207, "uuid": "dfc94739-5b52-4bb1-a110-fbcaee327e80", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691837207, "uuid": "9831bd0c-f7d9-4c67-84c7-e6d889277b35", "value": "c165a936f4be41979495abb139ce0b92", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ab8c9e9-38e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1691826284, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826284, "uuid": "0d5a4ee5-81e3-4472-8571-64a1982ac18e", "comment": "Malware payload (AgentTesla)", "value": "53f0f0e9f72a87bf71fb46ea39a2c220", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826284, "uuid": "09a3b858-95fc-4357-a62d-cd7af3e4b567", "comment": "Malware payload (AgentTesla)", "value": "f6912462594d0ef4431d7289ea2840a2a674e2895978b4217b2bd520803848d0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826284, "uuid": "02757226-6c97-48ea-b12a-9703a95f114c", "comment": "Malware payload (AgentTesla)", "value": "5ce8ab5f83aeb93dd74b6520eabdbff0bf9f57ab", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826284, "uuid": "d0e5c04c-fdd8-4008-9c85-079fc092cda1", "comment": "Malware payload (AgentTesla)", "value": "a2a603ccc8b2813d6ebd9f0485dacee5d0ae5e0b427f40bab78ef7e2fbf6ce454aceecffbb5169496c1f9d73a92fccc5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826284, "uuid": "8014116b-8ea3-49ec-99ba-e885b21a8768", "value": "T1F1D4234577C3B78A8F6A1AB9B6DDD3A5A542CFF814653C4E56F8C00CAC7D68801CABC1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826284, "uuid": "26efecf0-8bbc-4cb1-a8ad-deba563fb636", "value": "12288:xenWcpEhyC2EFYv6uMPK3/SyAjdWJPU62GOawFFqY9nmAuwWcIpKO/CbDIkKVG7A:Q1CDYvdMPKayTSN1/BuBLrQK48FuupD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826284, "uuid": "e771e4c9-ae9e-46d2-a515-7c1a55d8acb0", "value": 623570, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826284, "uuid": "671557bc-242e-4f9a-af75-e5abbde6b762", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826284, "uuid": "65aa4f78-b9ee-4be8-a1db-88e9455b4709", "value": "Payment advice.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c37a0ea0-38fc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691836875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691836875, "uuid": "567804da-7406-4325-965e-8b614cc66751", "comment": "Malware payload (RedLineStealer)", "value": "259a1e4def7a51272df52a91585a1872", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691836875, "uuid": "ebb3aa26-3258-4d78-9759-6259dbdcf3d0", "comment": "Malware payload (RedLineStealer)", "value": "f6c3252e9bc9bf67fc42d254e794391a02b8d0b645c70018a40e85defe19cc53", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691836875, "uuid": "65ba6457-f7e0-4110-87dc-a728177648e0", "comment": "Malware payload (RedLineStealer)", "value": "27f09b516acb261ab0acf23323fea3dd29ce9f50", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691836875, "uuid": "50514285-623b-478e-b1db-44f773caf5b2", "comment": "Malware payload (RedLineStealer)", "value": "711ed250363305092a0e60caea9150e0044073bb05c7d45d9f915c3a9b80807ecb564cd4ad2f5d44942c0ef45c96a80a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691836875, "uuid": "bef3eef8-a289-4dfd-942b-17985734d14a", "value": "T1EDF41212E7D88072C9F127B158FA23C31F3ABC6118AD562F6645941A48B36D6F97232F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691836875, "uuid": "ac4fa6fc-28ce-4abc-b511-88808cc6f1ac", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691836875, "uuid": "911b1e25-9ec1-4225-8b6a-94f50b86256f", "value": "12288:PMr2y90gHkmdeRxl+Pf4PYt0IP0MSL3ItKNwe79yMKRCLX3p7s09lkg/1o+L/Yff:dyXECeRxlsgP1Mrg3It+f79VKQLZx9lG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691836875, "uuid": "14934260-2c83-444a-9f91-5fd5cf314ab2", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691836875, "uuid": "e7305092-76f3-484b-8161-c8f52decf4f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691836875, "uuid": "563ed699-5bcf-450d-89d2-b3469fcaff94", "value": "259a1e4def7a51272df52a91585a1872.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "390345ad-38db-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691822470, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822470, "uuid": "ad2dd2cc-23e1-4c96-b73e-0829ae83052a", "comment": "Malware payload (RedLineStealer)", "value": "781585b215c56b49540936013f1468b4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822470, "uuid": "1cfbd0be-3fd1-4ae0-97e6-81c352225b16", "comment": "Malware payload (RedLineStealer)", "value": "f9a4620f23e2486480307c9a1ac92ee2783f2828bf8e8601e619b670c78673bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822470, "uuid": "fc3b000e-4f4c-45cf-921c-d66aaf7e78fb", "comment": "Malware payload (RedLineStealer)", "value": "4d3bf2a823bb6fab015ba843c6993f164ee0991d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691822470, "uuid": "6b23ac51-9432-4274-ab0d-27fd1a9cf726", "comment": "Malware payload (RedLineStealer)", "value": "084cdb8429afd6cd016985269fa348dd3ad171f70803e4e594874d413afec0997b406d0145ed6720854d20aad10b0d6e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822470, "uuid": "2be6086e-5a50-4dd0-b8e0-2f1fa988512d", "value": "T14A74F1317AA2D072C94701B49524DBA4AABF743192B4865737690BFE5FF02C1CFA734A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822470, "uuid": "8456630c-1dc8-4d25-aadf-83ce9bd66688", "value": "57c957ecde7ffcaeaa065ed04df47092", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822470, "uuid": "27e43ca5-4b8e-4259-9b70-a7a711afe8ae", "value": "6144:s0yyNL83k1gfQEsv4muuIeuwPAhyz9nHBeJZhB:s/06k1gfQhvMe4hypBeJ1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691822470, "uuid": "22928d3b-2b9e-4164-a2cc-685caa446eb9", "value": 343552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691822470, "uuid": "fef63b3c-ea8f-4c30-879c-ee955f40a4f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691822470, "uuid": "b79ea818-ed0d-44cf-9558-786926fbda7e", "value": "f9a4620f23e2486480307c9a1ac92ee2783f2828bf8e8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97492416-38e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691826064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826064, "uuid": "43407772-1f7a-49c7-ac20-02c43e0007b2", "comment": "Malware payload (RedLineStealer)", "value": "6080d2b27234a162685584e9fc05b435", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826064, "uuid": "dbf45afb-93fe-4274-9557-581583cc4769", "comment": "Malware payload (RedLineStealer)", "value": "fbc580f59cf9547d2d2a48a5a82e460a90d83f6d70a6f5611b4d65676e66c182", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826064, "uuid": "180ef171-3406-4f0c-8ef0-f35c9195d883", "comment": "Malware payload (RedLineStealer)", "value": "ce457e49d9154d0f2af6f07ad28319f1613d9c74", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691826064, "uuid": "b3d74987-93a8-4bb8-a9ec-cbdcfb075eb5", "comment": "Malware payload (RedLineStealer)", "value": "a38b831a0e37b0ce8c62416ed41a1e106d00e0d5e08207eae2de098fa031de7a24e400e961917f2ccb4365bec75dd22d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826064, "uuid": "1673ccb2-cb0c-40c3-846f-09d68727e493", "value": "T1B4F42246A7ED41B2DAF6377028FB13C31636BCB09DB483962785984A1C73594E93173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826064, "uuid": "2b4ca41e-8958-4f65-b06d-aff788f9377c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826064, "uuid": "88b5ed8e-4549-4e16-89a8-7f4a0763c806", "value": "12288:bMrKy909fRl/ZejcEpVsWgcKHd254b7am4PEIsmG/isoN1/E:9y+QcEAWJKHd2+b7amGpsmpvf8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691826064, "uuid": "ed0d4519-81f6-4468-ae60-224232b62e9a", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691826064, "uuid": "7098a746-6877-4306-b312-29bf65084166", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691826064, "uuid": "ab6ac363-6b44-4ff0-b80f-724cd44a0e5e", "value": "6080d2b27234a162685584e9fc05b435.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8f94fa8-38a4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691799062, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799062, "uuid": "94775d04-b68d-4468-acd4-f5c75c079162", "comment": "Malware payload (RedLineStealer)", "value": "ad893f3c6e3cc3f57d99b6bca17d28ec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799062, "uuid": "b2914f72-51f2-45d4-a982-cbdf80acf8e0", "comment": "Malware payload (RedLineStealer)", "value": "fc09dd0484899e7f30d6b7fec4da19829d0690330272fc29b90719fa02d5a19b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799062, "uuid": "ac5c530b-f8ba-4fb7-985e-b0682296c27b", "comment": "Malware payload (RedLineStealer)", "value": "d134f094248c0108fcb1a4138c9c82faa4803d26", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691799062, "uuid": "5866ec98-4b04-4e41-9427-39d0b10ebeb6", "comment": "Malware payload (RedLineStealer)", "value": "e196ad104eb9b6e28822c1c3ab6737be48daba35bb69964738744a0bce5ff5a3352487682b17a5a6cafc3055d91ad35b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799062, "uuid": "d9646a84-2669-4106-9333-41f37870d412", "value": "T179F41252B7EC8137C9F6173065F702931F3A7CA159B8432B2A45A99A4C737A4B431B2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799062, "uuid": "218aa601-943d-4193-ad15-a16baf6ebf48", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799062, "uuid": "a51ae637-111e-4b5d-ad9a-6781def5da07", "value": "12288:FMrby901RpJInXODp57KIluoAUDliBrSKbDQRxGMJcRWAUnrLCfJeWektta9Pf:SymRIypvcopEBrSKbDQR5JcAAUr+fJ18", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691799062, "uuid": "2061e4b6-5ecf-4563-9f6e-19f1568790ea", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691799062, "uuid": "4201d532-1f02-40ab-a621-1b8bf7de43b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691799062, "uuid": "8089a8af-de87-4eb2-808e-f1cdec5a9c61", "value": "fc09dd0484899e7f30d6b7fec4da19829d0690330272f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ddb1b6f-38e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkTortilla)", "timestamp": 1691825404, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825404, "uuid": "c905596f-3742-431d-9501-44fe3a565488", "comment": "Malware payload (DarkTortilla)", "value": "40e1cc47ecf2457f0cd4d1c19eb6c572", "object_relation": "md5", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825404, "uuid": "6a8b31f6-fc4d-43e1-ba44-7035365f8918", "comment": "Malware payload (DarkTortilla)", "value": "fd87155ae16286e44eb0068f8ea18a735bc8b8a1fbefc60f70b7a5a14538677b", "object_relation": "sha256", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825404, "uuid": "f669c779-8641-4989-90cb-e3070f4eaecc", "comment": "Malware payload (DarkTortilla)", "value": "00f63fcc87b0a75de4b1679ba1a0821e58cb5411", "object_relation": "sha1", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691825404, "uuid": "f4cbd0e6-aad6-44ce-8b9b-15e01db41d6e", "comment": "Malware payload (DarkTortilla)", "value": "c33f8eb42cb3cceb89f20b3a65b57c0d7816331c7855cb753f9fbf1d645619a7fc66520ff3c71cdf10699cb390784d88", "object_relation": "sha3-384", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825404, "uuid": "ad3f04b9-2743-4e88-bbaa-2cb583783143", "value": "T132063342D95E7A63C959E8F4ABC11015EBF898356210F7DB0CCC6AE939E3B810D236D7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825404, "uuid": "84e77207-25bb-439f-99aa-0383a41ee648", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825404, "uuid": "e86d987f-2be4-4bb0-8fba-e68ff0217767", "value": "98304:CN2ROCRB/KQbw1nD2k4NeJ41/8qycK3aOc:LRB/KWw1DH/J41/8qyzqO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691825404, "uuid": "9f6e664a-e6c8-4e94-8334-c1b27759aaeb", "value": 4001792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691825404, "uuid": "00d7375d-8d3c-4fab-b354-d0a5608b5f6b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691825404, "uuid": "7ace169b-1003-4552-abbc-6fe436664858", "value": "40e1cc47ecf2457f0cd4d1c19eb6c572.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "386bba90-38ea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691828911, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828911, "uuid": "097f35cf-8052-4c0e-9f25-f1da79d7844d", "comment": "Malware payload (RedLineStealer)", "value": "12e607110aa07a7b2d41df09872cd9bb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828911, "uuid": "80ee01a5-ed77-46d9-859e-0ac683b4c12f", "comment": "Malware payload (RedLineStealer)", "value": "fdb4a02c6007fc1102c9f0001ad14a373780d818b9e32d3af3f4158b15d4c706", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828911, "uuid": "03a6f6fb-f016-473c-8ba1-7b3fdd2dbd7a", "comment": "Malware payload (RedLineStealer)", "value": "fdc967b929ba23110710b6c15579b7a6c602d4ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691828911, "uuid": "55a2c51b-55ea-4d69-bcc2-37e1441b88d8", "comment": "Malware payload (RedLineStealer)", "value": "dd6db5ea80b30431cd71fef0cba9578640ec3efdb46fe10079608ae078ad80fdad7eb0b916ed88d61662c123190423b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828911, "uuid": "f1c7863e-2b84-4553-8155-aaa873dafff7", "value": "T1A5558D25378F812AFFE610F582DCE560F21DA0B83725C9C7D687D6EAA6185D01EF3285", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828911, "uuid": "14d6abaf-4d06-4953-b1be-35ea081dd9c2", "value": "c8cb7a778b504c2b41383b432dbd8883", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828911, "uuid": "f6840ae7-ea8d-4050-aed6-0d76ea0920e3", "value": "24576:Q0HLY9RGS187RJbBdu3ROxb6vb/LBQprO2YLoQH3m/e:QcbS187R1vt4b/LBQprO2Koq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691828911, "uuid": "925bf345-b1cb-42e0-b1cf-35c6dd68973d", "value": 1301504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691828911, "uuid": "1d4e1a20-b864-450e-9451-1ec85cfad8a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691828911, "uuid": "c87ea638-b1fd-4f19-9179-bef8dd366ce8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ae8f4c2-38f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1691834177, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834177, "uuid": "81bf4432-f105-4de1-b913-3ffac72dbbd3", "comment": "Malware payload (RedLineStealer)", "value": "73314b6dad244c50dcf0144b431efe2d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834177, "uuid": "dc4d2b78-4f93-44bd-a937-11b46c218497", "comment": "Malware payload (RedLineStealer)", "value": "fe3543e17d7777dd53af2ee0468c5adb3ca441363bcbf55180ca67e7f788be7c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834177, "uuid": "a2aca38b-3619-443c-a36c-e556e76cc201", "comment": "Malware payload (RedLineStealer)", "value": "e7403ed056331f9a2d0665843f52f5ea2c3c267e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1691834177, "uuid": "d192d52b-828e-4c8c-b3ee-6e168e59dd0a", "comment": "Malware payload (RedLineStealer)", "value": "46defa26013ebca16a1c004947f3b89e2d47303739e6ace4921622676998bebef3c17e07125a08e71ce70ec453c5a12f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834177, "uuid": "a6e92c30-c341-48f8-9598-7021bc38c286", "value": "T1F8152281A6DD8567D9B52BB04CF703830F717CA19DB582AF27D1A94A4CB3A40E43973B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834177, "uuid": "ad57d1c7-19b0-4b97-b62b-f17025934dea", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834177, "uuid": "9940934d-cb2b-465d-9e5e-3d9b5f8915c1", "value": "12288:+MrQy909ZGkW6dRFCpmuNpeoqaOWZL4/DqF17CN6ZOBMpa5PKJ9mt:CyQGOd3CpmipgaR5F1ON6Z0Mp6Pg0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1691834177, "uuid": "014daeb8-5d72-4a4b-bde3-a33e485b91e2", "value": 875520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1691834177, "uuid": "df90ccfe-785d-4bd7-a97e-03cdfdc208c2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1691834177, "uuid": "1ab1732b-8d67-4f32-9bdf-54186f7fc805", "value": "73314b6dad244c50dcf0144b431efe2d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }