{ "Event": { "published": true, "date": "2023-08-18", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-08-18", "timestamp": 1692403381, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "6dcee3a7-6111-43b4-b8f1-edb5a09ea846", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0ce6c081-3dc4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1692362273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362273, "uuid": "e376122d-2cc5-4e2d-942a-178b82195eec", "comment": "Malware payload (GuLoader)", "value": "c3bf434b4b051f476a862763203b92c0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362273, "uuid": "b9d433f1-6de6-4c06-af8a-588151ec508d", "comment": "Malware payload (GuLoader)", "value": "003ed9ebfa425e560bd84e6fae2bef95cf9ad6670026d5a3848df101fb64445a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362273, "uuid": "e898c6a6-aad2-450e-9bcb-d42a6f6c355d", "comment": "Malware payload (GuLoader)", "value": "4943db2de1a4a062ef36d3ef0c4dd6fb260030d8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362273, "uuid": "3df82d07-4c3e-4dec-abf8-04d5b5f7a79a", "comment": "Malware payload (GuLoader)", "value": "98e4d1c9b875e4264c0cf8c35b104b557e850cc107f8aaeb1f969f6e2a47f894289bd0ad0b704cd9c5d14b5ea4bbf966", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362273, "uuid": "ff991c86-ba7b-4e05-a3a5-6414538dac22", "value": "T106C402D13DB0DF2AEF52BE7479A7D2942BA06D6D1C01380B7A8D77CE16302275ADE205", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362273, "uuid": "c02f94c9-bec3-4cb4-b85d-45e022eaaa45", "value": "d4b94e8ee3f620a89d114b9da4b31873", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362273, "uuid": "0e3209ba-4ada-4a96-8793-207fdf55a95d", "value": "12288:cBXPB4M9Urtx7mBaGY6u25aQ+Sb6f57Q3e:u4M9UmBaC5Tqe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692362273, "uuid": "7fe9643a-69bc-423a-b109-4cd92bfd4279", "value": 588568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692362273, "uuid": "c36cf43b-c8d8-440a-b03a-c53c90ebf407", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362273, "uuid": "49f5c863-1345-4445-81b2-0e4703dfcbc1", "value": "Hephthemimer.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3c72d85-3e04-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692390041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390041, "uuid": "0be2bf94-533f-4e1b-b9a5-ca4567059291", "comment": "Malware payload (RedLineStealer)", "value": "5c6338388b9d458a689014714ec19f25", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390041, "uuid": "bca40fd4-ab9a-4df6-8bdc-03c3517e16cf", "comment": "Malware payload (RedLineStealer)", "value": "004a8386a3b2e59c3a48bb9321608b9f7de2f38c4f3faa3bd11beceff912a039", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390041, "uuid": "b98910de-e4b7-42e2-b02e-7d7967a495ee", "comment": "Malware payload (RedLineStealer)", "value": "b1285abf1261490a6ae9fa39bc3ddb4d10ccbf66", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390041, "uuid": "b850b715-d0f6-49ba-a96b-f0cef48fde74", "comment": "Malware payload (RedLineStealer)", "value": "4e9b8c73687bcd7270283921ae2d39463cdc5bbeab06f144ddbc138af08c6c403d13bac54759c80215eaf09b05378d35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390041, "uuid": "b3360b59-4428-4a4c-9602-4796fea571db", "value": "T1B60523A363E8D436D87A27B059F603871F36BDE28D38576E2641E95948B2394793033F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390041, "uuid": "b0a9f640-6b40-4d3c-95db-11ad9da2bb17", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390041, "uuid": "e140db09-414a-49b8-b926-f0396000b11b", "value": "24576:myoGrojACmA5z5pKCazIerRFUzikJSGXu:1p8jACHprTeDU9F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692390041, "uuid": "8d0712a7-4ab7-401a-8e2a-c0fbedfd51e4", "value": 857600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692390041, "uuid": "d1384a91-b135-41ca-806e-ef8b9a4f7401", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390041, "uuid": "d0ee1e92-da39-4c9c-9dbe-d754916828a7", "value": "5c6338388b9d458a689014714ec19f25.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5269a057-3e01-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692388589, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388589, "uuid": "80438e8d-e731-4c7b-93b7-2b9aab17f794", "comment": "Malware payload", "value": "439a881eb373829099565b2ab5c52611", "object_relation": "md5", "Tag": [ { "name": "1766986052", "colour": "#3F15B4", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388589, "uuid": "ae6131cb-6e03-47f6-9260-b08a6293300e", "comment": "Malware payload", "value": "017d512cb1c83d0e8622930aa1da13f01b9838ce98177da02f36ad47464d686e", "object_relation": "sha256", "Tag": [ { "name": "1766986052", "colour": "#3F15B4", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388589, "uuid": "82455240-e66e-4e3b-9596-5dc1c273ee3f", "comment": "Malware payload", "value": "e9865f4b55c42d51a32317c69f7dd823165d9880", "object_relation": "sha1", "Tag": [ { "name": "1766986052", "colour": "#3F15B4", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388589, "uuid": "72a0a1df-774d-407a-afde-8866f4b546ba", "comment": "Malware payload", "value": "f41baeceaef0bad2fa6f778b285639651bf4e4d05ba82d3e7a700d9f2ce887e712ed11d51c49156e8c8044b1cffad6ca", "object_relation": "sha3-384", "Tag": [ { "name": "1766986052", "colour": "#3F15B4", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388589, "uuid": "bfe3e1fd-29f1-4ef4-afcc-6520a3117d60", "value": "T1A2D312644AA8D827DC07A7341561EBB241CF335CADDC1015CAB7991F040AE53DF6CBAB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388589, "uuid": "7326da10-a639-4df6-90a5-2d286d4687fb", "value": "3072:6uMnVI1nOKkoz8eDItDb9gqdW5TUXvfHWCgD/71:6Fn21Ao4FtDbPdW54XvfHRgP1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692388589, "uuid": "dd98dd7c-66ff-4088-83b5-eee47738f1c1", "value": 141056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692388589, "uuid": "76d33360-90c2-48e1-b9ec-57d93e5e3d65", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388589, "uuid": "3ad680cd-f8b9-4996-b9b1-56723bc4fb37", "value": "Doc_Scan_08_18(480).pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "91b95573-3d66-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692322123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322123, "uuid": "1a6cfbff-aa13-4030-ae8c-8ffc894544eb", "comment": "Malware payload (Mirai)", "value": "3ec509105ad485cd7dc1fc3f051dc136", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322123, "uuid": "be000c8f-f381-4c4c-ae2c-ca69cf158eec", "comment": "Malware payload (Mirai)", "value": "030644fda7b57c40afe90a809f7c4069161837c155cdf1bf9f7fddba7bfe74f3", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322123, "uuid": "826d0880-dfcc-47c7-8b86-2a60957856b4", "comment": "Malware payload (Mirai)", "value": "09a73657f963a73caa75e555a9a881cf5b5c0730", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322123, "uuid": "b15ae244-9056-4fb8-b96e-a8ac5e35ce5a", "comment": "Malware payload (Mirai)", "value": "1db3165c6e9249e868fd3879350765afa58b069da2ef4c4cef33c81c7086bbb5d0dfbcf5af9945b6cca7104b8359591f", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322123, "uuid": "eb3a20ee-9326-42ea-8d5f-8e18c05566ad", "value": "T1DCD2D1FF93FBE67AC08AA8F418119AD0F5B5B44112140B6B4CFE757A8BA71452930F92", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322123, "uuid": "3a34ac1e-949e-45a8-b816-227b58b22efd", "value": "768:SYSoXdJZETc51aBf2GcK0qLHEo+fOcTErw1twufHSx0s4:SYJdJZiy1acGRoo+0bufyt4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692322123, "uuid": "d0b48f76-8880-48a0-88dd-20243c32ed77", "value": 29432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692322123, "uuid": "a0e80ff3-0069-4f07-8d0d-e9b9f42adfe9", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322123, "uuid": "01f50e9a-42bc-4a3a-8244-0ebea27c169f", "value": "3ec509105ad485cd7dc1fc3f051dc136", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f32d8663-3df3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692382846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382846, "uuid": "a25322b3-be88-441b-af3c-dd25ece4e2ee", "comment": "Malware payload (Amadey)", "value": "3fd811ca607e7f0d9fedfea075023fac", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382846, "uuid": "7a595686-b963-46f0-9a0d-f49a37be1a7c", "comment": "Malware payload (Amadey)", "value": "03a49d2f22e7757a25ced2a229fa69c1c98e9f8a0db20d5760f4d4d23be41259", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382846, "uuid": "11ad0441-9767-4a5c-af25-3386e91da765", "comment": "Malware payload (Amadey)", "value": "6b814a2b444715c4f0c71e07f95aabb52ccbe2ad", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382846, "uuid": "feec4932-04da-4fef-a526-3d6fb0aae178", "comment": "Malware payload (Amadey)", "value": "2282381d6d6729ae13d855054d87966d155f85408ba0c73969f7c07b27ddd400a336e75190178ae575e99d06fa4ce344", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382846, "uuid": "8ffd0145-4474-4406-a410-a4d039434dc2", "value": "T18DF4124BABD85036D9B80B701CF713931F34BC602D7893A62385998E5DB27C47539BAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382846, "uuid": "85e36538-d02a-4497-a6af-5a43f85cd2dd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382846, "uuid": "42c6e8bf-b951-429c-a619-ea80e6e0a066", "value": "12288:BMr2y90hha5+3pC7HS/J1fPqTLq6o7N6nncSi1ImUzK:Dy75+ZCbSDPqT+6ognncImH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692382846, "uuid": "71d53a1e-bd9b-4c5c-8668-e61484119d78", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692382846, "uuid": "9374b8a3-f632-44ec-8933-3e6a2845b59b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382846, "uuid": "668c4f83-d138-42d0-9d99-d20bd6b578fe", "value": "3fd811ca607e7f0d9fedfea075023fac.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9bc4a7b-3da1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692347638, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347638, "uuid": "09f508a5-4ada-48ca-bff3-ba12455b0c78", "comment": "Malware payload (Formbook)", "value": "25fdb64c42d6f95911ecad2ca0ac5b30", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347638, "uuid": "fe1dc520-6d1a-4293-b5a1-661d3db2834c", "comment": "Malware payload (Formbook)", "value": "052b4d533242ce95c966f10dd14c3c8105cfe3cc0f5ea7dd851443c4079f5a21", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347638, "uuid": "e4a049ed-d642-4aed-9fae-6406d89d863b", "comment": "Malware payload (Formbook)", "value": "5554b02eccd62f81019a345f2b01b81bfeece68d", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347638, "uuid": "9b20c561-441d-4bce-9023-a42e31acbe20", "comment": "Malware payload (Formbook)", "value": "3929855b5bc19659e97c0ce84744f1225e985a715890dbc08dde0213ee116742b73b5aea7f9b6a88caec736653e18af7", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347638, "uuid": "6ac813b2-1b9a-4417-bbaa-ad1cb5a7e543", "value": "T149C423C21A86D68A2781F0540B4C892A3E733D5674C1DE4E0F48D5A3FEFB760AB656C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347638, "uuid": "0cbd05ee-318d-48cd-a8cc-7ddaa51181f5", "value": "12288:XXxf9bJJf6//2uQKHQMnuW39Cg+NCnXMhEp0iNOlVN:nxf9bvG/nwMnuW39Cj88ziNOJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692347638, "uuid": "92a43c26-b733-44c5-9eb3-537a3508f50d", "value": 555061, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692347638, "uuid": "d13eb754-25af-4d9b-bf10-47581b29f324", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347638, "uuid": "89dd2691-19d6-4015-8be0-1f6f95e7234c", "value": "Proforma Invoice_xlsx.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5fb339a4-3dd2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692368425, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692368425, "uuid": "559024c1-7d61-472c-988c-d1633d0394af", "comment": "Malware payload (RedLineStealer)", "value": "062d01fda1df0c6c0e513b16e1e1ab28", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692368425, "uuid": "20bcf7ea-377a-456b-b578-19062d0f0aa5", "comment": "Malware payload (RedLineStealer)", "value": "061586d8fbca9c1d9a2e0c8b060ea6ef78e081c96a6c050b19f2251693bde1c8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692368425, "uuid": "96f02e81-64ef-4abf-9852-26a95f1e9529", "comment": "Malware payload (RedLineStealer)", "value": "f40c91ef3c487943c73d91e4a81c8f6d03ba95ff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692368425, "uuid": "b468e93b-ef5b-4ff7-9ce7-c634856ffaad", "comment": "Malware payload (RedLineStealer)", "value": "78d3680e293f79639b7e1dfe0f7aff9708857197e5c92fd599d058ad2c9068196c515e0e866c498c3c22cfad4223a638", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692368425, "uuid": "a0cd2302-dd8d-459a-bb7e-f87a667adff8", "value": "T1C6F41242A7E8C467ECB517705CF202A31B3A7CA60535436F33969A1E1CB29D8A17673F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692368425, "uuid": "ebafaac2-1232-4c90-8465-65e88eb4dccb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692368425, "uuid": "f4b90fc6-b20b-4c4c-b838-cb956cda1f03", "value": "12288:1MrMy90Zyajz6ExdY/yKG4iIUAYJYJl9SRdJKu0WaRfANr0b17se5OeDLWZ:Zy3aH+//G4VUAS7FKmQANOoepnWZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692368425, "uuid": "0b9b2f7f-038e-4bf6-b280-9f3a7aaecf43", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692368425, "uuid": "72b99972-95fd-4cca-80f2-7d54f717cac3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692368425, "uuid": "e014ff52-f615-42c4-828e-62afbc69e7ce", "value": "062d01fda1df0c6c0e513b16e1e1ab28.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1dede2e-3da5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692349343, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349343, "uuid": "89c16bc5-cce5-4720-806a-51b509611015", "comment": "Malware payload (Loki)", "value": "24c10105dcc3465f44a87e3ce4269cfc", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349343, "uuid": "61f453dc-c0ed-44e9-a5f5-adcc01bbc858", "comment": "Malware payload (Loki)", "value": "07c6cece00063dffc6931c07243d4ca7a9954b021c5d3834935e2e3a4038fdee", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349343, "uuid": "8d988e6d-4421-4256-8874-1b1193317a10", "comment": "Malware payload (Loki)", "value": "5e6a888dce892b4fde17f6d11a5be13d01885b3e", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349343, "uuid": "e1afa0d8-013e-4672-b79e-76d1acdae0c3", "comment": "Malware payload (Loki)", "value": "0e2b50395dfef42f7a9ff23a72d0e09858d9a71e8e94ecbc9b0bae26e883f0b84c8d79af92a5abf2ee5867c012c4187d", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349343, "uuid": "6a378e6e-891d-4d21-a501-a6205140bd13", "value": "T14CF322C891E939B2CE037E792E04BBF73065A64E726E144ABE50438148959FB7D4F90F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349343, "uuid": "f41a2bd3-74dd-464b-bbc5-a42035ac2951", "value": "3072:vpOz8IaL7aucc9W09k7P3WPe3msnBBHhRsl2AuV6IM+pSMymcvfCj59cefbKV7:vpU8PLXcc9wDGPyBU2lvM+Mv1iNGem9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349343, "uuid": "d487110a-e0bd-4df0-92f0-85f18347c960", "value": 171586, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349343, "uuid": "923d6d7d-1bed-41ff-a91d-665be598536d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349343, "uuid": "35e87c60-4746-4091-941b-09dcca90dea5", "value": "20230817130403895.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "325eb8e0-3dc7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692363624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363624, "uuid": "9507c36f-f201-4188-9af3-b2d37c46f701", "comment": "Malware payload (Amadey)", "value": "a652a923e484b4b715cb1de36048f590", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363624, "uuid": "4cb900f9-e60e-4a76-97a1-79d7565198a2", "comment": "Malware payload (Amadey)", "value": "09d3ca79ee1bc3a711859144d4f65df1be24190a43b097c76a91bf85febbc13d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363624, "uuid": "aae3b749-53eb-4592-99b9-18ea447f0770", "comment": "Malware payload (Amadey)", "value": "95c160fc1a782b72c1c73017ee667a06eb2bb273", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363624, "uuid": "4e80bcfa-ee66-4bd7-ad3a-65ddc402acae", "comment": "Malware payload (Amadey)", "value": "5ee6f07f5da17f7fe9a140ed14216f75a38f0d452c263463339555724379202b5cb28b9ba33d41d3a74460e70ac0708c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363624, "uuid": "9596e159-5134-43d0-8fcb-50a1eec13b7a", "value": "T113C41203B7D89072D8F61BB068FA03871A367CA55D7847AA3786D91E0CB2684F13577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363624, "uuid": "592cfdad-81d6-498b-9f79-75fdf53975a8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363624, "uuid": "bc54e715-4af9-4856-8cf6-205724578c95", "value": "12288:AMr5y90YavNDXXF8h/zew6Cb9My78C55xyCWM:JyxSNL4zewP+vMTuM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692363624, "uuid": "38f87210-98bb-4e39-8976-8b0401c5d5bf", "value": 576512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692363624, "uuid": "fb3d8192-b78d-484b-aec4-a05c13eebf7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363624, "uuid": "c54be2fc-e8c4-42f2-97f0-34a8df2aa11d", "value": "a652a923e484b4b715cb1de36048f590.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db27c6e4-3dea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692378940, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378940, "uuid": "9d07dd56-aef0-4d79-9260-47194ec271ed", "comment": "Malware payload (Amadey)", "value": "09ecf8d32a5bedb2ae70f8912216fef4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378940, "uuid": "baefc224-be11-4f22-bc36-d9ba859aec23", "comment": "Malware payload (Amadey)", "value": "0b17bd28cbb8adf88abcf8038e8aea1c1094e7bc9989550de7237f6af036bf22", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378940, "uuid": "96c12db7-0c1d-4929-89a6-f8971675eaab", "comment": "Malware payload (Amadey)", "value": "38e4b97b7ed10e50863edb8db2d7760aa55ae0c1", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378940, "uuid": "a784f1df-2908-4e95-8ef3-5fd815698794", "comment": "Malware payload (Amadey)", "value": "b576dc718013e96a33ef067a1a17de67b15b9420419ff46eff4bd25213a813f706e5ea0f1b0334431bf96fc35a4d7993", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378940, "uuid": "f52ce4ff-da6a-4d55-af7a-3d8d61bc0734", "value": "T158F41213AAE481B3DAF617705DFB07871A3ABCA15874432F2344596E4D726C4E932B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378940, "uuid": "17451244-5659-48f7-94d2-49fb64b41241", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378940, "uuid": "b2431f4f-6c83-421e-a327-4282b8339301", "value": "12288:2Mr3y90rXzulPkFyHMQVm/yTYmA9BIMZkI018FKmnmZM/C/GbH8v7J:NyxkFyzmQtskI68FK8mR/Gz8zJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692378940, "uuid": "a6dc1e70-2504-4286-a42d-b3f717b7fc70", "value": 749056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692378940, "uuid": "f95bd9b4-f48a-4c26-b98a-3540e6d2d7e1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378940, "uuid": "590a31fd-d615-45fd-8ba3-c5d5e56b9710", "value": "09ecf8d32a5bedb2ae70f8912216fef4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e06ff2b9-3dd5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692369929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369929, "uuid": "b5b7d9c7-1f96-4155-ba49-fb6c8696fe16", "comment": "Malware payload (RedLineStealer)", "value": "f1941881d98349fae93d23b18c5a5b0e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369929, "uuid": "731a7c7e-9000-4e64-8638-e55464220c57", "comment": "Malware payload (RedLineStealer)", "value": "0b9d7b6d0c4d970b20ddb4a48696098c628acaeb6bd502a9d2ec0a4123a80144", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369929, "uuid": "527d4064-d1f1-4725-8ebb-d1fc0800aceb", "comment": "Malware payload (RedLineStealer)", "value": "28d60f2f19e9ab2025a1bfee13f0182c22b4f1da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369929, "uuid": "3996d3e5-abad-4a33-a9f2-23ed19352545", "comment": "Malware payload (RedLineStealer)", "value": "2038de72fa0e604527cb55a8666c30321bcc5138867e73b37fdbab0767966070b92fd324a5ed6a3cb96b0688cf0fb01a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369929, "uuid": "f239c0a9-d08c-4548-ae2c-1c0f7600fff8", "value": "T13BF412527BD99073DFF4637068F31397173ABCA184688B4B2345E85A0C72AA1A93573B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369929, "uuid": "22be8d1f-34f0-47a9-90a7-e22b3c1d8016", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369929, "uuid": "0bba9e77-0026-49ab-98eb-373384fd2621", "value": "12288:bMr6y90msmQFFCZuKlVe7c9IKRffXqp7ls0ZYL86WTjfg2:hyBfZuOc7c2KlfSG0ZYnWTjf/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692369929, "uuid": "f7a541e2-4d84-4cd7-8045-cffde500a38d", "value": 747008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692369929, "uuid": "13a0255f-90a1-4a12-aacf-71c8fbb7a5ff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369929, "uuid": "8b364234-94ce-4bfe-8c45-5d6b0229e3f4", "value": "f1941881d98349fae93d23b18c5a5b0e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d1292ee-3e06-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692390647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390647, "uuid": "378dffc0-35f8-47fa-a47b-dadb51905d60", "comment": "Malware payload (RedLineStealer)", "value": "d7ee40329dfd747e583212f30eebc902", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390647, "uuid": "56a1e8fa-32a8-426a-b68e-2c1e8f262fe6", "comment": "Malware payload (RedLineStealer)", "value": "0e721b03cb012768ba62ee6ed54ba633235dff761920bd7493a76a08a85d3876", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390647, "uuid": "366188d5-bc93-4669-a820-508ea12874f7", "comment": "Malware payload (RedLineStealer)", "value": "669ec9b13583b1c2daad274a3d163d5fcda10b5c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390647, "uuid": "afa9d57b-41ad-47de-afe7-6d33ad4a1341", "comment": "Malware payload (RedLineStealer)", "value": "7b09832b4132d94c05ca91ee4abd19808005daa51e5b0af5578c0b8c0f61e3b1174ce533f88bc4ba63a08fed33d6c256", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390647, "uuid": "8aa39919-d96f-4700-9f48-83cb53deb915", "value": "T134F41253B7DC9072D4F42FB059FE07872A357CA2793847AA679A588E1CB22D0A435337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390647, "uuid": "d64f9f6b-edc8-4f68-8766-2df2b15de951", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390647, "uuid": "6ec021af-c959-4728-a8d7-d64187f9b6d0", "value": "12288:iMrry902s2p2h+nTrFNt3g9VZGwlT/QWry1CvyVtaKkQhluZHy:5ybsU7TRQ97GILQAy1VVtyOluw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692390647, "uuid": "e77107b8-122f-4b2e-842c-64c7ebb34b35", "value": 731136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692390647, "uuid": "b02c8339-2977-4c01-b9ee-7f2056291558", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390647, "uuid": "9edad7bd-bce1-41ca-9dac-360514ba9afa", "value": "d7ee40329dfd747e583212f30eebc902.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7f5d58a-3d9b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692345004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345004, "uuid": "559014df-3ec2-4e0e-b922-eff82c6eed99", "comment": "Malware payload (Mirai)", "value": "8dfd4c26afe14f2a98a45d90fb9732ee", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345004, "uuid": "e6f0ac5e-3ca1-4621-900d-02dd0eb9f7f8", "comment": "Malware payload (Mirai)", "value": "10d45ed9cc7e800b119910226eade92f00ad6db6ea8476438d648d0e95c08130", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345004, "uuid": "ddf562d6-f82c-42a8-bc8c-16d62b8b5284", "comment": "Malware payload (Mirai)", "value": "d51a8fe62334a07a14da47efd6aadd6205cbf153", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345004, "uuid": "81933621-24fb-41b1-a963-39a197ff6291", "comment": "Malware payload (Mirai)", "value": "e9a4f7b4b6fd8b9c83758c886c8b7ac16ddac6d0f25aeeb0d313f4fe835bb1bc8776d76f2bca2400cf776c4dd72bae81", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345004, "uuid": "9c5f51ef-4dc7-4aad-8a2b-42e9db70166e", "value": "T1ED43F166D65FD9A3F4E01936E961408BF30D5E68D08C2DCF1AD4B2A978C610366F4ACF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345004, "uuid": "8bf460d8-3b95-46bb-ab40-025fe7bffa06", "value": "1536:Yr0k2e2CfWYecuw8xcqsXgfHUJ0iVFqQz3dPlB:YwhLCJuwIzYf0mTtL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692345004, "uuid": "36161d7d-98e8-47cb-98bd-825f749431df", "value": 60624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692345004, "uuid": "55a338b2-a7a9-4f32-bfce-0704c22e9da6", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345004, "uuid": "51fffe28-c69d-4c32-acc2-3a5506745dda", "value": "arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0bccc319-3dbc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692358835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692358835, "uuid": "f750e3b7-30dc-45fa-9893-319273c18b66", "comment": "Malware payload (AgentTesla)", "value": "d850cf00d51bc4218cd3a7811f111ad7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692358835, "uuid": "b19734f3-acd3-4a24-9456-9adc24ba882c", "comment": "Malware payload (AgentTesla)", "value": "1169ffd244039e5cca44ee8af96966f40637ca679ac59e4e3f71c49c8625734c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692358835, "uuid": "bd20c5f8-568d-4d6b-b6c0-dca4bb42505d", "comment": "Malware payload (AgentTesla)", "value": "e8c31a8b122e0be1d714a612cf496ddf84a234a0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692358835, "uuid": "bfbbdaaa-4681-4388-80e0-47b9c80cd530", "comment": "Malware payload (AgentTesla)", "value": "abd6367261e971d7453d4898a6adb13969654dc0c5c738d2baa871ed6c7d7b3744ee03529f3054648aed125c1b2fb13d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692358835, "uuid": "46bff14b-87fe-4365-875f-7a30f3d951ed", "value": "T157E4F04137FD2A87E9B6D6F955BC514083F27A6A6161E3ED1DC620CE1AF2F400B60E27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692358835, "uuid": "25febf01-b839-44d9-b9c3-bf6e5ed115b1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692358835, "uuid": "9eab31c7-9c04-4bf8-a326-16202234242b", "value": "12288:AMmHFFDO9S6WDBD45nafiYNSCX7LYg5Prkt:VmXO7utD9LYg1rk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692358835, "uuid": "5e04aa2a-9a42-4fcb-bf79-33a4ffeca2c2", "value": 693248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692358835, "uuid": "40dc3b4a-4c07-4ca4-ace2-fa21c6315901", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692358835, "uuid": "d3af454c-42d9-4d76-8675-313a475ffff2", "value": "SecuriteInfo.com.Win32.RATX-gen.9787.5644", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8cce96d-3d9b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692345006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345006, "uuid": "efdd8047-dc60-45d4-998d-3fc17f3416bf", "comment": "Malware payload", "value": "6c6c2419e5ccf973dda865313f675d38", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345006, "uuid": "66459569-1b47-4521-bcd4-8cb399591c4c", "comment": "Malware payload", "value": "119e2f04731bfec284e805a5134af290875154b7710f7c608c0ac0a02a1032e3", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345006, "uuid": "935ddbcf-9a1e-49f0-9b28-83dc50165b15", "comment": "Malware payload", "value": "e6718a592660a2aeb7c6037f4329f7439fc1bb8b", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345006, "uuid": "bf132274-607e-47df-ab21-8638d934d846", "comment": "Malware payload", "value": "4bcc871dda99201966910af1b203786a1511071ba5096c0f741b8891bc6a916cc143dd2d515d77294ce3362660723d0b", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345006, "uuid": "d65ddb52-f082-4a04-82db-e90a30690286", "value": "T136E2E153D05A7132DAF05C3A45BCC38083DA0A7DDCD532BE68640938BBD26E277B52A9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345006, "uuid": "ba5c5eb9-83ec-451a-851a-31b5be97dec7", "value": "768:KHHTR5ITY4z68Gx7dC/q5GD0vju1CRUmDVtne3Uw:2zR5ub2U/qwD0vECmmDVRU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692345006, "uuid": "466033ac-41a2-4cc7-8429-1ceb6cea2f66", "value": 33552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692345006, "uuid": "3b6d3667-1dad-4bed-a5bd-5f368c614094", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345006, "uuid": "7c8364e0-78f4-46c2-9a51-8e2fae8782c5", "value": "arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4663c411-3e18-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692398447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692398447, "uuid": "329a6c2b-2686-4d64-9afe-dd5d3452bb52", "comment": "Malware payload (RedLineStealer)", "value": "206adc79ddb3187be6459d915089fbd1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692398447, "uuid": "d254fba0-f839-400f-bb4f-718d4880841e", "comment": "Malware payload (RedLineStealer)", "value": "162c5a37d5e385645ae266d0658a55fbe85fcd6c117324ec773f33e28b83bdba", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692398447, "uuid": "5cf7d545-2ae5-4bf3-9945-28afe6f9a766", "comment": "Malware payload (RedLineStealer)", "value": "26c0e02fd200e993b9e1b7e32501be5516024b2f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692398447, "uuid": "1daf4659-38be-4ef7-864d-031f8b453f0e", "comment": "Malware payload (RedLineStealer)", "value": "fa247e461764d19349597c5defc9cdc5b60889e32f4d57e60799899e10c2faf2d679acebfba0346db35dc54e30fcd271", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692398447, "uuid": "ba9a4894-0aac-4a96-a1ad-d20eb7532e11", "value": "T1D9F41213B6CC8067EABB277068F707D30B357CA1987887AB2241951D0EB3694E936777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692398447, "uuid": "3b2699dd-0917-4637-b8ac-8dfd6fdf2fcb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692398447, "uuid": "c6c7dfbf-d513-4ea2-8c5d-8beac238c778", "value": "12288:QMrNy90AHOP3DHmUTsu5diptu2J45U9/2X4bKpSYruietzg9Ry+cT7E:NyIGUlD52qlSYK5ZI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692398447, "uuid": "cbffd0e4-da7c-4d78-93e6-e6b8f0b69981", "value": 731136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692398447, "uuid": "9541e637-c198-4915-8637-77047058614e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692398447, "uuid": "40e2c3c6-04f1-4111-8b5f-1fb26e8c7b76", "value": "206adc79ddb3187be6459d915089fbd1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1143afaa-3de1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692374736, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374736, "uuid": "516a4d3f-7b6f-423a-be71-f2ae90029e7b", "comment": "Malware payload (RedLineStealer)", "value": "e5fa0db5f9ebee792f17dee722844ff9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374736, "uuid": "e11c9fd7-863c-4b5b-b959-b809753f4607", "comment": "Malware payload (RedLineStealer)", "value": "1ea4e314a02d324d66f1a09914f0c908b859e2c6ab1f39f72d34129673f95bea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374736, "uuid": "036c3998-8551-42b6-8b47-fac9c55628c2", "comment": "Malware payload (RedLineStealer)", "value": "8347501be768fec01eb1c337716e550d0ce0d9bd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374736, "uuid": "fe7c2c4c-4463-4873-9cd9-09531a1f0017", "comment": "Malware payload (RedLineStealer)", "value": "875288ff98b77b7b8a52662a38de1eecc1922ecb85848f754f8ba3c15116b422ec424b4ece7a38d3e3b07bc736bd47bd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374736, "uuid": "5b88674c-2e68-423c-927b-90acfbc1b067", "value": "T1CDF41253E6EC4072FDF90BB454F116C30736BCA298B582BB2B51D96A5D736A0583233B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374736, "uuid": "252e0a36-7dd3-45ff-ae16-34ebb52f8a78", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374736, "uuid": "a4f7d323-7d1f-4d06-acf2-35aa5fa27cb3", "value": "12288:wMrEy90fywro8FIMBfkFgM18Tq0ectoW3U/FPD/5Mm6JrR4Lu3:kyyyd8Ky/q8TqVcoW3at5MtJdD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692374736, "uuid": "dfcb3405-63d3-4e87-b9ca-22b4bb82feeb", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692374736, "uuid": "18dff27a-dbe8-49f7-af61-93c9e025db06", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374736, "uuid": "fd85aedb-8513-4f68-a238-5557a86367e5", "value": "1ea4e314a02d324d66f1a09914f0c908b859e2c6ab1f3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37681e7e-3d86-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1692335715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692335715, "uuid": "48eb23fe-6fe6-4b23-a8c0-9151fa56e307", "comment": "Malware payload (Stealc)", "value": "39f1755fdae610c068e7d40e2717f696", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692335715, "uuid": "8cb61d07-d5dc-48a8-a05d-dd969585e856", "comment": "Malware payload (Stealc)", "value": "20c94af23dc0353f8a739fe593115eeb09cac111dfc50db3fcb6964bbe2abb4e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692335715, "uuid": "4bf2a2ca-6b10-4f9d-b5ba-2206876d17f9", "comment": "Malware payload (Stealc)", "value": "481dda3ca919e2434fda78ca432b3ee7c7962ead", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692335715, "uuid": "25dd3c94-9b05-461b-b8e9-1df8a3bf7c96", "comment": "Malware payload (Stealc)", "value": "5ebe65d9c369e2bbdd63530fabcb604dbff32d63eb995258418951b751b9fb2d0f2de3c3c4c4e8fd7f7e9ed9971b284e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692335715, "uuid": "c5d866dd-c39c-4ddd-bdf6-a0d5bd2bd77e", "value": "T113A3F501E940642EE1A540FFBA9E5BEAE89C7AB41304C0C3EBB1AD7635E11F164B457F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692335715, "uuid": "5cded78f-fe9e-4c11-8a49-e2ab58675e77", "value": "cd99bce8ebad6bc5866d19d9d387c282", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692335715, "uuid": "7d5b5de2-63bf-48fd-94b1-afe53ff22270", "value": "1536:AO7s7wqqGfdXfbMny0eDEgU5ZOw9mbNFG7x6pt9Dvdp8R+jHb546+qUlE4SJrIAq:BsOGfBMy0117esKhpV46+8raADsn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692335715, "uuid": "eb39a76a-ebb0-4653-b52d-c7c847994056", "value": 106496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692335715, "uuid": "e5500034-631e-4d24-aa2d-9a2117f701ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692335715, "uuid": "81b1f41f-5263-44ff-a5a1-14360ae9bf2f", "value": "39f1755fdae610c068e7d40e2717f696.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "833653fd-3e0b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692392966, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392966, "uuid": "1abd3964-dfdb-4fd4-b521-07fe04847470", "comment": "Malware payload", "value": "1456bf2f4e225a2932bd4cfb57938a11", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392966, "uuid": "6e063621-b845-4799-b051-060bad8680e1", "comment": "Malware payload", "value": "21be3e6673249b8ab22552083dd46bbb6908a6c4e1ea0a745484ed3a3d95480b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392966, "uuid": "a6f4942e-c05b-4bd2-8baf-cdf0947ce647", "comment": "Malware payload", "value": "580857278af9f486cec0b71625dd46e3c0175509", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392966, "uuid": "f1cd9929-acdc-4af5-aa67-bcdd7585b17c", "comment": "Malware payload", "value": "2f8dc9fb0c5c0bdf5754acc9be8a34a4b490529eeb35e3e7c4cf56504d1fec9e9c50b2a88002a4e1d81342fdc883b37d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392966, "uuid": "eea94258-47c5-4ae2-9ad6-dbecac368204", "value": "T1A8C318D7ABC59DA7DA11073588FA4319333AF7E02B878B171D20A5350E637D0BEC694A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392966, "uuid": "0c26e9de-bb45-4dcf-a1e3-4c91b8493324", "value": "6f52595896f185a4d100120bb769ccf4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392966, "uuid": "77806136-fcd1-4e8b-8828-b6a5bcaac731", "value": "1536:GOdJoRQzyymOS029Lks3Mi75/O1EEahfUO0R:5udzwShtcR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692392966, "uuid": "b6c08ec7-080d-4b83-8907-1980a0748b5d", "value": 122330, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692392966, "uuid": "53314661-c0af-41f8-8b9e-f541a6abcb48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392966, "uuid": "84edbfc2-ed28-4eb0-a7f8-3ea2c7e44c74", "value": "pwnw3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cf3cba3-3da7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692349925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349925, "uuid": "28e4eff5-1cd2-44c3-ac76-7f6b4050e072", "comment": "Malware payload (Loki)", "value": "d738af99524836cc6f246be35a9f4553", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349925, "uuid": "b49a1f2c-75f4-4223-982a-49b3aeebb19d", "comment": "Malware payload (Loki)", "value": "21beb4bfa145870ac4c16b6f9e7ad7697d247ef64f726cd9be18a76508e76120", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349925, "uuid": "8cde740f-65ab-45ac-892d-27ca2a4ad6bb", "comment": "Malware payload (Loki)", "value": "79ebe4216c3a09ffc469a90b74d10d522f7dd1c5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349925, "uuid": "2657bb13-b605-4cfd-9e5a-294fa19396a3", "comment": "Malware payload (Loki)", "value": "0ae84ce07d090979ce825edc5362b7329dc08fbd5262295b5708c25043c325c0b799bf13b6fb7c04ba60e5bd4597b637", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349925, "uuid": "00ca36d0-58a9-43c2-8c18-89470101128b", "value": "T18BA34A283ADC4606C3B95379E14FC115C77183B35703FB46B94D4AE82F53BC9A9262AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349925, "uuid": "2c14d0fd-f1c7-47bc-9f6d-f5b3e3088c5e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349925, "uuid": "232e9723-9c4f-4b21-a12d-b75f49974045", "value": "3072:h2/cyCNGKZBJF/duzuKpm7kCw8xXyJcXx/3oSBevRwhxzraiILw3xf9NI0:8/cyCNGKZHF/dSuKpm7kCw8xXyJcXx/X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349925, "uuid": "3ddfca51-d369-456e-bcd2-b80e04ae0813", "value": 100352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349925, "uuid": "673c574e-b87d-4acb-8f84-7607af7fe032", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349925, "uuid": "861716d9-d983-4088-b03d-9298c230dd52", "value": "PO No 239092.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6ee5ece-3d7a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692330749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692330749, "uuid": "8e0f4179-c6b7-4c31-a446-a5e473b1b64a", "comment": "Malware payload (AgentTesla)", "value": "700dfeedaf6d739064bdc295eabe23bf", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692330749, "uuid": "f7086fc6-0d95-47d5-8fc1-bea2641c4095", "comment": "Malware payload (AgentTesla)", "value": "22f66a34d2354f08b0e4924f3d619d6fa0922adda2827f7e6f588f5855e4258e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692330749, "uuid": "b763c368-85e2-4ed1-b142-f804e3006417", "comment": "Malware payload (AgentTesla)", "value": "3b0847a4af6c5037b9c46dcf9f452453f2d0ae11", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692330749, "uuid": "10056a4a-e8d2-4938-ba7b-c3671cd3f2ff", "comment": "Malware payload (AgentTesla)", "value": "df064e4d6533c948650775838bee11784f243adf7b93d6b4a920154f3c3cbf00486bb0875936e9aa119c42b4c959564f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692330749, "uuid": "5102fa93-509f-4691-8dc1-37e181f1679c", "value": "T151F4120126AA6B3AC2BCD7F5349558907FBC552F80A1CF249F963CCB3079B9416C7A27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692330749, "uuid": "85d3fb13-36a4-4cea-ac5c-1374d9731385", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692330749, "uuid": "4bb09c49-b28a-4fe1-8039-fbd554c6a4a4", "value": "12288:02iNsXDl+Cuck4Tlb4VI1PYjtBQdDFblWEnNyzO1bdNInM15N1l9xK8pE3io/AK:01ghz4+d0LabhngzO1jI01lVE3ioY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692330749, "uuid": "49482490-7fe7-432e-950d-6e3b9e0590f5", "value": 745984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692330749, "uuid": "083ac9d4-57a0-4107-95e3-218bcbf316da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692330749, "uuid": "8ed07ceb-2781-4610-99d5-ae810b8ed2cb", "value": "700dfeedaf6d739064bdc295eabe23bf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ce337f0-3dce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692366622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366622, "uuid": "a84c4289-aac1-4466-abd2-e21194d9a372", "comment": "Malware payload (RedLineStealer)", "value": "ec126c3dd54087e1f7f947c7fbf4d7c5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366622, "uuid": "797323c0-586f-43d6-94e0-47db7fa07e3b", "comment": "Malware payload (RedLineStealer)", "value": "2373803d5eb0e2ce6f161fb1c36f67464f6ee51b11f95128559af65e8a8be83f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366622, "uuid": "80fc5784-788a-4240-9210-842a6cacdc7b", "comment": "Malware payload (RedLineStealer)", "value": "1031a8af51d72a94a594ea135e79806b4e4bd774", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366622, "uuid": "7c6500fd-52c4-4e88-8f3e-4e99d7e7e629", "comment": "Malware payload (RedLineStealer)", "value": "1b2d413a704b97653f6bc6b57017c8ca5b33a4ef079daa6afb457329055bea53bac700eeae06853796536ce6b2d5ca2a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366622, "uuid": "4443c333-172c-4a49-99e5-8bd42f0a2d76", "value": "T10EF41293E6D58573C9F217B04CF102831B39BCA19C3587BB6786A48E49B3294E639737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366622, "uuid": "efdadee5-4f70-4807-a30c-2c9600acb883", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366622, "uuid": "8723c3a0-d65f-492b-b60d-ac5269c4f14f", "value": "12288:EMrCy90F4/s0WPsmi6ufsUvJFM4u892mJ3yyuj+pNYkm2euN1Lq:uyi4lWUvsqJO8Mmgyuj+ukm2euN9q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692366622, "uuid": "aa2ca7f6-53eb-46e9-b7e5-212a3114d116", "value": 741376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692366622, "uuid": "aa4fd284-387d-48f3-aaa8-4c4dbec12c18", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366622, "uuid": "d2d5f56b-c527-4909-b55b-b4d02fd73ec6", "value": "ec126c3dd54087e1f7f947c7fbf4d7c5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4310939-3dbe-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692360084, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360084, "uuid": "b80a36ff-b170-4b66-9ff7-5f7a6abc6d9d", "comment": "Malware payload (RedLineStealer)", "value": "6883cac79bf32bc71e629099e4108c7b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360084, "uuid": "e76e09a5-93b5-4f24-bbfe-8e12ffc52b18", "comment": "Malware payload (RedLineStealer)", "value": "2450a79857b2d97653db25698bc2a902d58087d4bd25b1ebd743fc13b84f8a5f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360084, "uuid": "4e89c618-7cba-4cbd-ad72-f3cb71c32432", "comment": "Malware payload (RedLineStealer)", "value": "26f5dc337a34f733ac348115731df541138307d7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360084, "uuid": "c7642195-b236-469f-be6a-408bab23ac06", "comment": "Malware payload (RedLineStealer)", "value": "385fe82a5156bab7bb2659f696eec51107336b31d98cd734977beaa7b53783332607af0fa9aba0bfb9a98500a27fcb46", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360084, "uuid": "f009ab1c-fe2e-4596-9075-bc2914c152c6", "value": "T125357D60748141F3EDE210BB87ECF666826E94701365B5CF0188C7EFDE502D5EA72A9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360084, "uuid": "dd22e1c3-09f0-469f-b86e-13e185ac72a4", "value": "c975e77a08e23b746f6e07cb52ac9f6f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360084, "uuid": "b8a2531d-f6b1-4681-bba7-0037018ba05a", "value": "24576:Eq4fqp1xsbq+21LtDi/01XAvhPGOhDrIUK:r1xsbqJD3XAvheOeZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692360084, "uuid": "fecb2fcd-9597-471c-be52-c9f7cd26665a", "value": 1125472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692360084, "uuid": "bc86ea65-38e5-4657-8b5a-ef88f156aa17", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360084, "uuid": "f43a656f-89ef-4035-bb3c-5ab9362df51d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09c55b57-3dca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1692364845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364845, "uuid": "36fd68e7-3f2f-4105-916b-45ce0803cc91", "comment": "Malware payload (GuLoader)", "value": "60cb81fdc33fec3f79b8e1141ba33936", "object_relation": "md5", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364845, "uuid": "035c398f-7b05-4dfc-bb1f-5bd1cae56853", "comment": "Malware payload (GuLoader)", "value": "26e4b477dfb938d9c6a40a6a29a0f28e88bf2b611941d372d869422e1b21781e", "object_relation": "sha256", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364845, "uuid": "0165ebc3-ad4a-480b-8654-f9efc4a5307c", "comment": "Malware payload (GuLoader)", "value": "d12b611b30a06ee7b872c07435ffe0023a40d833", "object_relation": "sha1", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364845, "uuid": "38aadac3-af4e-41eb-ad78-b246d2e3d5ac", "comment": "Malware payload (GuLoader)", "value": "fc8e21f41400e4433b8ea9c43260ac22048ab7e2acbd1db0cd5e7307269811264b2d109410b11b4f77066d336a2ce02b", "object_relation": "sha3-384", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364845, "uuid": "0d6df568-6b73-433f-975a-b48d428f41ff", "value": "T16774233F2D6FE1229805A7707572BB7DB96E0CA5B12B538C9CB3C85CA494771CCAC512", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364845, "uuid": "594315a4-f317-42d2-80c6-e6c73a9f2e80", "value": "6144:eZxqMEMsxPcxkZEylppumGs/mgyG0MZoH2andYMmNRvv83t9pCVw7UgHQq8UaY:UuF1cPyljGxTTdDSRvv2jcV9gLaY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692364845, "uuid": "5d4360a9-2281-4469-9382-401dc6284c6a", "value": 340937, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692364845, "uuid": "1c0fad6c-96ab-48d8-8aa7-efa8c5db7b02", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364845, "uuid": "4fc2eaa1-8f74-4de6-b896-1f610f0ccf1a", "value": "Sinchrones 000965_MEC 10.08.23pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6cd0665-3da7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692350076, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350076, "uuid": "db6b52a9-b0d7-4171-9962-2e873d5dbcf7", "comment": "Malware payload (AgentTesla)", "value": "b581fabb9fffe7a1f1e1bfb9b85898e8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350076, "uuid": "8e0d23c3-5dc1-4861-b972-d209809f6d25", "comment": "Malware payload (AgentTesla)", "value": "27dd8af1049e7d495f73741146f938dd11fb15c72879548a3501ade72bcc3c5d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350076, "uuid": "f62d7803-4137-4ecd-8a88-511cfbdfe52b", "comment": "Malware payload (AgentTesla)", "value": "f3c371925abb63366cbe6fd7a4febf891c9ffd4f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350076, "uuid": "99869abe-2a83-4d18-87ae-72ade76b97ab", "comment": "Malware payload (AgentTesla)", "value": "ba18e07984941778b858b5ff13e871cc7481c733cb91657acf64d3bc1fe8e33425d6817fdccf4ce7738316ae04b42912", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692350076, "uuid": "e9357fb5-c4e2-4734-87c5-875056378f1c", "value": "T15445E15037B96E0BE57A86F954B8614183F57E196161E3DE3DC920CB1AF2F004BA2F63", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692350076, "uuid": "14065b4a-c0e1-4233-bd6c-73bb549da99c", "value": "12288:HOmHFFDX21hED6Q+whWdevrolEuCAarSiX6Rlp0FnIGqHVgo4neVZJ4:umXNNQdcEGuYqRl6nIJVgrneV3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692350076, "uuid": "f0d3bc3e-0ea1-46cd-a122-9713b0c97799", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692350076, "uuid": "8cc0f3cb-95b1-4c6e-943c-29dfa285c3b7", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692350076, "uuid": "708bb092-ebcc-4755-bf35-2a4be8988684", "value": "Swift copy USD 222,000 SCREENSHOT.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c37228ab-3de1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692375035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375035, "uuid": "c560a7f8-3248-4401-897b-046599e15178", "comment": "Malware payload (RedLineStealer)", "value": "b2259c17d521f9dc9d405b4bfa2e3470", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375035, "uuid": "8c6c38ae-0dd7-4405-a4d9-b15872d42a65", "comment": "Malware payload (RedLineStealer)", "value": "28b764b4ca9f71ff78a489976ea9c932a62637ed1b804f952dfe1d983af072f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375035, "uuid": "87e9d80a-7d34-4630-806a-688299311453", "comment": "Malware payload (RedLineStealer)", "value": "0ca93e14866974bbd4cf92f835dc65dcd2143085", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375035, "uuid": "129f7c42-5b55-4a47-a49d-d9cd12c651bd", "comment": "Malware payload (RedLineStealer)", "value": "028aa4e9bd2cdaec32d13b4d7fcc9257435c954db04efc67bf1923004093e8f587d67c68a83edc0c06f2066a1c825215", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375035, "uuid": "786d84a5-9674-4d8f-b02b-2acf1cb1902c", "value": "T1EBF41203DAE99173DDBA1BB01CFB07831F31BCA55968D36B2395A95B5C72280A432737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375035, "uuid": "b6b033b3-55ca-4ea8-b4d8-4b3cb5d34316", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375035, "uuid": "5a11194d-4e1c-4a06-9745-a6bc17605e1e", "value": "12288:yMrWy90Rd5CEce9zMhBDGStMPqc/q1S7EKMGe7ufryRo2X2p778cjlD039O94GdP:gy+d5C/eWiStMPqJ47E7d7uzy622QzNe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692375035, "uuid": "d843a32f-0872-4358-856c-b4835dc94234", "value": 745472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692375035, "uuid": "2493cc79-3c01-4afe-9d7f-06ae90f38244", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375035, "uuid": "73bbfb3b-a2e9-4a05-914e-1dee1b185eb3", "value": "b2259c17d521f9dc9d405b4bfa2e3470.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "86532536-3d90-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692340143, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692340143, "uuid": "1a7f510e-769b-42eb-a76e-ee9090c26318", "comment": "Malware payload (AgentTesla)", "value": "2ddb7e571169b58c65b6e488aea6eae2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692340143, "uuid": "ccf26c49-12d4-41a9-afdc-5b0797001b30", "comment": "Malware payload (AgentTesla)", "value": "29fda8f34ff31ef26c755e36371fbead0048b2cef46f5062e857126cfa78368b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692340143, "uuid": "40aaa0ab-ab22-4db1-9397-42972cf16fc1", "comment": "Malware payload (AgentTesla)", "value": "9ec422621639b336f5b20de2267b428ade79f846", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692340143, "uuid": "47c1fb01-a36a-4131-a8a6-84528275f622", "comment": "Malware payload (AgentTesla)", "value": "7af50672965682b4a2e2fae3323b5479ccebf8391b46d1819957e14b1641ef00a0b3d4516beb30df5d339a9f8c6ac466", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692340143, "uuid": "51241e4e-ce00-43c1-9019-3abd10d243e6", "value": "T1A215D85CFA09DA3FD34C8C3950F9DB2B69B99BAED0E1E351C01191B518E6CAD0DB6063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692340143, "uuid": "b5d8b719-a07f-44b3-aa54-43bd1819b4b6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692340143, "uuid": "78688bc7-61a0-442a-a290-55ed21bbd431", "value": "12288:KMMdLxLSWrxPGVucwD7se2oj3t6N3wACEU4VJhxhG+mm:KY6x7se2o2yEU4zhxs+R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692340143, "uuid": "d1498b64-d376-41dd-af70-549647af9063", "value": 925184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692340143, "uuid": "f358a9f9-211e-4c26-96f8-cc108e85c846", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692340143, "uuid": "43f01128-3d39-4eed-b1cc-20ff7221217c", "value": "SecuriteInfo.com.Win32.PWSX-gen.5084.28833", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24fa67e2-3df8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692384647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384647, "uuid": "62315723-fb21-4619-be0f-7a01760a74c5", "comment": "Malware payload (RedLineStealer)", "value": "c5b4cabc96e956778315c37cb403f379", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384647, "uuid": "850cbdde-26fe-4ebb-b1b4-c12b843508d8", "comment": "Malware payload (RedLineStealer)", "value": "2a6582f628c700ab75f4604add6de21d854687119c8adc79dacc339015f4109e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384647, "uuid": "6af31067-4f6a-40c4-9b41-eb3d0ec33acb", "comment": "Malware payload (RedLineStealer)", "value": "4f0a947f3cdce9146e2a26a799f537380c7dc553", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384647, "uuid": "64988d79-eaee-4224-825f-d1afa98e8bd4", "comment": "Malware payload (RedLineStealer)", "value": "6c41489173a8170636eaa394db016ebe5476d6b75a0da6c6266a131e82e3ec116e384dedaf45d7ba20f762910a5aecfe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384647, "uuid": "72db9078-5a89-43c3-8625-413437590d1e", "value": "T13E052343AFE85423D8721B706CF61B571E32BDE20DA4879E2B55996E0CB27C4647233B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384647, "uuid": "2524b40e-ba8f-486e-828b-b5384a0f842b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384647, "uuid": "3d508695-cf46-4528-8d83-3146b3a04994", "value": "12288:yMrXy90rGGUAoW0NZrJkXHFT6Kne/vbpi7V++Goq80YYdTYi0eFTu7v/:Fy6GGWNZ+XHlK/vN/Ydi0eav/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692384647, "uuid": "d8fd0b9f-87b9-42bb-bd9c-5366e46289dc", "value": 858624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692384647, "uuid": "f4ada3b2-bf09-4885-8620-6117d11cc5d4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384647, "uuid": "9f068366-2f28-4c40-9cc3-474553ac1880", "value": "c5b4cabc96e956778315c37cb403f379.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0641a927-3dfd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692386743, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386743, "uuid": "37647a9b-8710-41c8-a742-9c314aa89703", "comment": "Malware payload (RedLineStealer)", "value": "eaaae93cd2d238f68d7477c9332a7df5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386743, "uuid": "4f25e810-8a44-4fea-8bd3-1229e97ead6b", "comment": "Malware payload (RedLineStealer)", "value": "2b1d36fd7aa671cc8e0549345b02e9cddc2e00dce00268a647e89c0c976b8b0d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386743, "uuid": "8b4717de-5f71-4399-b24a-a96c8796c57b", "comment": "Malware payload (RedLineStealer)", "value": "40fb01131ac0059dd18a2f6fb57f3b8b4a2ee8f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386743, "uuid": "14e49c59-5008-4ebd-ba3f-516e092a443c", "comment": "Malware payload (RedLineStealer)", "value": "44652d4aaff5390044d838037ef2d1ad85d0c1114654bbf6e027fd797a5a788a54297a487609d1b83431cc266efd3c5d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386743, "uuid": "69cdeccf-ce29-406c-b003-d902b1434ecf", "value": "T11CF41242EBD84962CDF513B014F203932B367DE5593C9A6F2744AA6F1C73D90A63632B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386743, "uuid": "3aed4d92-8dd5-41d4-ac76-57bc60fa4329", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386743, "uuid": "c4f96ae9-ab93-4808-bb8f-ecc8e95c0708", "value": "12288:fMrYy90kot2xud1z5NWKyLGo99Os+cr88G1hsfQcYp02YD35HsQ38vs4Inb:Py1tudnN6LGo2s+0Yg/+Yr5HslsP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692386743, "uuid": "02684082-3e65-4737-93c4-eed5241b00ca", "value": 730624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692386743, "uuid": "0995b465-b77d-4525-a5db-b7b6f825d78c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386743, "uuid": "e61d2724-c9e1-424f-8f5e-06ea0bedab59", "value": "eaaae93cd2d238f68d7477c9332a7df5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e30b0a02-3dc7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692363921, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363921, "uuid": "55e42e2a-f9c5-4fbd-8d17-3891c27923fa", "comment": "Malware payload (Amadey)", "value": "a0e72029d27be20547eafb5cea7713ec", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363921, "uuid": "7c8b3301-c5a7-4e3e-abdd-72a1c9db786a", "comment": "Malware payload (Amadey)", "value": "2b21dbc567527d678f4ffadb1eac04733c44f2adc61eb0ad048586cabfacfe24", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363921, "uuid": "cbc90c54-272b-4c2c-ac3f-10e1f73b25a0", "comment": "Malware payload (Amadey)", "value": "78095335dca3fba2d08ba38c79fecac89d966f1a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363921, "uuid": "7750d5b2-1829-4ef6-86ae-00fbe9a3be60", "comment": "Malware payload (Amadey)", "value": "719f3b4d290d8f489fc13be454210b3b2b974448cbecee94c55ec5251e2ace5310c0cf8b116b7a7ea6e264ecaa5ae277", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363921, "uuid": "882d95de-adc3-4b24-82b0-ca20e80747fc", "value": "T15FC41251ABF54073D8B12B7058FA02C30A36BC72AE78475F3691A48D0DB2694E4B677F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363921, "uuid": "bb1a446a-fbcd-43e6-889d-11ba44077286", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363921, "uuid": "5fa14801-792c-4ac8-8693-11eec19654ad", "value": "12288:uMrzy90bIttM4tCwfBFb8E+SS7shwYIZ6pWXQPGyV2nU:1yFXCwfBFwGxhMA+uj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692363921, "uuid": "299e36ee-8ba9-46d6-ba8a-29f7346bac53", "value": 577536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692363921, "uuid": "5b1bf9e1-4421-47d6-a5af-4d5d7c7f9bbb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363921, "uuid": "79e8d5fc-0717-4776-b3c3-6520fa6a6d0f", "value": "a0e72029d27be20547eafb5cea7713ec.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f542941-3e0b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692392986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392986, "uuid": "0ebd225f-783e-4dab-b160-32a0d77afaef", "comment": "Malware payload", "value": "a70d0e88dba94012884fe8b82ee19e72", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392986, "uuid": "71ff4c4e-d207-4e20-be18-18515f82a8b7", "comment": "Malware payload", "value": "2e135a0e299d004e5ba2ba7fcbf79e6cbf1666367e020a7341dd2255c4b8cf57", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392986, "uuid": "3bfb8f19-f6ed-4a32-98fb-4159f278aab6", "comment": "Malware payload", "value": "76a4d6116c91f52f75a6443e6c6c79385c66adf6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392986, "uuid": "1c3fbe92-4b9f-4477-b3de-0728a1ba61b2", "comment": "Malware payload", "value": "40ca271594d23584247a5e5af65019d67da928ab24b07632d20a824d6a45babd37d2dca298d47e973d000060bfb5daa8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392986, "uuid": "7de9190a-9b57-4372-881e-3392f737883f", "value": "T13A910B243759AE78E9E7067E07E35DC2ACE095D1D3D67883DBF4A9BC04746A0E00E856", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392986, "uuid": "499ad54f-7f36-4bea-be41-aedc8c476036", "value": "cbeb1e22b838203a94a71245897a87c4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392986, "uuid": "65531471-d296-4be1-91fa-bf5a31d1de89", "value": "48:1jAqT7qA6Hxh3QM8Dbf80v0UkrtI2H9XB+FGIJb4FREsSE3rTDa1LhZlZ4TDyp:1LGxfAM8DD803kKSB+dJbQ33XCtKap", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692392986, "uuid": "7f18d9b9-03e5-44c5-9cda-c0a455a2be40", "value": 4608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692392986, "uuid": "d44e7618-236a-4fb5-a60b-1ff09ab10ad7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392986, "uuid": "9de57205-678c-424d-b657-5489552b8cc6", "value": "evadef.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "867d9401-3dd6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692370208, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370208, "uuid": "1754a4fc-ff4b-4bfc-8110-7176916b13b2", "comment": "Malware payload (Mirai)", "value": "eedf7e647bbe2a3641282c4cd65937b4", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370208, "uuid": "c789541d-f47e-4a56-b74f-1c9ad84586e5", "comment": "Malware payload (Mirai)", "value": "2e93b2e64b1eefab909df8ba4788310f7462285564635075b6ae93bf99fbcecf", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370208, "uuid": "65085dac-44f0-4b55-a13b-aaef6798ad7b", "comment": "Malware payload (Mirai)", "value": "77a7c2600d1ad55988dba7318f113f3907fdc571", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370208, "uuid": "27e72e06-129f-4483-a84e-030710a1fd58", "comment": "Malware payload (Mirai)", "value": "b0fef7ea8acee7e83cccfe0cb4d643ab5ef0b949a3595c072d157f47733a911be3da5d2f7dbe07600281dcff0162fa94", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370208, "uuid": "3fb610fc-0242-434c-a723-133d0c003eea", "value": "T165A2D01472632D65E3AD1C3CC9AAC35BB9A71BFC90F6327569445620C94D24A3E38A4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370208, "uuid": "866ca27b-c22a-4ea5-a087-e39462f634fa", "value": "384:TvtIoZxrSniaXs+qx+bwqPX+VOcFd5fHq52lxjSBwhymdGUop5hg:TvQn4j+ZO5fKAlxWBws3Uoz2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692370208, "uuid": "d7180935-6e6b-45f9-92e1-21569a121280", "value": 22168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692370208, "uuid": "026b1e9a-f066-4ccf-9e4a-493417df1f9c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370208, "uuid": "bb97c5f7-8c23-4657-9b84-35c238ce694c", "value": "boatnet.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3f371aff-3dec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692379537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379537, "uuid": "9c1d1376-4fff-4e59-89e8-2721c021462b", "comment": "Malware payload (Amadey)", "value": "505183add5a3aaebfc97dab3c1a149c0", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379537, "uuid": "e4ddd95c-ac80-4024-b5e6-7d3210c7c124", "comment": "Malware payload (Amadey)", "value": "2f1978fda2c1cc3f69c04c2012ee448e1c853680c60161a1fe4219e836b47d66", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379537, "uuid": "2cae5fb6-472d-4961-b6ed-4e6e098c9b90", "comment": "Malware payload (Amadey)", "value": "3703a59ebe5f167de9d9caafc9c8aa3f0a6b6b4c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379537, "uuid": "7b1c4519-9fa6-4579-9ecf-53a3195cef00", "comment": "Malware payload (Amadey)", "value": "b47373315aa9a1f59871addbda76d5938e9eee33617cc630042ff85f018be236ec5bf91d64fbe491e6a754671c1b821e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379537, "uuid": "050026a9-bbff-4ea8-97bd-568eca45fc5b", "value": "T1C2151252AAD885B2ECF06B7028F603D70F36BCE14D35932B2795D88A5D73640A47673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379537, "uuid": "74255149-7d18-4aab-96d9-f89e6ded7386", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379537, "uuid": "16e0c565-5181-47b7-aec6-f048a0ced8b2", "value": "24576:oyPwLg9jdzjozwANnvahQgJBMmtoHjtXJMr:vILgJRo7vahFq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692379537, "uuid": "3f1ef58c-9583-40a3-aae0-0727315fb0ac", "value": 876032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692379537, "uuid": "00dac927-d79e-412b-9d93-81bc3b253963", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379537, "uuid": "84f8c428-4b47-4e35-acf8-053c8db1e59a", "value": "505183add5a3aaebfc97dab3c1a149c0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80ca32b9-3dca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1692365044, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365044, "uuid": "7f9c18fe-db86-482c-a269-da5c427b6005", "comment": "Malware payload (GuLoader)", "value": "c87a0ce70f9ebc7de78a8a83d3e67ce8", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365044, "uuid": "d0e145d1-f007-40af-890b-91224241b242", "comment": "Malware payload (GuLoader)", "value": "2f31eeee1346b7e71dd591be17134c66ac2f4072388d60992341e291258b9119", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365044, "uuid": "e2fb0733-680b-4d07-9764-6dcfcb5fa206", "comment": "Malware payload (GuLoader)", "value": "2076c6a893bf7a1d5c1ed3475f4909431a733841", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365044, "uuid": "cb97a79f-217f-4a2a-9d16-3941b34d5de1", "comment": "Malware payload (GuLoader)", "value": "2e355061a010301653018bf77a94880cf02a8c85f3b38fc966fa7953042cd14092c06b079304e4993ab4319f02d3b8ca", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365044, "uuid": "2658402a-83d2-46d8-99c0-758f3306443a", "value": "T11F7423933193C4CB1B7C0A38795BDCF7D30606993AE3864FF13A72A4AD9A358576B901", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365044, "uuid": "34febb64-89e5-426e-9311-cce8a2c71b04", "value": "6144:sIHB0XwfEaprpFmlOQ2NGAKHgHQugrahANBTzRJgVjJ+Lu7TeKJg+:1hlEEj7iAEn7aSRijJSu7TeKJH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692365044, "uuid": "a52ae876-fc51-43f7-9ced-65fd962ac52d", "value": 365590, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692365044, "uuid": "9d3984c5-4e81-40d4-9e0c-a7a6c29aa8d1", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365044, "uuid": "e2a0a2c1-f4ac-42ef-9c0b-0217d7bc47ca", "value": "\u03a4\u0399\u039c\u039f\u039b\u039f\u0393\u0399\u039f \u03a0\u0391\u03a1\u039f\u03a7\u0397\u03a3 \u03a5\u03a0\u0397\u03a1\u0395\u03a3\u0399\u03a9\u039d_2023_81__824pdf.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2ff2ac3-3e01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692388805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388805, "uuid": "e0507a04-aad8-4906-bb8d-8e9f792c2479", "comment": "Malware payload (Mirai)", "value": "89da3c8ddded448264cf7ee10c844044", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388805, "uuid": "9a641462-41bd-4d1d-8549-26120fe20b28", "comment": "Malware payload (Mirai)", "value": "30233339979b9a2f0660110960df5b88e12806c3cf027c9c425105fc97cc071b", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388805, "uuid": "a1bd4e69-2462-453a-a40e-a7cb5492b6d2", "comment": "Malware payload (Mirai)", "value": "7ba80752f00e6ddc6d23f59d055ea6825c132859", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388805, "uuid": "6433d5dd-0d85-4b2d-a2d1-4fd8c6ae0464", "comment": "Malware payload (Mirai)", "value": "ec13af55351ad58cd6e13154ab5d65927d5a802266cf65eda9654025ed262ae757225c5b0760da0dba98e13164eaf103", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388805, "uuid": "69422a91-ca04-4e33-af7d-df3d5b724e5f", "value": "T13D33026217AE69D252B05777FC33BC1A66AC17F8986730DA38F0571977C18020EF2782", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388805, "uuid": "e1a3c8d0-84bb-4dd4-9e04-b7902dcbf917", "value": "1536:69O/ZMAXIxNUk0XB3LcPqF1aBexo4opKZb0:69O/ZNKyzB3LGqFUFJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692388805, "uuid": "38888c31-8619-4370-8e20-fdce33e37ac0", "value": 52520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692388805, "uuid": "9a4eb22a-c216-4349-b9cc-603e95f79614", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388805, "uuid": "123cf8d8-1f90-4b50-9e86-52c178a24ca9", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88243a01-3e0b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ShikataGaNai)", "timestamp": 1692392974, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392974, "uuid": "2970052c-c7ed-423d-ab07-f869712317f9", "comment": "Malware payload (ShikataGaNai)", "value": "188d8bac75781961b822c00a1b71cf05", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ShikataGaNai", "colour": "#554481", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392974, "uuid": "88f03ca3-435d-4696-ba00-b53b6d200877", "comment": "Malware payload (ShikataGaNai)", "value": "310559f3a073de15f8b5c66bea1152c9bf0cdc4f0f2f41325fbee132bb0cf76d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ShikataGaNai", "colour": "#554481", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392974, "uuid": "9ed8b6f7-d373-4725-b27f-57a8387aa236", "comment": "Malware payload (ShikataGaNai)", "value": "d760ebeb47faac0a5716f3b2321bb2d524e39a3d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ShikataGaNai", "colour": "#554481", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392974, "uuid": "1ef9e8a6-40ea-4e95-90d7-d4536c11ee0e", "comment": "Malware payload (ShikataGaNai)", "value": "ca79dcc4fda0321dcbdf1846d3f1acaf01442106ce6f2d842e468d0851af6be62f3253ca23f25254c9b72c2dbaa95e9d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ShikataGaNai", "colour": "#554481", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392974, "uuid": "9145fb3a-7bc0-4f7e-9099-1bc135f8eff6", "value": "T12E73CF42F9C41065C6A212BE2B723A756A74F5FA3611C09A368CDCF9DBC1CB0B5363C6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392974, "uuid": "2549f56e-d67e-42be-b954-5d452ca2c5a8", "value": "481f47bbb2c9c21e108d65f52b04c448", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392974, "uuid": "4c135a68-19b8-4732-af70-3fe7bc950e6a", "value": "1536:I5q+mFKg+KR9m2r6KazUNmDyMb+KR0Nc8QsJq39:z+QKg+oBkzTye0Nc8QsC9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692392974, "uuid": "ca0b5090-03ee-433a-a3c6-c398f3aaaba0", "value": 73802, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692392974, "uuid": "fb39aa98-91b9-4cc5-82ee-33c0bb7ba1a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392974, "uuid": "8d08d956-9bd4-47de-9881-f0d1e17fa329", "value": "fatmsf.exe.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6d246fd-3d93-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692341593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341593, "uuid": "d736524e-c4c8-4458-bb84-33d03a371233", "comment": "Malware payload (AgentTesla)", "value": "7dbeb9ccb04ea7f800cc115f3ea2a231", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341593, "uuid": "cf66dbb5-cbb8-40df-9e50-d8e5aad11444", "comment": "Malware payload (AgentTesla)", "value": "311f3f352aab9853825dd455bcf8721f7d25d48c27fb1b4bd1ae9103e31bd7f4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341593, "uuid": "7c9d8207-9aa0-4a50-bf76-b6bacaf11f92", "comment": "Malware payload (AgentTesla)", "value": "57e74904a72fa69c7c81a3c5aeb77865b32bfa11", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341593, "uuid": "f7d2cd38-c95d-4dcd-a264-a321b9cb051c", "comment": "Malware payload (AgentTesla)", "value": "318f39d62f5019df92681e092c1066d5fb50c7892fa3d9d08ec00a90e58ef0123c07fa0dcd86d5832297e80071e44225", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341593, "uuid": "f634e920-d737-4dea-8d4c-f0beaea03527", "value": "T16BA33A28368C4717C3AC27B9F14B81048B7592B75613FB8D388D16E42F937D0A9A769F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341593, "uuid": "76551cc7-f724-4853-a960-2d23b21b357b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341593, "uuid": "68ae6e95-e8f1-430a-a792-c6f9873de567", "value": "3072:rCcNPrLtoBQtwTzZSxH7SlQjbJWutGRKGV7+52wuI+ghGt5KrfcT5:rCcNPrLto+twT1SxH7SlQjbJWutGRKGt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341593, "uuid": "1f469afa-df34-45d9-894f-1176bf29b796", "value": 100352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341593, "uuid": "75e7dd2e-8cf8-4430-9ecb-52ea69278419", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341593, "uuid": "258c473b-ec54-4b49-9fd5-c2d18a360652", "value": "PRE-ALERT-HTHC22031529.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ccbaaeb-3df2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692382271, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382271, "uuid": "5a1bc327-cf70-4f4b-8a62-9ec28aedf3d0", "comment": "Malware payload (Mirai)", "value": "5e162ee032ef458493b74adc37e24375", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382271, "uuid": "ace3ce77-7fc3-47e5-afbc-95e424e12981", "comment": "Malware payload (Mirai)", "value": "31b1c3b8d0580d0c748220ed65a3dd4301922a94df7ea3cafe2b414751d94f9e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382271, "uuid": "69cf890f-eded-48fb-8d04-197d39697a80", "comment": "Malware payload (Mirai)", "value": "88f6c74402ae3cba42c681834316117d3dc05200", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382271, "uuid": "4c317cd2-c70e-4ec6-98e3-349c5af9ee90", "comment": "Malware payload (Mirai)", "value": "d3f085ada94525890c265d7261a3417d10c2e45ccd2fa48fa237f347bff47a0e45b4accf789e0a9007245a40173f48e8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382271, "uuid": "706ca1dd-58e5-4431-a006-122025a7a4e3", "value": "T1C9431921B63A1F13D0E0A47D21FB4B59B1A15ADE26A4C64E7D720F4FFF11680A943DB8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382271, "uuid": "a8fd09d9-7c1e-4473-af95-331899ebff28", "value": "768:RqowmZPu9wtnfbltWgC6BSJsBcfDSTFIuQKqgESnmC/xO+KpAws:RqtmZPuutfbltZFBSJsBcfDSTFI+BEs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692382271, "uuid": "3f91c33d-7825-4b14-ad6f-3379ec3a4a19", "value": 58376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692382271, "uuid": "c10747ac-b566-4d99-a46d-b00708bc06fd", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382271, "uuid": "32f343b2-4cdd-4df6-8cfa-91518e6278d9", "value": "5e162ee032ef458493b74adc37e24375", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8fe73de6-3de4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692376237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376237, "uuid": "d52d32da-6312-44b2-855b-6b2fe50d21f0", "comment": "Malware payload (Amadey)", "value": "d0f7229972c06b92a1723022d1171cb5", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376237, "uuid": "fbb428e7-014b-4268-8817-b02fcda8aeb5", "comment": "Malware payload (Amadey)", "value": "33ea9c83fa78c7902708f73a99c21bae8fa29f8fcdc0ef7b80f7c2412a2a381d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376237, "uuid": "4aae1440-3ce4-4efd-b256-a4ec78b94997", "comment": "Malware payload (Amadey)", "value": "38f4d6ee245244db7675b89210cb3aaba19f6074", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376237, "uuid": "b829b4a7-1c77-4fec-a144-09ac8256edaf", "comment": "Malware payload (Amadey)", "value": "11d5093ba39b13f00a0e6f4637aa3619eb16e8913c4602ad71c1616ad636f315f9c78252fbf493f5e629e36f5784d0d1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376237, "uuid": "50701e9c-51d4-4f21-8f17-bfd7f77d6616", "value": "T13AF41213A7E94477DEF4237054F717930B35BCA02C78876B3692AC2A1831A98F936766", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376237, "uuid": "f9f81658-5e2f-4332-a68d-a42c11ef36ec", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376237, "uuid": "cdd5f68c-e07f-438c-8026-8ad47003f89a", "value": "12288:7MrGy90DXc+Ilk6eiQMKwqtTb7TOLMuaIEDgeDKZBe7tQ6KRTiXPp7fJQxfr4FDW:9y2XSC6r111FeDO47t5KVixQ4cWbxS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692376237, "uuid": "4cefef8c-d423-4e4b-a952-771f22c7317d", "value": 747008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692376237, "uuid": "2bce5513-8de5-4a96-9cb4-a4a89cf4b598", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376237, "uuid": "a1ebd4e9-abf3-4155-8805-f8ae6870bece", "value": "33ea9c83fa78c7902708f73a99c21bae8fa29f8fcdc0e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cdd084ae-3d98-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692343699, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692343699, "uuid": "2872b460-b924-4916-921f-b812c442e491", "comment": "Malware payload", "value": "3cb5f88f833ccb4952407595e3bd5f8f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692343699, "uuid": "7b2e23eb-2759-497e-b503-73044b5ed4c9", "comment": "Malware payload", "value": "35d8ce301d052e57e95748ba838a0eef6525c4c455ddee180862153d90a03565", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692343699, "uuid": "1c04ef8a-6193-43c1-865b-6c37a5bf251a", "comment": "Malware payload", "value": "c7ad077a1e5146427e8f65fd13e69104f37d3b8d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692343699, "uuid": "c8a05a61-1f84-4eb6-9092-18381f87b01d", "comment": "Malware payload", "value": "a2132c93f83ea5ef592399bac6f7a8096a31f596de2a709271260b59da0a779d1674f7ff18ce884bd19e73898aae901f", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692343699, "uuid": "6df15352-ea25-42b7-a22d-2ac10f78d156", "value": "T158836B01B5D1C072EA7F5A315460C5A19B7EB920EEE1DD6B7B85063A8F302C1EE31D7A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692343699, "uuid": "f94a7af9-56cb-472f-9d3b-e3c71a134b6b", "value": "ab5b8b4c20fc15b0faf96a9f6a099f43", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692343699, "uuid": "531a56c2-53bc-42c9-8155-5af1d3616842", "value": "1536:6JKgtND5z8BLRPAI0MigiSWzjzcFEgIsK8ULJBUPsWVcdbDXH0Ycsvrn:6JXKL590zjzEKd5bDXUYt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692343699, "uuid": "5e91c7b5-9d7f-477e-9db4-f98824a427bf", "value": 87552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692343699, "uuid": "aaaf741d-3977-45a1-97ff-1dd6ff5932ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692343699, "uuid": "719a199c-1d7d-40a3-8a95-19daa529ae13", "value": "SecuriteInfo.com.Win32.PWSX-gen.15406.356", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b401b40-3da7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692349949, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349949, "uuid": "8feac25d-8cfc-46fd-b7bc-c17e6a231e5d", "comment": "Malware payload (Loki)", "value": "32387cdbcbc5238ce8b6fee960ac341d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349949, "uuid": "c8beb544-9ec4-4136-abbc-9d068c568599", "comment": "Malware payload (Loki)", "value": "3660dcb855bf3206d5bd5313da6e1737448558389a22e14bd0b9145405649859", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349949, "uuid": "e426093a-20fb-4067-b100-ee1d64f1d44e", "comment": "Malware payload (Loki)", "value": "c6156e6c461c17626c7397c01fb27d9de410062f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349949, "uuid": "a4a3cab1-d057-4c03-b66e-f68c4a152a18", "comment": "Malware payload (Loki)", "value": "6612463099919c3832cbd901ba93a0560646d309693c1a0ec1ce1478ed87fec163d4d373a6022e453b4d2eb47631727e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349949, "uuid": "b4fd6d17-16ef-4b8b-b5f5-a3c1c664b798", "value": "T15F04127436D0D427E8D217701A776A6FD7FEAA2218B0630713902F49BC766829D0F7A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349949, "uuid": "839b647e-717a-4c55-9a5a-d16b59eff33a", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349949, "uuid": "1bf15c41-d09c-4b99-96c3-91823947d747", "value": "3072:HfY/TU9fE9PEtu/bycSaHQOJpxiTr2AZrOgzOa0Dpudn+aQJuAEaVP6LsPLfNltE:/Ya6hrHwOJpq2AfRdnA8AdPoItuD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349949, "uuid": "33ef3d3b-c338-4a9d-aef2-ffdc7f06fce7", "value": 185888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349949, "uuid": "a94148e6-50c9-4aef-bdf8-790212267df7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349949, "uuid": "982fad49-1014-4a16-b155-a4d2d7a839e5", "value": "Payment Remittance.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3abeea9a-3d8e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692339157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339157, "uuid": "ecd39ded-7078-4d1c-8732-cbf2f0c6009b", "comment": "Malware payload (AgentTesla)", "value": "c987d745ce31e72ac8318fd657d91b08", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339157, "uuid": "c45f6e6f-5720-4fbb-9230-51492985f862", "comment": "Malware payload (AgentTesla)", "value": "36cab034899377952ab8a87a6a9d7285064964dafcaeca6ee2dff6daa7c8ba32", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339157, "uuid": "6a9dedab-59be-4d5d-83b4-8884d3d60056", "comment": "Malware payload (AgentTesla)", "value": "e8140ee8fb3d3015494207b989f41a4ebb65b8db", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339157, "uuid": "55ef7681-c917-4190-9e1a-06d30781cd90", "comment": "Malware payload (AgentTesla)", "value": "16cf18ca2299763aa6b9f84698ea0a20ccb8a42a09b421fd87f6af21d798189677a4dcf6a4ab20f11a46edde05a40a9b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692339157, "uuid": "e50cc2e2-44b0-47a9-9708-4767d206d171", "value": "T12F45163228738061EEFDC1347CD0B764562439BE9AD94FC7F68C76EA7A632D052311A9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692339157, "uuid": "4b8f14c7-1f81-4025-bd92-5faf691a2ff6", "value": "3072:sXDKW1LgppLRHMY0TBfJvjcTp5XulpvM8/ZQX8KRYs0A+PaiE:CDKW1Lgbdl0TBBvjc/uKeBZsn+Pai", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692339157, "uuid": "e0df915e-d6c2-48cb-b4c3-0af33b3ea51c", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692339157, "uuid": "a281dbd5-d2ec-420e-855b-5437a096733b", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692339157, "uuid": "deeeb010-59ac-4a98-ad3d-3aff83a850a3", "value": "Balance payment_1.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bf1ee01-3deb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692379236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379236, "uuid": "80a02e66-a6ec-417a-8ac1-249eced9624b", "comment": "Malware payload (RedLineStealer)", "value": "dc624bc2ab229df19eec8d7910a62705", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379236, "uuid": "c9c735c9-97f0-436e-b607-e670ec7bf868", "comment": "Malware payload (RedLineStealer)", "value": "3873b278ea97db1505e1c4361249932cb564419f7470908c796edf2fa802d9ed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379236, "uuid": "f1da126d-5f36-4e9c-9955-0dd0d5c90357", "comment": "Malware payload (RedLineStealer)", "value": "455b4f17478f263e3d97fa68aa64930906dc52f0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379236, "uuid": "e13f7ed7-ae1a-4eab-8c91-46f953552202", "comment": "Malware payload (RedLineStealer)", "value": "d295d249ab1221c2c97720d9dcbb3c3fc0f030f3c924ecf2cfc2320c7d39ceaa1723e72f7949f9925bf046bbd0fcbfab", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379236, "uuid": "5d05d186-8598-4d66-b567-245d47883c49", "value": "T118F41246E6E94073EDB827B058F707970B397C915D6883AB7342985A5C32EC0B93937B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379236, "uuid": "16d94127-cced-41fd-9029-e939ec64c57b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379236, "uuid": "3c4bde5f-2cc4-4aa7-9af3-9f2faab1cc61", "value": "12288:pMr0y90bTT/XTzfZpuGkZuMU9wK5Re7gngKRLxX2p7Bspqzczc0wvOjIbssq:1yc/XTzfZWU9wOI7ggKhxWTlvO0Qsq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692379236, "uuid": "0e771ad8-a267-4960-9e93-c3503b55825f", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692379236, "uuid": "9f4c19ad-dd18-45b3-a8ec-a71f8ab99bb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379236, "uuid": "e7ee3284-6d86-4626-8b3c-a3972ec0c95c", "value": "dc624bc2ab229df19eec8d7910a62705.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3050f65a-3dc3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692361903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361903, "uuid": "d625ba2d-abbd-48a9-87e9-38a2e8db82f1", "comment": "Malware payload (AgentTesla)", "value": "4ed40e0cb4a5b2764737e1cf856a2dad", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361903, "uuid": "671af085-acfb-4b8a-b609-4cca14e8bd5a", "comment": "Malware payload (AgentTesla)", "value": "39db2066b8753064962c5d04cc730b57075fa358976bfbd08e930bf7fc81e05d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361903, "uuid": "a0a88f3d-fbfd-423c-9fa9-cbcfdf9ff1ca", "comment": "Malware payload (AgentTesla)", "value": "323d8187b737455e68c692c1cd4b8574a32f9712", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361903, "uuid": "6a425757-e34d-430c-8f43-c776abcd8085", "comment": "Malware payload (AgentTesla)", "value": "32158ad6913cb252b63e5ea75db71ef27db463093ef6d67988dd607d0e09bcc5f39765ec572701f5c9b1f167931cedca", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361903, "uuid": "4fddca8a-0075-46c6-8a39-654dcafa92a0", "value": "T106E4E05037B96E0BE5BAD6F954B8614183F67E196161E3DE1DC520CB18F2F008BA2F63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361903, "uuid": "32e874e2-2b1f-467b-a42d-00131c70852e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361903, "uuid": "d05ee462-0d4f-43e0-a96b-66ebbd5bead4", "value": "12288:WOmHFFDX21hED6Q+whWdevrolEuCAarSiX6Rlp0FnIGqHVgo4neVZJ4:hmXNNQdcEGuYqRl6nIJVgrneV3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692361903, "uuid": "67e98864-089f-4a58-9031-bdd65e887bb9", "value": 699904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692361903, "uuid": "5b515459-ecf7-47e8-9f3f-b790765f8131", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361903, "uuid": "36088502-6068-4bf8-bb31-e50e26b2f365", "value": "SecuriteInfo.com.Win32.RATX-gen.21668.22163", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c7c5922-3dbc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692358836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692358836, "uuid": "bff01dda-1e31-477a-94f0-94c7cfd2921f", "comment": "Malware payload (AgentTesla)", "value": "2890064b48d36a0cd875da8608f3b23b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692358836, "uuid": "ae693aa7-383a-4c3d-b6d2-5276f0222fca", "comment": "Malware payload (AgentTesla)", "value": "39fdc2f771ca4310602321e5d1484b3f8a6ccd4ad93874e1394feda5c72d18b1", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692358836, "uuid": "09328fb3-8ea0-4d9f-8181-d95634f15be1", "comment": "Malware payload (AgentTesla)", "value": "e517130c3f654ae558001b61138fc598a6de0fde", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692358836, "uuid": "c7ff3792-cd0b-4c6c-8953-c294d3e8ecc1", "comment": "Malware payload (AgentTesla)", "value": "8883d102c60bab94064b06e5d22ab243557d29b5028836c11461e0eac4306d5fd031358b1d79b15beb719bc49681dd7f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692358836, "uuid": "4b87a6f1-9736-4c3c-97dd-d79243d9c0a1", "value": "T12B25F1077A5B89FACEC42B36F2C6101457B1DA827693D71ABD8E13EA1B437B6DC0510B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692358836, "uuid": "ae81246b-02ca-4066-bf52-4db6194f6eec", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692358836, "uuid": "27d0a94c-64f8-4b87-b422-cbed6d72fd39", "value": "24576:FLz6yvg7mrFiR5aU41WD3qNcIp6gbQe6zbbVUEkNImqsbfJ:x+HuFiRsU4gD3qNFp6qEVG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692358836, "uuid": "60bae473-3c53-4e9a-b354-47a64b26a660", "value": 1035776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692358836, "uuid": "8bce0fb8-a028-4dd1-9cd0-6a9aa506607f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692358836, "uuid": "9d32ec1e-fbcb-4594-bb07-ffc7215ab6f9", "value": "SecuriteInfo.com.Variant.Ransom.PadCrypt.18.19159.3655", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdf4d5d5-3df6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692384045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384045, "uuid": "424a315b-efd6-4634-bac2-1401dfbf9e24", "comment": "Malware payload (RedLineStealer)", "value": "69bb035b26ebaeaa0253a79de19dc3cd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384045, "uuid": "660e11ce-c428-475a-8647-fcac690efe7e", "comment": "Malware payload (RedLineStealer)", "value": "3aed32ecf8783215c9f1bae96be33d647319457c9191fa2057e4d21539d6c371", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384045, "uuid": "89a4c2a4-fdfe-4dc1-812e-acb6884a6cec", "comment": "Malware payload (RedLineStealer)", "value": "65cc89abca64fd92ceba74f2c1d5756581fbf1eb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384045, "uuid": "4f0a67b4-f883-4930-aa7c-6606913acfcc", "comment": "Malware payload (RedLineStealer)", "value": "41eaeb71bd3e00f99943a0431254edffec62f1aa407cb5d73a6416bf4df729baf3885d9e244b0f54881dfb513fd34abd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384045, "uuid": "7bd6f2c8-c77c-4b63-baa8-4619c1e6bde3", "value": "T162F41203B6EC81B2D9F1273269F607832A31BCA16E74936B1A41A85B4C737D5B47173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384045, "uuid": "0df4b6b1-2153-4adb-ba40-8c24f23d351a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384045, "uuid": "eb9bef86-1090-4ba8-932e-ff13357dc6ac", "value": "12288:7Mrny90KusiKm9sHUm6LFxZfYYBX3qqg3iwUR4sNtVsjlOd1VxhNgxevnCdLGjar:syDXiP46LL6YFariwdgq4VxjdneGja11", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692384045, "uuid": "d353f931-ab03-408e-91b3-508f7c1e8e9b", "value": 731648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692384045, "uuid": "d6db32e0-8b78-4926-b58f-a0278724ee82", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384045, "uuid": "ef1d6f96-b9af-4710-9ce1-cc03b087606e", "value": "69bb035b26ebaeaa0253a79de19dc3cd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31600729-3d67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692322391, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322391, "uuid": "c51f4232-21a8-4f22-9099-a3893c5b5c6d", "comment": "Malware payload (Mirai)", "value": "736f83ab519c674cff0be5e628002123", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322391, "uuid": "935dbc9d-8788-4f19-a01b-d47e71b1bb9a", "comment": "Malware payload (Mirai)", "value": "3b7f17922d556befd8aa235a6d0e82d61a37c9fdaa1835a30a530dad635d71a0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322391, "uuid": "a71124a8-1885-464a-ad81-05039786f57b", "comment": "Malware payload (Mirai)", "value": "a45a9e4b0aa52ca2cd262c2c93293e7db3945c1c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322391, "uuid": "7f6cd832-34ac-4429-9193-0ffd5b4293fa", "comment": "Malware payload (Mirai)", "value": "220ff32c8f0032a5df3f1fc584401108b17753a2c393de14460dcab45d64b52bc3bb557e0035f5dea276001d85743c5b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322391, "uuid": "d982dcd0-423b-462a-8dec-08f7f3a2e33d", "value": "T1E4E2E1844717AD2BD9F03C3AFE3B458A5F1327FC958514F305A58B8C678A05A2F9D642", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322391, "uuid": "cbd84b8f-f32c-4333-b6c2-396f43140472", "value": "768:a84XvSLzLGTLrYK3frhANMng2eDBkZKK9q3UEL5I+:a89fELrYU4QgJkALl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692322391, "uuid": "7b53678f-f250-4285-8fc5-69d8be8d80d5", "value": 33068, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692322391, "uuid": "22bc1e07-e49a-4ffd-bbf1-df4487cb8fe8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322391, "uuid": "8660a0ca-c8a7-4a6d-913c-aa0a99f788b7", "value": "736f83ab519c674cff0be5e628002123", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50a28a5d-3dc1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692361098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361098, "uuid": "beac9874-738f-44c8-86eb-b77bf068311d", "comment": "Malware payload (Amadey)", "value": "4abd09baa41dd15a9c75dc03d2c5df59", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361098, "uuid": "2bc630be-2e0d-47cc-a52f-401824bd5bcf", "comment": "Malware payload (Amadey)", "value": "3cc25e5af5617ca1aacaaeccb9cef517a8e39ec5b9af26fec1f10ded7242eed2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361098, "uuid": "317b0ab6-8a83-4c73-9c95-72b3c045e860", "comment": "Malware payload (Amadey)", "value": "dbfd1cade398c252a3e43edfd2024ce8eb58d370", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361098, "uuid": "bdc465e3-d3eb-41c1-a9f5-25a289a70a63", "comment": "Malware payload (Amadey)", "value": "31e99912e0a28373df719c489c07e1eda0bea5ba7c8cb1acf1d5c219a0e02b0b7a4d71d1dabc14273c46f4338eab71c9", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361098, "uuid": "dd0f6362-06a3-46af-859a-fe07e50b851f", "value": "T10C052353A2D08523EDB1137088FA43A31739FDA29D38436B2345B96E1CB39D05976B6F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361098, "uuid": "58f83c3a-fa07-4f2c-ab68-af2f5176339a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361098, "uuid": "8cd6bbee-1986-482e-885c-d431d71ce2f0", "value": "12288:lMrPy90OvFJ28hbhouhsJRoZe8tZZfa3HUAtyGS233JspxvtQzPIwN37aTSkkE38:uyRHrpbhsTar1iUGZ+xyzPPraTW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692361098, "uuid": "4ca5c124-ad9a-4195-ac0d-8d3bd8aea953", "value": 867328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692361098, "uuid": "8b18948e-6dc9-4d52-921f-fb86595c162e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361098, "uuid": "4956a62c-1522-4933-83eb-790ff8647608", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90ac3fcd-3e1e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692401149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692401149, "uuid": "cf823693-f010-42b3-a0be-5484d8e3ee08", "comment": "Malware payload (RedLineStealer)", "value": "2870f807d7b068f66912a500ba1c0e98", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692401149, "uuid": "31eaf9a3-9031-4901-a4f5-0183d93c5b01", "comment": "Malware payload (RedLineStealer)", "value": "3dd3f34a78625e26620c12305fb32860956df9cf00a162466dc6fdcbf14bf52b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692401149, "uuid": "633504c8-e3b0-44bd-9c0e-ed11b74b8392", "comment": "Malware payload (RedLineStealer)", "value": "2de5d2ca4cd2ead614d0ffe8d15a0c31910105f1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692401149, "uuid": "e50f22e2-35fa-42e1-a7a9-fa6a62958896", "comment": "Malware payload (RedLineStealer)", "value": "53fae970b330e93597e77d482046e73a100c1892139ef8c80a7c648009f837dded91bef02c0e4771aa288c6b6f9e89bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692401149, "uuid": "e8bc108f-6698-42bb-9eac-f4dbf3395e8b", "value": "T1D923F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692401149, "uuid": "31e80d1b-a50e-4d6b-ad13-d48284ebf356", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692401149, "uuid": "913a2c34-7b1d-4ec4-9228-6b5918df931c", "value": 46218, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692401149, "uuid": "0ccbfb0a-e1ea-43b5-bb16-af717849de9d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692401149, "uuid": "fa1e7c3a-d44c-431a-90fe-69cd85e0f006", "value": "2870f807d7b068f66912a500ba1c0e98.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff8f6874-3da4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692348936, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348936, "uuid": "f599c948-9f64-4193-85b9-d1a5caa3e911", "comment": "Malware payload", "value": "9812f595d12a38cdbf1013f3d86bcf3b", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348936, "uuid": "e42405d0-d483-4655-9f3b-ebcb55dbd18f", "comment": "Malware payload", "value": "408672e75da033984876de5b8d5627650b48406029723c8194e8cdc9f8ae5a07", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348936, "uuid": "0ed24374-c5ac-4f70-94d7-6f633589b95b", "comment": "Malware payload", "value": "18bee00a89507ac5b08ce340e68d763365a15653", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348936, "uuid": "ad0f0dfc-060c-4079-9140-15bad0ee0baa", "comment": "Malware payload", "value": "3b34cc1194815b986b80c54143fd2712463833d7d2177467f427e865ee135bb4914143cae787e340f760d0aa66801bd1", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348936, "uuid": "610b7cb0-460b-480d-b166-8ef3c4a96b2c", "value": "T18B7302581B384D409BADE1E4C334685968F88F1728CF98EAB782DFB209D35167A73D16", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348936, "uuid": "b32decbe-068c-4b99-8fb1-7c097d2361a7", "value": "1536:gFn/UvU/VuZhfVqS7Hwk4WAl8+wu+wIJy2btOtuOcR0tAeMBIKGgTTH:s8vUdqVPH5Hu/IJXbtAw0ZMCvgXH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692348936, "uuid": "5d35db81-3d12-4ff1-a868-875b4ed4380c", "value": 73422, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692348936, "uuid": "ea0020a8-c971-4957-abb6-ca67a200701e", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348936, "uuid": "268fd8ec-8f30-42c7-be17-1e3afe9421ac", "value": "Combined proforma invoce.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49085666-3da7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692349918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349918, "uuid": "f06ba970-e2e4-4567-b916-3a134e209e31", "comment": "Malware payload (Loki)", "value": "4eb4f1816f24d20a427ffa4afc8c4d28", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349918, "uuid": "95014979-5d54-4872-bb6e-71b9d3ffbdd4", "comment": "Malware payload (Loki)", "value": "41f0b018e0340a606bc5d102b5f1bfd1b89d870a010c9ddc37273aa1e4356e2c", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349918, "uuid": "fc591b57-a74e-47f3-a6a5-0f1c6b36249f", "comment": "Malware payload (Loki)", "value": "d4cc361b94af56ab4fdef563ee806886219ef198", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349918, "uuid": "35798785-f3e9-475b-a652-89ac8e429e4c", "comment": "Malware payload (Loki)", "value": "7617ec55f88d8695186392fee96f716e83091826b0fdef315e52625903730583e95227d7fc8b2a1a028687f7adccb409", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349918, "uuid": "1ae98682-49bd-4885-81c2-68b3e0a711e9", "value": "T1BE2302E39FD25F445CCBC5F784DFA324C16BA2DF721021872A4A195BE4082A4F2FD664", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349918, "uuid": "ea480fea-2227-41b4-acb5-71492458ab0b", "value": "768:PM3bY4JGkP8o+LD+gp+Ug0J4n8W5wJqNjuW1ZH0NXm52KbZ/u5quSY4b5oI:8CiKLKgp+Ug0inT5NN90NXm5BZGYPb5P", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349918, "uuid": "fbc6df9c-1b63-4978-a225-690fd6a673f5", "value": 46409, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349918, "uuid": "9fdfe9cc-1216-4e1a-a14f-090cde36c3fe", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349918, "uuid": "31985626-c93d-4255-b0fb-e54f728d4340", "value": "PO No 239092.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aac3b247-3db6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LaplasClipper)", "timestamp": 1692356525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356525, "uuid": "70f13a04-d63a-462b-afd8-dd4a1eb207be", "comment": "Malware payload (LaplasClipper)", "value": "961751858d8b74b2dec9d4f165a0a8c0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356525, "uuid": "89809148-8407-4012-a046-07cb9861b151", "comment": "Malware payload (LaplasClipper)", "value": "4230177379ff0422741a5714ba02dbeccdac0edc6d2c1e4123827f23ff179e64", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356525, "uuid": "e2e5e400-3252-4557-8782-a3a4f58944b2", "comment": "Malware payload (LaplasClipper)", "value": "88ca04fb4d62052614bd9da2b333ab10f5e0bfa7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356525, "uuid": "da77ee0f-b2dd-4cdd-b8d7-60b3887b3fa1", "comment": "Malware payload (LaplasClipper)", "value": "2db0f1a27bc636816019e7d83fe1f54a7d9907bb4416de306918dbb3703f29a5495d0e62b48ba12f152fcfd34ad77a78", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LaplasClipper", "colour": "#5DA8D7", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356525, "uuid": "dcb14875-a8ab-44ba-bc39-7460d2698fb4", "value": "T1E79533113221C0B2D8DE753C4226DEBC2AFB2039937467977B741BAD1A647C26B3539B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356525, "uuid": "935b19b9-7c5f-4cc9-8ecf-a4de44ab2759", "value": "1ddfd47f2ea5b4efc51060b1f69599d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356525, "uuid": "922acc4b-abdc-42d4-9303-036a2dd6435a", "value": "49152:7YjDgDQj0z0HG2SYE/LA386lYmBk1U5nuyYPcEaC:7YjsEjJ33JYmSa5owC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692356525, "uuid": "aa2d52c4-e58f-462f-ac36-51ad00927128", "value": 1962632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692356525, "uuid": "f267fe30-fcfd-46ca-ab88-6c991a9e9ca8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356525, "uuid": "7c129609-a130-4f17-8116-0e0a58ce6677", "value": "961751858d8b74b2dec9d4f165a0a8c0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2df6d2c5-3dce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692366623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366623, "uuid": "af2c4432-1b55-4f1e-a71e-1738c1cd3d16", "comment": "Malware payload (Amadey)", "value": "19e430ece606b3c7a85856d2d0597482", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366623, "uuid": "abeb53a2-f482-4acb-90cf-a67c58a00913", "comment": "Malware payload (Amadey)", "value": "4257603f3ebc986c59d5dd7ca93f69d52a4c673c1eae2c2e53eb7060cb15336c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366623, "uuid": "fb70c899-d7ca-4b4a-8c14-cd3860ab3d45", "comment": "Malware payload (Amadey)", "value": "86cc5abe88800f485c32391bda6fec463b01296a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366623, "uuid": "60758122-0cfd-4fe8-b8c8-2658e4a22ac8", "comment": "Malware payload (Amadey)", "value": "38aa4aa08237ed20988d56b60544f50eb29adcf89d74d8e10054981dbd1a2dcaa2de9a7043acdb24ad21525a19369cac", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366623, "uuid": "7e3cb2ae-59dc-43e2-b35d-b85b7f2c98ab", "value": "T10E152207E3F98273C8B607B009FB07930B75BC928E7E836A5798B95E1C739849570766", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366623, "uuid": "d70aa02f-124e-4584-a481-71cdbd48521f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366623, "uuid": "184565a4-e55b-4405-b76a-c184cb07c338", "value": "12288:dMriy905dxAiRWDcc9QsaeCxm46NTtGMxC7PotBzkYHEJ1Atg7Z8Fulh:vywxA/4OpJNtk8tFkPAt2Z8U3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692366623, "uuid": "0626d9ed-0b2c-4b31-aea0-5bf4323da4fd", "value": 875520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692366623, "uuid": "0ddc13ef-427e-4fb7-bec6-0ae9f680aff7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366623, "uuid": "2ba3dd3c-4e86-4f73-967c-c5d757792195", "value": "19e430ece606b3c7a85856d2d0597482.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a026768e-3db6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692356507, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356507, "uuid": "7fe60f47-0d8c-4e17-9f3e-bef1fc2ebf3d", "comment": "Malware payload (AgentTesla)", "value": "3724dc3a85dfcbdd6040822d79bec0b2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356507, "uuid": "1946bd8c-b777-4823-891b-0496454c5035", "comment": "Malware payload (AgentTesla)", "value": "42d758a8d97590f4481198b9c454e55d47f80606f9a31ca85c2207a46d172011", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356507, "uuid": "9079dceb-70ca-46de-bb85-bd10cda8f7f2", "comment": "Malware payload (AgentTesla)", "value": "74cf6d5db09a93c20f127feaa3896014122e7957", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356507, "uuid": "6a0d1272-8ea4-4bb2-b4bf-e46a7fbd6f0c", "comment": "Malware payload (AgentTesla)", "value": "a275cdfbfa018b87b27f40527bae713bc19ae5c58e0ec4632b57f41874bb515da731086ea0e6d0a6264ceefc97033d54", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356507, "uuid": "d5f74944-7395-4473-ac6d-38dd7ed9833d", "value": "T175D4F106363BDF27D4B8E7F71431018413F8667664B9E2486CCB60F6997AF10099BEA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356507, "uuid": "3d9b49e1-89e6-43d5-aa7e-fb8f2551c2d3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356507, "uuid": "b6da90d8-3d45-4306-af78-671fc4d90c9a", "value": "12288:RcknogEZgN2Ra7eeH/An33oCIy33kXBkC4l+:R1ogXB7e++WBkC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692356507, "uuid": "f8890ac4-c4dc-4844-b445-1a5e77af2c55", "value": 654848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692356507, "uuid": "acbbc27f-f1c6-435d-8b9c-a1b048acebb7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356507, "uuid": "fcfc660d-afb2-4cbd-adda-fc9d2a60674e", "value": "Bank slip--1941628.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f321559f-3e01-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692388858, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388858, "uuid": "2fc7df2b-db98-4be9-a92b-05dec355bffd", "comment": "Malware payload", "value": "452ee2968ec82c7e30c21c828b330c17", "object_relation": "md5", "Tag": [ { "name": "APT29", "colour": "#A35B8D", "exportable": true, "hide_tag": false }, { "name": "cozybear", "colour": "#38E272", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388858, "uuid": "4e7f621d-df04-4962-9508-c1203a13687f", "comment": "Malware payload", "value": "43cd9ef6904c35c6854bf59d99731a05048af9e870261064a255db0181930fad", "object_relation": "sha256", "Tag": [ { "name": "APT29", "colour": "#A35B8D", "exportable": true, "hide_tag": false }, { "name": "cozybear", "colour": "#38E272", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388858, "uuid": "85cff719-7eb4-4997-917a-c6acaab7fa2b", "comment": "Malware payload", "value": "00384c359e2931fb922b034fca2707e1b2a25396", "object_relation": "sha1", "Tag": [ { "name": "APT29", "colour": "#A35B8D", "exportable": true, "hide_tag": false }, { "name": "cozybear", "colour": "#38E272", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388858, "uuid": "126fa3cd-ea84-4b7a-a0d8-7971351ec9d8", "comment": "Malware payload", "value": "1f8014f675fb3b673d59ce2467df55e577f316f6a1d87e599c9ee8e268792c44b7761a4014a00549c53e66566090c18d", "object_relation": "sha3-384", "Tag": [ { "name": "APT29", "colour": "#A35B8D", "exportable": true, "hide_tag": false }, { "name": "cozybear", "colour": "#38E272", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388858, "uuid": "439b90dc-a0e9-4060-83d2-d80b8c0c56a9", "value": "T10B334B2072A18072E1676A3008B9D6629D7E38326BF494C73FA417B96FA07D0F739357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388858, "uuid": "6a1f21bc-697e-47bb-bc48-6a5825b3dfce", "value": "4fcca208e21237d4a38b26f2461938ce", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388858, "uuid": "aef82973-993c-4f0b-9a4c-b768d838247d", "value": "768:5mXbwhMxIYGvy6uqgFuO4IGL1VjOfTaEG9hH36PDMOKqBR4kkJmnjEDXbTvG:uOWIYG66xO4TLHOGjHqhf4kJ9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692388858, "uuid": "845d942c-b376-44f8-808e-d41f00d872af", "value": 53768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692388858, "uuid": "fcd8311f-7c6f-416a-8a89-9c111eb89067", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388858, "uuid": "53543b6e-5556-4118-8a60-c45a71668bad", "value": "atiagentCozyBear.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "24fe3ca3-3d94-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692341698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341698, "uuid": "e1539c84-d5e0-4edb-b0b1-4fb6bd4cfd08", "comment": "Malware payload (Formbook)", "value": "d18f7d5b06eb88a6be5bfa39f6aa3cfa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341698, "uuid": "c3a71e6c-262e-4b1a-889a-54be497977b4", "comment": "Malware payload (Formbook)", "value": "4588c6ac02ddd81f8315af2307ec516f58400c555ecd74944a77964fbdd992c1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341698, "uuid": "c2014e6f-3f7d-42f9-bdc9-652a2b058a41", "comment": "Malware payload (Formbook)", "value": "b863f40e4470377608d5520626b9c009727c50b7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341698, "uuid": "d9b1bc2d-14a2-459a-ae49-3ced15e81a17", "comment": "Malware payload (Formbook)", "value": "151f91ffa0d98a3ab696b92cbd53b60bd9756554d4ff71d59257237d980dcfed8af1f15d3ff6762798e81253274f0be6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341698, "uuid": "87ef0ff1-6a1b-43a4-8639-00643a86d2dc", "value": "T11BD41230717D6B1AE47A87F60B21954007BB6A3B3572E70C8DD1B8DB696AF804E40F67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341698, "uuid": "6016726c-97f0-4f9a-ac23-36f83e32ee19", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341698, "uuid": "33c44dbe-fb99-4bcf-9016-7c11633552e4", "value": "12288:ah+aSoDl+CnzOTA9mecfFJrAObz1EEzaMDsqSN7eSJ4qjOujuKrCpCk:seNtfdznaosL9J4unuQCp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341698, "uuid": "53fb47cb-b14a-451e-a74d-5ece4e0e8513", "value": 599040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341698, "uuid": "57fe89da-6c3c-4050-beb4-692643cb651a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341698, "uuid": "8da73713-d28a-422e-b699-ad7b1bad07cf", "value": "Proforma Invoice_xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "811b6994-3dc6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692363327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363327, "uuid": "3881c1e2-f25f-43fd-9980-3df50655dbd5", "comment": "Malware payload (Formbook)", "value": "3a7e0db64b11ae8800e6b119b03e7863", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363327, "uuid": "f38dff67-a452-4914-b3dd-9e444f5d5c5b", "comment": "Malware payload (Formbook)", "value": "45b6d000b4e3424e34cefe05c02fdc394aba4feb48f301418b01d2ba5554bd39", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363327, "uuid": "93509932-a60f-40f0-8ccb-ed67be71c170", "comment": "Malware payload (Formbook)", "value": "06b479d3a74700bbc4cba131071e1f0dbc9825c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363327, "uuid": "09e6debf-43ef-425b-95fb-f5d6f4057111", "comment": "Malware payload (Formbook)", "value": "0175b1f2b0ae3d1ca956db8438601c4a31e367349a8f85f2b6a9bd9149a07787a068c8724309cef2846518ce3c1e381e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363327, "uuid": "3aff5156-b118-4e6a-a316-5229461411c7", "value": "T1A0E3F7C6FEA9BF04CDAD1D343672087C1967AE131668EBDE0D97FA81147CE4C2928D52", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363327, "uuid": "dcf3fdcd-6e71-4c89-b0eb-64662a97ff51", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363327, "uuid": "8d814476-f3ac-4630-8ee0-82f2f128dba7", "value": "1536:LOMDj69kMr5ASZomIcoKsomIcoKfEiE4575n6HQXQ0:qMDSkS5jvIctWIct3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692363327, "uuid": "48ee1fff-47ff-45fe-a789-a32f6272dd16", "value": 147456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692363327, "uuid": "72c99b53-1d38-47b7-867f-96e00ebe649c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363327, "uuid": "c3e85191-e863-4e9c-9445-ccca10d51f24", "value": "3a7e0db64b11ae8800e6b119b03e7863.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4004b6f7-3dc0-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692360641, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360641, "uuid": "022ba209-ba8b-4f6a-a77c-08f7bb5fe76d", "comment": "Malware payload", "value": "d5683b46b9accfe7843a232eb00d10b4", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360641, "uuid": "579152e1-a380-47fc-a062-652a18cb6efb", "comment": "Malware payload", "value": "4750b302e8da43e18ef31be27a85069c71cf56b10330d0ff422cdd4f356369ea", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360641, "uuid": "ff0c3c4f-8491-456f-8b89-01c49fff70ba", "comment": "Malware payload", "value": "dc814eef8680dca65ec6d8279a8fc64180168033", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360641, "uuid": "435435ca-b3f4-43c0-b049-9959f942c811", "comment": "Malware payload", "value": "ea4b1b0bb0c89c9d9a9f161abf58c3db1070caa3890783a8361315fc154c023f2df51b8c8c66a236225f8a8737721e5a", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360641, "uuid": "dc295ae5-6d8a-4f68-96be-3ceca7c35fef", "value": "T1B992E079E5893C2589116832F3F6000505ED59222568E4AE83B13ECE523FA88ED1E8FE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360641, "uuid": "13a661e4-9c6e-4745-8ea6-30980395b181", "value": "384:rU+rW15kuc2VJUzw8h24x0CcfvgG/KntR1FJcqtV9x+glrUJsIWN:QaW3c23Uzw8Ya0RgNntR1rvDx+Wr1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692360641, "uuid": "13660a44-d43c-49ce-ba7e-c3ae87cdec4e", "value": 20127, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692360641, "uuid": "01e5d0dc-1dd0-416a-981c-e010a58e420c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360641, "uuid": "208acd07-a36e-40ab-9b43-e2e74890a27b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75cabeee-3dca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1692365026, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365026, "uuid": "b0dd70d6-a14f-4cf2-9421-13ec886c0e69", "comment": "Malware payload (GuLoader)", "value": "199b75ccd305cae59119bab7fe398bf2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "invalid-signature", "colour": "#A79DA9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365026, "uuid": "ab6468c6-de37-4cac-a09a-b923e17a2fd0", "comment": "Malware payload (GuLoader)", "value": "491d52023c51ae22aed9a7b9a7235423e9321e5058367353c867a01a82fd044e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "invalid-signature", "colour": "#A79DA9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365026, "uuid": "0b5e17c9-8621-4511-a90c-6aac8609e2bd", "comment": "Malware payload (GuLoader)", "value": "c7a71ba4ebf1fad5861c5413be61e6cad70db5ea", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "invalid-signature", "colour": "#A79DA9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365026, "uuid": "1c9c0fcb-feec-458a-817d-80c862bfcfd5", "comment": "Malware payload (GuLoader)", "value": "9dc0b47e1938c45f0889fe36792234f61bee84f170a78a52945f275ad27711d4652855669e4005a61ca9c54add891b31", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "invalid-signature", "colour": "#A79DA9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365026, "uuid": "5e5c7260-c66b-4a20-9181-19407d4804fe", "value": "T1E1B49DA238D9756FDD2F4674031FEAB22AB85DD17385496E5F80320D4C36A4A80EEDC7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365026, "uuid": "494a816b-60b1-4ce4-a98c-5cd576ab448e", "value": "ced282d9b261d1462772017fe2f6972b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365026, "uuid": "23e0b692-d502-4a1f-a0e4-0034f030ee3d", "value": "6144:KqjIGPZVheNA+ff0THTcaykiUBTthxt3vsCFvJJ5t01yvdYVtX89pQlgaq+wao:rhnhe2eIHTPHZrfskvJJ5qAdRUz2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692365026, "uuid": "1525bd52-77bc-49ea-b9e3-94c0c3c40c63", "value": 500688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692365026, "uuid": "18571b3f-a191-4538-a09c-e585de01ff40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365026, "uuid": "091ca517-0754-42b1-9352-0da5377f803e", "value": "\u03a4\u0399\u039c\u039f\u039b\u039f\u0393\u0399\u039f \u03a0\u0391\u03a1\u039f\u03a7\u0397\u03a3 \u03a5\u03a0\u0397\u03a1\u0395\u03a3\u0399\u03a9\u039d_2023_81__824pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b60a6c45-3de1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1692375012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375012, "uuid": "8032a65f-8556-497e-bf40-302ff0aed114", "comment": "Malware payload (DCRat)", "value": "18587c0e1444ac107d75b20ed022d297", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375012, "uuid": "73a864cc-9fb2-4a43-97c4-b4cfea3656b8", "comment": "Malware payload (DCRat)", "value": "494567a08009d8e3630fda7c3d59e87d2c95565a1bd9b1bf662f1636eb46d15a", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375012, "uuid": "37337cd6-2f8c-4063-926e-f0e42587cc39", "comment": "Malware payload (DCRat)", "value": "63c513d9fb47bdfee97bd0db5a698f7f021b7903", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375012, "uuid": "3b855960-b896-4eec-ab86-90b3187ecf07", "comment": "Malware payload (DCRat)", "value": "642b81d9c0ea98e232e1c30edbc04d679c059af34a46c2d165e76d52bcd9b0d872c673a49d1ee2d0ac8d563ba4eb1a11", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375012, "uuid": "c4836d7d-38f4-400c-9748-43807782c6fa", "value": "T16D95AE017E44CE11F0192233E2EF454887B4AD5566A6E32B7DBA37AD16123A77C0DACF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375012, "uuid": "72c27135-31c4-4479-9441-3d13d45d1cb1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375012, "uuid": "5f2e19ed-0582-44cf-b0ad-1c28355bc318", "value": "49152:1LrXQwlHGpM1HumILjPWMaLQp1rPJYaWY3VfLsw7B:1LrAdpM9PILjPWFKxxrL5LsA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692375012, "uuid": "c152f971-b29e-413c-bc0d-0aa7b603c999", "value": 1965568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692375012, "uuid": "0c2de534-88e5-4a05-8f76-a60829b60045", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375012, "uuid": "8018017f-d1f1-4105-a610-ccf1d3f78c9a", "value": "18587c0e1444ac107d75b20ed022d297.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9dc2b28b-3da4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692348772, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348772, "uuid": "302ca35d-5fb9-494d-94d4-9cf9e61e8454", "comment": "Malware payload", "value": "300fcde275c3e91ba26d35c84d5de5e2", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348772, "uuid": "f153e661-9c87-40bc-afbd-6a4aa2340747", "comment": "Malware payload", "value": "49de024fbb66e46b3f82c7a784abac62c2b75ee30b8320764ee8f801625e7633", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348772, "uuid": "932c7d4f-cba5-4c87-9d7b-98f2349df4c4", "comment": "Malware payload", "value": "1a0232ff6eeea3b09bb698ab3b60eacfc8cbbf0a", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348772, "uuid": "2a9ddbda-5e7f-4b41-8a48-175d6d6e4a05", "comment": "Malware payload", "value": "5142fb6825db243af5ff9d75ea2fa35f274983279d7661003b9a65af0ada6178a932af040953e46a5f58af2d9b741bf3", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "RFQ", "colour": "#3BFA63", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348772, "uuid": "1df1d795-a108-4fbd-9cb2-3c43d66f4e2d", "value": "T1136312A44EBB35EB663A08D08AFF0167EC55B5CFDCCA2B792640361D0977116C660859", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348772, "uuid": "1ded5290-0fed-4d02-885d-fb97c7976cfb", "value": "1536:wRF2OoOE31IQz9pP2OFH+aUQrQQ3rUK8LlK3dxozDbVHy:ogOoL3WQl5+aUQB3gKKlM6zvVS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692348772, "uuid": "77ccca40-b6d1-4eb7-8393-eb55c131eb28", "value": 73354, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692348772, "uuid": "a4cc9e38-840f-44c1-9099-e8fdcfbf2291", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348772, "uuid": "520e50c9-b828-4079-8d13-d92324961344", "value": "Document.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94045313-3da5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1692349185, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349185, "uuid": "3b2651db-56f9-4655-a1e0-daade79db834", "comment": "Malware payload (AveMariaRAT)", "value": "375d6fd0ba3a2d272b27fc9517b3758a", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349185, "uuid": "0afb621e-7bb2-4493-a0ab-c84b716b4916", "comment": "Malware payload (AveMariaRAT)", "value": "4ad757e7107bfc1880fa20967b4d0541fcba48d6cf73339f355de01dc218d753", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349185, "uuid": "901cbf17-48e0-4ce8-b95b-7719e631ffa9", "comment": "Malware payload (AveMariaRAT)", "value": "fad93ed5a4cf89022eff937e8aab0986cb222c5d", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349185, "uuid": "59164374-f6c2-467d-8cc9-f4b09a556bbc", "comment": "Malware payload (AveMariaRAT)", "value": "aed3690607b60421c32c464e8c4ea6efa3ccdb1a2973466b1ea56570ef9b5e34e45220571371e091a2b841a74ea45ba0", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "z", "colour": "#C882CD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349185, "uuid": "e56fc075-5baa-4fb7-b3ee-01057387005f", "value": "T1DCB4238D69245B3FAC4BB07B46396CAC690E1530D9B0F9075CECFC41816DA2CE6E5973", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349185, "uuid": "3a3993e7-9f02-4bb1-836d-2a0ac68c567a", "value": "12288:GjPBWJe4PaF11U1hLK0fKxBRev5HhmNKh4M4:5Jen11UXLZsRq5Brd4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349185, "uuid": "45888643-ebbc-4d8e-8234-80870e762f28", "value": 500354, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349185, "uuid": "4491e569-1311-4c7b-b9c9-965787e1b7d1", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349185, "uuid": "722aef32-b867-412f-8c67-956acf79982a", "value": "image2023-08-02-172958.Z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5856aadd-3d77-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692329328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692329328, "uuid": "ba22790c-d08e-4b2c-8728-5df136dc36fa", "comment": "Malware payload (AgentTesla)", "value": "497bdf94667612340a526258dec87d30", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692329328, "uuid": "1edd4455-4e57-4f69-ba27-cf3948f35020", "comment": "Malware payload (AgentTesla)", "value": "4c15743287e80d5077f5bbd94c767bc734f1392abc330bb25d447b535efdae24", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692329328, "uuid": "ed8763a5-06f6-4738-a47f-a3fb5fa32d51", "comment": "Malware payload (AgentTesla)", "value": "19a63a52f4d79d53ad78ab8651585d7a9d31c103", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692329328, "uuid": "95d0d962-0da7-4e2f-bbca-431441c059c2", "comment": "Malware payload (AgentTesla)", "value": "34581e81ff35f6c3aab7bfafdbd913d37a6d42a65eef7ad3eb2270c6fc18bd4cb9e0a85def046421d4240406568a99b4", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692329328, "uuid": "c8253ddd-2b9b-4d4f-a0a5-a2374f5c6bc1", "value": "T111F4F15032AC2F33E878EBF51012A45007FA6D5A60BAEE4D4EC379EB2575F015EA2D17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692329328, "uuid": "572a63e6-4990-44dd-b21e-8c8a962a3010", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692329328, "uuid": "c694bc4c-8273-44a2-b711-8ae7bdbe35c1", "value": "12288:oG7Q23/gPrk6A3/r6w64iX2qRozna3ZbmroVXEKgEETpdgMNpv4hckDcWO1jXSV3:Zbwrk6gOmE2qRoznImroVXEKHETpSMv0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692329328, "uuid": "fe228b12-79f8-47e2-aa09-19c9896d6482", "value": 751104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692329328, "uuid": "25f0b37f-121e-4caa-a6fe-44ed5e2460bf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692329328, "uuid": "e88c4bdb-aa2c-4dbe-92ad-3537524f2163", "value": "SecuriteInfo.com.Win32.PWSX-gen.19137.8960", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecd7139c-3da6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692349764, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349764, "uuid": "714d5c2d-68b9-40d8-a180-a05a6613ada3", "comment": "Malware payload (AgentTesla)", "value": "a0cad95d0e988a1c252ff15c4f1831e6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349764, "uuid": "32657d47-2ec6-43f3-8900-54df86d0e0fb", "comment": "Malware payload (AgentTesla)", "value": "4d0bdffbaf8b92803782672861029a8a05923cdbf7a66a9cc56fb08c4c2f4b57", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349764, "uuid": "7d45ce56-e631-4e59-9dc4-85da13de7588", "comment": "Malware payload (AgentTesla)", "value": "fc492ec18164f4b5d0de8dbdac285c2ba90c9a65", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349764, "uuid": "2cebd806-7de8-482a-b20e-7edc745d0120", "comment": "Malware payload (AgentTesla)", "value": "47aca503318f3ef5284b857e9aef3b6cfec3065e609d2da75cdd8abb2c2686f4c2a4116269ad80ae021aeaae20eec1b5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349764, "uuid": "b5f57eab-5292-4494-ab83-4e12ca425fe1", "value": "T1C3A32A18368C4617C3AC13F9E9CB5244977481B39A12FF4A388D16E42F937D0AE576AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349764, "uuid": "1007d878-9d3d-4039-897b-7ac79cd4b0ea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349764, "uuid": "a2f6b74c-9980-4729-ab14-a23670b60147", "value": "3072:mg7Xjd4cUB+R1YCp9mP7IHJDeWJaCd/GRFpS3lg0aXfJWKq:mg7Xjd4cUAR1YM9mP7IHJDeWJaCd/GRP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349764, "uuid": "a88ad2e7-4443-48e1-9209-e192ae0a7b0d", "value": 100352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349764, "uuid": "a8ca27d1-bccc-41e2-b2b9-a052d2514c94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349764, "uuid": "7f248e5b-f011-4ba2-8c54-939bd4f04cd3", "value": "SOA 60045918350.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e91a5c2-3db1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692354303, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354303, "uuid": "bbca61c4-b207-475a-86c8-f2ab3ae53181", "comment": "Malware payload (AgentTesla)", "value": "7aed303b9fc21d948410c43c35a596bd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354303, "uuid": "fa77f8e3-67b8-4abe-9b60-1ca1b5872bdc", "comment": "Malware payload (AgentTesla)", "value": "4d26478db6412e4d4d9d1f3cd35e529f79fe92a26cbde5a0d215dd3d23acd70f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354303, "uuid": "73e90ecb-bb46-45c0-aafd-70b006e6a4b7", "comment": "Malware payload (AgentTesla)", "value": "2ee3bfdc940a6ce957dd1e26c57227fc6b4b21f6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354303, "uuid": "e07cbc04-9bda-4611-8a4e-29646acb4662", "comment": "Malware payload (AgentTesla)", "value": "e33ed3b6c479c3181018eed1dce0619d2a3ffd2d5b374964e5eb0caab56aa3103176eb3a77fe9d259df6e52d96d3edfb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354303, "uuid": "3fe3dcd9-3a5d-424d-9e34-add92134b9ba", "value": "T140F4B326413AA0B79F097ABC5E13D87A25C86B40B1F6E198B72F38C3D5C61161D3A7F1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354303, "uuid": "e5e4cb32-e40d-44f2-a298-f687ed780a38", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354303, "uuid": "d8d1839c-c035-4285-b885-0e377e0cfceb", "value": "12288:SRju+nOiJuPCUi5f9bzVuYZHn50rLJQMpppNpppppoOQpppNpppppoO:SAiJuPkJ9fvZHnGJQMpppNpppppoOQpb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692354303, "uuid": "5e4052a4-73d0-4cdf-8706-6c22d1e0ef3d", "value": 764928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692354303, "uuid": "f422fdc6-37c5-4c79-8c52-3bf9366fcb94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354303, "uuid": "63cd9620-4240-4435-85e9-11a1739b96ca", "value": "Documents-2023.11.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b9d8476-3e0b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692392980, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392980, "uuid": "16742d6f-84ec-44ca-9fd3-bb9ff8eaa201", "comment": "Malware payload", "value": "e9309257de995c8efb72aa53762a4588", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392980, "uuid": "7283bd27-ab43-4cf9-93ff-88c1f9739987", "comment": "Malware payload", "value": "4d283617285b8d7bbd9b8d0e769dfd2dd536899d99569c2fb394a19892c5f5cf", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392980, "uuid": "f8002905-c407-4900-b784-b6b83a62c785", "comment": "Malware payload", "value": "20acccc6367a4e81dc8d1a903da2cb00c45ea750", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392980, "uuid": "e74113d9-f887-4c8d-af8b-f0c84816b491", "comment": "Malware payload", "value": "d9c3256c6f14172133803826131f765eba89e69361bb0e1ea14fac14483d7ff1b4ec4e5913599b7befeeb01a1eef6c03", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392980, "uuid": "34d71b67-78b8-4e7f-8af1-9ef15728e532", "value": "T1BA12F8CDAF5662D096A3732A97EF5CC921A528332E70CCAC3A5D95814F4042947F8FED", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392980, "uuid": "4955e364-a029-446d-a444-0d102c2192bb", "value": "192:Kw2KGoribWZFC9CLnd5NM7JL9w1tutJU2mDHly53uli1syYZ:URbUFC9C7idRFaHly50", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692392980, "uuid": "b6de8de1-c003-4553-b79c-62ead357d3f3", "value": 9782, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692392980, "uuid": "bdcfc68f-c700-438d-9e6b-66df10b89caf", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392980, "uuid": "0e3fcf73-eb20-4713-99ff-15dbbe6a8fab", "value": "evadef.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bef5dd1-3e06-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692390645, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390645, "uuid": "1f58d3e7-9923-4884-a617-32732dc42fc5", "comment": "Malware payload (RedLineStealer)", "value": "f06c528411cf758b496c146645d1ab2f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390645, "uuid": "c7489e55-44f4-4d6a-8324-f637d014db2e", "comment": "Malware payload (RedLineStealer)", "value": "4d9f42aaba9bf5fd0e76ba66a5631ad38854db2345752a7f814eaadabfc59fe1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390645, "uuid": "84d17c27-317f-464f-852e-3fd9286c4a6c", "comment": "Malware payload (RedLineStealer)", "value": "1108dba588cfac43e1c8c6d00aaa67ca533a693d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390645, "uuid": "b22d3ee8-0422-4ea2-84df-ca7cbecced92", "comment": "Malware payload (RedLineStealer)", "value": "ef6301b4162284bd77e6c96a52e206b0df936e151276e1428f0ce6b8abeb0f1f20dcebb99ea0aa033ea61aeaaa0d7709", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390645, "uuid": "f35eaaa8-7c07-435c-948b-ee7ca5970fed", "value": "T11DF42203EBE89073D9F55BB068F703830B397D711978876B279AAC464D726C4A936327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390645, "uuid": "42883c3a-37cf-4a3e-87ab-8d475b01a85a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390645, "uuid": "6d7d054d-a3b1-4bdb-a1ca-18102f56efc2", "value": "12288:mMrfy90+lg/MSeyCMnQ88nfKYLe7aDEKRucXLp7f1ECFCSDuP4c:Zyhlg/qMQBnfXi7agKUcltE4uP4c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692390645, "uuid": "a7750c35-eb25-4863-90c9-9dd5aa5d83eb", "value": 730624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692390645, "uuid": "728d7910-ea49-4007-988d-52326d63ddff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390645, "uuid": "263d64d7-695c-4314-af76-ce92dbca1859", "value": "f06c528411cf758b496c146645d1ab2f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b2df277b-3db2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1692354820, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354820, "uuid": "ee8c7ac9-66ca-401d-9e78-54e7cc4cc107", "comment": "Malware payload (YellowCockatoo)", "value": "e8fea89c3372b4a122e44733bcb79ccc", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354820, "uuid": "5102b5c0-f3b3-4b78-a590-809b0c551392", "comment": "Malware payload (YellowCockatoo)", "value": "4d9fa0e24fc115cab26d85d0092a91b3b2f39fdee5d53c6a4849fc6147469b74", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354820, "uuid": "4e1afab6-a7f3-428d-8bde-c9e9ed0712aa", "comment": "Malware payload (YellowCockatoo)", "value": "b7d29fd24e791d1287702b2ba6d86cdaef164aab", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354820, "uuid": "582c819a-c16d-4014-8072-5d7513f93bac", "comment": "Malware payload (YellowCockatoo)", "value": "531eb30efb630fe7e75e36029be8ed4b6accc9b8224585d15a389ad4943219f868bb0b46cccf32dfb0043ac73e295764", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354820, "uuid": "c49d19a1-6e96-4a92-be04-b90805056e8d", "value": "T13BD4DE143BA4DC208B6C56E968DB43139B2356ABDDEFFF1306A691341A2B92347513CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354820, "uuid": "48982e09-e8ce-4b19-b090-6174c54d6159", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354820, "uuid": "d2da8a0a-7797-496c-8cd0-3b713a877d9f", "value": "6144:hZehXn6WHxY/8BLqLIo7+Njq0BlIOI64hq3ql9RU2XgMQXwRJxcIz9nnbCd:haXNHfqTajzBlR48mX5h/xn4d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692354820, "uuid": "676fd012-6aaa-4139-957d-59350f69d9d8", "value": 610816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692354820, "uuid": "5b5a7495-7b08-408f-ac75-da12331b00ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354820, "uuid": "70c4b628-8118-4818-9424-dfbf65f15cbf", "value": "NABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZEFUTBVRQqH0HDOLQJIxkOlfapGfWIUtJCOvCRzR9RPADK9A3BbNJLJQZuQfek4EVHpEFCdcUgRGZ9YQWZGY0hqAcBKZ9QkP6c.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48910142-3de9-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692378264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378264, "uuid": "93f797d3-8e33-4d4f-9fc6-977c0f387c86", "comment": "Malware payload", "value": "3bdf65b265e4593317c62b14af747253", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378264, "uuid": "5f67bdb7-106d-4e5d-b7dc-e08ad70c6ea2", "comment": "Malware payload", "value": "4f50921f8e9ab3ea3b6657d155acbcf80fd907725c6ca8841f24cf673c15fffd", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378264, "uuid": "5e68bb48-181a-4a50-b734-a2a11b22753b", "comment": "Malware payload", "value": "5c0473e0f4d76c2bdaf7d0bcc035df0b7595aaa3", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378264, "uuid": "d5b94e82-7614-4f91-b259-0178ea849714", "comment": "Malware payload", "value": "f88717623b0f2675c8b7fe06ccdd50c1240ca39d93f30a7739837e17c85b32a826dda1042a079ca96560bc29272bb5c9", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378264, "uuid": "2ae4aac5-843d-4bb1-94cf-ebca097e5729", "value": "T152C53397E774A202E4FE623C55A662F71227BF508B8492A319403BCD7C37F809E95E70", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378264, "uuid": "450e3389-eff5-4c57-bb4c-996ea584510a", "value": "49152:hSSp2NV8IRZo23e0qpIzo4k+RJ+wJOp/3nIyzmiiAp8rKXM:n9Ivopio4ZERzRZNM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692378264, "uuid": "dddce1f0-6d42-469f-9550-a2f66bc92de9", "value": 2506362, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692378264, "uuid": "f370f982-1bb1-4305-a997-892f65377a2c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378264, "uuid": "bfda20a0-ef54-4668-822b-b61aac34ece6", "value": "4f50921f8e9ab3ea3b6657d155acbcf80fd907725c6ca8841f24cf673c15fffd.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bac2b9b9-3dfd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692387046, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692387046, "uuid": "f49f803e-6bec-4511-bd1a-95ee74ce1067", "comment": "Malware payload (RedLineStealer)", "value": "e69915775c3a8afdbbcf4d6ed5e6a9c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692387046, "uuid": "574a429a-b2dc-48f7-ac53-0b8396e01508", "comment": "Malware payload (RedLineStealer)", "value": "5095fe48af76e4c5277ecdaba3ff1398cde238bba34cfda3dbd4938293704e4f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692387046, "uuid": "ca00e0f7-f0a7-405e-aca3-0943a02e4cf8", "comment": "Malware payload (RedLineStealer)", "value": "d6d485f8bcedd9a6dc70140fc057cf0aabd7dac3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692387046, "uuid": "8dd169d1-11c8-464c-9716-5961a1929c9b", "comment": "Malware payload (RedLineStealer)", "value": "3d346e47bdc31bb7e5438e2b5fcc0dcae492c1e84616508be27cb6f0c141e0ba3fb70995ee195c4e86e373506c053276", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692387046, "uuid": "995386af-ef4d-4522-aefd-a5968ba6e9ea", "value": "T1E0F41212ABDA9433D9B827B09CFB03C31736BC91487857673746981A0D72BE5A53633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692387046, "uuid": "a0b30026-d3f5-4d3a-a7fd-fa757833865c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692387046, "uuid": "5c40b3f6-48ff-4d55-b9cd-5733f91a9634", "value": "12288:uMrny90mn/TIhPKN3hem4LuT9xIKvke7UvTKRIcXcp7sf4+fQXOcSf:Byx/MhP8/3Rakj7UrKucsy4QQUf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692387046, "uuid": "49a019d7-45fe-4711-9bb3-37879fa3c5dc", "value": 730624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692387046, "uuid": "c28ab334-a1f8-4a0a-b794-c5a6c4d2f458", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692387046, "uuid": "b33d539b-556a-494f-8b15-1bc571008610", "value": "e69915775c3a8afdbbcf4d6ed5e6a9c4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "689d9ebe-3e05-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692390344, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390344, "uuid": "7c752ffa-a905-4e8c-9b81-08efb0ff4099", "comment": "Malware payload (RedLineStealer)", "value": "cfb0d1b75d2468a3324a8c36611ba1d6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390344, "uuid": "99dbaba6-7c75-43be-8722-99e474017534", "comment": "Malware payload (RedLineStealer)", "value": "509a8f8753ab01490b82525afad4cf342fb73460dc918e2618fba0fb5c3a9271", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390344, "uuid": "03d4b4c7-fd87-409c-9c44-e4da3f0e1764", "comment": "Malware payload (RedLineStealer)", "value": "c4d5b1fade556ca3edb2e4f49e161e8134d1e517", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390344, "uuid": "c8e72c0e-e6e4-4142-a73b-ead4feea84b6", "comment": "Malware payload (RedLineStealer)", "value": "1a11b5691aadfd00393f697e0e8f7177dfc8cba300ff9a1da69b043eb11a0e9eec3f08d632e0ccb7c4b7591c7b00a8e9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390344, "uuid": "8bf964d1-3891-45f1-b82a-33883a48f2e2", "value": "T1A0F41252E3D85073DDF527752CF312970B323CA29E78C26A2745295B0CB3798A93277A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390344, "uuid": "1c83306b-5878-4306-bb60-e5c94e13cc6a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390344, "uuid": "a3cda119-17fc-40bf-9b6b-964966e4f90c", "value": "12288:gMrHy903yhvWwGlJspCRzBTMtaQp2Lt8EZcu6SC6rxD2XExueaAyIdnSbV:XyvWwr096tac2wP6rxS0+AyASbV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692390344, "uuid": "d5af1b96-1817-4c78-bde7-183710d14866", "value": 731648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692390344, "uuid": "b04c6438-05f7-4399-a181-9750a6933503", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390344, "uuid": "7c24ef4b-38be-4f22-9b4b-519ae44664d7", "value": "509a8f8753ab01490b82525afad4cf342fb73460dc918.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad38bf9c-3ddf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692374138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374138, "uuid": "980a972a-62cd-4178-aa48-a7d8dc0d4075", "comment": "Malware payload (RedLineStealer)", "value": "daa0e2f84899b97c9e9e3999d83dd4b5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374138, "uuid": "f60f0c32-e5b2-4974-be19-2c9838eb1fb1", "comment": "Malware payload (RedLineStealer)", "value": "517247ce4e98482eb2043297075e2e14622f08d2add7ea105ea7612988b10e90", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374138, "uuid": "3afb6e00-42dc-4290-88ef-775ebf10d65d", "comment": "Malware payload (RedLineStealer)", "value": "9655241a1354a83a8312a9ef45d9f4898564b860", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374138, "uuid": "ad803983-a3f4-424f-a936-8276b2248027", "comment": "Malware payload (RedLineStealer)", "value": "67805d1c5eb8e79a5556ef8cb5367655a3494d6074f1188e381da87da2269de3f2a314722e35217568623a2c6eda4b84", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374138, "uuid": "14192a99-4340-43ec-affd-8595151ee438", "value": "T1031522126BC8A171ECF21B3188F20AD31F3AFD91AD38827E6651585D0D72995F4327BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374138, "uuid": "3dc11056-3dbf-4a55-b534-683cf271f783", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374138, "uuid": "56189554-62ee-4b70-a781-09a0fa8b732a", "value": "24576:1yQphvWzXoJAFvibIueppg+w19ncWYeQum:Q6Ib6AYLofGn7YeQu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692374138, "uuid": "356fadb3-fd1c-4d6f-a6fb-86b996480fcf", "value": 875008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692374138, "uuid": "b67f1ed8-b7f9-4254-9380-db9a57d04141", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374138, "uuid": "20e72f89-3124-44f7-af40-c8c20b7fc23c", "value": "daa0e2f84899b97c9e9e3999d83dd4b5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8276cec5-3da6-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692349585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349585, "uuid": "30137985-c88e-4cbd-9faa-c44dff17aeca", "comment": "Malware payload", "value": "9004692bba20914e95f5c204761aa92a", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349585, "uuid": "662b2058-146a-446c-a9c4-b8e9bcbb4d6a", "comment": "Malware payload", "value": "53ff04cafb2fd9539f52ad21374dbbfa4752e7f276c724b7ea508cdede86a0b4", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349585, "uuid": "afe78537-c1ff-4ba0-a14d-3ff4f877a15b", "comment": "Malware payload", "value": "5f045694a4e4b18ff41f6284ec72c796b0a9f62e", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349585, "uuid": "da6a9f2e-52ec-4745-b500-126f84ce6314", "comment": "Malware payload", "value": "e7be8448e3cb74905e1be6c2f68ef59a8ad486d468d60d89e90d49068dc17178a06fa5d258b7478b6126f5306a127be5", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "Siemens", "colour": "#EADC3E", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349585, "uuid": "2c528520-b3f0-47d1-9475-d25cd0772db4", "value": "T1D77312E44EBA36EB663A08E08ABF0167EC55B5CFDCCE2B7D2640361D0977116C660859", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349585, "uuid": "2579073f-bc52-40f3-afb9-594cf64c0c6b", "value": "1536:PRF2OoOE31IQz9pP2OFH+aUQrQQ3rUK8LlK3dxozDbVHj:JgOoL3WQl5+aUQB3gKKlM6zvVD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349585, "uuid": "85add60f-a1c8-45ac-9066-85136ae38d5f", "value": 73418, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349585, "uuid": "b4814f76-96dc-49d9-9073-64aa213caf79", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349585, "uuid": "e018d0c6-8ed5-4e65-a78c-627205d155c2", "value": "KIEFEL Packaging GmbH Purchase Order.rar.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9d73b15-3dbf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692360523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360523, "uuid": "c2e38720-d08b-4f1f-bb89-ff9bdf51d2a2", "comment": "Malware payload (RedLineStealer)", "value": "846630cbb5a0a40cc51e0ee7b9570666", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360523, "uuid": "2fe800c1-3a46-4fed-afbe-a54460ee5846", "comment": "Malware payload (RedLineStealer)", "value": "5430ce56625faba5817560e97fce0ca695a9a7bbf4c19e5159eac61229406d54", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360523, "uuid": "1ef060fb-0294-4868-a0a1-a738baf2a7f8", "comment": "Malware payload (RedLineStealer)", "value": "c3f41c693e4cc9d0ce86970caba09e1b8e3e68aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360523, "uuid": "9c473881-bc0a-4c36-bb78-c7abdd208417", "comment": "Malware payload (RedLineStealer)", "value": "cb0b444f39ba910fe448847da7d1190ebcc2f4161aeda8bf60f81e455be4d02d4f22bc398ad5ebf9f8b88f5a47e0c254", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360523, "uuid": "2a135e38-e6c7-4c91-b582-2766d339b616", "value": "T1B9152346E2E88472EDB267305CF612935334BDB35D3457EE2710AC9E48A3BD4A8317A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360523, "uuid": "5d69f9ed-6a19-4be4-a030-24ab39240255", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360523, "uuid": "566d5e1a-23fd-47df-81f8-06a0c47c4711", "value": "24576:QygC3+ZToMsx5tCV/XFPYxkim6MnrLzk:Xz+doH2V9wxkim6Mb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692360523, "uuid": "69dfbe17-efc0-4446-abf0-1036481596d9", "value": 875008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692360523, "uuid": "ac0d7585-0960-42c1-afc6-fc59a51f2af9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360523, "uuid": "06095bd5-f6bc-4ed7-854d-a547841b8e51", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84a2e3f9-3da5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1692349159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349159, "uuid": "40dcdf1c-148c-4016-a9c1-ac340ec54feb", "comment": "Malware payload (AveMariaRAT)", "value": "1952d3d92909587884a61ca614fa2bdd", "object_relation": "md5", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349159, "uuid": "86697486-fdee-4f97-8b9a-366c9512d42c", "comment": "Malware payload (AveMariaRAT)", "value": "5491a1e41cfa44ae075f256cbf1da1f2207187af6ad6ff440c91cfa0b990661a", "object_relation": "sha256", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349159, "uuid": "a9e6b673-5b27-4c1b-a059-6b79851d738d", "comment": "Malware payload (AveMariaRAT)", "value": "eb7fb63c202fd8bcdc599d1f318e8024fb21498f", "object_relation": "sha1", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349159, "uuid": "b870ba3b-8bd4-4bfd-96ff-35f729ff48e0", "comment": "Malware payload (AveMariaRAT)", "value": "7543a84262efebdd5611cc8d064726e50088207e30f0e302870bca2f454b663dabd41f250626c966149a9d957e904031", "object_relation": "sha3-384", "Tag": [ { "name": "7z", "colour": "#63EB83", "exportable": true, "hide_tag": false }, { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349159, "uuid": "ab336a49-8ac6-4b89-a702-905f28af964d", "value": "T162B4238D69245B3FAC8BB07A46396CAC690E1534D9B0FD075CECFC41816DA2CE2E5973", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349159, "uuid": "5b486912-2ae4-4d6c-a754-02c3bdb4b216", "value": "12288:WjPBWJe4PaF11U1hLK0fKxBRev5HhmNKh4ML:pJen11UXLZsRq5BrdL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349159, "uuid": "288fcd60-49ca-4fff-bcc4-037314b7f21c", "value": 500320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349159, "uuid": "539573a0-ca03-495b-9bb1-df1067592651", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349159, "uuid": "693af5f2-8de0-4640-ac73-eb71f37eda26", "value": "ORDER.7Z", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c778da7d-3dc3-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692362156, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362156, "uuid": "10cd52b0-6c9e-4a4c-bb13-f02143ded2e5", "comment": "Malware payload", "value": "a06c7458decd224c7d552bd154b3eb6d", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362156, "uuid": "e07b8d64-f4f8-46fe-91c0-d4e0f8965a16", "comment": "Malware payload", "value": "568471f43dd48ceb4f7ce3bebfaa0df98878249dd52c717a984b7030462873d5", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362156, "uuid": "abf512de-33db-463a-b0f6-b2b574e9dbe8", "comment": "Malware payload", "value": "698ea18628d149d21503fd2b487771832ed3d168", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362156, "uuid": "c057a3cf-5eec-40a1-a06b-969c97ae9fec", "comment": "Malware payload", "value": "ad6c428aa4e590a72d1677b002ae58af1aa10a6cef5250d0aa11c08e45f62c6eefba1c97de0cf67f4e2601c3305b9c5d", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362156, "uuid": "d978a41f-8177-4f27-89bd-f79db7dc1be4", "value": "T1A534B517BE9B89B1C284273AC2C720145F71D692B693E609758E13EB3BC37BE9D05607", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362156, "uuid": "4de7327d-f6a6-4d44-86c6-f90ea8128ac4", "value": "3072:IV+99fdHUS1TkQ2BGzp3kUPdmrT1RQKzhU2mat/lwFVV5Esz3LMFRx:cmiS13zhjknYlaiVV5Esz3LM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692362156, "uuid": "a7d408b9-edf9-467f-93e1-183aa3c7fef5", "value": 231936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692362156, "uuid": "39050856-dbb6-4734-a073-0985e9401784", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362156, "uuid": "906dcfbe-e5cf-4387-be72-cce9332ab587", "value": "a06c7458decd224c7d552bd154b3eb6d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8462541-3d93-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692341569, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341569, "uuid": "6045d1d1-9319-48f9-baeb-dc6747ae06ac", "comment": "Malware payload (AgentTesla)", "value": "d2eb64b7d05d8dc10f483bb2b782a1bf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341569, "uuid": "a3f661e2-ae8a-4723-9b7c-4f53de7ec445", "comment": "Malware payload (AgentTesla)", "value": "593a13e38304070acd5ce051db57ad78901ca6a978dd0bb2c105cfc7d9693578", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341569, "uuid": "2c270ea5-5a06-4577-876c-3a060ea9742d", "comment": "Malware payload (AgentTesla)", "value": "c7895200aad6ca2acc99940181dc659fbdd3318b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341569, "uuid": "e3675f4c-a84a-4930-b75e-10abd08047cc", "comment": "Malware payload (AgentTesla)", "value": "7f4a28bf6e3214ab1d29a4a569b2395bdb9da1818cfdf468cd799c0a4c421957f8b214543c8bf174911c7607e6098721", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341569, "uuid": "bd9a6be2-6cdc-4ef6-9656-31a9483870ac", "value": "T1F815C618FA49DA3FE39C8C3950F9DB2B29B99FAAD0F1E351C010517518E6CAD0DB6163", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341569, "uuid": "445620da-7e69-4926-abba-7e2745b9435c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341569, "uuid": "95a7cb84-9cdf-475e-905f-06973c62fc3b", "value": "6144:IzxM7z59EDMMTTxTy+AtiJdsJ57gyxmrpzL2qwKUyyQSnXF9Vw9i4mdYSlOrMT:IzxQ5MTTxTQtY+J5OVXjtRXSXPlChMT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341569, "uuid": "08b8a033-cabf-4756-9b9a-b399b8869591", "value": 906240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341569, "uuid": "2c0ae338-cce2-4cdb-9a71-b87ccf1e5fdc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341569, "uuid": "dbcd3e35-42fe-4c45-92f0-65c6e802b948", "value": "booking details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33249f27-3dc0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692360619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360619, "uuid": "e385da04-45f4-42f6-866d-317b9ae16925", "comment": "Malware payload (Loki)", "value": "d5133be4efda1e9262337e695f4f21d2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360619, "uuid": "8bdc3acd-068a-4099-8f11-898efb52288b", "comment": "Malware payload (Loki)", "value": "593a6e7ffdcf756e022715efb4dd09324480c86ae889da7c9fdb074c59ec89cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360619, "uuid": "612c2c6f-20da-4212-9332-31158f6227a5", "comment": "Malware payload (Loki)", "value": "5c56de9d36229d3fec37b61dc9372d0bb184a0d9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692360619, "uuid": "13c9703c-4176-43b7-9211-f22912a9c7c3", "comment": "Malware payload (Loki)", "value": "e94da33fa21ca75c82d02e338466f880299eb51e44582e1783be7b22bd5e3321b1a0cd2a4142307beade4d61c5c3db72", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360619, "uuid": "c9fd99d0-bd5d-44aa-b394-8feb6bddc284", "value": "T17925E007BA4A89B1C2946736C6DB501447BDCB81B3B3D60A75CE23E90F43BAE9D4560F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360619, "uuid": "c76f5ba2-d159-4f18-93ec-e410067bc76f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360619, "uuid": "a949718c-95e1-4905-823f-54f0853866c0", "value": "12288:AUktu6DdNqyZRmGZvfUgvk4FQ/F+0xCx6AjY0aBmBztKOuY7uklk0McP3XhC/c5q:SY6DqNs0ejXUmlX75b/+cFU1Fy4ulzD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692360619, "uuid": "e3f42e29-ab55-449e-b6bc-e27527f7c347", "value": 990720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692360619, "uuid": "c31f2b4a-649f-43ac-be86-a01f3f82dd08", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692360619, "uuid": "99f5dff5-d5ea-41eb-9336-54da878adc39", "value": "KIEFEL Packaging GmbH Purchase Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18c3179a-3e01-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692388492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388492, "uuid": "a888b661-d2db-446a-847f-325a15fe4c2e", "comment": "Malware payload", "value": "28615f12686d0d16f2b67a45d96df8e5", "object_relation": "md5", "Tag": [ { "name": "1766986052", "colour": "#3F15B4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pumaadscolor.com", "colour": "#1EC7FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388492, "uuid": "1fd18307-7229-456d-ac61-3ce56893992e", "comment": "Malware payload", "value": "59bf61eb6381bf83d185b4c6fb2252a4d664d844aa783721d95efcb27a9c56a2", "object_relation": "sha256", "Tag": [ { "name": "1766986052", "colour": "#3F15B4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pumaadscolor.com", "colour": "#1EC7FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388492, "uuid": "cca99f5b-4370-46bd-99b8-83ccf4a303fd", "comment": "Malware payload", "value": "f40650fde9cee52b8ec35f4ecfcbf5db41a17614", "object_relation": "sha1", "Tag": [ { "name": "1766986052", "colour": "#3F15B4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pumaadscolor.com", "colour": "#1EC7FA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388492, "uuid": "3c81e4b6-1df5-482c-bd9b-01cb4229ef4c", "comment": "Malware payload", "value": "87e078d884d54d406dbb9df46598d097c9eaf8fec32de147d12478de1ab2769d5a55fd89610022a5658f6d0c546a1106", "object_relation": "sha3-384", "Tag": [ { "name": "1766986052", "colour": "#3F15B4", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "pumaadscolor.com", "colour": "#1EC7FA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388492, "uuid": "4cc89c71-f40b-4b02-9e01-4a8119fcd0c9", "value": "T1FF541B37AA522CEECE5BC27943D672B23A71B4165331FE1B0B24C6346F52F61673A244", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388492, "uuid": "2468a911-6e36-4905-8fb9-3954b5830b70", "value": "a56f115ee5ef2625bd949acaeec66b76", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388492, "uuid": "74552901-6779-4a05-b0a3-64fe8cb551fd", "value": "3072:uE+cDXNLTsi2/0RFMPZojqgP+Hbx74jgMBe6ZQsvAO5bg7uAVmSuXgfsqGFTY89H:FnvsmFUIyR4E6ZQynKQyCzPyyZ2tdC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692388492, "uuid": "78190f78-f4be-4805-8753-42a8dabc4080", "value": 295595, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692388492, "uuid": "18978f85-9e63-4ae0-b259-668326d64b8b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388492, "uuid": "d23162b9-8fb8-473e-837b-33a4eafbfd71", "value": "Wb9h62OBv4PRhbTG_yJSpNZk2ESqeDch2V78snqcVqI.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d639c5f5-3da2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692348008, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348008, "uuid": "2e61c6c6-bb01-4d9d-b327-44512cc6a5b7", "comment": "Malware payload (Loki)", "value": "753d415eae16bd5a002aa94c405bdcc8", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348008, "uuid": "c0f2c949-d722-4b99-a67c-8ad85b5b3a8e", "comment": "Malware payload (Loki)", "value": "5a48bdf35ddd09ce6c5be33b5523bfe002f7c4d31b2222af5e0c5303a6bd4afb", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348008, "uuid": "9f313a10-9004-469f-b49b-44884396b625", "comment": "Malware payload (Loki)", "value": "9ecfd909c3480539f799c2406420c25b56817822", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348008, "uuid": "8a58e01e-8c06-48c6-823a-62ece690c634", "comment": "Malware payload (Loki)", "value": "6a12921dde8b206192e9ec2d0ec15ba6d310b659d8812761769b81f66faaca3e334ae6f643da4165791248a633be80ef", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348008, "uuid": "8a51d89b-6031-4d44-8028-5c23c026f0a3", "value": "T1ABF2F1C480AF6B2EB1A5D1BADD6CC3977E5BDC10F9F4E43146083AE34B17A3B01551A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348008, "uuid": "7d1baaf8-1a86-42b0-80a1-b64b22fba353", "value": "768:MzV4ZxxuAVdnojA4j19X9I9AAl9yK+ysV2aiVnbWte/KJmgqm/uBw4c:2Wxno0uIAAl9yK3YyAeAqKh4c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692348008, "uuid": "e7caa4e1-879d-4820-b778-f302c732aed6", "value": 35021, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692348008, "uuid": "d2f92f57-bee6-4df4-8c65-7df759d2396f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348008, "uuid": "86cc878e-a695-4186-a397-3d47fe9efed0", "value": "Payment Remittance.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87959ead-3d82-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692334132, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692334132, "uuid": "f7b3b7d3-3a6d-4400-bcc4-b6960605caa1", "comment": "Malware payload (AgentTesla)", "value": "e092af3320c668d973ca003e7ecc387f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692334132, "uuid": "b58266c1-a8bd-43ce-aba1-ca6bbbf5921c", "comment": "Malware payload (AgentTesla)", "value": "5b55637a26181e3420983b78038cedc5b9f3b10ac3cf0b904c6f9195f3b28baa", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692334132, "uuid": "8bb5fe14-3caf-48da-8cf2-12a4891fec58", "comment": "Malware payload (AgentTesla)", "value": "93505578ef679ae9ba85e4369fe2d3b9404e22fe", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692334132, "uuid": "d040070e-a477-4dd6-95e0-93dbe13481e3", "comment": "Malware payload (AgentTesla)", "value": "e453845c9b716612c83cf21cb65cd42c189e915b1aec37527aaf291c288e67c40290a392d02e00ed16f76cee3b20f044", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692334132, "uuid": "f77cf216-a308-42f8-b6ff-7cbb69d06f91", "value": "T110E4121A75DB4E25C88D2B3698E34A0503BCA31F7167D71F94CC135A8A4BFE1A312BD9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692334132, "uuid": "3b862957-48cc-480b-a86a-57178446a3f0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692334132, "uuid": "df38a918-ee54-4b78-8653-3572bf214ebf", "value": "12288:G/OvYe2xpDl+C2DLrst5BQdeBpzFxVegSKv/s7OkqhtDNA1C0aepmKsEJdb:G/OvWSst5WmVeg/v/aPsJI7fr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692334132, "uuid": "8570aeb5-2cc9-4388-bacb-8f2bab66a93e", "value": 681984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692334132, "uuid": "b1e97de2-cb25-40a9-b626-42e0ef20deea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692334132, "uuid": "f0308d26-90b8-4a6c-9d35-864cb3217570", "value": "e092af3320c668d973ca003e7ecc387f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ad43d05-3d61-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692319803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319803, "uuid": "2255d80f-cb3f-4d55-b25c-6aa5db842263", "comment": "Malware payload (Mirai)", "value": "ddbdeee9ad3e6dc5d660e29f28fd6dea", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319803, "uuid": "f5ddc2b1-d6d0-4675-8985-1b8ae972652f", "comment": "Malware payload (Mirai)", "value": "5c3e5872a94d60ae2a54e13a584cfc1cc091e528096c593bba3eb15f7c02cb3a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319803, "uuid": "d4396f11-5d7a-4b8f-9b73-a69bbdba3658", "comment": "Malware payload (Mirai)", "value": "f3305c54cd13dfd7bac3cc74a7f62d374900cc31", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319803, "uuid": "8ecb5543-e260-494e-a47f-72f140d7e8ba", "comment": "Malware payload (Mirai)", "value": "48f1b3069a2d8f2e2cae53baba99f34d2aaf32b675e212d2e5d2da771afb8e2978b4e3d4688b779175d39a40de449e55", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692319803, "uuid": "b04d6841-9887-4e1f-a58e-451eab787a50", "value": "T193C2E17FB5A6AA67F65C633EE035821B03A4F42897AD275737400037E95F4297932CC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692319803, "uuid": "a6aac01e-8de2-47cb-9eb4-cfc7ab397105", "value": "384:M21DMwk8JPyGnT8WyopNEztTneSe3oECHjYlQ2NnE4+0o8tm3HWBKENAZH0FjOF8:vMwxdyoEhnDz+Y8tqHWXmUFCFX0Nf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692319803, "uuid": "947bc1ee-14a3-49c6-bdb8-edbbe71275a6", "value": 28048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692319803, "uuid": "96711728-a5fd-4add-8434-e851fa3289a4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692319803, "uuid": "e64a03a9-f890-44c8-aae3-50ba638bb789", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aeace1b3-3d67-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692322601, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322601, "uuid": "2eac8f51-bf99-43c7-a845-5c8da2026917", "comment": "Malware payload", "value": "fdcc3814ab558a317b45910da20d80ef", "object_relation": "md5", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322601, "uuid": "7c912ede-b37f-42da-b275-78da303effc3", "comment": "Malware payload", "value": "5cf06683288471d53842564a2678367bb0e2ecbfe28831976b1cf65dd413b787", "object_relation": "sha256", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322601, "uuid": "09bc0012-2384-4da0-81b2-922908dbbbb3", "comment": "Malware payload", "value": "d191fc4965cafb4e07d18cebcfd79db08df1b6ad", "object_relation": "sha1", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322601, "uuid": "5f988294-988f-4c8d-9465-c8659651c69d", "comment": "Malware payload", "value": "e61255cebaeece29918323e026dfbaae5000796552a78f53acf2e4fcc79a86a5103a5f4468277ae5b282654b6d823dab", "object_relation": "sha3-384", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322601, "uuid": "f3a97d90-6cd3-4736-bfe9-485a30ad3041", "value": "T1A752F809A7E44638DDBE6F729C3292018276FF86ED33EF5C5990856D0C7228C49A1F67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322601, "uuid": "dff422ba-6691-4d7a-8179-15ad0371bb8a", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322601, "uuid": "e86eaa7f-1e0d-451f-b631-28d9c061e3a7", "value": "384:1AWznOP0zOLijgKqWBe51VybGyfchtdsQaUS+Kf:1AWznOPEykqWBg1Hhk4Snf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692322601, "uuid": "2817873a-55f7-4941-8d59-cafe2b925761", "value": 13824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692322601, "uuid": "4f24fc44-b343-41c2-9479-0ac7ae20180d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322601, "uuid": "1ceb6e14-35fa-4f11-9351-4c294c793d65", "value": "16923225995270b202e22008bd6a057da457746ef4efd6bc75ebf57aaa9c6015dbb385a616379.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28e469c3-3df1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692381647, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381647, "uuid": "912c9b8c-a6ae-45ce-ac8f-df8eaf87003c", "comment": "Malware payload (Amadey)", "value": "6fb7ead198d28a6ddf3f34905aca9179", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381647, "uuid": "85d53519-6215-4888-82ee-e72de7cf7950", "comment": "Malware payload (Amadey)", "value": "5f7ffaad1f9b52e4f3526f051e521883012a7a4bbd4ac98fb3fa95300c06ac9c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381647, "uuid": "55359170-4181-4589-800a-a5115f7ea8e0", "comment": "Malware payload (Amadey)", "value": "90488506db211430bc7118a53a7c3188a1dc7206", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381647, "uuid": "b5874b57-e30d-4871-8297-b2419c614f00", "comment": "Malware payload (Amadey)", "value": "ca1d527aeaefa97ea4e9469865e51174df5c9fe2b93ef007052f16bb4bfd125fb0b2573b23385093402bf9fcc1c2f2a2", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381647, "uuid": "1dc8a6fa-f28d-4150-8a29-8c11aedc2423", "value": "T1F7F42317A6E88077E4F22FB518F60BC30B35BCB18970C3A725499E6B8CB2181957537B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381647, "uuid": "d8ddce38-3ef9-448a-b261-6d762e161f0b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381647, "uuid": "2c2a488f-f240-4257-9a68-62dad9436b16", "value": "12288:SMrNy90bbJ/qYsfUWK5c7la/ixjYjLlWi/9XuU2FIoxk4wpKkniR:byqhPcxa/ikLlxXuzun6i8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692381647, "uuid": "4f72869c-3669-4889-b878-677e5b8c7b25", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692381647, "uuid": "6498417d-8390-4dcd-8b87-cd1a4cc57233", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381647, "uuid": "8230bf68-13df-4f45-a304-0feac650cf15", "value": "6fb7ead198d28a6ddf3f34905aca9179.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "161748bb-3dfc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692386340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386340, "uuid": "e6159fd8-2c20-472b-b2f6-9766070d1ceb", "comment": "Malware payload (AgentTesla)", "value": "99fc9081b995d728ad1fc66971f42e5e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386340, "uuid": "7df5cc27-9b4f-40c1-86e8-43cfd3961385", "comment": "Malware payload (AgentTesla)", "value": "5fae7963422c008476f909d056af0c5436eee0266bba7f4ddb42584324cc6c3c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386340, "uuid": "26397bfd-4086-42f6-be92-6ca9a7c53a68", "comment": "Malware payload (AgentTesla)", "value": "373ac7e01632632f5d3a202ed2072f1943012cc6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386340, "uuid": "4d36362a-18a1-4883-8cb5-442092475ffa", "comment": "Malware payload (AgentTesla)", "value": "81d1663a44591bbe6a67fc77ca67ca0aebc3c88b2a3aaa8e578650db2bb95730813935d1cc6b8d95803061b15a693002", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386340, "uuid": "780790ee-3df7-48d8-a71e-427c2c504963", "value": "T1F034D11066EE5488B1B37F920BFD69E48F3BBBE54A3A515D204C470A8BE7D40CE15B72", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386340, "uuid": "31212bf7-02d1-41bc-9d93-e30a80e0d5e2", "value": "6144:7017Kvhy7ktpRlVJVU5V1VPHRVUVA5wBez5h5f5L/x/F/B/XxQ:7KKvhy7ktpRlVJVU5V1VPHRVUVA5wIz8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692386340, "uuid": "036c4283-3291-431b-a000-4112fece25cb", "value": 243592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692386340, "uuid": "ad34985b-3f58-483b-bad3-f7e2538f6745", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386340, "uuid": "82632392-308d-435e-bca0-93cfaaedb2e0", "value": "EHJ.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92e27cfe-3dec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692379678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379678, "uuid": "19e84c9d-4f7d-42a0-af2e-4d3b50a92e04", "comment": "Malware payload (AgentTesla)", "value": "863b5a53f744be17a85bc9bda4d056a2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379678, "uuid": "451a801e-a481-4b3a-b3f9-9ea050db9a88", "comment": "Malware payload (AgentTesla)", "value": "5fe721c5395fad7e07eb11ca84daa0508aff3236f87c4a4ce6e733318371ce2b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379678, "uuid": "e9c44da8-738a-4dee-afaa-c4a77dc480ff", "comment": "Malware payload (AgentTesla)", "value": "68c005ec1087d1664f168a82273b32e91ac33eec", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379678, "uuid": "295dc2e3-329f-4781-8433-c1fa27109fb6", "comment": "Malware payload (AgentTesla)", "value": "441322ddf9814407e208e323bc9bd45c34b724ace9f5f86d796c705b679838dcebb525b28ef385ffc1402b832ac82ddf", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379678, "uuid": "5309643c-4a3b-4b5d-9834-982f7c1edd21", "value": "T117A3AC6DD34F02A9CF5243779B2A0E4442FDBB3EB38552A5346C433533EE82D91266B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379678, "uuid": "45a407b3-5787-4197-9ada-02bcacfce59f", "value": "768:/wAbZSibMX9gRWjxQaFVdQxMT1D3TAJowMJDkaDNGy:/wAlRY/FIyTAJjMJDlNh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692379678, "uuid": "aa0e240d-f0ec-459f-ab05-4b81b2d2a1e7", "value": 103521, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692379678, "uuid": "75cd3345-e1c5-4190-8779-9880c7981597", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379678, "uuid": "ca54292b-cc9b-4cad-924a-7a17cf445a27", "value": "SecuriteInfo.com.Exploit.CVE-2018-0798.4.2908.26292", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "372980b6-3d94-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692341728, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341728, "uuid": "b99fd5a5-a716-4898-b076-ba38c8a221d0", "comment": "Malware payload (AgentTesla)", "value": "0281ec7f05443bc4a9f7361dc464d625", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341728, "uuid": "463b252e-7c9c-4194-88a8-8ad548899574", "comment": "Malware payload (AgentTesla)", "value": "62acd79c7dc958a3c102375f30d0a16d1b0d6a838e5bc1e65ab00dbce32d717f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341728, "uuid": "e08f3730-3f7a-44db-abc6-c410268298ea", "comment": "Malware payload (AgentTesla)", "value": "ca7918fe8ff037cc2d585b9202bda5cbfe715854", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341728, "uuid": "971655fe-e4d6-4a39-9f28-3fb08e1e2510", "comment": "Malware payload (AgentTesla)", "value": "7a315468533487fa827f98c059fcedc7d0e05329a394f8f03cfe13eb171b7a39654baf9d58ea2c457e4c0ad0e458f0d6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341728, "uuid": "e9296563-0f0a-4df6-9d18-887faeaec36b", "value": "T144D423D0AFF02086654ED6C17772423D3D0F55D1C73E72EB928F3DEABA642A69078252", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341728, "uuid": "b3f1f3ab-6cc7-49f8-8429-b86ae144f157", "value": "12288:z1AlqyiihyDfHnDNOdOQVHx2E9av2Kq1fUsnypbbrpZ4uk9R3dfD:z1ACihyDHpAnb2E7VGV9kRfD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341728, "uuid": "8a3f361d-0d24-45e3-8c47-4a28034d7a1e", "value": 632120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341728, "uuid": "e70583e7-b572-45dc-8119-195bca4c1500", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341728, "uuid": "314ad1e9-3f26-4b5c-83a7-54bec7f4acbc", "value": "Payment invoice.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "160127c6-3e1b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692399654, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399654, "uuid": "bb829b14-f128-4d34-8e72-443b978dfe39", "comment": "Malware payload (RedLineStealer)", "value": "ed6ad784c347dbb5ea2dc4326d57b987", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399654, "uuid": "f3367a48-6946-4684-9967-31197a0938d2", "comment": "Malware payload (RedLineStealer)", "value": "66127bd4737d8bcd3956792ccdb8730350f6ae13a2608e40a595c26ab9395ad9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399654, "uuid": "fb59bbd5-b38d-4426-9d90-55fad022dc02", "comment": "Malware payload (RedLineStealer)", "value": "e3b1abfcf16c82346855e14565460fbbbcf37ff4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399654, "uuid": "048bb1c8-1f7e-45dd-86f5-69dbd70e3d89", "comment": "Malware payload (RedLineStealer)", "value": "c4935b39d44223df09429a90635386b9389db7fa2058540977f82220d1270f4ebdcc6c93816f9dbbd72ec1cabf6975f4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399654, "uuid": "f6ff473d-de17-46e5-87ed-e101d1995445", "value": "T156F41257EBC88465ECF613719CF507D31F36BD618DB4C3AB1791891A4832A80A873BA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399654, "uuid": "3e33c9fb-a3a8-405d-827c-b0c8511df7c9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399654, "uuid": "4f23533c-c076-4d78-a340-03cb48877ace", "value": "12288:LMrey90fgVLWMqgvd9zsB56ASw1eMJm0O5A5AHDUgzSln:JyFv/gDrSw1nAXuuDUmSB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692399654, "uuid": "2723f0c8-39b1-4a04-8c4b-99c53caae42f", "value": 731648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692399654, "uuid": "262e3465-7121-42db-a2ad-d55103be96d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399654, "uuid": "e00ecc7c-9c3a-4cec-80ba-968587e83c25", "value": "66127bd4737d8bcd3956792ccdb8730350f6ae13a2608.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f7c89e7-3dca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1692364881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364881, "uuid": "35b45146-b5e2-4316-b75b-28b5e2bb1f7c", "comment": "Malware payload (GuLoader)", "value": "66a76aaa634a2ddd7704e3cbf8ab1976", "object_relation": "md5", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "invalid-signature", "colour": "#A79DA9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364881, "uuid": "f4fc19fc-0846-4ba2-b974-70efe09ea01a", "comment": "Malware payload (GuLoader)", "value": "665796d93d000ae05647adc01167471e81bbf69f98f584afcf20ec35aaa0db5f", "object_relation": "sha256", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "invalid-signature", "colour": "#A79DA9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364881, "uuid": "c2e62947-7c0c-4148-bd05-952c1a0bd7ee", "comment": "Malware payload (GuLoader)", "value": "06f992837b5a3adf68c9293299ccb2d01b8307ee", "object_relation": "sha1", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "invalid-signature", "colour": "#A79DA9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364881, "uuid": "9b7bbe13-513f-4eb1-8e53-582f74d75dce", "comment": "Malware payload (GuLoader)", "value": "d9e706a6d29f3d2dd74f0c16ad42dc4b385abfbdf5c3cd9e627d431ff5d1788edc6883423d9d2dd51f08b181098541c8", "object_relation": "sha3-384", "Tag": [ { "name": "Downloader", "colour": "#25284B", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "invalid-signature", "colour": "#A79DA9", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364881, "uuid": "7f172315-e1b3-438f-be2d-f4090b490615", "value": "T1FBA49D9278C935AFDC2F4674035FEAB22A755CE0B381496E5F40360E4C3664A90EEDDB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364881, "uuid": "9d47a648-e46d-4620-af12-59b71c778a4c", "value": "dd68e663380c71f66b512f005f1be7ec", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364881, "uuid": "55fc3fd3-8fe2-4499-8578-3ef92013c6f2", "value": "6144:acqNGUt5PZVheNA+ff0DfSDurtbcpfOBPBMw23RRVtn/Hn1vfaCWvS0NLAOzldc9:70nhe2eMfS4tbjb23BtPn13q/NNbY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692364881, "uuid": "0a3015fc-300e-49d2-b46c-4fe778c7fdc7", "value": 477216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692364881, "uuid": "17790893-6f66-42ab-b97d-b8e68edfca30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364881, "uuid": "ac54df32-f063-44eb-a216-fd7549e53623", "value": "Sinchrones 000965_MEC 10.08.23pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05281e2d-3dfd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692386741, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386741, "uuid": "0fc7833d-a639-462d-b5c1-486ad6cec22d", "comment": "Malware payload (RedLineStealer)", "value": "a1e4f4989ab529c09255c7e445ce87cd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386741, "uuid": "bfc6c305-3866-468e-9c5b-669c1582d5d0", "comment": "Malware payload (RedLineStealer)", "value": "6715a9c1cba4b5cf2bfadf2727d12a42972676b879bbd4b8c083e1ed70e1e13c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386741, "uuid": "0c36302a-ee38-4997-8031-2d5460d68809", "comment": "Malware payload (RedLineStealer)", "value": "5456e56d5d24ca244a46d79bed40e238eba31dcd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692386741, "uuid": "460397b8-fee5-4a2b-914d-6fe47fc65c24", "comment": "Malware payload (RedLineStealer)", "value": "c95e35d8e08b3ad837cebfedb0ee496168f33b1c12c266a6661ed389bffd6460cb74ba6fcefcf92156ec7fcc6168b332", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386741, "uuid": "d2e5a602-9a0f-43a0-83a5-8e64dbc9d677", "value": "T107F41217E7ED1477DEB417B058FB03830B35BCA21974976B23A9685E5CB2684683233B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386741, "uuid": "615872dd-e125-42e1-aec4-1240a1a6ce90", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386741, "uuid": "48947c9b-21d9-4882-8df1-79afc688714a", "value": "12288:qMrqy90ZmkS4zabL6c1wDyoxVSxDKA/e7KkkKRT4Xhp7V1SWILl9LLLrfiLM5mU0:Iy/FbLD1SxVSDzG7KrKl4rrSBLl1LsBH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692386741, "uuid": "f81b1022-06d3-4c5b-85ae-dfc75ab0530f", "value": 730624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692386741, "uuid": "31e92476-2cf3-43f9-900d-7d22a7fa6823", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692386741, "uuid": "9bbf33c1-364e-4104-aecd-1c9fcf44b825", "value": "a1e4f4989ab529c09255c7e445ce87cd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1e842b5-3dee-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692380642, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380642, "uuid": "63fc5826-5a37-4965-aef3-3210a0b1974a", "comment": "Malware payload (Formbook)", "value": "4f74fb6f1ea3b0fdc0682aa4eae3de85", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380642, "uuid": "a727d102-302e-4284-9880-820154b6570b", "comment": "Malware payload (Formbook)", "value": "6b3304337025f31f706e215c93b83d67ce344240c4130d51a784b06ebc5afa6e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380642, "uuid": "da88ba18-32ea-49cb-b3b5-3282c7d52d87", "comment": "Malware payload (Formbook)", "value": "9fd0ccb680467e192abecba1c32af4f0c73ff22d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380642, "uuid": "96f93367-a216-4a2e-a4cf-5a55adf8cf88", "comment": "Malware payload (Formbook)", "value": "ff71e48bbca9dcb72ae2e289dc6b3ef44908c72508bace84dc7a61a46b5fa725472fa009dec4bc177c48ffd2685bd151", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380642, "uuid": "185e52f5-699f-42d4-a810-aa3d09864124", "value": "T16A541294B3E09877DDF21AB54DBCB7B72BBA72312154A85B13605F8D38212A3D60E371", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380642, "uuid": "1abcbb7d-9b44-4972-8589-3fc1c5e9f8e0", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380642, "uuid": "1e8ef848-8b7d-412a-b183-fd2506afb5b2", "value": "6144:PYa6uj8WJQy5BhsBqtRbNC4WrI9M2AiHFPZbgwPF4L9ei4QrPm/wWav:PYYj5HDRvCIu2AehXPs9eWgi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692380642, "uuid": "2ce9dd17-279c-4546-9bb0-6850f5327509", "value": 293395, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692380642, "uuid": "a3e33e51-3cb7-4466-9cc2-37f956751810", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380642, "uuid": "9173ee60-b7aa-43fd-a739-56d600e0767d", "value": "Order#2_W43550970351 pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b50ac623-3e04-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692390043, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390043, "uuid": "ea6b5c03-6ddd-4459-99ad-56d83d3c2524", "comment": "Malware payload (RedLineStealer)", "value": "b737c38e7aae69b7201df646091ae21d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390043, "uuid": "95768bb9-f919-4710-a28b-c0ea9b18ddf9", "comment": "Malware payload (RedLineStealer)", "value": "6bcf60eee8d520575e377cb0c2b32136d68e448fd96573ca5f4702644c97a6b0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390043, "uuid": "6a0b47d7-598a-4ae7-9406-5c7dd23a5403", "comment": "Malware payload (RedLineStealer)", "value": "e1e945fda7a81cd8305c3a7d369784b790207514", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390043, "uuid": "31de3882-58fa-4839-b8c5-e75c6db79b6e", "comment": "Malware payload (RedLineStealer)", "value": "966cb3cda311019d8ff5e423a2b56e73ebc266855da9d8ad7c19fef06a41caf157982558d447acfabc36ff100a7989d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390043, "uuid": "f3e18287-10a4-415c-adc3-96adb4bbaaa8", "value": "T1ACF41203A6EC8076E9F567B069FA02C30B397C715D3887BB2645995E0D726D0E83277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390043, "uuid": "a54bdb8a-68e2-4955-8e85-a4021a9e9903", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390043, "uuid": "828eb8e0-2bab-43e7-9505-5bfae474a7d6", "value": "12288:+Mray905G1HMX18veodJu1W6CZIk3mHUb5bLsXVEtZHOInvGn:My0G1Deonuckk3mHy6X2zHOIW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692390043, "uuid": "ba35ef48-7133-4fbc-81a9-b6bf060eb3a9", "value": 730624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692390043, "uuid": "24343450-7787-4b64-9996-f9a16f82b580", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390043, "uuid": "c2919469-d8f9-410d-9de1-789b04576a63", "value": "b737c38e7aae69b7201df646091ae21d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d176425f-3dff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692387943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692387943, "uuid": "1b569158-50c6-413e-9474-f98a1d8b6d69", "comment": "Malware payload (RedLineStealer)", "value": "598b5127dccfd15a80b3a89f2b8bfa76", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692387943, "uuid": "04734a6b-5785-4df9-a992-ed2627efe768", "comment": "Malware payload (RedLineStealer)", "value": "6d53a254fa2e347cb03754f84531b7b689c7e3558885b3ca9047706b625e1a51", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692387943, "uuid": "a5731d1b-f084-4f04-84f9-32d88bd6b847", "comment": "Malware payload (RedLineStealer)", "value": "15da3f9e0df172ccf84e231b5a317ddce888b77a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692387943, "uuid": "d29e7ac3-6ba8-48bb-8b6b-632e11497bca", "comment": "Malware payload (RedLineStealer)", "value": "e567eb287cd0d91ead8078debc7361021cde7728d998360f48227ed2ac52a3bb1e75d8b980853c56a1a05db141134ded", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692387943, "uuid": "ab75c37b-380c-480a-abc4-8cf86da61390", "value": "T140052213AAD8A131D8F96BB014FF1F831B367CD55C34476A13D1699B8D22AA0E4317BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692387943, "uuid": "884f0fd1-8c26-4044-a446-ce65fa05337b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692387943, "uuid": "f90d7095-7466-4e7c-b1e3-6d2144e5cc25", "value": "24576:Ay9NU6tZtjmY4ZUp/RVU16/nF+joSKzWN:H9NUytjmY4ip/fCWc0x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692387943, "uuid": "438d7820-fe6c-4cf8-bfd4-a9d52171dc8e", "value": 857600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692387943, "uuid": "7ddf15e5-d250-4598-8510-b2536643513f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692387943, "uuid": "b9b02d7b-d8e2-4f08-8b7c-a6c6cc4f51da", "value": "598b5127dccfd15a80b3a89f2b8bfa76.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa5a788c-3dce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Coper)", "timestamp": 1692366832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366832, "uuid": "671de59d-beb9-4617-9307-90f65d127fa2", "comment": "Malware payload (Coper)", "value": "b19d2a01cdf45550d6ebcdf3b3be55d3", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "coper", "colour": "#EED7EC", "exportable": true, "hide_tag": false }, { "name": "Octo", "colour": "#C7ABB1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366832, "uuid": "879a8e68-0017-4061-9084-c419d1e37bb7", "comment": "Malware payload (Coper)", "value": "6dda51e294cc343b50106676ad5708face3cfc7f16d99f69a34e4b3b85c632cc", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "coper", "colour": "#EED7EC", "exportable": true, "hide_tag": false }, { "name": "Octo", "colour": "#C7ABB1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366832, "uuid": "c44e3bdb-8f10-4d65-bf20-0a5b81052f4c", "comment": "Malware payload (Coper)", "value": "10a3b5f0f6d4e5d36d77ba239ea62f5e9d5b4315", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "coper", "colour": "#EED7EC", "exportable": true, "hide_tag": false }, { "name": "Octo", "colour": "#C7ABB1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366832, "uuid": "9914dd41-f86d-40a4-a74d-e75848f51b0c", "comment": "Malware payload (Coper)", "value": "8e4a4cb5f10570e3a5d70b037ed0a3446be7c2bf9e8ee51c8d7b5faf654e191eaafe5ea2243778e4c51ed7e9c964ce39", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "coper", "colour": "#EED7EC", "exportable": true, "hide_tag": false }, { "name": "Octo", "colour": "#C7ABB1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366832, "uuid": "28ebba2b-ecad-446c-8233-371e67330ce0", "value": "T183653309292AF212CE67DEB95D9044C6048043A71364BE4F367CED9E7F15F9A0B4B8F9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366832, "uuid": "d65c4243-75e6-4000-ba0d-14e415caa1e3", "value": "24576:aYum58rdGWVQQn0pEMUgTlIEfM3ArYNOb5Z9ZHqGgzmzKjU+La5CCaEAh74zZ:wm5aGWuQn0pugTS6MwcWZHqfU0a5CCa2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692366832, "uuid": "a5219f96-77e0-42b5-b260-a92dfe650ef5", "value": 1538627, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692366832, "uuid": "08978dde-9f48-4c1c-bab3-b79e0bc484c2", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366832, "uuid": "bd8adfcb-5ab4-439c-ba05-639f29fb2538", "value": "update.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37920828-3d67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692322401, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322401, "uuid": "b75ade9d-130c-433e-b26a-0669424809cd", "comment": "Malware payload (Mirai)", "value": "e70939b50f8157a753179c16cd81054e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322401, "uuid": "bc8fd37c-9ce6-4526-ad3f-95c9b1e33a38", "comment": "Malware payload (Mirai)", "value": "6f9448b949f3d993e0ef7e06ccb56e2085bc5f883dae5601408917e61b4e0ea9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322401, "uuid": "e5d79e3e-55ea-459b-88cb-0136d262748c", "comment": "Malware payload (Mirai)", "value": "0385981c050f66c99fef1dd330dfdd1125fe9f77", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322401, "uuid": "0be1daaa-6340-421a-a59d-101840ae9ad5", "comment": "Malware payload (Mirai)", "value": "7d686e1bf67932893759905216c930b6d85ed2525de3c56c51ba8f0a843b13aec186507aa2886dae83b371e5b3dd6844", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322401, "uuid": "2df38342-b4ca-41d3-818b-3005b8ee3eb2", "value": "T152D2D14CE2556D5ADE9DFE3C018D03A06F85B0D4730C0E5A0B5A88447637B6FE8AA17D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322401, "uuid": "59956c2d-b42a-4e7f-b5da-6dcafbe72f00", "value": "768:C1uUtLrVDsAp6tLSTg49XEB4Z98s5CYJb8WUu:CbDs06tKdEBgGs5RAu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692322401, "uuid": "289b2f69-cb93-4fe5-8360-fbe9bee19509", "value": 30316, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692322401, "uuid": "d2a9019b-6092-4253-86c4-e5a74d14652a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322401, "uuid": "b52258a5-f444-45da-8610-1c080f8b6d98", "value": "e70939b50f8157a753179c16cd81054e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16152652-3dcc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692365724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365724, "uuid": "7bb0ea72-a3a8-4d2f-9fb6-80149a93514f", "comment": "Malware payload (Loki)", "value": "404935724522d29d43025714f4168738", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365724, "uuid": "5b8532ba-8e51-431f-b1d1-5e0a0a387e60", "comment": "Malware payload (Loki)", "value": "6fbe516d1c467c41d9bb63e6c65fcfe6ff59745df2d5decd7b1a48053dd1e4d4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365724, "uuid": "71278f3e-f482-460c-9b71-98b3eeb351e4", "comment": "Malware payload (Loki)", "value": "86ec92764dee334d5e867284618a34414c5662bd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365724, "uuid": "0259aa6b-ef32-44dd-adcc-ddbc6a525d93", "comment": "Malware payload (Loki)", "value": "4ee086537c73d930fac3b889b210b43c8840e0499ae1dbb4b161c38907f377567b7bc29e13eb6d68b4e5c54022b24dd6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365724, "uuid": "40a0c277-0fea-4838-8a4a-1d19eeb2dfc5", "value": "T1C484BF63A193DDA6C645493D4674FBAC427CCF521E1BA28A61793222EE73D072F0CCD6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365724, "uuid": "5a59e0db-afb0-4357-918a-a89ab1f6fd01", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365724, "uuid": "2fa7da7f-9f12-4ecb-b746-ea5f8711e5bb", "value": "12288:yY9mJxRHHE6mRsc9gC8NLhPtD/fJomIA1UyLRa2CZ3nr:yYRO/fJHUmQ2Cpnr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692365724, "uuid": "a58cbd2a-9d0c-4ac9-be05-0d853df45af8", "value": 397194, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692365724, "uuid": "f496f098-99e6-4c4d-b7ec-e55a6928c960", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365724, "uuid": "94b35c89-f327-4eb7-8bcf-8e2260d1f61c", "value": "OUTSTANDING.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "85abf8b7-3d90-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692340142, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692340142, "uuid": "63b8554e-c35a-4d2f-9293-2198bed01d29", "comment": "Malware payload (AgentTesla)", "value": "0080a58cdd7b144b3b8a50147dbcb2af", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692340142, "uuid": "5d6ab7f6-931b-4d70-afdf-1913e12a4e57", "comment": "Malware payload (AgentTesla)", "value": "7124c3e8605f272ec384eb5522d9dc62dcb77c81074a4ab1693b50737127a7b3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692340142, "uuid": "4048c50a-0c00-46ca-be0a-c57eae1ff430", "comment": "Malware payload (AgentTesla)", "value": "ab5268d8465e6aeb65c35ae35fe537fe93df2167", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692340142, "uuid": "250d1584-3345-4b72-95f6-90c81ab638e4", "comment": "Malware payload (AgentTesla)", "value": "2f97d6ef30fd46729640474e9691cc88f703b6b2747bdd9dc7802c07b239e66c2687dfdc9b7e3548957b1cbc305c3b96", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692340142, "uuid": "6fee495e-9cb1-41b1-82e6-0e3cc50d6ba8", "value": "T1D115E95CFA09DA3FD34C8C3950F9DB2B69B99BAED0E1E351C01191B518E6CAD0DB6063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692340142, "uuid": "361a6aee-ba7d-4d43-ae21-deebf459f85e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692340142, "uuid": "3adfef0f-85b6-4e5f-b4c3-8b25734eb51e", "value": "12288:va5YulSxnSWrQ260eUnd4AoVTbtHj9r1mwwDZ+UndMoV:vY36Ood4t/wF+Ud", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692340142, "uuid": "b5ee18b0-5a24-4c3a-a720-82d4e9ac92b2", "value": 957440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692340142, "uuid": "6b1be862-9294-4ce6-8338-86dd0049a580", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692340142, "uuid": "a709701a-8fd3-4669-9b3c-148ec1508e22", "value": "SecuriteInfo.com.Win32.PWSX-gen.8695.7749", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25a0e330-3dc5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692362744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362744, "uuid": "dc5c0fcd-4b37-423e-ae0d-c43e54bd3740", "comment": "Malware payload (RedLineStealer)", "value": "7d2aa1dd78e54c86b73c51d2af9199e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362744, "uuid": "7a3898c7-386c-484f-bfe4-b6724250542b", "comment": "Malware payload (RedLineStealer)", "value": "7332da93323eec820e1b6900cb38f267a4848604c2a38017f31052704d042b91", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362744, "uuid": "8cdeaae4-2849-4f35-a671-9e6d4bcbda9e", "comment": "Malware payload (RedLineStealer)", "value": "4baecdb1a79f89279db9cf68865f263d4eb800a1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362744, "uuid": "a8af1be2-b587-4927-bf09-baec67b046b3", "comment": "Malware payload (RedLineStealer)", "value": "be594b71ced3528e4acb39eb07bf96ab63f1d21610f968932c878035d8afbb5b1fd2f38fbb08765997bbce8630bfcadc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362744, "uuid": "f157e118-0afa-49ec-9dc6-6d92977ad112", "value": "T1708401213A90D076C5AB10345670EF619F7F707065B8848BB7AC17BE5F303919A7AB4E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362744, "uuid": "03646c78-f2f0-4af9-8e8e-b4bd9341ea79", "value": "e9c0bae0408e0bafadfe55650c235281", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362744, "uuid": "ba915219-c77f-4cfb-b0a3-14df4eb63f5b", "value": "6144:rLLEeP8/KoGT3A2EMqHxCBoxkG3ZofOvjcN6KY5JrOv+MZ9/AuPHGu9+wIp:HwePwGULxrf3eWQN6KYlIouPHGPwI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692362744, "uuid": "e983b050-7adc-4e55-a579-1b4e92699ff2", "value": 377856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692362744, "uuid": "7a2f6819-afc4-4adb-b5ad-94bebedfaf41", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362744, "uuid": "0ef5f56f-1c6b-4287-8911-7f3a42575a27", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42267fb8-3de5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692376536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376536, "uuid": "8ab0268f-36ad-480b-b3b6-a8471ac41d2e", "comment": "Malware payload (RedLineStealer)", "value": "f0e25d0251190e12106a59bbdc7bc850", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376536, "uuid": "9913ae07-a686-4d04-bee1-217d6d5849a3", "comment": "Malware payload (RedLineStealer)", "value": "741d80588a38f6b0dfe4ddf307d67ef3fd769ea59f96baa0a4330cb9c095f9dc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376536, "uuid": "2341a417-87c1-466a-80d6-cbdb8ba69e56", "comment": "Malware payload (RedLineStealer)", "value": "a57c7a686c3fbc23b0b3a2d03b58c33ed5b51be5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376536, "uuid": "019e4b52-3d2f-48e3-8c15-ce28ef234fb0", "comment": "Malware payload (RedLineStealer)", "value": "014d284857d3160086bc86a37c7f97f8a436d8aef828c05b6c0ae54dd7755e502b5303d5765e44d9eeb5062ded12afea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376536, "uuid": "e63a03f8-41ed-44e7-9ad2-19beaf6392e9", "value": "T189F41243FBDC4172C9F527B158FA02970739BC714DB4937A2295A4AE0DB2A88E57133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376536, "uuid": "de4db3bd-fd9b-427c-9547-d3b320e8712a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376536, "uuid": "d1caf631-4306-49c5-8ccd-7667a8b967ff", "value": "12288:gMryy90c+DWK8M2Eep8B+vg8MqINtQjEAw5iAwBKf4xdjO7Pr:CyD472i848xINtQjE5RwBKfYjO7Pr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692376536, "uuid": "0a57e4f3-a397-4ca2-866c-8083bc4f63dd", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692376536, "uuid": "f845cdb5-40b1-4fe0-bb65-fa465a9169a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376536, "uuid": "bf5d11fb-6b3b-4ca2-ae30-a06c862f8918", "value": "f0e25d0251190e12106a59bbdc7bc850.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd095c5f-3db5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1692356180, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356180, "uuid": "b09f19fb-a495-4774-a61f-ac1f05b304ff", "comment": "Malware payload (StrelaStealer)", "value": "77a5ba6c5ee3c978093d02e0300afd4e", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356180, "uuid": "20806e69-5946-4215-a4b7-ab88e11a1c27", "comment": "Malware payload (StrelaStealer)", "value": "79ae7e5dbd40a9ecda0e69bdb316eb0e567a677674ceb722c78050eec9bbfa32", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356180, "uuid": "5a1e84ba-d68f-48f7-9dbb-9d610bfb597b", "comment": "Malware payload (StrelaStealer)", "value": "2b2957ac884bce33da3842b170e8838d56cdefbb", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692356180, "uuid": "9d403e3a-ee6e-40b5-9f3c-fbc03f6fff09", "comment": "Malware payload (StrelaStealer)", "value": "da7291ba431171bcf0e96992688aad30935cb55aff7a53d8a1fbe600ce6535eb513bd3c9c9fa37b1e014060d8c716984", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356180, "uuid": "9588c97e-ac12-4cc0-ba40-d545f6fc0ee6", "value": "T159152AF476D17AD70FB5290DB3CE41B23D64B857F0EDAD8522890E1E92843998CBBD60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356180, "uuid": "71a328a1-30bf-4795-a9a5-6d8e8d55c2f2", "value": "12288:fVUoRLKdkTvQ7eoznfNn3dJPHJogsF0ZDANdfs0Y5eccTpk9WWsoT:fVRu8IPzfNnNJPHugsF0ZDYs01m9We", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692356180, "uuid": "c8b592f7-cb05-4f77-b65c-68e4e220aef6", "value": 961491, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692356180, "uuid": "ab9a7b1e-c5c9-430c-b046-492005b305be", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692356180, "uuid": "7bc67dcd-ad17-4d4e-912b-db828be4ba33", "value": "12519112862926.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2cba7a68-3d61-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692319806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319806, "uuid": "0f2a1a96-12c9-4367-8c04-ae9b37ba668f", "comment": "Malware payload (Mirai)", "value": "f485fbb8085a380fb9988e5a50db43e0", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319806, "uuid": "f2828c72-addd-4c9c-b0ef-e9c4e4bf9f3b", "comment": "Malware payload (Mirai)", "value": "7d8bb6b6a00290af9630c894436245b0b243472767d2904be34fd689edd7cd47", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319806, "uuid": "e14bfbdb-f0a2-494c-84ce-a1d0da80ee11", "comment": "Malware payload (Mirai)", "value": "d2043867f021debb8455939ad002e8501861d512", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319806, "uuid": "e2bf9d75-6685-47f2-9e8e-1bb8165a6177", "comment": "Malware payload (Mirai)", "value": "552d213158af37d80b96aa2685470b68bedd4ae5f680e8a1e9051db063b69cb510f847c5cf661582b88d567b680ff0ea", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692319806, "uuid": "17c11a40-f937-4b93-8b10-2d347cc72b63", "value": "T134C2D07272797A70D1F59C38E5B14EC9755787F8D7D9367C02204A524B828F310BC6CA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692319806, "uuid": "5e17ecc5-3a29-4188-b022-f87f880981c3", "value": "384:8A3ILYYk/9pNryQdN+Q5pTn+ClvA9rsk5UMRvhjAqsKZ8+8ESiNcZy2dFlBhymdC:8A3IEt7NxndA9IMhhQvE/h2Ts3Uozf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692319806, "uuid": "d3e4df2c-ac16-4133-ac52-aa4ae060d7b7", "value": 28168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692319806, "uuid": "fc618953-1b8f-49a1-94bd-e6c8956f9579", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692319806, "uuid": "d9a0c206-f006-4e9a-8e92-c493b4566295", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da02796b-3dea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692378938, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378938, "uuid": "963205d5-5616-4f4d-8560-2ee5424fb030", "comment": "Malware payload (RedLineStealer)", "value": "b2f05fed4a2e5ba0ed6d5290cc61c328", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378938, "uuid": "a8db3d6e-b423-4dc8-b1af-65be6e75a938", "comment": "Malware payload (RedLineStealer)", "value": "7eb6bb9d3c6559c75fc2d76023136503f8aa676ed9ba4f01b1472ba403770ea1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378938, "uuid": "cd0cd1e7-786d-473f-9fbd-a29ee5e1960c", "comment": "Malware payload (RedLineStealer)", "value": "c129840be6c84fab11c877b84865c3d1ff98c882", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692378938, "uuid": "d2304fa7-e0a1-4160-8721-771de5aedf93", "comment": "Malware payload (RedLineStealer)", "value": "faa0a5392edfc99be6a99b00e628b08afd99205eea1cc9bbe5e682724dd47d2fa3033277a5c2f8fcbaaa76d06692bb94", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378938, "uuid": "fca85828-28db-4581-b12f-111d5226cfc4", "value": "T147F4124697E840B3E8BAA7B06DF703930B317CD18DB4CB2A27459D5E8D73985953232B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378938, "uuid": "e104a09f-57c0-4dfd-878b-84cd6e21e5f7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378938, "uuid": "46cfc436-b5af-4636-a05a-80fabae9ecf3", "value": "12288:CMrUy90yKX/RrZ3gVrnVmalCQ68xvliBCkce22pJI1u6PjPAKWSGagX0gSe7rPML:6ybKX/VtCnlUkeLAZPcaglH0XDvNd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692378938, "uuid": "708f06c6-6fcc-461e-bc26-92997c58efb2", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692378938, "uuid": "0fcb29b9-4189-4843-90cb-ad9bcdbfaae6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692378938, "uuid": "7a1b39d9-43c9-465d-a915-62a31d4eb730", "value": "b2f05fed4a2e5ba0ed6d5290cc61c328.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e7985fe-3dd8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692370973, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370973, "uuid": "b42fff6c-c97d-451c-b810-56dbe9a0449e", "comment": "Malware payload (Mirai)", "value": "fc9b3c03b2f5db2f54fad4bcbd1b18fa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370973, "uuid": "1d904b48-09f6-4c78-8f0a-c1b42359fb2b", "comment": "Malware payload (Mirai)", "value": "7ec3b1fdd152a306b735e75aaffee8a8133c1dea19f58f3a9f785748742ceffd", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370973, "uuid": "03d7bda3-caae-4fd0-bd47-e1dcca02deee", "comment": "Malware payload (Mirai)", "value": "520fd187ed569fd8cfee3af49d250396bc5bd740", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370973, "uuid": "272d68ad-5879-4b31-87f4-fd3cfdfc977a", "comment": "Malware payload (Mirai)", "value": "94378ce59b0ecd97fcedb0f3443e8938ed3d2bdadc408175e069f0068d6c6d956d4e6fb222289cd9164d3b9fc30e35ed", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370973, "uuid": "93228c16-08a8-4626-87d4-9094c93a79c9", "value": "T118B2D0CD61443488C98D7C7C678D4A664FACA190BADD9F26E350CDD8B3BEA8B345D078", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370973, "uuid": "ddcc3a0c-5378-414b-9bbe-df2a4bbd0455", "value": "768:c4rQlS07dEv0UXqUhvQE+CXQKMQKCXBppCZq8WvM:BQlS07FUXqIYSXQKqupGqu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692370973, "uuid": "eef65605-df52-4ca0-9460-9c4a6f30ade6", "value": 24912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692370973, "uuid": "5fd3e116-6fc5-4745-b321-abce81e19258", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370973, "uuid": "2c467311-8dc6-4a84-9083-ed5c1e8c6d25", "value": "fc9b3c03b2f5db2f54fad4bcbd1b18fa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ffe77a26-3d76-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Quakbot)", "timestamp": 1692329180, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692329180, "uuid": "03f138aa-cc57-4feb-967e-8e79f42168d6", "comment": "Malware payload (Quakbot)", "value": "81e56fd3b67ce33ef7150003985be7f4", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692329180, "uuid": "bd372b2b-3876-42d1-a6d0-af1af7f4a4ac", "comment": "Malware payload (Quakbot)", "value": "7ee6095ba8c4ed9fe11fbf5e703823e1aeae7f5443027738f55979b27ca57171", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692329180, "uuid": "3b8f9c92-c2fa-4231-abad-2df88b1b75fd", "comment": "Malware payload (Quakbot)", "value": "6c739fcc6dea8cc65617ff184f1febcd5404143a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692329180, "uuid": "943d714d-9ae6-46be-ba29-1cb7afb1eabe", "comment": "Malware payload (Quakbot)", "value": "c08922534a165ba16dd38e1d7acb521b9f3ed2f0f94d27ab94b74aafd24dca893b77a482d92ce5115c72ea959f04f929", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692329180, "uuid": "3fb0d022-aacf-4a3c-8cda-a0c09b8342f0", "value": "T14AD3BF13A42280F3DA311074A5CDDF6D5AFDF9105B66A8D3B798AAC18D205C1E63B3DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692329180, "uuid": "7ebf645b-2a24-4167-8f87-030ebead79a5", "value": "3c4a379270b250744490829165226c41", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692329180, "uuid": "3f755e8e-c21d-4905-a95d-efbbfec67919", "value": "3072:4ELogSZScYg+E/wmqpFQQT7J/AzMVWWRTBfItV74VZ:LofScb/wmqp+QPJ4zMVWWRTBgkj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692329180, "uuid": "af77143e-7c42-43c6-bb0b-296078f4b41c", "value": 135168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692329180, "uuid": "5102569a-b1e3-42cb-b487-9dccfac689c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692329180, "uuid": "e0356cb2-5ffa-4455-8f51-65db46e76e17", "value": "Qak3.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3661c4c-3db0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1692354070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354070, "uuid": "3e0d3cdf-120a-47ce-b836-7d7f7ab86679", "comment": "Malware payload (YellowCockatoo)", "value": "cb9149313b333e30c1f869238fc82557", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354070, "uuid": "f137d634-c36e-41fb-b0d3-4b4b0f9cc0b7", "comment": "Malware payload (YellowCockatoo)", "value": "82f2f8ba13d48c909443c4827c02c9890fcea53ea5a60f41b2c92a3298b76d58", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354070, "uuid": "0269c265-1908-46a2-a504-929bfce07778", "comment": "Malware payload (YellowCockatoo)", "value": "1fe3c9a86aaa7dbb8969a0e96046bb144d032aa8", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354070, "uuid": "a20b8ad4-d9ea-44a6-9bb2-2a92bae55a3b", "comment": "Malware payload (YellowCockatoo)", "value": "d376320a76f5c5f72f3bdf06bffd6ed24657074b6a0f39afd53fdc8e3bbc703f2389abc182515ae7ea7a64e2774f099f", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354070, "uuid": "623bc1e3-7ea0-4109-8d31-20524e9dc049", "value": "T14AF512DB91E50EE857FF58406517CF22BABC5186B570C31B2D428CE768DEC69D20E2B8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354070, "uuid": "f79e55c6-6ee9-4c42-98ad-2355f076d01e", "value": "24576:2aCYinu1pAgCjX7TuvMzClhnhDB3FkaMyvmlpQunc1TVlmbCYhAUw2LvMuLZo:3CYKF72vwInhDBpXcpQucTVLyAUw2M8o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692354070, "uuid": "21813029-acbe-4f1b-9643-2e93ca5df7df", "value": 3642583, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692354070, "uuid": "e0f28897-4de0-40a9-94d0-b883ddb2000c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354070, "uuid": "3ce77bcc-a1b5-4a7d-8f40-17bc4eb85f15", "value": "install.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62d54e6f-3e1a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692399354, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399354, "uuid": "c3925a62-9705-41c7-804b-0e830ef8fce9", "comment": "Malware payload (RedLineStealer)", "value": "03ab8c8881dabc13c09e38b80c49f855", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399354, "uuid": "a18db7b7-ce91-4b46-83cd-842cb90d8a8e", "comment": "Malware payload (RedLineStealer)", "value": "84cd43c35cabeb8863bc4ddd850e985dffc72cb168f3522dc6b876f231afe580", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399354, "uuid": "af033be8-37d6-41d3-9eba-0c39e00eb034", "comment": "Malware payload (RedLineStealer)", "value": "c12d0676dd6f00f4106748fb4a2268b92f1c34ab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399354, "uuid": "1479d535-83f8-479b-91d3-e2344de4faa6", "comment": "Malware payload (RedLineStealer)", "value": "360dbec76c08d9252c101414b515005502b5d863b05078a06b0df1f847353c9279a2f73d7f9729240c09e93ea5125c36", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399354, "uuid": "be7a07de-cc66-4c0d-916b-0cb8de2bb636", "value": "T1FCF4124296EC81A2D8F46B702DF642930A367DA68D7A437B1795A80F0CF35C09577B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399354, "uuid": "6f9a3602-48c4-4a14-a8b4-4ec6b129495e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399354, "uuid": "610329d1-0197-482d-abed-7f26b6e64ce1", "value": "12288:oMrvy90hfAjuFszYyZN4DlfzMgtktvROFb0h5b7FfYoSx/F0PmNfGmeO:XyCAjhT4lzhthS5b9Yn/SONfXF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692399354, "uuid": "bbe7315b-91de-4fd7-a969-88d5ec890ca1", "value": 730112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692399354, "uuid": "17d41ec3-3fb7-4cfe-a100-1fbb36fef4ef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399354, "uuid": "0db22c50-d559-473d-a81e-ae316663e24c", "value": "03ab8c8881dabc13c09e38b80c49f855.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c632dff0-3dc7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692363872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363872, "uuid": "6e74f08a-c93f-4903-94e9-3da05a0e552a", "comment": "Malware payload (AgentTesla)", "value": "3c69c2def3695bc1a6581eeea62fe8e7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363872, "uuid": "b11a3e1a-a2d2-4d94-9635-7b8c6330075e", "comment": "Malware payload (AgentTesla)", "value": "84e5beb64edd5d86e524efa857995b09d5f5f2d7e5effc974e4dfb4e4d5364ed", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363872, "uuid": "96aa1983-ceb5-4d31-929a-d55d11a65033", "comment": "Malware payload (AgentTesla)", "value": "001b3af50a017337a86cbb7d4d999f3a267f2142", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363872, "uuid": "8245d810-7c30-43ed-ac1d-b3a3ac77adf3", "comment": "Malware payload (AgentTesla)", "value": "1603f1d9819c96867b43982d9457d1fe66bfefc95a6368e4e7d58e8b10dbbf62505dab5d6f0722029991075480824523", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363872, "uuid": "90dc5c8f-af80-4ed5-b72f-f71cf9500e09", "value": "T1E2E4F04137FE2A47E6B6D6F950B8564183F27A296461E3ED2C8520CB18F1F408BA1F77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363872, "uuid": "ad5912fb-9b69-4e34-a2bb-d8f76b0f63a6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363872, "uuid": "3cf0b8e6-8930-432c-8d4c-84a597ede84a", "value": "12288:75mHFFDUSbEkbwcuaDOWcruep144kPCXf5Y3fD070:NmX3Ej+OWclpdBOC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692363872, "uuid": "deeb6249-438f-4176-9e69-7246d375472a", "value": 704000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692363872, "uuid": "80b49cc1-dc0e-4168-a65a-ff9b4998f4aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363872, "uuid": "cc70fe4e-f2c2-451e-9e77-5457465191b7", "value": "Payment_Swift_image001_18.08.2023.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae5078a1-3ddf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692374140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374140, "uuid": "12ad05be-a358-4f00-8bb6-50a7a647137b", "comment": "Malware payload (RedLineStealer)", "value": "f3d1b91c24b40e8e9a75eca9df21c8d5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374140, "uuid": "4129d185-351d-4257-9043-0311016cccd2", "comment": "Malware payload (RedLineStealer)", "value": "8542ed680f596fdecef71eeab1b0ac058e5a7683fe92f540df536ba165356243", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374140, "uuid": "0b38425b-cde0-44c2-91ee-557789adab93", "comment": "Malware payload (RedLineStealer)", "value": "f8954473e1aede2678e6b7ba8fb5e9388626f089", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374140, "uuid": "1b636284-02ac-4bad-a223-48f5b007fc5f", "comment": "Malware payload (RedLineStealer)", "value": "699e88b570c32e2cb3de0ee0b4b95f33752d35f9ceeb8fac6c45ab70001eff5754cd3cbe67cbfa778bfec133ad98e280", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374140, "uuid": "13424601-3031-44b0-ac30-9b5010bf2a39", "value": "T186F41247AAD89463D9F127B094FB03830A36BCA108789B772395B85E0CB29D5F53137B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374140, "uuid": "fe1646d6-3017-4753-ba0c-212e2f1d24dc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374140, "uuid": "f70ace3f-0f3b-49ff-96d2-36b70282a669", "value": "12288:QMr+y90XX500jwZyQbs/u/lwXKp9e7DIGKRngXnp7S/46V8nXZL2oz:+y2X5/jwZyQQ/uCe07DHKBgJoOnXJvz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692374140, "uuid": "ee110650-7ca2-4be3-ab18-0d9ca5af2427", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692374140, "uuid": "ca406cee-c0dc-497a-b7a9-3ba8b06f9941", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374140, "uuid": "6133fad1-d644-414a-8990-cba1f1a36f13", "value": "f3d1b91c24b40e8e9a75eca9df21c8d5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34dcddfd-3e08-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692391546, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391546, "uuid": "240c8527-cf26-4baf-854d-1748b0a3b902", "comment": "Malware payload (RedLineStealer)", "value": "e98a034e12e99297e32c2732bbbe8d91", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391546, "uuid": "6ae465ef-d8e7-4e1d-ac41-a468b716f910", "comment": "Malware payload (RedLineStealer)", "value": "85757bb0b44f50a3cd5ca64963a89dd757acd4c713de0377a9436e636399dc67", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391546, "uuid": "e5575ea9-3aee-4eff-bfca-a02ee644e89b", "comment": "Malware payload (RedLineStealer)", "value": "086621112486588206ffd5b0a75d8a812e084e3b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391546, "uuid": "6aab872d-39c3-4358-b4be-4131d2e7a289", "comment": "Malware payload (RedLineStealer)", "value": "fa04e69add82fd56e07bf5fae6aca97e99994084af3c8e17b0d3c7e57f5bbce68d83070c701cc3f970d89337af720504", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391546, "uuid": "b8758938-b8a3-40e7-8943-b9ab1850deb7", "value": "T153F4121392DC91BBE6B42B7429F103D317367C925C3453AF2756A92E1CB3B90A87532B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391546, "uuid": "d6edd202-54ee-4d64-a1b1-178fd23e5632", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391546, "uuid": "39e17ef3-eb00-49f1-9d15-8065bcd8cf20", "value": "12288:zMrLy90YraJzfeO1mgZF3qA2FYRsL6noG0+/LVyBwxhqSPhJKqCMJd:UyIJSYmgZJqARRsmr8OLKq3n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692391546, "uuid": "956ac33d-5744-4511-8235-9f773b513b6c", "value": 731136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692391546, "uuid": "62c5fabd-528a-41fc-a351-52a1a6d40dce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391546, "uuid": "e49a9646-b99b-49ce-ad3c-1259aaf60a41", "value": "e98a034e12e99297e32c2732bbbe8d91.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a89c5808-3de4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692376278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376278, "uuid": "2b518270-4069-4115-b399-49aafabc6116", "comment": "Malware payload (AgentTesla)", "value": "0d8453b3475ec7707f234ca4b644ef18", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376278, "uuid": "d41d6510-2470-4f77-a474-1fb5cacae437", "comment": "Malware payload (AgentTesla)", "value": "87910624df2a9f0f48c640d127e88417764f96c7a66f38336dfe8da6d0e96c2f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376278, "uuid": "3565a080-41b7-4cb5-969d-70543d2e0423", "comment": "Malware payload (AgentTesla)", "value": "4c14eed813e225929e98e011d1a31759b2932c6a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376278, "uuid": "6a6528bf-e357-432c-bf75-2203f9c230b9", "comment": "Malware payload (AgentTesla)", "value": "06b72603ba677509fbcf3eeef91c7cfdb6eabd47403d385054c5025474cab5e3b0a5c0e5b326c30cba25c49f6cabdd0f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376278, "uuid": "f7a4b195-1fa1-4d14-94c0-840c0eb1fde1", "value": "T17EB3AB6DD34F02AACF5252779B1A0A4541FCBB7EB38152B1346C533933EE82D512A2BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376278, "uuid": "4e94a4e0-8f7e-464a-91bc-5c85f01d02dc", "value": "768:wwAbZSibMX9gRWj96Efj5iF2XDTzW7y/RJYWLoqYqrQzmtiKVnaNUI8b+q/92:wwAlRYLYF2Tcy/RaiXtJDlaNU6q12", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692376278, "uuid": "54a8a319-f2e5-4272-99da-85d7503aa039", "value": 112967, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692376278, "uuid": "11e97dd1-07db-44b7-b44f-a94bd4a86dd7", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376278, "uuid": "00c4426c-48b8-472d-9fb7-4c4f8153fdfd", "value": "SecuriteInfo.com.Exploit.CVE-2018-0798.4.15716.20318", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa6f2c9d-3e1f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692401756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692401756, "uuid": "c36818df-216f-4042-905c-89a863ee2027", "comment": "Malware payload", "value": "dff7f0552e91826b222d16879dfda268", "object_relation": "md5", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692401756, "uuid": "35a562f2-b0a1-458b-bdef-62a8565ff7cd", "comment": "Malware payload", "value": "8868ff5ce2075d865f44441eddb2a008c5c36336f422fb5ebcf5338f59644bd6", "object_relation": "sha256", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692401756, "uuid": "fcf68201-fe6e-4f0f-aff3-cc51ee5faa6e", "comment": "Malware payload", "value": "54cdc50879ff98d660c8273b0efd7ec8105e12de", "object_relation": "sha1", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692401756, "uuid": "7d0dafc4-86d1-4e11-9125-591b38d84bee", "comment": "Malware payload", "value": "887b6f61a8a22834fc37e9287193cd3fec1ba96dee5418de637315c401b0e2e441020d7f397a589352b2d92a4b9e1dee", "object_relation": "sha3-384", "Tag": [ { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692401756, "uuid": "9e9e5316-6a33-45f2-8bae-9a3b3443da73", "value": "T15675BFF876047DD6266F536BDA96ACDC13B61B239ACBA4CD806477C305A3375FE02805", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692401756, "uuid": "35afebd8-5627-4abb-8fc7-58db7b9f2290", "value": "24576:L9uC0VZIvL1sNUcQzCytUCZVaQTx9Jnj+Yjb6ew4AVUwUVD7mHLHB1KBD0vJ3k1k:M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692401756, "uuid": "7c168a0d-398a-4c79-925e-bde0edf4a6a6", "value": 1573069, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692401756, "uuid": "029451fa-17ae-47ab-9c5d-988c4cd561bd", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692401756, "uuid": "6c8b749e-77a0-43d3-92f8-07b34c96ea06", "value": "SecuriteInfo.com.Exploit.CVE-2017-11882.123.17263.3704", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac7efd34-3dd8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692371131, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692371131, "uuid": "39d7ccdc-4c36-4443-ab46-c23d314800de", "comment": "Malware payload (Loki)", "value": "f4b6b21d4b19987effffa1135f890445", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692371131, "uuid": "5df42014-4cf1-4926-a749-c9b0a372053c", "comment": "Malware payload (Loki)", "value": "8b32002b45bdad5c95f4c06fe5fd5f186ba51a3363b11338e40621954114e7f5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692371131, "uuid": "b4094a61-dee2-4880-ade3-bcb21bcc89b6", "comment": "Malware payload (Loki)", "value": "fdde2aceb297d08454f63e611f462d80d787e195", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692371131, "uuid": "6c37ca85-7793-4af7-9d9e-3b54f9f2965d", "comment": "Malware payload (Loki)", "value": "8ef4bb246bf83bc207b0bb8a43a2bba32964c23225709ea4db611cce65f66e7e361dc47178c136b4f9f0ae50db42f8c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692371131, "uuid": "da0a7729-6fe9-45e4-bdb2-ef7648b7bec5", "value": "T1DE25E007B99E8DE1C6842737CECB148C4761DD81B6A3D61A758EA3EE1B03FB69C05607", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692371131, "uuid": "4e908b5f-43e3-4441-81c7-a269e59853ce", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692371131, "uuid": "c1c0b3e8-4678-4047-992e-42ec578dc7d6", "value": "12288:CXuYULuJOqvVXYXwjT1Ht1VT1O2qHWjUsUInA4doGiFWg4HeAOiY8741:UULKOGYXwv1FT11qm0mAwqD4HJOiy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692371131, "uuid": "493fd59e-3536-4d13-81e0-37c9db8361ec", "value": 993792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692371131, "uuid": "e2236093-643c-4ea8-87f1-768eccca6788", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692371131, "uuid": "3b5f277b-b833-4ccf-bcee-67906ebc55bf", "value": "Purchase Order (PO) PO 00197086.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f921dec-3dcb-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692365499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365499, "uuid": "489e76bd-beef-4919-ad4e-419b78afa34d", "comment": "Malware payload", "value": "f64469a631238b167b0bda1194e85243", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365499, "uuid": "6632c513-44a1-43ba-99a1-2b679a73e06c", "comment": "Malware payload", "value": "8bb05744062bdf97c8c1c6c0f34d2ff221a9fe04913f4c296a2fdba6d0d48ad1", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365499, "uuid": "dc3b973d-824c-40c7-8f18-31390ee32523", "comment": "Malware payload", "value": "2b9e24cdb1cf6307cfbc4bc8c25103f2a12acb9d", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365499, "uuid": "7dd1ebac-f7c2-418a-b36f-f09b0d4c1277", "comment": "Malware payload", "value": "3d74faac8b1d10d0999b6512fa92dbf3daea89bd8c797b37979d89126410af8ee12bf077de652a7ad03d5ced6f4b54d2", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365499, "uuid": "2ffc2cd6-de7d-4367-8b9f-ab8e357cb4a5", "value": "T1A5B38C11B5C180B3D5BE19350070C6719B7EB830EF64AD9B37A81A7A5F705C2CF25E6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365499, "uuid": "797ba4b8-2e39-447c-b02d-a5407b336cd3", "value": "41094fb41caff385dbb69f88e1cb11f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365499, "uuid": "eac6998e-f7fc-4d87-b4c5-71ec3a882f25", "value": "1536:16nG5JxotYK7jDp1WgLsBju+2AjxurUyFtvUeLljMmTEFu87ZsWeocd7r8uMHews:pxqNwgLsRKAxurxURuqS/8/+1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692365499, "uuid": "efe918a7-3a4f-47f9-abf2-dfa74a0e3a7c", "value": 113152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692365499, "uuid": "64e7c16d-65c6-4fc3-a593-f0fb383d6843", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365499, "uuid": "f9b2bdb5-9495-43cb-9135-bdb9ba0bfe96", "value": "SecuriteInfo.com.Win32.PWSX-gen.24772.24920", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55800a02-3db1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (StrelaStealer)", "timestamp": 1692354234, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354234, "uuid": "5329a63a-f489-4939-a8fb-b3a8ebc6d498", "comment": "Malware payload (StrelaStealer)", "value": "d4f3ca0a7c492afdc30c1c2a1a44f21a", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354234, "uuid": "6567ba26-4b85-4513-bb63-6582a74a6382", "comment": "Malware payload (StrelaStealer)", "value": "8c60130efba6fd8225f12b6f1281096f7e9c91742e0237a2fecbfa6d7dd3dea3", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354234, "uuid": "e79634de-36c1-432c-add4-a79b02b97b39", "comment": "Malware payload (StrelaStealer)", "value": "373c45d5116454b4879d7fa3dfdf2f2a66c14837", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354234, "uuid": "91028d36-a465-4b00-9a82-09562884ebf3", "comment": "Malware payload (StrelaStealer)", "value": "160d3ef246293cc42bf2c3b8e668dce82b1aa969b7c21109d43d1ae9a95298b7edaf80f8cfd0227a58073ad16509505d", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "StrelaStealer", "colour": "#32F389", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354234, "uuid": "c37bbee9-6b35-42b9-ac63-6dcef5d61692", "value": "T1E516D7F4B251BEE60F74591DB38F80B22C27B86BF07E5ECA2266195DC5C4244D9E6CB0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354234, "uuid": "426f8f64-aa76-4281-aea4-df58d78693b7", "value": "24576:j+7vamXRDsyzleOQjxYkMvN/B3aQtq6OBNFkCvQd/LKo5tHdQpuGMiGLLOZDb+XA:mCmX0jx2tqpNHMRx8uXpLUbUM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692354234, "uuid": "e98d5f49-8063-424e-ba19-89181320eb70", "value": 4178434, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692354234, "uuid": "c24bae5b-4fa6-4633-8756-b4083301c66b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354234, "uuid": "3651b00d-2e5c-43cf-b53a-8c21bf0f6cac", "value": "133051297412740.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0c9644a4-3def-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692380741, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380741, "uuid": "87b543f7-9ad9-463f-92f5-e817b670b12f", "comment": "Malware payload (RedLineStealer)", "value": "60116785ce5084f363ea78d6cd381098", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380741, "uuid": "a9291489-7cf1-4ad2-863c-da513f38e5d2", "comment": "Malware payload (RedLineStealer)", "value": "8d1f4f22d170d4e5d650dd9419c7e132f2eca0ad8be1f6f5245be7c784459eb8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380741, "uuid": "db9b7682-d69a-4e15-ba86-6d31d69f824d", "comment": "Malware payload (RedLineStealer)", "value": "f369b40035f9a0f808b6a558f472c2887baa7435", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380741, "uuid": "dc7e75b4-42ee-4eeb-aa9b-895f09de61c2", "comment": "Malware payload (RedLineStealer)", "value": "09156031f2012fbac8edc19b209c83a66b9700d6d25dad548e59646e8d87249046e28eb6d5866be4964856fd9991b9ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380741, "uuid": "7c8fc1aa-a0f7-4b90-9445-35cb82578524", "value": "T178F42202E5E88473DCF41BB098F717830B36BC665C78565B2B46BC1A0872AE1B5753BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380741, "uuid": "94d1d68b-3222-49c4-a38d-a1b6131b6be7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380741, "uuid": "32cf14a3-648a-49bc-aa9e-732177aecb7f", "value": "12288:lMray90XTCLEqxH9u7p6FKpxe7z3jKRfbXIp7AwfVFHtmrZFX:3yUTCnxdu8FSo7zTKlbQJfVnmrPX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692380741, "uuid": "3d2c5700-2c26-47c2-ab1d-af3b3aa9a14a", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692380741, "uuid": "ad790d1d-a45b-450c-a4c8-2805e70ca29d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380741, "uuid": "1ba602f2-cd3a-4d68-b9d9-158d547c2a97", "value": "60116785ce5084f363ea78d6cd381098.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e80cf3bf-3e08-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692391846, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391846, "uuid": "652fb364-2342-48f4-83e9-3a93386a7689", "comment": "Malware payload (RedLineStealer)", "value": "a6f15fb6e672035a5f6e57bf49bb436e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391846, "uuid": "431d483d-eb48-4fb2-808b-8c45e1870935", "comment": "Malware payload (RedLineStealer)", "value": "8d81194dbb3cf8182cec8de0f3f7d3a652810c1b42340934668b1d50a6257a3d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391846, "uuid": "562454e3-8428-4601-afac-f142f76bf4f3", "comment": "Malware payload (RedLineStealer)", "value": "2761f181d4434a7110acfc206704f5e6a911f6de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391846, "uuid": "bab671b7-1a61-41b7-af6e-423a2aa7ccd2", "comment": "Malware payload (RedLineStealer)", "value": "d6a06f6e613e4414fbe4d6f92dc074e781e3024114c9c98da9243d9ed0da20977378bcbe3ae32ff63520ed720e71e5f3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391846, "uuid": "bc960c25-0791-440e-a621-0fd3b31a5d55", "value": "T1B9F42217AAE960B3DCE917B068F717830A357CA14978871F2345A80E5CF2A84E67177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391846, "uuid": "9fdbd093-513d-474f-93cd-74169c4903a8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391846, "uuid": "dade401d-b00f-4399-b978-6b42c72f9a8a", "value": "12288:RMrry90Z9n2DUeSbyh8DWMW8MsV71HKN+e73+/KRfyXRp7ILihG5YB8ZJw:iyztSs47fLh1HWl73QKly7SihXBSe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692391846, "uuid": "49ce49c9-2f05-4bc2-a0bf-423aa8455b34", "value": 730624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692391846, "uuid": "734f6971-541f-4d1e-a59d-251f41dbda60", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391846, "uuid": "701dea9c-b270-40a6-abba-bc7d7cc11e0c", "value": "a6f15fb6e672035a5f6e57bf49bb436e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "183d603d-3e1b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692399658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399658, "uuid": "a509a8b9-96ef-4e04-98bd-4f058b9ecddb", "comment": "Malware payload (RedLineStealer)", "value": "9e6f1db6ec4d0931dcf7bc0478831cb9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399658, "uuid": "f00bb59d-3ee7-44b6-83ee-8f205452ea08", "comment": "Malware payload (RedLineStealer)", "value": "8ec785e386eec29f9567fab6d6abd128a1ba77289fe425f22bbfcc473712ec5e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399658, "uuid": "0e9bc6b3-5744-4f77-9770-08759df9b15e", "comment": "Malware payload (RedLineStealer)", "value": "6d9911be1ca62a7585667eec8225e117fb5f5820", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399658, "uuid": "f6cedeba-48ce-4c6f-ac07-3d2569193d07", "comment": "Malware payload (RedLineStealer)", "value": "c44d039d1615dc694f4765249ac4a98bb28a0784716b46ae9412149a2e3204eab0f02963c12b1ff31486e4c2ce550701", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399658, "uuid": "eebd32f1-4ceb-4fb5-8851-daa3cb0d23ce", "value": "T169D41247F7DC4473D8F51BB068F902830A357CB149B847362A06A9AE1DF29E5AC36727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399658, "uuid": "0559d9ba-5fd9-4dc3-b7dd-3bbfeba6a443", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399658, "uuid": "4b3f98db-376a-4a86-bd3f-89e7c46d62c7", "value": "12288:CMrxy90jAUAHBw0v6ieySBO3zq+gEELEAQG9fbXbmmukeqyz7OCcYARbR:7yoAUAhDQyF3o7LnQG9fSQ+7OCcYebR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692399658, "uuid": "ca623247-5aec-4ae7-be37-855768d3fd2b", "value": 656896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692399658, "uuid": "8d5e49d9-864a-49f4-ba25-440ff4a89293", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399658, "uuid": "1f6f3b97-d71c-484f-8cbd-e91a929764a1", "value": "8EC785E386EEC29F9567FAB6D6ABD128A1BA77289FE42.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8eb8d631-3dcb-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692365497, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365497, "uuid": "c707bd0a-985b-453f-862e-9ecb30800115", "comment": "Malware payload", "value": "61032c3fe799c4acb61555f776af970b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365497, "uuid": "6b04a7eb-3934-4716-9164-cd9f1728918a", "comment": "Malware payload", "value": "8ed599b2a0f542f650a82f33bab1823a015da59683eda2418adc21e094d094cd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365497, "uuid": "0f4ca7e4-b5f4-4253-81e6-69ca4efd79bd", "comment": "Malware payload", "value": "137f74b156df478fa37f1d7828c566d8fea1cccc", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365497, "uuid": "93184e13-090e-4cb6-b13f-20974e319642", "comment": "Malware payload", "value": "9d9bf29685b8a62690ebdfe1f183f28e20c6c5e03a4211840324149855235bdbba35b7fdb1854d7c8eea35c1136b2589", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365497, "uuid": "242ebf29-8a47-4983-a826-0aecb4e78adb", "value": "T1CEB38C01B5C1C0B2D5BE19350070C6B18B7EB930DE64AD9F37A81A7A5FB45C2CF25A6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365497, "uuid": "939316de-76b2-4757-be50-64485aafbede", "value": "41094fb41caff385dbb69f88e1cb11f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365497, "uuid": "97c5bc7b-a8e5-41a3-a386-7920da0eea1d", "value": "1536:k6nG5JxotYK7jDp1WgLsBju+2AjxurUyFtvUeLljMmTEFu87ZsWeocd7r3LMHDwM:6xqNwgLsRKAxurxURuqS/3Yj2jNq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692365497, "uuid": "3a2cefde-adf8-4cd1-94b0-661e0ed45904", "value": 113152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692365497, "uuid": "2b7e907e-9055-4d3b-b827-6b51fb70bd7e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365497, "uuid": "c6b5a58b-7fc9-464c-8aec-6e256f4f91d3", "value": "SecuriteInfo.com.Win32.PWSX-gen.16201.28112", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c1ea583-3e02-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692389142, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692389142, "uuid": "0c97fe38-f11a-41e7-8145-be052c87f4e1", "comment": "Malware payload (RedLineStealer)", "value": "e36f547495b8cfa383a1ea26998ced7a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692389142, "uuid": "898a5944-a775-4c55-846e-30c959b6073e", "comment": "Malware payload (RedLineStealer)", "value": "9098333378e898274f08ba3f307a49a13432c4fc2c24b897de6840ef502b5355", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692389142, "uuid": "86e2b6f2-12ad-4100-bb32-7049345796de", "comment": "Malware payload (RedLineStealer)", "value": "c69177a8cd615ff4c6df6759fc668553d952df96", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692389142, "uuid": "7cbc4c7e-4808-4a9e-9f27-86a21951bbb6", "comment": "Malware payload (RedLineStealer)", "value": "d21d80655dae7ffb91f435ea16e58a46b797b71e3ed43b54b9edc6e45aa05a050f37380feb8cbcb7ef9800fec7447d62", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692389142, "uuid": "b0e4ce86-b49b-46ab-9f26-2bc468fa3270", "value": "T148F412826AD89036E8F71F709DF207570B31BCB15DB882262B9588AA0C73795F572377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692389142, "uuid": "12ff904a-6e16-4378-aba2-50dda9ca777e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692389142, "uuid": "807281ad-d560-44c9-aebe-bafca19ea29e", "value": "12288:sMr3y90mAx3fLIRm/QaDFAgkZXgji+W6lWNzb7UOSleqVl3lMPltRytBqIsR7oy:DyotjIRsQCiR+W6aHAneqV1lMN/ytBq7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692389142, "uuid": "567f0535-5c78-4387-b870-d744f141f7f9", "value": 731136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692389142, "uuid": "a5dd46e7-4813-4f9c-b3bc-54dd373906c9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692389142, "uuid": "1280c484-510a-4bcf-913d-038433081811", "value": "e36f547495b8cfa383a1ea26998ced7a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48f142c8-3e11-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692395445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395445, "uuid": "08078660-193f-4357-8a8b-2e716ea9b848", "comment": "Malware payload (RedLineStealer)", "value": "3bd9279d8f1563ce22a5756d249c3d03", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395445, "uuid": "5bd6f24c-76a4-42fd-9799-36d2c791189c", "comment": "Malware payload (RedLineStealer)", "value": "90a4170105f86cae275c41d620783d8e7b83a4c7f480499bd37e7de46dfdd375", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395445, "uuid": "df16bdd4-79af-465e-8da4-33ba0cb6c6ce", "comment": "Malware payload (RedLineStealer)", "value": "2bc360296bd81d1e4261c1c75c47e74dd9dd4049", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395445, "uuid": "9eb753dc-3eb0-499c-81e2-7813eb2c82ec", "comment": "Malware payload (RedLineStealer)", "value": "bbc7d37b3723a59a31b94cfe3e2cc0a9f670971afdb4e1a683175b73542a7526fb4d70b705934f1c8e9a5357d3fca144", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395445, "uuid": "7e4d9412-117a-4b05-8ab6-644475484188", "value": "T141151283AAE980B2DDF51B7058F713C30D327CA16DA5966B3305986A1DB3788743973B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395445, "uuid": "143ce608-3d52-412d-be43-d891225c4c14", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395445, "uuid": "b88617f5-f850-4ba7-b6d1-c8f954731057", "value": "24576:uyoxY7AVZA01yhlSkXi92ZINQrj1ymzzofLCB:9oxYb4JNQrZfzzofO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692395445, "uuid": "b7611985-e72e-42fa-ab55-9a001f1e52f8", "value": 876032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692395445, "uuid": "50fbf683-2bdf-4728-9fff-5312b6fbb041", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395445, "uuid": "8a6860b8-4215-4d46-9fef-dac7af42766f", "value": "90a4170105f86cae275c41d620783d8e7b83a4c7f4804.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ac255b1-3d67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692322407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322407, "uuid": "3c52f8c0-f0f3-46e1-ad2c-8973c97e564f", "comment": "Malware payload (Mirai)", "value": "9ea7d0270af679192081a9a46b39b881", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322407, "uuid": "0fed3c3f-aaa8-46e9-bb6f-6ee6015bf1b7", "comment": "Malware payload (Mirai)", "value": "916334d636394e4b38b2e2fdb95b3cd8cb40ce7fb5dc187c200b2b67e3c245b7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322407, "uuid": "148a3eef-4322-45cf-9973-e2b2f020d5ea", "comment": "Malware payload (Mirai)", "value": "a500eddb6858388099a0d9b874b25e9a577c3b4a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322407, "uuid": "5fac86d3-bbad-4b0b-b61f-1592374bcdb1", "comment": "Malware payload (Mirai)", "value": "839ff8928819c966ea7679183f320a8dc8a33cd6c0418ca24ec69e331c26697cef42cab24f5560924d2bc8fb27ca4dc8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322407, "uuid": "0b34170c-ee95-467f-8807-2141f69fe643", "value": "T168B2D07037D77620C6E0AE3B6C5E8289AB4716F8A1FAB5B3A118027457D31071DB968E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322407, "uuid": "937b635a-a22d-4a7a-b2b2-12e7eccca6e7", "value": "384:Zdyd237fzXV6KBLQlG3rnmzJxMiqdrWB2jzxrdG+SBRDjOdu0KJMvdHKIrhymdGX:ZdyafzltX3TmzxQiB2jzxrdGPR3OduRP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692322407, "uuid": "d93cb769-7cfc-4b33-8d5e-63cf7411a7c0", "value": 24528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692322407, "uuid": "3deceba5-4a5a-43b3-bb8b-68fca5e3e90b", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322407, "uuid": "4d3a83cd-80b5-4f85-8645-7cb7148d4d9a", "value": "9ea7d0270af679192081a9a46b39b881", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e529ad1c-3dce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692366931, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366931, "uuid": "21d1e5ae-b082-4f83-8497-7754269b45ab", "comment": "Malware payload (Amadey)", "value": "b33673e71d5c5a1829003aae40fe51c7", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366931, "uuid": "1a99db1c-7d8f-43ce-8b43-ef208a2c5e7e", "comment": "Malware payload (Amadey)", "value": "91ce003e2891e0c52aaa51a18626b570c3eeab59790e33219f66b22aa71372a5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366931, "uuid": "a347b2d1-b2df-42fb-8bb9-dc3937d89ed3", "comment": "Malware payload (Amadey)", "value": "f407193d87e866c56017f1b7513f6e4adae047de", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366931, "uuid": "b8feea3e-cf6b-4c8a-a001-36989cdc13a0", "comment": "Malware payload (Amadey)", "value": "be354d989da026035be68cc8720f279689b2eada7aad04de34507393e2eab4f2401fc40a632e3eaa29fcd874fec0b828", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366931, "uuid": "8e0fb249-30d3-47d6-880e-14351f11a950", "value": "T1B6F41212B7DA4063DEF41B3064F613C31732BC6019785A2B679AB86F1C72AD5A4713BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366931, "uuid": "0722f93e-6e5a-4f4c-8709-de5613211763", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366931, "uuid": "deaa5e15-e796-49aa-a064-e8e83aac408e", "value": "12288:yMr7y90JqnjGvJn8JLZz/POzEPH5xKHAe73AAKRHsXpp7oLt6B2oCYUPjOIj11vs:1y3njsJn08M0v73zK1szWt6IonUPjOIE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692366931, "uuid": "b58b2ac2-13ba-4f0c-ae55-353e30aec11e", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692366931, "uuid": "1bc48ac2-0795-4d20-96cc-4271c93e0da0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366931, "uuid": "0081a728-f201-4561-b42c-dcf82724e120", "value": "b33673e71d5c5a1829003aae40fe51c7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b36291c0-3da9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1692350956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350956, "uuid": "0baf1194-fc1c-45ba-8f17-1321047570b0", "comment": "Malware payload (CoinMiner)", "value": "2541816d8d48573b8a2959189e80a90d", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350956, "uuid": "3d84ce32-36f7-4c56-b0f6-d332307de848", "comment": "Malware payload (CoinMiner)", "value": "925fc7b0cc57a291fe30ce569fb5b5d51d18126fbb41f1a7a9b22c8bef3e6659", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350956, "uuid": "34f4b1d9-669d-4791-b1e0-fa1295aae97b", "comment": "Malware payload (CoinMiner)", "value": "d1366829515b1d9e4832ec71178cb10e7873004b", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350956, "uuid": "d2febaeb-3a53-4545-8543-c94824ff0a11", "comment": "Malware payload (CoinMiner)", "value": "a2e3e6aa18ead67215e73e96b47b82e46c35e6d1b2e3b716f6097d1fa5b2924db7062a1ab044b23ed2af2d932f885bff", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692350956, "uuid": "3ab62912-3691-462c-91fd-5fcea105a4a3", "value": "T128A5333927498A65C3BA13BED58F01D67339C2372193D309BECC9C6A0F4134DA5969AF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692350956, "uuid": "b06c7ff0-f574-4545-a41d-7d101f0fbcd5", "value": "49152:aBkuMwOfZH5qw6RBwZlR+qixQGkzeT7jAUS8N89KP8lgHeL0:aeZw6ZH8d0v+3Q0jLN8In", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692350956, "uuid": "2875ab8b-6a56-431f-9d2f-fc3cc8cd7cf7", "value": 2193920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692350956, "uuid": "128b2577-236d-4764-82fb-793344170d1e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692350956, "uuid": "a0a1391f-a748-482d-9e0e-04a779dc7ef6", "value": "SecuriteInfo.com.Trojan.PackedNET.2203.17099.16335", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dd918e9-3dc7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692363724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363724, "uuid": "3f4409f5-a8ad-462b-8fd3-27516c215c17", "comment": "Malware payload (Formbook)", "value": "89b8d436638c87292a671a9fffa05935", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363724, "uuid": "e3a9fc95-d7fd-4250-8f8f-c6dad54aea79", "comment": "Malware payload (Formbook)", "value": "94f494962805c4cae1a0295d20db44ac8a42f4a6447a5856f17716c8f146844c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363724, "uuid": "3477b13b-a584-4360-b69f-e86d13801586", "comment": "Malware payload (Formbook)", "value": "518d7dbf1665959b7767e970806d76bf9fa03875", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363724, "uuid": "1246c3b5-100e-4a63-b739-346476ad27dd", "comment": "Malware payload (Formbook)", "value": "a4c048996369ecbe3f63b437531f49955fddc2cb80cd328be03628c92ebb3f6a25339b89430690d22f9431f6a5316d7c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363724, "uuid": "a3ccb70c-3d46-4340-9743-9e9aee5f8ee8", "value": "T1F9641200B7A5E463EAF306B2BE3E96B5CED4DA0601655A0B4374435CBF22782C95F763", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363724, "uuid": "ee6b6be9-e4ef-4318-915d-78a0132a71b5", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363724, "uuid": "13859cfd-6bfc-4af0-af77-b690eaebbe31", "value": "6144:/Ya6wSIdz6ZiYpeAA9TbgAtkRu9b6yNfZ6IicllI:/Yez+Zi64JgAtk856WMI5I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692363724, "uuid": "157ca57f-5f8f-4271-84ee-a9229db73e18", "value": 332375, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692363724, "uuid": "5383743e-2e3c-43c1-a805-85166fedf62d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363724, "uuid": "aee4a7c3-7648-4822-a197-f5ffaa25e09f", "value": "SOA JULY ENDING 2023_PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d52ea873-3daf-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692353590, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353590, "uuid": "50cc500d-0610-42de-a14d-75db571e4613", "comment": "Malware payload", "value": "da7b2f6315e01f3a32580f737ec064d6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353590, "uuid": "42dc0a24-f603-4e9c-b0f1-73998d215300", "comment": "Malware payload", "value": "95352af3b78c0f9b0f2d580dd4faf17135cc3294ae18ef0edefe954fe77ed247", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353590, "uuid": "f60f0c0a-846b-46bc-b97c-3ba6f71fe0b9", "comment": "Malware payload", "value": "dd220ac4edc515a5491541e7671bea841efd4268", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353590, "uuid": "6f500ff1-75bb-4270-aa08-a51976d0add7", "comment": "Malware payload", "value": "3f85d239bbfdfdda78fac877e140ca84116f0afe15a4055b099a9c03948fda589d4f80cd6a7a53ce75ca595ddc7faa53", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353590, "uuid": "541324c9-ec7f-4d09-bd29-c2cb16ef3480", "value": "T1C307AF637917C136D04603B3AD1BA7B5F26EAE34977060D36F943A7A5AB11C02B3ED42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353590, "uuid": "89e817f8-a715-4e0b-9d24-929d5a767ade", "value": "ebcfc42898f3d193054ddffaa54e6129", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353590, "uuid": "fa390f76-d9bd-425b-b82f-321ed9f39eb8", "value": "393216:ZTiNHmNmHkHpmNmlrezD8rMF7+HaF+8orqNVw:JiNtk58pw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692353590, "uuid": "c85aec93-6ef4-4c7d-add0-094f916408e2", "value": 18417144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692353590, "uuid": "132186d1-2019-4e9b-8dc9-cb14cbc0addb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353590, "uuid": "36a711cb-8084-4c11-8bae-ea29e53edf4c", "value": "adawarewebinstaller.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14a4ae83-3dc4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1692362286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362286, "uuid": "f4e8fb5c-691a-4086-8ffb-c0bd3acc97c2", "comment": "Malware payload (GuLoader)", "value": "f6378bebd5a0c8a18e9eb244a2fca42b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362286, "uuid": "9e39b9ba-95a0-4fa3-87b4-05986bd4b48e", "comment": "Malware payload (GuLoader)", "value": "97548d4f2ed2306e827adbe6d3ce84f1aca47e9a0be0c22dd0a7a053ebcd64b2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362286, "uuid": "b2dfdc91-95b9-4f3d-8604-46b2b2997145", "comment": "Malware payload (GuLoader)", "value": "ee27172a16b0e20db1f1667c3ece8a4153fab373", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362286, "uuid": "7d35ee18-3cbe-4643-9212-b0d603d9a8c7", "comment": "Malware payload (GuLoader)", "value": "6fd74a872df650f3cebae67cb15cdb954c71415c944e6b8314d80fcb8db8152a16d67ef585514e090c69fea016688101", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362286, "uuid": "a3412b4b-3a8c-4a2b-8ba7-8cf6d0baf1bf", "value": "T1E6C402007AD4DC17D65A4A3148B7A76B7FB4AD639F0B8B073754B74E6CB3380A90631A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362286, "uuid": "cfca2015-9481-437a-8792-f50c2ce32e9b", "value": "1f23f452093b5c1ff091a2f9fb4fa3e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362286, "uuid": "3b6818cd-a3e6-4e3f-ae1a-a537bd934589", "value": "12288:a0hiVxinJv/UxrrpjAkhplIIHXbMioe4ISyVy0d6CNQ1:a0hiHUJqrrHFHLwISK63", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692362286, "uuid": "8de56d9f-fe4f-48b5-a595-f0fae7e8b10c", "value": 585632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692362286, "uuid": "38151586-21c8-43f6-93fc-2cc3ac8d8d69", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362286, "uuid": "4111618b-dfa1-438e-a1a3-1e9f50048724", "value": "Payment Advice Note 17.08.2023 PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6ed410d-3e08-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692391845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391845, "uuid": "40cbed2b-79f4-489f-aaea-7394bbe5c344", "comment": "Malware payload (RedLineStealer)", "value": "a5e434f80008b367953aad7e9ee21c04", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391845, "uuid": "e1fa9163-361b-4378-b0b2-2c1b2a9163dc", "comment": "Malware payload (RedLineStealer)", "value": "97e4c16365bf0983dd4a76145c98694563ef4df1cb5d80049e43ebe05837240e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391845, "uuid": "5f23c47a-4498-42af-b5b1-dd8fcb1cbc11", "comment": "Malware payload (RedLineStealer)", "value": "538d494c068ce7aa083dd4d88d1924e5747a118b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692391845, "uuid": "5ae033ac-9a73-4637-a270-50af07676b70", "comment": "Malware payload (RedLineStealer)", "value": "8ff1b2e5c4669670fc74567468e152db76e028e7f74e59db5cf20dabb25f0dad06c5885b81b91db8807610c8d8a9a134", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391845, "uuid": "3d6e6342-393a-44b3-8166-3fff9b3f46ce", "value": "T1E7F4121797EC4173D87857B01CFA22930E31BDF44D79826B16D1AA5A1CB3A80A97273F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391845, "uuid": "8fe0391a-df09-40f4-8e6a-db45faa48b47", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391845, "uuid": "846bafba-3808-4af6-9440-4b8df578dcfa", "value": "12288:1Mrly90Xd1x+7eiWdWz2NPT2Gb4FFWyrH12V00k7/hhPgCvAFI/5AHkKNv:gy0xftWz2N71GE+ZjhhgsGTv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692391845, "uuid": "e8d79109-b560-477a-95df-d28969916dc7", "value": 731136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692391845, "uuid": "9c192908-bf38-4693-b7f5-c47bdcf11d1d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692391845, "uuid": "91acf82a-9f21-4acb-94a1-74a918c2db8e", "value": "a5e434f80008b367953aad7e9ee21c04.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c075a4a-3da5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692349038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349038, "uuid": "2cde0194-eb5a-44a4-918b-b11c02661847", "comment": "Malware payload", "value": "0d8ab91cbaca239e67e861b37def25a4", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349038, "uuid": "16466b38-eda1-45ff-b3d7-68f951559f85", "comment": "Malware payload", "value": "980d990c1813bc5113311c20ef21ca571b6ea8b5c3f970afe8e8159526cd36b2", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349038, "uuid": "32a39605-0f24-4b3d-a5c1-8239af7b09eb", "comment": "Malware payload", "value": "e194247eb2fd36170af948df8ead67716869a19a", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349038, "uuid": "681e4111-314a-4818-86f5-a9a4937077f5", "comment": "Malware payload", "value": "a05b429a1c2dd4615a6b2ed4e182e264b9ea3dc22cc6e236a536880d9ede37dc289f8a62bf66d41778f48f5f40489a85", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349038, "uuid": "bd4d08b3-349b-4d8c-b060-4d7aae45bfbb", "value": "T17223F10846C363BE1CE7E1FEAF80044648F15CAA5A1D8EDDAD42BF521F73E1BA45D620", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349038, "uuid": "7122e583-efa0-4e6d-bd06-ebaa343b78f9", "value": "768:RbYgYtcrmCtASxh4mpq2Z/UXAIDgPGgCrYJOCabZX72DjiGoX:Rb/YtWmCqK1p/1UwIDeGgWyTabZX8BoX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349038, "uuid": "fa6d7c81-38a8-472d-8e48-48427044e624", "value": 46110, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349038, "uuid": "67e12a12-c295-47d8-b74b-86cd573a9b2b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349038, "uuid": "0f182c6d-0bb6-4247-b6f3-75a13470556d", "value": "PRE-ALERT-HTHC22031529.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "994d815d-3dd7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692370669, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370669, "uuid": "9856f55d-cb33-47ee-a030-f64c81625a75", "comment": "Malware payload (Mirai)", "value": "318262fbac05892f06e86805851e1f50", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370669, "uuid": "c5fb37d0-06b4-4719-bcab-adba79d874ce", "comment": "Malware payload (Mirai)", "value": "9960822cb637a774fea17484afd961c3d25526af6364e2f6015c2b990b2865e3", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370669, "uuid": "bd53f5bb-6566-4f24-aca9-13a3c904be7a", "comment": "Malware payload (Mirai)", "value": "4f5eeb0273bb4153a9e42d71d0ef37ca718b1d29", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370669, "uuid": "f6a4a862-53fc-4250-936e-f7bda92ea311", "comment": "Malware payload (Mirai)", "value": "30eb22e6b73a9b233bafd400673d452c91c3f433374efb0248fb1e4b6cf9b0f6cf2503cbeb9c85d8fb1ed3cc756b930d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370669, "uuid": "378a4f3d-76ec-4708-96b8-4495b176566e", "value": "T165A2D025D346AEF8DFEF9DA053C1C2C276E547C76686C8E340EEAF022506056B749C59", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370669, "uuid": "defc00b4-3881-46ec-b182-23b87b3ec935", "value": "384:m/JywWc84Tp2YshxqlDeAkSqjGJLeCE5zRW6C5WdM4uVcqgw05VxJ5:mRxsSVsMD6xiJJE5zRWNgS4uVcqgw09n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692370669, "uuid": "4879bc56-2783-4dfb-934f-25e094a244b7", "value": 21884, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692370669, "uuid": "15cfb526-70cf-4e90-9bc5-939d8aebcf52", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370669, "uuid": "e90f15aa-89d8-4d30-b29f-fdbf98d12550", "value": "318262fbac05892f06e86805851e1f50", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9bb2f21-3da4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692348792, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348792, "uuid": "6416e3c1-064c-4ad0-a694-06225d6adea7", "comment": "Malware payload (Loki)", "value": "f39c1968351ff85028a8a69e8920a72a", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348792, "uuid": "5d5e5945-895c-4b70-8598-1d7fb758b9f3", "comment": "Malware payload (Loki)", "value": "9960a3b6ce5d23605e8fd3d617468c769af924b60c37df784dd38321e2f49b0b", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348792, "uuid": "ad86bc65-1c66-40ae-ba9c-50d0c8ca7370", "comment": "Malware payload (Loki)", "value": "864b8c47b8f33d3817f01f5692bea7023a137038", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348792, "uuid": "01c24cdd-9377-4dea-a98c-31ff42e8a881", "comment": "Malware payload (Loki)", "value": "09dc0f5c8f93b40190a04f1988fb3fc443d7b756c5dda734fff97b979f256bf1413eee8dc760af4f7437c17225717fda", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348792, "uuid": "f474687a-e942-4e59-8bd4-5d5fc1298894", "value": "T169F2F1C480AB6B6EB195D1BACD6CC397BE5BDC10F9F4E4314B097AE34B13A7B01151A1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348792, "uuid": "59b905f7-b138-4d36-991b-68f2b94059b5", "value": "768:6zV4ZxxuAVdnojA4j19X9I9AAl9yK+ysV2aiVnbWte/KJmgqm/uBw4Q:gWxno0uIAAl9yK3YyAeAqKh4Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692348792, "uuid": "5c374f96-dabb-44f8-8498-c96c69d1f68c", "value": 35011, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692348792, "uuid": "51b8feb3-b7ba-4eda-a6d0-08bbb12cc683", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348792, "uuid": "64198bae-d7e2-4064-b27a-a43cba9e28bd", "value": "WM_1150513808.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c369748-3dd4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692369332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369332, "uuid": "7073c19f-b85e-43e2-94e3-dbbb19f8c99d", "comment": "Malware payload (Amadey)", "value": "c45293ca778ea16ea935602376315726", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369332, "uuid": "47e2bef8-556a-401d-9265-713efa8542e2", "comment": "Malware payload (Amadey)", "value": "9a7e7ef735d30060dcd3d1f64328070ea0db995a72748cca24c248cc7c44c64d", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369332, "uuid": "32f158ca-4fae-4911-be18-0dd6530bd517", "comment": "Malware payload (Amadey)", "value": "e5dd66612e6827afce037b5968da9f681c31c68b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369332, "uuid": "37da3902-dea9-4db8-9661-80f50dd68067", "comment": "Malware payload (Amadey)", "value": "8155e060683205a3397142892d62cf17d10fa0f93ddfa0a8b9793949ae7b506b8aeaab374fa74284e2d3151a8e1f400c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369332, "uuid": "2bf74db3-4750-4806-b887-ac0ade361179", "value": "T1FF052302BAE98172EDB553B018FA47A30F3A7CB2DD30C35B2355A65B58736906D3533A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369332, "uuid": "9ddd0510-a4a1-4e6c-9f6b-bff879cffaa8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369332, "uuid": "46b595e8-9fbf-4f58-b128-e7e984e491f1", "value": "24576:Xy93VEXvsilve5o2olt5OFcFCFtEO+1347CPo:i93VEX5cMlLNuD+1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692369332, "uuid": "aa041f2f-5e17-4bdf-997e-44bc11733986", "value": 874496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692369332, "uuid": "c99d65f5-10a7-485a-9212-b30b38323fcd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369332, "uuid": "78e17c4d-756e-4675-8163-636253eaec58", "value": "c45293ca778ea16ea935602376315726.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ba9f801-3dd8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692370968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370968, "uuid": "e1514ab7-94de-496d-a6b7-9a04acb0b2cb", "comment": "Malware payload (Mirai)", "value": "56277765e0b61656976949faff4bb2d0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370968, "uuid": "75a1164f-60d8-478b-8eb4-9d9c1c9daf9c", "comment": "Malware payload (Mirai)", "value": "9adc5fd0cc6523a15142ae5c0abce60dd540269bd2d1186a693510a88c8afbc7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370968, "uuid": "afef329d-c362-4b40-9325-b5ecc77bed44", "comment": "Malware payload (Mirai)", "value": "35e2e3b41273d36aa9f58c2b144f92745132a124", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370968, "uuid": "df450a66-a319-4090-b98a-9cd553f630a1", "comment": "Malware payload (Mirai)", "value": "508c23ad7b3aa8c9652591e52a390d3438bf9b8fe240bcaa33036a688f2dfc5dcee361a1dc4e50434e2042afb238472f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370968, "uuid": "a212bcfa-2828-4723-8ad6-88dfd8f58eea", "value": "T13FC2D1E07B26FD31C420AC3DE53A4C8A3A51067CD1FE353664258D358FC169A67B48FA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370968, "uuid": "2dc22a03-1a73-4794-a364-58a3a3cbc3d4", "value": "768:JMKyhegCCMqfizjoNpd2vJdX6vwrMz29q3UELuK:OKy4qfqoeJdXWgMzbLX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692370968, "uuid": "f704aa2a-58aa-4d15-bb4c-a9653d654e00", "value": 27300, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692370968, "uuid": "85828385-b89e-4bb8-8318-f239648f7b29", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370968, "uuid": "23275c6b-52f8-4e45-86cd-1f9798fce999", "value": "56277765e0b61656976949faff4bb2d0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc2cd1dc-3db1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692354514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354514, "uuid": "3e92cf4a-71e5-4106-87f3-3b7e7a0f4add", "comment": "Malware payload", "value": "06be5eb7dfdad89682a5929d08bc15a5", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354514, "uuid": "fc823669-06a0-47ee-9472-3d64a779bae2", "comment": "Malware payload", "value": "9b0b5c74fcad80c49fd7d35832649d00fc7cfb42ecc3f975bccaba4412dd267d", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354514, "uuid": "627a667d-3950-4fa0-a846-d6c3c154f54c", "comment": "Malware payload", "value": "fdd0d2ff13f96d29e3a228c3a91702a81d228633", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354514, "uuid": "da4cd174-e73c-472e-a2a5-f7a6bdda92d8", "comment": "Malware payload", "value": "52564b6a5225ffcc515c7ca0b587bf5104115a3fe436da9140399b2b474f672adbcc3051617a5c1d0f06ab75b54aef4f", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354514, "uuid": "b484a4c0-ab91-4239-84be-73e16bfe4ada", "value": "T173B26138B0A2E08D357F4E7BFEE52E2461440F57D5CDA78402E4C4AD39F996A3124AE7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354514, "uuid": "b7668850-89d3-42d4-b186-4117b42564d5", "value": "384:ADOzmLcYablkMmPcHKjyZRcsqDNCyoJfSI2f:/mLIBHkcHpM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692354514, "uuid": "9ed3a6eb-f6ff-43e1-808a-a0583f8ab603", "value": 25312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692354514, "uuid": "a2fb426a-df9f-41c8-b180-2af79259202a", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354514, "uuid": "a0047dc4-774f-41da-a6fc-75349a633a1d", "value": "August - Detailed - Request Order.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "caee5906-3e1b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692399958, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399958, "uuid": "856184b6-73e5-466e-b31a-c09b4e6e80c4", "comment": "Malware payload (Loki)", "value": "37c535a8c9711bf0f5d8069df7b92ce9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399958, "uuid": "2ad105bd-5240-437b-be63-0d12c01a054b", "comment": "Malware payload (Loki)", "value": "9c675285da69b63fe0de2cb9bda759d8e9e40a766f18fd5fbfad87f3b8c0961b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399958, "uuid": "6ee07f01-2198-4601-b9a2-abe3d37c35bb", "comment": "Malware payload (Loki)", "value": "79c5a262ee4e38b304a10f8ca694292414046510", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399958, "uuid": "1e70fa28-edd3-4076-a9c2-490119673677", "comment": "Malware payload (Loki)", "value": "4dd27e67d1dfc9c6cdbef92d3834d08a5591a07d9573db8e3dfb2e1087971d9ffa53f025a77dc60f3f1022f4265b3168", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399958, "uuid": "15ff0a40-eae9-4780-a458-29e5639ccfae", "value": "T196A31942B2A5C030F7B74DB2BB73A5B7857E7C332D22C84E9352459A14215E1EB7AB13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399958, "uuid": "725f67fd-a61d-4243-8235-29d2cb8c1b08", "value": "0239fd611af3d0e9b0c46c5837c80e09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399958, "uuid": "33cdab4d-e688-4c61-bbc4-f70a4b6f232f", "value": "1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/Eq4Izmd:nSHIG6mQwGmfOQd8YhY0/ExUG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692399958, "uuid": "c2631a60-4120-475a-b251-a3ff47c3ea0d", "value": 106496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692399958, "uuid": "8ee524d7-5942-4580-9a8f-22a952cda01d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399958, "uuid": "f4156c00-635c-4aa9-9e2b-86877c0d2683", "value": "37c535a8c9711bf0f5d8069df7b92ce9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34c5e956-3d67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692322397, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322397, "uuid": "5d8cb80d-4b47-45a6-9aa1-0d5d0a74fff5", "comment": "Malware payload (Mirai)", "value": "77f00530316db5af4321e4c497dd6516", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322397, "uuid": "ecc09525-e44b-4bde-bfcf-cc6f68de86dc", "comment": "Malware payload (Mirai)", "value": "9cd804fd235967b724a1afe77e23e21f9875d1b69dbdd36685e3883a441ed449", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322397, "uuid": "e3cbf892-a5dd-4689-af88-cd002c2e2c5e", "comment": "Malware payload (Mirai)", "value": "ca3422317248cc4b4c3c371a3ed0db5852f51289", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322397, "uuid": "dea65f95-2a7b-4d88-8115-00d050425dc0", "comment": "Malware payload (Mirai)", "value": "781bbd85512d00540535c3a2a97cc5a3b452e805e5bf1c8430f71f750c0acec8f39b7f485a2ab5808c5bd5f41877235d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322397, "uuid": "8cbaaabb-57fd-478e-a61f-e9aaaf729031", "value": "T156535CC6B8119E7DF5CBE6BE84224D0EB821722150931B27BB6FFC837D731648956E06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322397, "uuid": "f030ecba-c377-4181-a884-b92dcdf6e7b7", "value": "1536:AXyRgQFTTbSX5dhLepSGYhcFuxYhON2PPB+qG76E8v:N1Gju8EVGOp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692322397, "uuid": "6bd1037f-81f6-4ca4-ab50-e8be6e1717a7", "value": 66504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692322397, "uuid": "7b41dac4-de8f-4213-b86a-02567b295a13", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322397, "uuid": "96f56e7e-45d4-4545-9b5e-ac0944835d61", "value": "77f00530316db5af4321e4c497dd6516", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62d9eb51-3dc4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1692362417, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362417, "uuid": "d76d914b-87cd-44ca-9e80-559219466dd3", "comment": "Malware payload (NanoCore)", "value": "b7f6edcb0fc1b370be8c4b787c42f108", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362417, "uuid": "a5b95a27-ad0d-4665-9153-12eac8588b27", "comment": "Malware payload (NanoCore)", "value": "9e815245ce872878076b45416b2c1c1a8a8a9799e993000612065247bf3eec5b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362417, "uuid": "2fe95535-7e7f-44c2-8e0f-710303cd2d07", "comment": "Malware payload (NanoCore)", "value": "6426967e24e9f89c9e1d44da7d492f767540ff92", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362417, "uuid": "dba8cce5-0818-4cbe-b25a-e2a79ee94cd3", "comment": "Malware payload (NanoCore)", "value": "04ac3385b9795854334a651f2360f41ce172c9381d079617986b0963ef639c91cec4b9a83b5845bbc8fd39f3586d6718", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362417, "uuid": "6c6c1ea9-e845-4249-a178-2e913e53813c", "value": "T1DEE4DF433EA97907C5B596FB60A8121C47B63E1D7CE4E3CB1D8E71CAD6F2B404661A23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362417, "uuid": "9f50682d-bd4a-48d0-bc13-2116d84fba37", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362417, "uuid": "ad0ab669-40c3-4366-a364-c5f9ad446547", "value": "12288:b7mHFFDfdLY79tClIZookZR+LUC88bE/f/84OustzAc5v1jx+tetbmpjkPra0:PmXpY79tCl9bXC7bE/X847WE6NjUt4IW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692362417, "uuid": "b20172aa-6f6b-493a-8158-805a44392f6b", "value": 722432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692362417, "uuid": "bb8bbdc3-a55e-479f-a695-f1839859a9dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362417, "uuid": "ef0a22cd-fb32-4a07-9d58-257333e39cc6", "value": "r4d7s59pkrkIjMC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4fc60184-3d93-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692341340, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341340, "uuid": "489500bb-fb23-41e5-a245-f68da8563282", "comment": "Malware payload (AgentTesla)", "value": "67ae99d55fbec359be826485b3f4a038", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341340, "uuid": "cb5fee56-03ef-4488-8aa2-65fccec70db6", "comment": "Malware payload (AgentTesla)", "value": "a0809cf01cdf0f36c69e0c7e895cf581e1bf0e6b7a3949aafc48f71f683b6581", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341340, "uuid": "5019f9f9-9c44-4270-8718-d3d54babb34b", "comment": "Malware payload (AgentTesla)", "value": "c50fb0c3dfdc0b4ebede649e9ca0cc7584bf84b2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341340, "uuid": "6ee79c4e-ccec-4cd8-9b84-8a49d24c47cf", "comment": "Malware payload (AgentTesla)", "value": "a927a3c0848a5dd3f2476369bf75535c41ff91e1bb430aeba3541251c3053111be484aa19c5089869ea355027f1b1b05", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341340, "uuid": "26d98d05-cdd6-44ec-b312-9a633606ec7b", "value": "T16515EA5CFA09DA3FD34C8C3950F9DB2B69B99BAED0E1E351C01191B518E6CAD0DB6063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341340, "uuid": "875c32ff-051e-4c50-9189-9cc992a5e728", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341340, "uuid": "264051de-1452-4005-a77b-2fce67d2c9f6", "value": "12288:OzYlMxVSWr3R8gsoBI/9pkXBe5jfG2TfysBUFqdtySwG:Om63Rctfkxe5jbTpBSqdp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341340, "uuid": "9c856d7a-9bb0-4e1d-bd5a-182665e10b15", "value": 955904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341340, "uuid": "74e1cc71-97d8-4ff3-80f4-bdde1c13d1b7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341340, "uuid": "5dfb2963-0191-4562-9df7-4434812f3d79", "value": "booking details.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd21d108-3da5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692349308, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349308, "uuid": "5fa33966-6f30-4787-813f-98592958068a", "comment": "Malware payload (Formbook)", "value": "ecad8b17e61695eb5cfca4cb57c4f8b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349308, "uuid": "bafd3733-5aa7-4c1a-b89d-3edb17f224f7", "comment": "Malware payload (Formbook)", "value": "a142861cbfa6ccbce12de18b16812883dddd698d858353e985f9a29350652e31", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349308, "uuid": "f938d1ba-3b91-4953-a7bd-0e486d7a5437", "comment": "Malware payload (Formbook)", "value": "d238d61266e8b70c285063b1f505157a94323fe8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349308, "uuid": "e8879362-17ce-4c63-935f-a777c6f5e190", "comment": "Malware payload (Formbook)", "value": "22ed1e5aac37dee5ed1deb9bf45a152fe885e7c082b83d28f65e36de941bfbacfd7c8f4cd9fe01be5b3806dd9ae60194", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349308, "uuid": "dd4434d2-a22c-4e7c-b286-87c46bcebb9f", "value": "T15F54120573A4C07FEB825B325EBB1E275BE5D81110AAA70F1764AA0E3C77B86D11B713", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349308, "uuid": "9671818c-c02e-4260-b6ad-3c2310207415", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349308, "uuid": "ddf2111a-fc2b-46d0-b16f-c78770577969", "value": "3072:3fY/TU9fE9PEtuQVbAqH+1Vm4f9O89PUt6aZ4Gn6CI2XWzKyeLq3wLcVUB0T/PSE:vYa6Y3HoJfJUtzZ4IbyXUiTCqn/5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349308, "uuid": "100c0a13-65ac-4f35-8ca4-0264391be6e5", "value": 278837, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349308, "uuid": "60f07c3f-49de-4d75-91ca-d4aef914c04e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349308, "uuid": "28f36a5e-5bf7-4293-98af-1a617dd0a762", "value": "PO. 4300000894.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3be1ee31-3d8e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692339159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339159, "uuid": "8b748fce-a715-4728-b94c-a988f7212b16", "comment": "Malware payload (AgentTesla)", "value": "476422433524913892f2c165acd97771", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339159, "uuid": "7872bb48-f127-4397-9208-10d6f9fe78d6", "comment": "Malware payload (AgentTesla)", "value": "a1d7f743708c77963466a201dce1247b16a32d4429cc81cf5e15b8c9e6a2d965", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339159, "uuid": "ce305647-2c15-4c86-a021-ee529cb16984", "comment": "Malware payload (AgentTesla)", "value": "0b23d03630aaa61cffc1c641719744c24ec9a25a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339159, "uuid": "cfd52470-3d7a-494a-91ba-314e996a3e8b", "comment": "Malware payload (AgentTesla)", "value": "e7e0bdd278ea454714cbb7f3d4bec07c90e2bc504dcd5af4b159eb518fe976ccedfe5d71b1c5785bda87bf8ccbee8b80", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692339159, "uuid": "d91a89a3-9012-40fb-b9f4-0fac433609e4", "value": "T13174283228738061EEFDC1347CD1B764562439BE9ED94FC7F68876EA3A632D052311A9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692339159, "uuid": "8d1e72af-fcf0-4710-9906-a0e51df69796", "value": "bf5a4aa99e5b160f8521cadd6bfe73b8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692339159, "uuid": "ffe92826-5d7b-4618-afe6-edc3334297ee", "value": "3072:bDKW1LgppLRHMY0TBfJvjcTp5XulpvM8/ZQX8KRYs0A+PaiEy:bDKW1Lgbdl0TBBvjc/uKeBZsn+PaiF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692339159, "uuid": "aed58057-ee2e-45c5-a461-0687c2b41230", "value": 354304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692339159, "uuid": "f21f9819-c540-4fb9-83a7-c1bf6277c862", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692339159, "uuid": "5bd46634-3854-4183-9dd0-ba0d8fb58d49", "value": "MKInI988.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db5e6d42-3df8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692384953, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384953, "uuid": "c0fa3136-f27c-4d15-9446-95d301727717", "comment": "Malware payload (RedLineStealer)", "value": "81bf1502bec6c9cd9e60f405700cd9d6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384953, "uuid": "7768dcb0-1ebc-4c30-867a-65e1a3f5473e", "comment": "Malware payload (RedLineStealer)", "value": "a2c7bd3961d1781c36b6dc46216e59b2eab98ce0c9df0e0d20b5c8ca43abc7ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384953, "uuid": "05ab5fbe-df54-4d64-bbce-4cd0da410fec", "comment": "Malware payload (RedLineStealer)", "value": "63429c2bb760a09bce0ac1c647b46130a8009d21", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384953, "uuid": "32f92bc8-20c3-4630-872b-1969b4c558d4", "comment": "Malware payload (RedLineStealer)", "value": "a9b0344757bb9159cb80d08ca57b53fd11a0259c1bbc33437a9179f000a55c378fee830f71f54a2456e0a13719963ca2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384953, "uuid": "76e5ebbe-36d6-42f9-a162-041b5a02a31f", "value": "T14EF4124767E884B3EDF407B01CF292971E3A7C661C39875B33A5692E0C33684A5B176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384953, "uuid": "0266af14-0b46-44fa-8158-b649afd4588b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384953, "uuid": "132ddbba-e472-4712-a22d-59104cacf8c5", "value": "12288:TMr2y902zbnmNl4yrALbfw+BUJCPGNhr+Nj6E2kg003rvpnCUFl8Us0JOxSTnj:pyRzbnul4a9+uYuv46yWDAkKUs0JOA7j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692384953, "uuid": "ac945fa6-d94e-47e3-8f72-a0017a59e85a", "value": 731136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692384953, "uuid": "af9cd28d-3e98-4e0b-a95e-47457ff8db10", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384953, "uuid": "85d3a915-d43d-44d2-8ac0-46f55660da2e", "value": "81bf1502bec6c9cd9e60f405700cd9d6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4cc21a66-3def-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692380848, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380848, "uuid": "765612f9-6904-4840-a084-04bd95fd459e", "comment": "Malware payload (Formbook)", "value": "58ef5f3f6113004bd6059a1efaa5508d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380848, "uuid": "172075a2-1528-4711-95eb-59d7c9bc3adb", "comment": "Malware payload (Formbook)", "value": "a3a00b759deeeee0e3b83af767eb61b2aa9d3ef76fbe6d8fac1864fdfda474c4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380848, "uuid": "8410212e-3b07-41a8-acc7-c03da89b6cf4", "comment": "Malware payload (Formbook)", "value": "7b79ee2b629c3447de09355a90486990dd1b09ce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380848, "uuid": "5e0dd9b1-5547-4ba3-ab70-4f8226f9a74d", "comment": "Malware payload (Formbook)", "value": "c5c68c43078298696a522d20f944c666bb9327bcfb6c84dce3833769c05ab8cb59de0756dc339527327fa8b5a358fe17", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380848, "uuid": "48558634-6e4a-434d-96ea-a66bf9e521c0", "value": "T19BD4E04133BC6A47E6BAD2F854A9518083F67E2E6161E7DE1CC530DA29F1F404BA1E37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380848, "uuid": "6f9a2dbf-7398-4a81-8b39-452155066aec", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380848, "uuid": "ce19924d-f683-49a9-80ee-8ded8dd52536", "value": "12288:FymHFFDrLTUyU1gGx+Uy2rDQNASoEErSKN8iZ8B7iIV:omXbqgG0UywDkoBrJ38B9V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692380848, "uuid": "4c03947f-a938-4070-95d6-7cfe2fdb81c8", "value": 636928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692380848, "uuid": "44519e1e-2edd-4843-bbc4-59d5ae356dc4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380848, "uuid": "12c21e96-c811-4e87-b355-8f2435dec84a", "value": "TIGx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a937fe39-3dc7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692363824, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363824, "uuid": "ddce5748-dd5d-4e5e-bbb8-2da8e2fe235a", "comment": "Malware payload (Formbook)", "value": "7e70d7e5274640bfb02e15dce5ca4d56", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363824, "uuid": "44521fbd-8949-4d98-a0e3-3912db120d69", "comment": "Malware payload (Formbook)", "value": "a3c82f061f9d8191d9a36d6e2a46972a568a5cfa5ddac92c38de2b8e43166d85", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363824, "uuid": "dc0e1c3c-733d-4c50-9855-a6c38ae3050f", "comment": "Malware payload (Formbook)", "value": "cf62b0154766a75326c352423a81eb3b6e50c562", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363824, "uuid": "666e8cc8-de81-4dca-a791-ffdce474d2c0", "comment": "Malware payload (Formbook)", "value": "0a330310afffa25672549dc8379c343ec5a06ab10ae31ceaaac2700d24dbb60d7785e6f989478de93035b51e3f7afc18", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363824, "uuid": "5a1d0c3c-5a0d-46e3-959d-0c4f9cabe51e", "value": "T16555F103E900DBC3D41D83F87E530EE90F0A6F19E99569DB14663F9B3B70A72099A52D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363824, "uuid": "04e48970-bfa4-4e2e-99fa-13d474b3b882", "value": "24576:PaZy0w6VgjKaWlEzp7aZZyaw6V3jKaWlEzp7aGzdbiMb7QA5Qp5E/kwnx:PE86VgjKjOz0y6V3jKjOz7dd7/5X/kE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692363824, "uuid": "d38fc89f-ca45-4f2b-b235-38df15b58676", "value": 1329664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692363824, "uuid": "78412fe6-96b5-46be-8a46-a6766b71e47e", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363824, "uuid": "16c23b2f-fd45-4994-b931-5ac6c0d38fe0", "value": "DHL CUSTOM ENTRY FORM.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c003b95-3da7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692349870, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349870, "uuid": "a7fdce03-5980-4001-8f9f-ab864bd5f570", "comment": "Malware payload (AgentTesla)", "value": "01846d67c5c2403d01e8e3047e3e6afb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349870, "uuid": "980661c7-fce4-4aae-8f80-ef8c9d0479b4", "comment": "Malware payload (AgentTesla)", "value": "a3f9202b3d283bf880686c260c845a4f2e1bf597664e6f39df6acf969562f6d6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349870, "uuid": "020b287e-5340-48d1-87db-87d61593895e", "comment": "Malware payload (AgentTesla)", "value": "d454079221473c5031d74e6f3198ddca3a192e35", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349870, "uuid": "512d9efc-092f-4161-a4be-d064def8bc70", "comment": "Malware payload (AgentTesla)", "value": "64ad337079868622395f5cc4204edc8b5fcf8851d2d1d0309f1f6a4fa085f4fab837c29d3f040350c9391c4a251eb7b3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349870, "uuid": "a6133c59-35d7-49c8-9c5d-780862716929", "value": "T1BAA4233928060E82B590587C5EAD3BEE7B4D3CF7C51784968B2489FD8EC177891B5CE2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349870, "uuid": "8b58bd3d-eb50-4be5-9140-99d76e723ed5", "value": "12288:z1cj7cH3sTiwVqz/gqRBNKo/gtQa/+TmskDLt:z1cfPTiwCgAHj/SQansk/t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349870, "uuid": "5504ab2c-8361-4e12-9e18-c19343cb8422", "value": 475034, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349870, "uuid": "c962381b-307e-4dfd-9284-0c20303be704", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349870, "uuid": "01042d84-aa90-4c82-9fe7-b241d1506bbf", "value": "PO132630.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ec9527c-3d8e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692339164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339164, "uuid": "ac28247d-ba42-4769-a0d6-11d7e21ec1b5", "comment": "Malware payload (AgentTesla)", "value": "45639faeb66a97a46a2c5c4df073a0d4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339164, "uuid": "797f51bb-9a80-4945-bc5e-585c04970e3b", "comment": "Malware payload (AgentTesla)", "value": "a4b879819f6b1496a80b4a789b24a5c8118c4a0f1909e2c96fb51b98f596c085", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339164, "uuid": "7ef3eee2-08c7-4824-9dbc-b9bf560248f7", "comment": "Malware payload (AgentTesla)", "value": "9c1700d66b91df8d2518ea986fb3e3530798c5fc", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692339164, "uuid": "4e3587bd-b40a-4512-abe1-e76e34ba7512", "comment": "Malware payload (AgentTesla)", "value": "2b1c422cb6d668b659aabc66cc5b7b9bcfd7526ef7970089b289c66ebf7ad2921a5810225ac3027e655dcef11322f796", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692339164, "uuid": "7da228bd-7e23-4f4a-85c5-a18be8a8d96e", "value": "T16A45063228738061EEFDC1347CD1B764562439BE9AD94FC7F68C76EA3A632D052311A9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692339164, "uuid": "69ae20ce-cf39-4836-9147-728366e5958c", "value": "3072:ghDKW1LgppLRHMY0TBfJvjcTp5XulpvM8/ZQX8KRYs0A+PaiE:oDKW1Lgbdl0TBBvjc/uKeBZsn+Pai", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692339164, "uuid": "88ffe664-47fa-409f-9b48-ee241892d16e", "value": 1245184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692339164, "uuid": "eaf1f0c3-1800-4536-af10-d10ce4da7ab3", "value": "application/x-iso9660-image", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692339164, "uuid": "a324e5ac-c9ec-444e-b117-529ab11a8662", "value": "TT payment_1.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c3024e2-3da2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692347776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347776, "uuid": "61b0478f-195f-4f9c-bf49-96c11aa73518", "comment": "Malware payload (AgentTesla)", "value": "4e1556d15b1f88185445eb309647204d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347776, "uuid": "eba89ffc-0623-4042-a039-4d0417ee1663", "comment": "Malware payload (AgentTesla)", "value": "a5301092e1f1fc43f920e0901771c2fe86a781d1821349b4aedc98efd9fea546", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347776, "uuid": "eeaef941-6b66-424a-a826-94ae0c2b1329", "comment": "Malware payload (AgentTesla)", "value": "72c8d5222fbdee7afa6f6c254371c651a36ba3e3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347776, "uuid": "8d59f178-3f13-45d4-a173-e129a360770b", "comment": "Malware payload (AgentTesla)", "value": "144d5353f9c466b04e454193e73ddb16ca51947d6f4ea53c4abb147c0a43e78ceae69b19c08cfa1b452e35632b7ceecb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347776, "uuid": "c416e31d-7f10-4941-9f02-ca5c204a187d", "value": "T14BE4F08037ED6A47E8B6D6F950B9514143F67E2E3125E3DD2DC220DA19F2F408BA1B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347776, "uuid": "5af5d567-cc23-42ba-9061-40fa5e7c0cf9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347776, "uuid": "be106a16-5015-45e3-a07f-324f63c2a8da", "value": "12288:X/mHFFD9afn1QmCJy+CMHJYc7XemEUahmKQLVkgxTvd8u:vmX9S1QmCJbHJYc79EBhm9LVtTv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692347776, "uuid": "7883f493-e29b-4763-a40b-21251a89cf71", "value": 694272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692347776, "uuid": "28e75426-691e-424d-8097-428d79f45588", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347776, "uuid": "eb2d6cca-cd0e-46c7-885c-ccf43e186673", "value": "iGb5UaDhhN9hEpA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c449a4c-3dd7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692370674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370674, "uuid": "86173e3f-ef4e-432e-b2e9-f120363c7884", "comment": "Malware payload (Mirai)", "value": "1e3f6925b7a33cb4ea56b3a41d7f07db", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370674, "uuid": "43fc42fd-1767-44f9-8927-831a743d51ff", "comment": "Malware payload (Mirai)", "value": "a60c15917bd3292071af23e959222d6beb98b915ff9e374d21498aeec53e369e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370674, "uuid": "0eea83a0-e1f2-40d7-8336-6876af1006e1", "comment": "Malware payload (Mirai)", "value": "831700ab31612434741983a627a0d9bd126ca200", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370674, "uuid": "ca73d21e-2e2b-49f2-ae6f-d366d0be5235", "comment": "Malware payload (Mirai)", "value": "5783ef0c23b51381d7e6fe06e5ed25aa708c075c21e05d05d1e09964c1ae05008c6c68ea364c3ae3a27925ee2f5f7b58", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370674, "uuid": "b5f16276-77b1-4827-b929-5547ba867ddf", "value": "T17B33FA8EB8029D3CF91BE6BE54164E0DB93177C152830B2757BBFDA36C721A45E02E85", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370674, "uuid": "44530bef-7494-4e0d-b789-e2b680bafe6b", "value": "768:gduPBFnHooqR8qOCKq2cH4Fje+TK806MMUVjzMfQXOtHud2oGo:r/hqaJMcjeqK806MHdMfQXoHuCo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692370674, "uuid": "41ad835a-210d-4bbe-a27b-ddb1edc9745e", "value": 54932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692370674, "uuid": "09ab7069-8570-4799-b361-174cf99a6c39", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370674, "uuid": "aef9258e-548b-44e1-aa3b-274c919ff93e", "value": "1e3f6925b7a33cb4ea56b3a41d7f07db", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f02b56a-3de1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692374732, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374732, "uuid": "48019fed-04cf-4b92-bcee-93277544a936", "comment": "Malware payload (RedLineStealer)", "value": "3178c28ce6b48751e99a59944bd121e9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374732, "uuid": "9acc0a36-ebb2-44ea-9f4f-56baba2f67c9", "comment": "Malware payload (RedLineStealer)", "value": "a6ee394122e1cc2792010a7a8333e90158e4e8a9be579a2c3551aa12bb360f86", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374732, "uuid": "ecd4feb8-a749-44e9-b4c3-b17f1fab1b47", "comment": "Malware payload (RedLineStealer)", "value": "b85055108a52c16e76e2758f18ef4be910272ea7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374732, "uuid": "e677200a-acdd-4ea8-a669-ef4c332d4fd2", "comment": "Malware payload (RedLineStealer)", "value": "cbf0d91c12401f59bad15bdfd737c0d25a6b19cf062825defc494f4f8fe47b3f982439e75bf5dbf756594c7defcc9c55", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374732, "uuid": "5bc7690f-d579-4896-a7da-b69434b4700e", "value": "T123F41212ABD8407AEDF8637029F613C30B38BCE24D79D36B17566C5E1C32A58A53536B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374732, "uuid": "976402a2-9daf-43b8-95ad-d6969686ff82", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374732, "uuid": "59cc9789-7d21-4211-af98-b2ca3bad9328", "value": "12288:LMrZy90gSvPNER/PYpmdvhoKgGc62UxZXusOSCX4MQt4MUjsT:+y7Sv6hQc5oJHcT87Qts4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692374732, "uuid": "95836679-2091-4d85-8973-00125a093057", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692374732, "uuid": "064d0656-2b41-47de-96c4-e58d755f318e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374732, "uuid": "41882aa9-eb57-41e8-8e84-c7b5046993e4", "value": "3178c28ce6b48751e99a59944bd121e9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f18b4b2-3e0b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692392959, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392959, "uuid": "a080cbcc-fc36-49e6-ae6c-da9750d22fcf", "comment": "Malware payload", "value": "5f03f4bd7276489355b26b25d251a3ad", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392959, "uuid": "484d476a-5b53-4a9b-acf1-09711008c15b", "comment": "Malware payload", "value": "a70d2999b817814f006a7f3e0bda9a69e8be0d4835e9c03cc3d39aa3e0a510e7", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392959, "uuid": "48c4f34b-82ea-4aba-ae8c-81946870c20d", "comment": "Malware payload", "value": "ce581c1694f78ba4f6de8947f1e1bb3ff7050319", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392959, "uuid": "496d4441-8f0c-4d8f-a3e7-be42089ac4fd", "comment": "Malware payload", "value": "bc37ef10d182dc31ddad4514a4ba1a58203d5661984f5c862c5524226bc3610fc8ab3472993dd1dbc1585268e588be11", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392959, "uuid": "79fb017b-57e0-4ed6-8d9c-a2d3b03f908b", "value": "T1CF51851CCF34F5E4436D306096222D9F20D15B26DB756EACEA451DEA2E54386EF2E28C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392959, "uuid": "e50b8c00-a396-4df1-a8d7-66c269091882", "value": "48:jN2Axs5Xxz1xMxdcD79h9Kg9leP7Z087aZ085PDpvyhdvJL/4/ZcXZhoh2d:jN+UdI9h9/9ETZGZRpeB4qXZhrd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692392959, "uuid": "5a4af5df-762e-49e4-9a3a-08ce4c844470", "value": 2509, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692392959, "uuid": "6842cbf6-7957-488a-a83c-af3edd06f28d", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392959, "uuid": "ffd4a368-9316-47df-a214-3174649d4107", "value": "user_settings.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c783b684-3da2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692347983, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347983, "uuid": "b8f15244-667b-4f65-b468-472c9fb6e1f1", "comment": "Malware payload", "value": "66b192d506b66cdc904a166c8196eaa8", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "BankBot", "colour": "#7BC738", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347983, "uuid": "faf27b8f-e9a9-4626-b0ef-a8aa2d8bcce0", "comment": "Malware payload", "value": "a8c0df9563d945f286f7a5e73ec5a134362a28b6abe9400b2589b7eef91726cf", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "BankBot", "colour": "#7BC738", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347983, "uuid": "af687be1-6d86-4522-af2e-2715436b7b78", "comment": "Malware payload", "value": "7965e8a6815c763bc428ba6eca4babc7575a0e66", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "BankBot", "colour": "#7BC738", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347983, "uuid": "1d2bef87-ed44-4520-bf86-e46ff23d7747", "comment": "Malware payload", "value": "fe00b20346d19325711b7a326e1d53f776fb9324dc085c884523a422610518e7d41d8309e6ddc4972f2c4a1c2355a9bf", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "BankBot", "colour": "#7BC738", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347983, "uuid": "d1d4ca3a-9c39-43ba-9976-721aff85a116", "value": "T185E41261CF9F01E2CB464BF8CEDA83A6DA38C6082135DD3F1C711C51689BE591E9B978", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347983, "uuid": "140916a7-ee71-4d9e-83a1-77f0099ff3d0", "value": "12288:PyOs6J0t86dScL9cjAE7oBZQqvxcwliaGsZxdETcI8necFe:P9uSe9AAEU/xcQiapEToPo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692347983, "uuid": "927d0439-8fa9-4bad-a494-ed17bd29878d", "value": 699239, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692347983, "uuid": "deff6662-dc51-474e-bdc1-47cf20cbbc5f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347983, "uuid": "14bfca4c-cbd5-4e00-9065-2f4e9e6c6464", "value": "postegro.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f638336-3d65-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Glupteba)", "timestamp": 1692321475, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692321475, "uuid": "edef0cd5-a8ea-4c9a-9615-c63b4c7561bb", "comment": "Malware payload (Glupteba)", "value": "bf088df8bb2bd9bdd4effd6c60ae1209", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692321475, "uuid": "41c5fc91-90aa-4db6-80cd-a44e3e580d78", "comment": "Malware payload (Glupteba)", "value": "aa234447899c8ce342f8b90ddd3bc2ba20cb51ed6856835ba9c18e842f057215", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692321475, "uuid": "f9e5a32b-69ef-4cb4-bd39-9f329fd41fdf", "comment": "Malware payload (Glupteba)", "value": "dde5e839b66793bddc51a96840a4562ac0783912", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692321475, "uuid": "4004c308-fcd3-4fd5-87f6-0b27a15ba053", "comment": "Malware payload (Glupteba)", "value": "9d8290118906d9b49fb220042a72aaf5416059e5a27bb44740c411f7d7d4bc699b8d47093eda6dbdf2ac09629056133f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Glupteba", "colour": "#9BA385", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692321475, "uuid": "6bbd49c0-662f-4d82-a763-5db4c1a63679", "value": "T19836BC861302D811B3758FADBE66B5964707F3D38F8EC3C78188A12578E429ED9F6097", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692321475, "uuid": "7543955e-dd52-4001-bda0-6233c5350b2e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692321475, "uuid": "6ece824e-4af1-4cc6-84f6-36b149e0397b", "value": "98304:lAenKZbSYG/aC+Gb1F6Notrwm5W46tUosy1S0BXwA:OWK0hX3ZFbGmF6ky1nX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692321475, "uuid": "765a5fd1-9325-4912-842f-ff9e5b79ccf0", "value": 5050368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692321475, "uuid": "8faf44c6-d00b-4ed7-b2f6-e7a0e3b95606", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692321475, "uuid": "18dd19b8-5b8a-497e-a6e3-2ae966c9188a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "279faa5d-3d93-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692341272, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341272, "uuid": "0f241cb8-b209-4952-8e5c-1e1d4b65d14b", "comment": "Malware payload (Loki)", "value": "e3905ebacc3aad72695749330547669e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341272, "uuid": "bf743f3a-c69d-48ad-80aa-1ad9f67a268e", "comment": "Malware payload (Loki)", "value": "ab642090d1dd077c53cecf69b23330c3ff5583d6ff47d6365cb9e5ed4c0e7d5d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341272, "uuid": "165dd1df-5553-44d2-9bdb-279aff0019cc", "comment": "Malware payload (Loki)", "value": "3c3f28eaf0a3ca4e2ce69259ce72e5b20d381261", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341272, "uuid": "ef285046-f4ab-44dd-bc18-e5c4bc11e6cd", "comment": "Malware payload (Loki)", "value": "c81a27f1d5e30638baebc5ec2ae3be4f9020ed883871e6974f3e81f4185a90c3cc531653f04de91931eed99185375540", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341272, "uuid": "88ec7a5d-7e3b-4412-bc64-f772d0adc974", "value": "T1DCC4E040326C2F33E8799BF5501268500BF66C5A65BAEE8C8FD339EB11BAF015E52D17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341272, "uuid": "5b7f48f7-d06f-4723-8954-f75d443649f4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341272, "uuid": "55a3ba44-a319-465a-bf68-17f75f60886d", "value": "12288:i023/gPrkRphawl6Il5EUNS0Qsdgh5oKPeW9xKKz3qeEloiKNWWIv:SwrkRKsaUNtQqK22DLiIt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341272, "uuid": "ea13dca3-94d1-4479-8d42-3c392dcb256c", "value": 595456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341272, "uuid": "22a0aa65-c8e2-43ca-b41a-a2fdcd24308f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341272, "uuid": "3cb609c0-c3f1-4a2c-91a7-51e2c7f2a7fc", "value": "DHL Shipment Notification.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84486d1d-3dd6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692370204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370204, "uuid": "6b5f6656-8b55-4de9-bebf-5966adbbfb28", "comment": "Malware payload (Mirai)", "value": "8017cfa6a1d87beceeece76274aa8957", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370204, "uuid": "d099a8f8-4b8a-46fb-80c8-52e25f78af82", "comment": "Malware payload (Mirai)", "value": "ab9580bd1d1167a9a4b743ca1624e5ff9eb2ba1163bf0a3174a02b98b106fad5", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370204, "uuid": "9e5c063a-3387-4dcb-8e61-cd721e792752", "comment": "Malware payload (Mirai)", "value": "a80fd17fdc2188afe312cdd4b242bcd47e7c9648", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370204, "uuid": "e5070e14-357b-48a0-9780-1e640e78ba96", "comment": "Malware payload (Mirai)", "value": "b851847864d37cf2a703452ee5745d2ec6759c9f4a6d5c692dd46ef7eb97e7e0c86f2232854e74ccd3c0c5ca524c60d1", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370204, "uuid": "0719a220-2123-4635-b97c-e17a3a030209", "value": "T1FB230271890A9EF125303C75DFD9979376E02AB2C6673123DA290A382F75A131E47E4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370204, "uuid": "354e93cb-8b84-4317-9e8c-ee0c432ce7fc", "value": "768:D/TYCoIxdEk+AxoTZAZHFeq8b3TS9q3UELbUXfi6nVMQHI4vcGpvo:DECFd+A6YHAxTHLRQZo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692370204, "uuid": "d1c0efde-9915-4260-b532-7e56547bd2fd", "value": 46624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692370204, "uuid": "71d04c06-87fd-4796-b26f-c6a676332d60", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370204, "uuid": "f82805be-16ba-451b-8d5b-c76cab7cd4fb", "value": "boatnet.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d605dc23-3dee-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692380649, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380649, "uuid": "ae440621-ab0e-44d5-9486-6745d2abb1d7", "comment": "Malware payload (Formbook)", "value": "f0c33f6ad530a9748eaf6ce44b9c99e2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380649, "uuid": "37191042-ad83-4bd3-8f1e-a1d67d4585d7", "comment": "Malware payload (Formbook)", "value": "ae53e378d16d207d5bf419aba715a89f84a0db8e7de1fb4ff0545d54cac1eb50", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380649, "uuid": "58d774b2-e111-4488-bd50-01982479647c", "comment": "Malware payload (Formbook)", "value": "81e4b7a97cd76c95d0df3307541ac172a4319f92", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380649, "uuid": "45297f32-9e2f-4258-a02a-e75997450f28", "comment": "Malware payload (Formbook)", "value": "15d4d8930b3c82b16ba35a1069a048e1de3e652293b4318c8abb831c3de6a1ea5dc3bd033a67120614f27fdd8f98f4ff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380649, "uuid": "e6ea7e93-ec37-4e86-886a-3c028efaecc9", "value": "T149D4F144773A68A3CD2585F94011824487F2246B9A99F7FD9CCAF4F722D8FF20BA2457", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380649, "uuid": "24c56bab-0208-4077-808f-254f962b1859", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380649, "uuid": "422b059b-4832-46c3-8da5-8807436d53dd", "value": "12288:45rPcHFFDG839u0LlEgKcVCfPteEPjpAUDvyQi0tK+IYNbXI5:DXH39nfYPtDPj/7JiL+IYNb2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692380649, "uuid": "5af34cc4-a71d-45f6-aa84-642826921132", "value": 629760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692380649, "uuid": "b1de624d-9cf6-400c-8d5f-102bc5bbefb3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380649, "uuid": "7396d074-4fc3-41cd-a6d8-2d121fd24271", "value": "Drill Pipes MR23 01028 grease nipples For Turkish Petroleum Drillship Fatih IMO No 95037800.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ea07cb2-3dc7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692363806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363806, "uuid": "6201fb44-2141-48a3-9af2-f94abe34bc9b", "comment": "Malware payload (Formbook)", "value": "6a3ce00399bcf3a40307ebcbc65e5c26", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363806, "uuid": "0d4a110c-06b1-4d21-b78d-648c3e96ee09", "comment": "Malware payload (Formbook)", "value": "aee3fa1601e0521d9c628cb2fd13178a06c2f7923478742189026102cda8a494", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363806, "uuid": "b6d40cf5-6545-4c37-8974-249d76209c96", "comment": "Malware payload (Formbook)", "value": "c805a9ba39428ef2aa1f7054b040e05de7bf6a00", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692363806, "uuid": "2ecd40e6-57c0-4584-ab65-c023e988eb52", "comment": "Malware payload (Formbook)", "value": "7641cdc8bb1d75cf648cebc8f4be09151c8fd8be00d019e01d8d93fb0398a2aaf3969bb6a26ea871a0215e9f288f550b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363806, "uuid": "a2c8aa17-bf96-4970-a1c9-489e037a9c87", "value": "T1AC35F107B6BA89B2E2841B36E6CB401477F2F551B7A3D70AB54E23E50B077B69F04607", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363806, "uuid": "168d5663-408b-45db-adff-59138ae99f2b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363806, "uuid": "9cb448a6-8f26-4fa5-88f9-b2a12cca111d", "value": "24576:szvh9d4HMBGvPM7WNibV/0hqO1BUmNt9Rj:+QOsPM7Sibt0N8mNj1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692363806, "uuid": "ca1ac165-2abd-451f-84e5-c754c61536b6", "value": 1147904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692363806, "uuid": "5e7f23a8-10c2-48a9-8229-a35bbc472b4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692363806, "uuid": "abbf3c98-09f9-49ab-9954-af2177b6583a", "value": "OUR REF RFQ 6000066536 - PR 10023150.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17260b71-3e1b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692399656, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399656, "uuid": "4dca8a85-ddce-4779-93a2-9adb73023bea", "comment": "Malware payload (Amadey)", "value": "28d548857aad5abf8683e535091a44ef", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399656, "uuid": "f2c41066-6b7c-4543-8b86-c6714b63687f", "comment": "Malware payload (Amadey)", "value": "af99d83af8ae41fd85402683369d61728d8bcb43d1044eb13583b02f107c7352", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399656, "uuid": "b7c450b2-4e87-46ef-8038-19268abbc374", "comment": "Malware payload (Amadey)", "value": "7494c05803419f36b8ff6fa93244afbb3bf4bce5", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399656, "uuid": "44720564-45a8-4f73-93c1-909260903d43", "comment": "Malware payload (Amadey)", "value": "1a07891754bd73e7f686cc2ea698eb0930c035bf4e7db1f4e37d774714e958af145af9e8ddc2f30810bd1d63c4f4a56e", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399656, "uuid": "f2ab0631-9eb7-4ef4-bde4-1e4293c390ea", "value": "T11CF412077ED58072DBB517705CF307830B3A7DA2597C82A72746A98D1CB3A84A67633B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399656, "uuid": "7ff42ce6-c12d-42eb-9a80-32e6395d8ff3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399656, "uuid": "0d692490-728a-4728-8070-1893c1eb0f43", "value": "12288:5MrVy90M/bcDVK4smr2M2lQnvjXTKyXe7seTKRSoX8p735JkM69ulRlC:kyRck4sM2Sjj9O7sKKYosj2OrC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692399656, "uuid": "6e623bbd-e3ec-44d2-bb13-035d0e78be5a", "value": 730624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692399656, "uuid": "164b4277-d3e4-4a52-8e68-a900c824ae62", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399656, "uuid": "7d44fe33-d9ff-411d-8134-04f1998b4129", "value": "28d548857aad5abf8683e535091a44ef.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9561803e-3dd7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692370662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370662, "uuid": "ed5e94ea-0126-42b0-b912-0ab3247e6e50", "comment": "Malware payload (Mirai)", "value": "7182c451ac3429aef0914a590cf96525", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370662, "uuid": "1480e2d9-f449-4a43-bef9-a8290128031a", "comment": "Malware payload (Mirai)", "value": "b020352a20e2371730c365ca30abd3244cbe92d6162e714028aa36c33da087a0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370662, "uuid": "96c27714-e88c-4a07-b3f2-3d6576af5640", "comment": "Malware payload (Mirai)", "value": "17437a2e4dbbfed4928d974653db44201195116e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370662, "uuid": "b3f4d7a8-be18-4ade-b183-80b5c56e4f37", "comment": "Malware payload (Mirai)", "value": "8d376fa0ecc6566f7f29c859eb93e366d54b417117104aae7d3404cfbf06b999cace44af07a80ce5b4a06831b8807fc5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370662, "uuid": "7bf26eeb-c0cf-4088-8ded-53208d0062dd", "value": "T18282D03011AB74E8DBF14431EAEECEC6975A0BF8D1FC36A217586B78C94210621F82C6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370662, "uuid": "12b5552c-95b9-4a3e-9a26-33d57cadb77f", "value": "384:MjWzRV0P6iOwrkom0DRnVATuSlShu6NvmPWtUn+KMa5hymdGUop5h5lI:6GV0P6+kom0tVAoNvm+to15s3UoznlI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692370662, "uuid": "1891f4c9-ac37-45d5-9d48-afbb22fcf8ec", "value": 18488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692370662, "uuid": "5f857eac-7025-4114-bcbf-2b600127d349", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370662, "uuid": "79e99a5b-fa4a-459f-a133-06629774186b", "value": "7182c451ac3429aef0914a590cf96525", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f64f803-3df2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692382276, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382276, "uuid": "d62d51b3-e5c4-4f71-a2bd-63b58ce2ec46", "comment": "Malware payload (Mirai)", "value": "5070f2aaddeccf474006268b2c12532f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382276, "uuid": "2c246f4e-d9fb-4082-abaf-6d6dc13c64da", "comment": "Malware payload (Mirai)", "value": "b02af79cc34a40f567a335e726f1ff2395d73891ed9ceec89457bce5b3c9a10f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382276, "uuid": "26b01ae7-df0a-41b1-b33c-68f8470a07d7", "comment": "Malware payload (Mirai)", "value": "6b39c96932702e7dae33a7491b2029ebbeb094e0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382276, "uuid": "a9cae161-6146-4709-b94f-17689d59c772", "comment": "Malware payload (Mirai)", "value": "c71879b2243ac6ea9b287551a088a5f9fb2bf137ca89be78a99f11b6728181c943d4dbbc109f22df5ac81d85360403b2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382276, "uuid": "07f22d69-044b-4ac4-b681-e02f67812850", "value": "T13292CF20A1447D61E6600875CA3DC6C667A707FCE1FC3937A61006776EB971FAAB8386", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382276, "uuid": "31ead146-a116-40f9-b447-a56d08fc61a8", "value": "384:soMVx9/qC+OTCRvTgSMjgHkFFeyofRcnqYjdqOhymdGUop5hs:soWxNX12xTeUEFFoK9qOs3UozS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692382276, "uuid": "2a08d731-6030-4325-8168-738c08a11c7f", "value": 20496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692382276, "uuid": "cd7ff958-a557-4fd5-bb63-a5767956d056", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382276, "uuid": "4d8d5fd2-24c6-436c-b2a3-aabb74ba9621", "value": "5070f2aaddeccf474006268b2c12532f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78aa3ea1-3d6d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692325088, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692325088, "uuid": "d3cec97a-6408-408a-9b2f-7f3f737157d6", "comment": "Malware payload (Mirai)", "value": "5d18576c1eb40247885ad7b9a3c50472", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692325088, "uuid": "0422a2bd-6ceb-4c18-be46-96105ad2fc17", "comment": "Malware payload (Mirai)", "value": "b0335cbd2a496d4aa315f206deb96da452fea1f75f93dbc8f3fd5bd7d1742442", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692325088, "uuid": "78112b83-ec68-408e-bcb6-ac18d1506edd", "comment": "Malware payload (Mirai)", "value": "cc709e3093cbac69bf24d5e4ecb55631058bcd26", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692325088, "uuid": "727492f6-55bf-4167-b9d0-7244cdd7e43b", "comment": "Malware payload (Mirai)", "value": "ceda791726886fdb1174c5a86f1bcb6afde91577ab16bf1023398bc3f449406cea3d85e4f82aa4396aa22b43cc1e8e11", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692325088, "uuid": "b822a910-6f41-474c-b614-9180f4050ec8", "value": "T1F1735D24A97D2E26C0D4A17B61FB8361F2F6230E2570965D7C760F8FFF2464468162B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692325088, "uuid": "cdc2b5a9-c72a-48e1-bb40-abd557eced18", "value": "1536:5ms+geQfvznpCR8ee84cN+AUiAvFI7IlNnws8T:YwfdNu4cgZvFqI3w7T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692325088, "uuid": "e1f72e03-ab57-4283-af96-bced6701978f", "value": 74752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692325088, "uuid": "f4275918-952e-4038-9316-a3826d0d044d", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692325088, "uuid": "eb304c3f-ec80-4a77-9c0c-f46c5eedc556", "value": "5d18576c1eb40247885ad7b9a3c50472", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d26a48b5-3d84-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1692335117, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692335117, "uuid": "435b22d6-71cc-4f53-a611-f288195c88ff", "comment": "Malware payload (DCRat)", "value": "397f5c91fd7cafc22c3fe28bc8fe675a", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692335117, "uuid": "7d27b9d7-5945-457e-ba81-6eb33cec747d", "comment": "Malware payload (DCRat)", "value": "b134e4e5d74eb1a5ddd66625837b44ed6d23fbac004bbaae91ece785b7c574e3", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692335117, "uuid": "adfb463f-1209-4bb6-991c-dbc7e207b9b2", "comment": "Malware payload (DCRat)", "value": "02e127ae9c5a55e9b48731a3d47220cdb056f3eb", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692335117, "uuid": "3e838016-32ab-4752-8ef9-2c9f5b9875a9", "comment": "Malware payload (DCRat)", "value": "e23072543cf1b31b7063222e3088411eba46bc9aecaf3b2527b88d9b0f4ee01d6c223c8c87604af35dd66b09b46e8a17", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692335117, "uuid": "66afd4cd-bc1c-40d4-8484-8e16451797df", "value": "T17055233476AB559FC10A2938C99D7BA8DC6893F23D37D313DF122CACB52834A0D69974", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692335117, "uuid": "2fd49cf9-9f5f-4140-9f6e-79e805036433", "value": "d5d9d937853db8b666bd4b525813d7bd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692335117, "uuid": "47acc8e1-6399-458d-8268-e380b0c37257", "value": "24576:dA1MqYjjU6kS6e5jB/n4L6JXWutEcPO6KhepiKnG/hnPrdSkl+j9aTw1OquD:d4dK756e5VgL6JXWutEcLmesKG/hQzj4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692335117, "uuid": "a59f102e-b9c0-48b6-ab22-0e521b0ae2e6", "value": 1358336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692335117, "uuid": "a191eeb1-138b-49ed-a72b-274cfdb5e8b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692335117, "uuid": "6497cc4e-51df-4d45-9367-25d7d78d34c9", "value": "397f5c91fd7cafc22c3fe28bc8fe675a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff391304-3e11-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692395751, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395751, "uuid": "8fdfc39e-15af-4d08-ab5e-0aec2f289ea3", "comment": "Malware payload (Amadey)", "value": "dac00fb1d690e98a8489859b9e7f643e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395751, "uuid": "6674ff39-1864-496c-b60c-381a2262e19c", "comment": "Malware payload (Amadey)", "value": "b17fb7284602d0a39d91be532eae524bc9fd8ba1aa7eba09b6957e620618f437", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395751, "uuid": "f2284bef-f5c2-4aa2-b882-6cc1ce57a592", "comment": "Malware payload (Amadey)", "value": "f1d43b20541252b49ed7bc8352b2daa431ef085c", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395751, "uuid": "c873fc6e-c372-4a77-9edf-31330afe767b", "comment": "Malware payload (Amadey)", "value": "6c97d51e1589f128a7a7f0f3467c57d919f646d78b01ba0cb3473a8defc3b09528d5fdc39cb834921b574dcc48ce7cc3", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395751, "uuid": "50aa3430-9ff2-4f10-b68b-7f285d838131", "value": "T10BF41253A3E98072ECF52B7048FA13D30A367CA56C69C2661781AC9F5C73588E876737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395751, "uuid": "4f2921c3-7a3c-455e-8ea7-a9dee01fb4ab", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395751, "uuid": "4bcf4295-f3f8-48ad-b643-59407cdc567b", "value": "12288:XMrzy90d4ouFapaL7TQKBP6+rm0lHUMgUueCuc/PQosQIHS:gyEeapcQiFr7F/gUue5AIdy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692395751, "uuid": "d1be17c0-5ee2-4a07-a77a-f384e5106f5a", "value": 731648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692395751, "uuid": "214fce4a-2010-42e3-a4bf-a8581a04ebc7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395751, "uuid": "b1312440-540b-4cb6-9968-9014697bf7eb", "value": "dac00fb1d690e98a8489859b9e7f643e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b8fb407-3daf-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692353466, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353466, "uuid": "f985e327-02e8-4c09-9bed-1574c32f2262", "comment": "Malware payload", "value": "195d3e06dcc028b24b9f6d1bc6e6aad5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353466, "uuid": "bdc74b10-6a8a-41ea-8c5a-fe3ee2b50273", "comment": "Malware payload", "value": "b283415c9df06f0e53b7d452d3e5c840c5bd7a6ce734a30bae4a869a57974a0e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353466, "uuid": "eafa50ab-2504-4f5c-b463-931bc4a61b35", "comment": "Malware payload", "value": "5e84941be2c10ecec9d796211196fca10e0834dd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353466, "uuid": "f4b766f4-df35-433c-be40-aab40d00fcac", "comment": "Malware payload", "value": "0b2ffd5d1749f1b62c0a03807d15229d4c148a8aa38783d342c44f0d5c505ce00ba4a613c522a4e9b0d16afffca82afe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353466, "uuid": "9ac91369-05d8-49ec-be6d-719ed2a7bc81", "value": "T11E93495A73E504BBE4364A3489A35E09E776F8121621CF7F03A4429E1F673918F3AF61", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353466, "uuid": "2d09040e-b666-4573-b6f9-9900b4adeecd", "value": "f4c72b794ee1715431d240104a3760ff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353466, "uuid": "6d4686ea-402a-4ae8-a66d-1a1cf1c2bc39", "value": "1536:89mjO/1JG+c51H7kSkpa1HKRo3kBaxJ+aNIuTJ1ExXDihMvE00sWhd09dl3DQjrY:LjO/1JGHZYFpahKm3kG7NIuTJ1ExXDiz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692353466, "uuid": "09039464-b185-463b-908f-2d80acb28706", "value": 91648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692353466, "uuid": "d5d976cb-b0a3-4749-b4b6-d87bb43b72ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353466, "uuid": "c7078902-22f5-4de6-9df8-ac5f72f314a3", "value": "NPPSPY.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29aaf8ad-3de3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692375636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375636, "uuid": "3c32027d-0990-4587-bdd2-3fc7ade39010", "comment": "Malware payload (Amadey)", "value": "30408787d5bc40e9a269f63e50e46f81", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375636, "uuid": "d909885d-deef-485a-b5c1-bc6451b14690", "comment": "Malware payload (Amadey)", "value": "b311eabe9d444ff677324eef2a5851333050015219a08e6099ca15a779e49754", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375636, "uuid": "1ee1c266-deac-4a07-854c-2eb1e3347fa4", "comment": "Malware payload (Amadey)", "value": "d7a6a0104ff7a4041477fcb3e762798e50ebafb4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375636, "uuid": "ec79b974-d478-4b29-97e4-0e840ac7a872", "comment": "Malware payload (Amadey)", "value": "4e30b21b4c3a8c4756a73c371b80668fd6ff8ce971ca2a9a60948fa9cc2b3a103384e05b9620759ac366be5aff602043", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375636, "uuid": "76834fbd-18f4-4d4e-b0fd-e767234d15b0", "value": "T18CF41282A7EC8173E8FA2B7159F607D70F317CA25CB4829E27446D4A4CB3644993673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375636, "uuid": "d45dda87-57e0-434c-b2a9-bc6e4fbe2d59", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375636, "uuid": "2a324827-3efc-4aa0-9b59-a0f613d8fb69", "value": "12288:MMr/y90K8eUUD21rwCyzi7onc3d6HwYkQEZfyizS9644zMtzXmfzL8twpt0mEEPP:zyD8ckrfyzi7onQ62+9kzMV2rYaHcEPP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692375636, "uuid": "645ee980-5d70-426e-bf00-8454bf5ca04a", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692375636, "uuid": "60fe0465-884c-496a-947d-457dc52aa48a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375636, "uuid": "849f6076-0081-497c-9d79-b9fe8b4644af", "value": "30408787d5bc40e9a269f63e50e46f81.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8d5f06a-3e1b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1692399954, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399954, "uuid": "2ab9c629-e389-4634-8b2a-16bc334d75c0", "comment": "Malware payload (njrat)", "value": "424acbd9dd14618de61927fd05ca4da8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399954, "uuid": "58344766-e3e0-4a49-b829-c9c2a8c913e8", "comment": "Malware payload (njrat)", "value": "b37ce296a2fee86d2afd7ec92fd722253d4cbe226bd46938557e4b82e1de46c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399954, "uuid": "df485aec-cf61-4514-b4f9-41e17aad3cd8", "comment": "Malware payload (njrat)", "value": "fd7ea433e0c2cb97e6d071865690b2cd7f857c72", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399954, "uuid": "f2627fac-8f39-4839-9cf5-57be97fe3f7b", "comment": "Malware payload (njrat)", "value": "c5fd003d70934155b9fc9f9b61d5937449544df3261e43f8400ac67a42490c2224cfec6a3098c5b4c327ec706b50dfe7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399954, "uuid": "3ee16bf8-605c-4760-bff2-0bdfbe8400a6", "value": "T1C5032A4D7FE18168D5FD067B05B2D412077AE04B6E23D90E8EF664AA37636C18B50EF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399954, "uuid": "035f808f-ae27-4127-9f58-6266910bed51", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399954, "uuid": "a5a0524b-56dd-420b-a455-f6722f7bf976", "value": "384:D0SvEiTbTvpWNcZ0y8fvCv3v3cLkacparAF+rMRTyN/0L+EcoinblneHQM3epzX/:oS7TZ38fvCv3E1cQrM+rMRa8NuWEt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692399954, "uuid": "aa17b183-086a-4fb2-be6f-1df69a9b7b55", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692399954, "uuid": "bef32808-f081-41f1-98cc-4b512f3dda6a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399954, "uuid": "3881ef2d-263f-42a4-89c5-7b35284238b5", "value": "424acbd9dd14618de61927fd05ca4da8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9211521-3d93-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692341517, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341517, "uuid": "1741b971-df9d-4f17-9be2-6e64c060457a", "comment": "Malware payload", "value": "9a2490d08606de9935c8f139226b9498", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341517, "uuid": "31461f98-2bd0-4306-8519-54973158db4e", "comment": "Malware payload", "value": "b4addefb06b052219b202d98c71d5bde9aee375ba5b31dc8460bc2939099d19e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341517, "uuid": "17a92446-0800-42f6-bf1d-970658158111", "comment": "Malware payload", "value": "dbb715d5bf8a9cbdd44707571b2481a319554bff", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341517, "uuid": "d36e73b9-4468-444f-878c-8fbd6dc44821", "comment": "Malware payload", "value": "a421171ce225c55ceeeefb11fc32eb11abaa7d39ef8d5638d3e29868995295f83c123bcd496913a86133f943e46c9165", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341517, "uuid": "2a7bc84a-0fa9-49e8-a19a-2703b30e2f0b", "value": "T12015D71CFA49DA3FE29C8C3950F9DB2B29B99FAAD0F1E351C010517518E6CAD0DB6163", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341517, "uuid": "6babdf26-6fab-4533-b063-23ce520acbb8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341517, "uuid": "f9ab62f0-a02e-4897-a0d9-db4d06783c6f", "value": "12288:+T6qMTTxTaJfHdmMTa9IubWFaxDfdjDaZ9bMT:+TrGevYMTa9tSadjWb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341517, "uuid": "202413aa-2519-46b4-8526-f579e56eb788", "value": 917504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341517, "uuid": "09e64a4b-1f02-431c-bc15-cd8ba94c24b5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341517, "uuid": "499c0fe7-8e6a-4efe-b596-6019cdcdfed4", "value": "Purchase Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bf8ae8b-3db2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692354594, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354594, "uuid": "e476b536-8f65-49e6-8ce3-0db3a60715e5", "comment": "Malware payload (AgentTesla)", "value": "3c98c16d23436d96ce1ef237bf4764c5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354594, "uuid": "f63c8008-af2d-46bd-a3de-76beed0df532", "comment": "Malware payload (AgentTesla)", "value": "b4bcf8d5035166852ef1929c2f708253e1a041ebf2af94e7849f0e399d91bbda", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354594, "uuid": "8c958750-3e8c-4a4a-812c-9e3d8cbf6cec", "comment": "Malware payload (AgentTesla)", "value": "620f7c1c44da283ea7b0c4ea64b665bdf597dfa1", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354594, "uuid": "9803c11b-2959-47f3-a3d7-9b038a1196d5", "comment": "Malware payload (AgentTesla)", "value": "5919d89a1536d27091a5b422473d1e42d92bec4fa9a1445e42a88fe5917225e9c3095b3de05a2e744312407c604140fd", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354594, "uuid": "2a58d945-1e22-46df-96f8-2c5f8675f335", "value": "T1CDE4F0513BBD2A47E8B6D6F915B9620087F17E6A6021E3DA5DC624CF18F2F004B61F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354594, "uuid": "589ca25c-fcd2-4575-8524-a7230be165de", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354594, "uuid": "584881bd-8036-4737-96ef-b1f3fa65c7bb", "value": "12288:v7mHFFDr2TJM8/C+zXlukXQpOCGA+QUtaIRH6jjMxXf83kUlHyABUtplJ:DmXiTS8DtCN+QUIcoApmXhyABMplJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692354594, "uuid": "a8349be7-88d9-4f4c-94fe-3539fcc9b6fa", "value": 694784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692354594, "uuid": "558ec7ac-e7fa-482f-a7cc-c3912e89bad1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354594, "uuid": "199aae30-a3c9-473f-b95e-9d92f74c36f5", "value": "SecuriteInfo.com.Win32.RATX-gen.25528.268", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94e4fa66-3e0b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692392995, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392995, "uuid": "f274c3ba-8481-472e-a506-c61ce7eaa215", "comment": "Malware payload", "value": "2b5c5ac56b819bd05ab3151efc814303", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392995, "uuid": "73d39ded-eff7-4228-b2c2-5e143a33f3e7", "comment": "Malware payload", "value": "b71a19618582e3820d4c6f184180eca70e097fbd4b35bae3615e99651d97d9e2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392995, "uuid": "c71cfece-d1c6-423f-9bbf-2179397c7f68", "comment": "Malware payload", "value": "9e4cb9c54e4243998d6c9c1916ac147741c21382", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392995, "uuid": "7765bb9e-4616-4c75-96d5-4b3d9c976fd8", "comment": "Malware payload", "value": "ebf100bf6a8b7cbcd9f3163492942a83b663104aa977beac601b15752eac8971829f3c4e0f18c2b4d31ca802d49d13eb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392995, "uuid": "6c4dea2c-dbbe-4305-8c0d-ba610a56d8ef", "value": "T161D318E6EBD89CA3CA0417345AF65314233AF7E21B968B175E2055351F63BD0FF8284A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392995, "uuid": "20a9c355-5940-4c15-872d-0f8d312a89b3", "value": "e24241e19d36871cca9ad6e9d0829be2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392995, "uuid": "a477a7a5-5ff3-42c3-bff6-b73e6bc696d8", "value": "1536:ju2Jqy4AutHymEUGwFBP3Dp7+MO11U3NsVGlJ:Rqy4AutHLVUBsRlJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692392995, "uuid": "8755fbb1-c736-4cb8-8ce4-43c8750c3812", "value": 131327, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692392995, "uuid": "529a32dd-95d6-442b-8bc4-ed6a8f1d1538", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392995, "uuid": "1df0ce42-2656-449e-9e67-82766faed678", "value": "backdoor_for_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56bdf420-3da7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692349941, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349941, "uuid": "14cd946d-6b43-4726-a0f5-41f6bc0c80e6", "comment": "Malware payload (Loki)", "value": "2dc1827b6c7cd6b4d6504b7703ae4cf5", "object_relation": "md5", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349941, "uuid": "d316e758-243a-4395-a3c0-5ac1bc7065ef", "comment": "Malware payload (Loki)", "value": "b7b3480e6bc3971e8993bfb8698f826602aa0e336928ae2ada1b6ab60ad5b33e", "object_relation": "sha256", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349941, "uuid": "91f77dd2-afb8-4975-b93a-4ead6fc49c11", "comment": "Malware payload (Loki)", "value": "494ee384fe81f5e17bac2a0360cf48d21bdec8ac", "object_relation": "sha1", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349941, "uuid": "0131b76c-521a-4012-885e-8a172bb430ab", "comment": "Malware payload (Loki)", "value": "d8c8e5e0cca117456ac660fb39390a9f7997796aa994ef8994fdb78009f89eede5dd3b4e2fe915c9e777905dc489de3b", "object_relation": "sha3-384", "Tag": [ { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349941, "uuid": "b2f6c323-d3b1-4f33-948f-68fc390e399b", "value": "T16EF312F935C9B415B9CD77D822A3ACBEA0AA3FE41CF1321055D07F81C865AF25C86A91", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349941, "uuid": "d8685bbe-be39-4102-93fe-a66083949904", "value": "3072:KS5uEF+pmthR70QOJpxiTr2AZrOAzOaYDpudnaaGJuAEYVP6LsPLfNlhp91PD:KS4EEW7HOJpW2A1ddny8AdPoIhtD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349941, "uuid": "fe53a333-ec06-4a5f-ab83-c1c7c72975fb", "value": 171063, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349941, "uuid": "6e1c65ad-6a9a-462c-948c-c0eba8c06ddf", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349941, "uuid": "5f53c784-9cb7-4845-9a29-cafa5b1e7b40", "value": "Payment Remittance.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef7be4a2-3db2-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692354922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354922, "uuid": "96dd67f0-7da3-4eef-a922-9d6e64957403", "comment": "Malware payload", "value": "129d8a4b405cbb316746572505aa9fa5", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354922, "uuid": "84606fee-e69c-4b73-9b77-b506242f0da8", "comment": "Malware payload", "value": "b828b256f70a803bcb1bb54b5588e9dd9a4e45850d94c52dd95bba6b238872f4", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354922, "uuid": "e755023e-a6c7-40a0-ac84-4d09a7f7f36b", "comment": "Malware payload", "value": "118e2b35715104490ae2804028ed12c05364b148", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354922, "uuid": "cb27c7a6-d1de-432c-a213-e06677fb9045", "comment": "Malware payload", "value": "4cb6a9b5063487434ee309dd2733ebba581fb69fc67a6beaf7275131da92b335456c477b74ecab2d44f98c99e8e1cfe7", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354922, "uuid": "8e892777-7990-4bd8-ad70-3a191fde1d58", "value": "T150A114AF929194401D3260F8B3D34502B6A2461E4F07654CF979667EF3C88F16FB2BD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354922, "uuid": "1daa71dd-6aad-49b6-9bfa-4c1a5bd04cc5", "value": "96:8FTespuJ2TODfoMtItP9oQBX1u+3KrqYfcfnGyem7UmzA7ODNA8XIOV:8FTre2MfoPH3KeZn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692354922, "uuid": "091e5f05-9f19-45f5-9908-93aa2f2f7b3d", "value": 4959, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692354922, "uuid": "6499440a-d33e-49de-97e8-f0be2530726b", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354922, "uuid": "75e97440-eb89-49cd-930f-2bcb9daaaf65", "value": "Sales Contract 121.xls.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68775d4c-3e01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CobaltStrike)", "timestamp": 1692388626, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388626, "uuid": "1d33eaea-4923-43e6-98fc-b6c4504a2b1f", "comment": "Malware payload (CobaltStrike)", "value": "577c461ef8030e9feece3cdb5054b888", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388626, "uuid": "0b19be68-2460-405a-b61c-ed4a5e90a63f", "comment": "Malware payload (CobaltStrike)", "value": "b85e1e79b143c308a707b86b827dd4bacc0d2240a260cf97c3a944f96c96083f", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388626, "uuid": "4b26532e-7d80-4c30-891d-cedb3d1e60fe", "comment": "Malware payload (CobaltStrike)", "value": "d53c241ced618571ed579a3d2b7ddb19a4a54308", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388626, "uuid": "309f211b-7625-45af-b7b7-8a181dff1cf8", "comment": "Malware payload (CobaltStrike)", "value": "65b272ba7db6ac046aa9cbca601b0637311da490cb3267871d44023ec77848abf442bf27fe0c5b6e5b2b627c4a5de1eb", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388626, "uuid": "46909e31-05e6-4e00-9b7a-f58e98735d97", "value": "T1E844F155F943FC72E51B21B41CA7EB7A5D397E214B70C037F688978EBA327D0292160A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388626, "uuid": "8e377117-ed82-4918-aa3b-d70729d34638", "value": "55c3c2de18770066e2cd1f40bc997aba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388626, "uuid": "77b0f855-9cef-4d54-98d4-10b4d7708500", "value": "6144:ArV9P0B5PbzZH+eApEH5gsYQF4wogV3mjffDjq:ArV9abGEi7QFpTVWjTjq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692388626, "uuid": "28eba384-ad44-4702-b6f0-117b46bac1bb", "value": 278030, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692388626, "uuid": "1fcf9fbe-7ca4-4f66-8a7e-fffa4d1820f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388626, "uuid": "94498792-26c6-46e2-b8f7-1a9b3fa1863d", "value": "577c461ef8030e9feece3cdb5054b88.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43adc555-3dde-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692373532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692373532, "uuid": "29ced80e-7d81-4542-90b8-3f073db9cc27", "comment": "Malware payload (RedLineStealer)", "value": "397e699ece954534fd8a6a2c4301fc57", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692373532, "uuid": "36cf1b84-eefc-4486-ad9c-a9b4a9218199", "comment": "Malware payload (RedLineStealer)", "value": "b92695a3882a873d859e7f91c08e608f7760e7d2a677cccd48fd5d9730eb237f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692373532, "uuid": "da82706b-a9d6-49f0-ad3e-e2250f188906", "comment": "Malware payload (RedLineStealer)", "value": "ac01f47497c38a65ae9f406e255e93118a310dda", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692373532, "uuid": "d61aa3ac-5b7c-47c6-a647-25902d1a7497", "comment": "Malware payload (RedLineStealer)", "value": "94fab18b8682b633469892ebff881966754d386ad1dbfafc8ea1f5f2c3d54ceb56ef1cf3dc4efae0d87902ef21cf78d2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692373532, "uuid": "27a623f2-866b-494e-82d9-1a0437906895", "value": "T19AC41243A6D86077E9B61B7055FA43930F367C618CB482AB17866C5F08329C46E7277F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692373532, "uuid": "58faee22-a475-4d47-ae89-9fc9e24f7854", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692373532, "uuid": "2e0fbbc7-8b55-4171-b8f4-3c828e42938d", "value": "12288:jMrxy90J+UqBO8kn9BHqDRXmNxWS7DboZ8RON:eyqOBO9XHU1mNJbBRON", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692373532, "uuid": "ebefd37d-c4cb-4f74-bcc6-1ba97e53c444", "value": 577536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692373532, "uuid": "c8d6d894-ef59-477b-a803-ab9948b09a95", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692373532, "uuid": "13136ab3-66cf-4d51-bcd9-f5d000d9ddce", "value": "397e699ece954534fd8a6a2c4301fc57.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5a66b06-3da2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692348034, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348034, "uuid": "06b27046-33fa-47e7-8441-ca490fa3e76e", "comment": "Malware payload (Loki)", "value": "0515f1f5dfdbf277e00318ae9b91bf63", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348034, "uuid": "b76babf3-fdc4-4ffd-a618-dd93ad6ce827", "comment": "Malware payload (Loki)", "value": "ba0ab61c41f2cffc1fac6424b3eb60a11670a8b828eceae7713379291a450e30", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348034, "uuid": "76d5fbb4-42f4-4b13-9f87-8b998fee23df", "comment": "Malware payload (Loki)", "value": "e4c67298fe5c81b2f2ceda505ce96d63ef8a86d0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348034, "uuid": "1fc4ee68-e2d7-406c-921b-12a63da9240f", "comment": "Malware payload (Loki)", "value": "380cd50e3ce946a75008d07dff5a4c438cbc19b591baeef376f926f70abd59e0c411a1a4df91ff702d20979cfffd926b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348034, "uuid": "8cc2b10f-bdfe-442f-91ba-2b9b1628e615", "value": "T18004024463E0D477EE621A721D3E57BB39FAA51520B90B4F27504B497C375A2AE0F323", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348034, "uuid": "84becc25-5476-495b-ada0-34604c77d53a", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348034, "uuid": "9c4d4ca6-bfe0-40e8-a097-40d5e1063039", "value": "3072:3fY/TU9fE9PEtuEbuD79W09krP3WPejmsnB3HhRsl2AuH6+M+pSMymcvFCj59cmW:vYa6guD79wzGPwBy23TM+Mv1INGmmH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692348034, "uuid": "9bbe955a-e7f5-416c-b8f0-c1388575b431", "value": 186433, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692348034, "uuid": "2ee7cf11-2fe5-483f-b8f5-63c6bd6046a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348034, "uuid": "63bd6c8e-aa3b-44d4-8c83-3bc8b3ab1dd4", "value": "PO No 2390920.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c868d535-3e00-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CobaltStrike)", "timestamp": 1692388357, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388357, "uuid": "5f238085-bc20-4fc7-9380-8bee66ba88e8", "comment": "Malware payload (CobaltStrike)", "value": "487a08f88e63417b14336d6ea299dc40", "object_relation": "md5", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388357, "uuid": "8a70a298-b0b0-480e-b78d-ffe48f3459e7", "comment": "Malware payload (CobaltStrike)", "value": "baa899492c09989f554a0a744b87c30caa6f0ceddf4589a22418991513f0cf27", "object_relation": "sha256", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388357, "uuid": "b88df699-a911-4247-b0f4-b7267362f30d", "comment": "Malware payload (CobaltStrike)", "value": "f5510c4be4574f8bee3e03a7677175844ea60b50", "object_relation": "sha1", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388357, "uuid": "957631e7-f9db-463e-bbee-309df0797fa0", "comment": "Malware payload (CobaltStrike)", "value": "4194f878259fbb99351ca0e69f6c7963c1eb596551d0986f7d5340194e68cde104799bbc1b7eadb4f8bbe881f4065631", "object_relation": "sha3-384", "Tag": [ { "name": "CobaltStrike", "colour": "#8E4D73", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388357, "uuid": "c9b2faa9-dc82-4b69-b071-3e1e24c76b05", "value": "T18F440155F943FC72E52B21B41CA7EB7A5D397E114B70C037F2889B8EAE327942D21609", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388357, "uuid": "521f2ea2-891b-434f-b1e6-8fb942b2171f", "value": "55c3c2de18770066e2cd1f40bc997aba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388357, "uuid": "ceb04ecb-570e-4a49-9bb7-cb530577c6d7", "value": "6144:crIW9P0B5PbzZH+eApEH5gsYQF4wogV3mjffDjc:cr/9abGEi7QFpTVWjTjc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692388357, "uuid": "0a4d974d-3e06-48bc-ba6d-24e3b84c16c1", "value": 278030, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692388357, "uuid": "c8bce533-5b28-48e2-8596-689038b8beb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388357, "uuid": "12bcafee-8446-433c-a623-c3e5b8883761", "value": "487a08f88e63417b14336d6ea299dc40.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "101c89fa-3de1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692374734, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374734, "uuid": "9f518f55-2d75-47a7-b15d-70bd08c3f217", "comment": "Malware payload (Amadey)", "value": "51b4c5b8790dfe3be556c884b425b98c", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374734, "uuid": "c7f190c7-5ea9-4693-8213-d5b2cfa654d5", "comment": "Malware payload (Amadey)", "value": "bc7bcda6a6b8361aded606418f33e8c40a660635003afb92b9a49f355f3843d7", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374734, "uuid": "c12cb536-036d-4ff0-a41c-fa0eb2705a76", "comment": "Malware payload (Amadey)", "value": "952f2c64884aaebac8be0b7a0744a2dcabf541b4", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374734, "uuid": "34af6b81-98b7-479b-b16b-a43081fb9c17", "comment": "Malware payload (Amadey)", "value": "085e1d97b8a45b771fa4849cdf793df69d5d90d81e05fb04d021ff56625877cf1a497d24875dfba4f424aaa06db02b75", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374734, "uuid": "f990b157-a1d4-46e5-97c7-3f45b349b2f2", "value": "T1E4F41303A6D89873ECF61B7118F703930B35BD651D6893AB238AA95A1CB2AD56530337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374734, "uuid": "487867d1-be16-4172-b931-2745f8a4d42c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374734, "uuid": "2601d7fe-f388-480c-a888-311d66f0efb9", "value": "12288:0Mriy90JhS1dJ7Ccu8pHqI+fi1GfaK9ge7hQoKRCBXJp79kgz79tKvTiw3w:eyZNecu8pHqziduP7h/K8BTiqJtKvTNw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692374734, "uuid": "a9eda94a-9011-4036-81e2-7d7973deb0d6", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692374734, "uuid": "8674a5b0-92a3-4c53-8044-778a2d31bdd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374734, "uuid": "c49fd79c-ea73-4dcb-bf04-9e51160197f9", "value": "51b4c5b8790dfe3be556c884b425b98c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "63f910bb-3e1a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692399356, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399356, "uuid": "c27551f4-38bc-40ae-a94c-84602040834e", "comment": "Malware payload (RedLineStealer)", "value": "c7ba2103ffef17377634206c0ec0cf48", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399356, "uuid": "ae70c433-a2ad-407d-a158-c8a69d6cff87", "comment": "Malware payload (RedLineStealer)", "value": "bd094b4e1f177739a07aa7cff4f8a725a84722edab632cd9b9c96aebe99634b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399356, "uuid": "b13e16b4-13dc-4ddb-b714-174efa616abe", "comment": "Malware payload (RedLineStealer)", "value": "85b39ed76123693d1a41bde0935c5f7bdedf663e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399356, "uuid": "fda56557-8c95-4586-89d8-203f1eae7c99", "comment": "Malware payload (RedLineStealer)", "value": "e2a4a27fe40bcbefc94c7ad0f348063f3a3deff430bad2a44564bc183427ad850695940ef66ada394e938a18c6db1dc1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399356, "uuid": "7d10bc2f-f765-48fb-a034-a2a722e742e5", "value": "T1E8F41253E7EC4073ECB5AB705CFA13930B31BDA20868126B6762598F0C727D4A57672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399356, "uuid": "088e7198-3846-4823-af3a-151f10ad2718", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399356, "uuid": "f30926c4-f57c-4795-bee6-b0d9975c1fc8", "value": "12288:hMrXy90e9FPX7NX5k/CbEtrsWG0GwBJNKFG2KROBXLp7ZhdxdffPSV2Opg6F:OyNX7Na/ftrf7KM2KMBFpxde", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692399356, "uuid": "42d29f39-ead9-4e77-8169-31a99e467ae2", "value": 730112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692399356, "uuid": "95956b58-c14c-4d6d-8a54-b6a86e23abb1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399356, "uuid": "b3b97009-3398-431c-a0b5-45a3df8ff8e3", "value": "bd094b4e1f177739a07aa7cff4f8a725a84722edab632.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d77e59e2-3d81-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692333837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692333837, "uuid": "c8c8ee54-e3ad-4546-91a2-ade4aa654f0e", "comment": "Malware payload", "value": "f226785987c5b4c128d4785c6a2d413d", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692333837, "uuid": "37562f46-1d2a-4561-bba7-4b491385840e", "comment": "Malware payload", "value": "be8a7be2a07887ff0bcbcfbee0c512e94838fd8aeaddd2ed8e2d7e7685fa5dfd", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692333837, "uuid": "839a7ff2-ca27-4895-bb12-3b8a7723fd2a", "comment": "Malware payload", "value": "3bc64ea834deb4545e918bd8577ca6e4c584beb1", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692333837, "uuid": "2052ba49-8194-427f-be20-f75621530f6e", "comment": "Malware payload", "value": "9c743ea90f05492a7878d7e1549d31f777dfcf438aef17512a67104e22f537ce29e1102150f576c4662edf53e4ca4fd6", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692333837, "uuid": "58194165-7695-4f01-930d-51511877e11f", "value": "T104653372957A0B52EEC26CB52D9C45962A6CCDC377001E8E7B09D975EC3942A2D0FC73", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692333837, "uuid": "b228be02-0c79-4b2a-9eab-c9673b4ce489", "value": "24576:arWT7+Qcsyv2Z5xgHidjcogbDtA9icDs2UWmEupbhTtsnDUi5OxJPasr2vcK:aCT7+QcsP7xbg3RKI2UsupBtsnD8rPbK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692333837, "uuid": "ac98144c-e0fb-4b0e-9a22-3c8e0b5b0480", "value": 1492480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692333837, "uuid": "ffff0126-0cb7-473e-861f-a163763309ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692333837, "uuid": "74315102-e9c2-4b38-99fa-6ab5cede65c7", "value": "f226785987c5b4c128d4785c6a2d413d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d24bfa50-3d8b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NanoCore)", "timestamp": 1692338123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692338123, "uuid": "d9129c1e-f737-4844-adf5-6ae86f6b42d3", "comment": "Malware payload (NanoCore)", "value": "000526dc124572037c777a5a7a4b6467", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692338123, "uuid": "cb868dcd-2fcc-4052-ba36-cdedbf80a94d", "comment": "Malware payload (NanoCore)", "value": "bf057fe8bcc9d25c24b876efce0dccf29a5fdbfac6eead9f84665d40d4d7a2a9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692338123, "uuid": "d7d34637-10fa-4684-a177-ec226a181210", "comment": "Malware payload (NanoCore)", "value": "70d6d0fe041e8c3ab650a1dc3cfba063a9c375d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692338123, "uuid": "fe5fcc14-9a42-4b69-a4d8-fc9d2a98f987", "comment": "Malware payload (NanoCore)", "value": "ded0cffd32fdb9273a76a4fc65bcb6b3024c3a77dafe59cd3afb1f60bca0fa96e5f84892fea260db54b15f8c8d8dae52", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NanoCore", "colour": "#49BC60", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692338123, "uuid": "a4877fcc-7faa-4944-9a29-a715c73d9abe", "value": "T147D40117ADA9BB21C029D7F72515995C077A6D1E7DE1F60F8C8EB0C6CB327801A61E23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692338123, "uuid": "dd26ae49-396b-4318-9338-b2366a4ce17c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692338123, "uuid": "cb1ef511-1b15-463a-873e-7cbd31d93c45", "value": "12288:XywV/Ot9mbvTbgmjuSD19g6kH9SPaOV8udDMhg50dvK:XyXKTbgmjueWH9SaY8uuU0d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692338123, "uuid": "7a153fe7-8eb8-4b42-8b63-8d9b915aa09e", "value": 648192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692338123, "uuid": "637c239f-bfc3-40aa-8682-1907e8cce8cd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692338123, "uuid": "1494434f-54f2-4d2f-9862-4a33796fa976", "value": "000526dc124572037c777a5a7a4b6467.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "66f6aa85-3dc4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692362424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362424, "uuid": "f6dddd15-936a-4fa7-9d45-24a4c22037e6", "comment": "Malware payload (Amadey)", "value": "fdaae9a5abfc38fcfc07a8ed9cfc7feb", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362424, "uuid": "8ca4bdba-621c-4d9e-b572-7b6514e3e075", "comment": "Malware payload (Amadey)", "value": "bf5285765148d3c3756182114ed634fe38333e10c0cbf970bf532b87e9d2ceac", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362424, "uuid": "a9f13dad-fde8-48d0-a085-c704526969ba", "comment": "Malware payload (Amadey)", "value": "2e7f8e3d1fc89fbcdfa57fcdfc21bcb7b18ede15", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692362424, "uuid": "3e1d0563-067e-492b-8926-f20ef013c971", "comment": "Malware payload (Amadey)", "value": "04b1e02cf65526057bf14713c0ea7042ac20026bfe1327f186b9dcd042a5208989cf5e88eb3f6a616a30b776b5525ef8", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362424, "uuid": "9f7104b4-6c83-4fa9-9d1e-d89fe54c8225", "value": "T16B152262A5C44137F4B4677028F623931736BCA24EB0966B334ADD2D1DB3AD4E87172B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362424, "uuid": "20496e26-70b1-4043-a5c8-e6caaab6ed09", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362424, "uuid": "f0ff12b0-9deb-4596-9850-658a4d887388", "value": "24576:hya/aABBGumP+lAuo+U3JB5BSCYrYLf+EJtf0:UaCmF4uNo+CJbQCxLNR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692362424, "uuid": "a19c669f-55d9-44e6-a642-57d270a3a543", "value": 875520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692362424, "uuid": "cf03613d-73f3-441e-9931-e0b60f50b268", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692362424, "uuid": "09ed9d43-cb8b-4dde-97fe-29aace190d4e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a119ff8-3d93-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692341464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341464, "uuid": "e1356e47-9dfc-43e6-a8db-0bc5f2ee0931", "comment": "Malware payload (AgentTesla)", "value": "3a03c9cf05ed0c15e5cd9b6a595e521a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341464, "uuid": "1e5a5799-0b69-4ef7-ada5-19248b1f88dc", "comment": "Malware payload (AgentTesla)", "value": "c04edaab3f7fd927118d248a63907eb7b7b65af0300266610af6435456ca435d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341464, "uuid": "24163ca3-c343-4e46-82ae-6f9506393959", "comment": "Malware payload (AgentTesla)", "value": "1d4c3ca2294c9c81d6ffa1b55d5831e03cdf96a5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341464, "uuid": "3de80a08-2fe9-4f3c-95c8-9d1a1697f997", "comment": "Malware payload (AgentTesla)", "value": "ced6bd22abe4506bf6bd4250877b085930131c181da3a7a05fb26c8afb506b61caf5ff19bcbf82941b5ec9c36bae1e05", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341464, "uuid": "2266135f-a0ab-429f-9c69-b0cea59a4a45", "value": "T176A32918628C9616C37C23FDE24F81149774827A5723F78A394DC6E82F53BD5E61B28B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341464, "uuid": "55645273-fa27-44bf-907b-d952dad9d21c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341464, "uuid": "ae4674dc-3530-42ea-9557-1621e8916535", "value": "3072:lKH8q6qizPByYpFTM5xX+T/rXEE4C6UY7ibZxHWyOx/wY97Edc+YS:IH8q6qizPsYpFA5xX+T/r0E4C6UY7ibJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341464, "uuid": "95d3952b-f6e8-40aa-8298-0c8b63532955", "value": 99840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341464, "uuid": "b80f9eea-06ae-4cbb-8d5d-4c07a1e50027", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341464, "uuid": "6b87d6d8-a80f-4b7e-a24b-6d0f18cb778f", "value": "Execrzwyrdj.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dbfdbc7-3d67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692322385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322385, "uuid": "51e6f9b3-68b3-4786-80a5-660184110fae", "comment": "Malware payload (Mirai)", "value": "c0836503ab02445d7e3c9e046cc41ae7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322385, "uuid": "86001a9f-8afb-44fe-80f0-466428323ac4", "comment": "Malware payload (Mirai)", "value": "c0f39e5d6b1bcf26fe255d6348a09db06dc68573c3d665fb5afe07b027840baf", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322385, "uuid": "ccf2361c-6c79-42ca-8c1f-0b715a7dfb17", "comment": "Malware payload (Mirai)", "value": "08897ac8974e2b1b0adae5b6c48530a932d6a01f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322385, "uuid": "fc6a9395-5d2a-4f56-8b63-20de295650f2", "comment": "Malware payload (Mirai)", "value": "d1e4fe4f52b9783f788ffcd650b5b87088a7fcc142a8c5d462326cc7344661bfba7a4e532b62d00fe8e7b1e1ea520960", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322385, "uuid": "8fd05701-fb16-47c3-b6df-25a5fcfd68e2", "value": "T1E0D2F1AEF981DBFFDD87D07B731D9071218AF8A882506314729A8D4247F5350FD8295E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322385, "uuid": "bd7982a7-8939-48d1-a7c4-570375ec730a", "value": "768:llxKd29WcxEg1lWTOK/XozjxaQNKFUZbKQg:4d29t51lWTOKfEjsQNKFb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692322385, "uuid": "71231012-f620-42b2-b2ad-f66a9f24ff23", "value": 29456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692322385, "uuid": "7ec8e2be-f1f6-4821-9782-c6546cfe9860", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322385, "uuid": "497c0382-fd03-49ef-a1b3-b3d456e2c9d6", "value": "c0836503ab02445d7e3c9e046cc41ae7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df50849c-3dd5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692369927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369927, "uuid": "101de324-dbc0-49e6-8c88-f5bfe0f7713b", "comment": "Malware payload (RedLineStealer)", "value": "b7958cdce7d013cabb2b7d5629654c7b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369927, "uuid": "8dbf7921-ee51-49ef-9481-76172379c286", "comment": "Malware payload (RedLineStealer)", "value": "c1da186e711b77e57de7e676114c851af1e01d66049b3d168fd0e2873ee51240", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369927, "uuid": "0eb40510-e627-49b8-983f-619f8f29b2bf", "comment": "Malware payload (RedLineStealer)", "value": "4738ce2949d473b3e6eaa3e5f545ff45d52b55a3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369927, "uuid": "bb101655-3e93-4977-ae35-1906762e05fb", "comment": "Malware payload (RedLineStealer)", "value": "f3753ceba98c9d68942ee1a8b5b2ef3c86a8d7ac51e022dfd611ee3d9bed940e811681c701ed9cf256a9e99bef471cba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369927, "uuid": "0778a02f-bd52-4a83-8cea-dcdf1f3d94d5", "value": "T1C7F42222A6E980B2DAF607B008FB17D30B36BCB15974677B1781A91F49B3605E630777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369927, "uuid": "a850bef7-8bdc-49bd-9d74-8d387b491358", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369927, "uuid": "70fd4fdb-a5ea-470a-b4b5-b9a07da220f1", "value": "12288:yMr2y90ct8cA9uvomgSo8PCEsex6aVjGzI4vkSfmf6IvIqu1fO9Jg7afpEirGpp1:Qy1RAQvoSZPCw6yjcfrIvIp5O9CMgp1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692369927, "uuid": "f247b8c1-aec0-4d95-81f4-bd237b83739d", "value": 748544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692369927, "uuid": "2f6f22e1-6d1b-48e9-b94d-2fcba0212622", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369927, "uuid": "1c6c5b34-d82b-4e54-8bce-0c1604e80043", "value": "b7958cdce7d013cabb2b7d5629654c7b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1539c62c-3dc2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692361428, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361428, "uuid": "defccb95-f4ed-469f-aaab-2ad93bde7959", "comment": "Malware payload (RedLineStealer)", "value": "6362598d8c4face9da4cad5b90f0492a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361428, "uuid": "9a67f26e-cf83-44e1-97b3-53e1cc8b3398", "comment": "Malware payload (RedLineStealer)", "value": "c1f30490412f332feb70fbb09843934e251636091ba1e7158ef9190b9985f33a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361428, "uuid": "8e269672-2d6f-4eb7-802c-43f905f64f2f", "comment": "Malware payload (RedLineStealer)", "value": "47f872d0e22e46fc8e064cc141bb003b0fdcdbf7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692361428, "uuid": "e4565170-e42f-48b3-b14e-8054e97827bf", "comment": "Malware payload (RedLineStealer)", "value": "51e8a4a8cd6d11cd8d317cb2d1f2ca04e4d4c8f0fc634e45ec61cbbe51183c212127e92cfe7acedeb4c7791990308447", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361428, "uuid": "59eade33-afe5-4911-b042-1a29fcd8c34e", "value": "T197840222BF92C072D19B50704854EF61A7BFB93055B1854B37EC06BE6E707D06A7631B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361428, "uuid": "83a03e42-6c65-4228-b31f-9e7946a8a90a", "value": "1ddfd47f2ea5b4efc51060b1f69599d8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361428, "uuid": "9dd76cce-afa9-4ad8-8f4f-f98a5f673826", "value": "6144:NTLoWivYSZuauw4SHcGjWtNr8UwzCUg6A2bxSWCMRMhb:NTcWI3ZuauwDcFtNrZv2A2dfJi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692361428, "uuid": "7477cb1f-d181-4a0f-a396-fb61ee4a85e6", "value": 391680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692361428, "uuid": "9c328b98-2202-40f4-8ab9-8303e004a9ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692361428, "uuid": "a2609228-24c9-4946-b252-1cb01ec0ae00", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce167eb3-3db0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692354007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354007, "uuid": "8bf1241d-ee6f-461e-bb85-16551d0929dd", "comment": "Malware payload (Formbook)", "value": "f1beef879b6149aecb0b15904235ee1f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354007, "uuid": "0a1e2d2f-d904-4ca3-92c2-9f256160b631", "comment": "Malware payload (Formbook)", "value": "c2173d730ca822a9a555169e51a5fbc99d998bb9df489eb5dddee28152c95e7c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354007, "uuid": "550e1fa2-3d61-4a76-8cab-aafbe0fc19b7", "comment": "Malware payload (Formbook)", "value": "a34c3941c0a82c31b23e3657da8efbebd08722e4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692354007, "uuid": "b1b05885-cbb2-4570-8e14-c30b1aa13058", "comment": "Malware payload (Formbook)", "value": "3636111a95d11952a5257c20cfba2fd1358ed30ebc541de7270069d1f6a4a2d586d9482e276ce6e3fe43349d32ccec1b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354007, "uuid": "f62a1992-96ef-47a1-9697-35fd8a330ef6", "value": "T1AE34D607BA8F89B1E29427B6C6D7001443F1D5C2B7A3D60A758E23ED0B537BA9D29707", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354007, "uuid": "77ae245d-84b8-4e33-8bd7-8f1856c50191", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354007, "uuid": "ff40baee-3776-4d69-9cd4-934c8be88970", "value": "3072:K5vbiNDCsoRM2uCDN10wBhpGKGr6GV249MFlDxKHbt6eMvDq9AqB:KJbiRcuiDvNhSW7DxKHbt6eMveAq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692354007, "uuid": "befc5b5d-7027-4a0b-9699-8b08cf76aa7a", "value": 232960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692354007, "uuid": "6211f578-b922-45fb-8b9b-e2caab505234", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692354007, "uuid": "31d67347-92e9-4207-9a08-0e260c64cd8e", "value": "Air Shipment Doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff696177-3dcc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692366116, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366116, "uuid": "01308de9-5456-4a27-8fe5-637652d81c1c", "comment": "Malware payload (AgentTesla)", "value": "503a9a09ff92476bf7581cae268b8b10", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366116, "uuid": "2e477198-a26e-4df9-8d41-5f7a0d2717a1", "comment": "Malware payload (AgentTesla)", "value": "c21b9b8bfd4280be82abd38905186dfabcd0f23f3953b2da5e1fac304261f967", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366116, "uuid": "faf12a63-b478-4ec5-ab7c-7e3bc00816e0", "comment": "Malware payload (AgentTesla)", "value": "455b566e8ad812ba9de6348d83edd4b62ecfc8fb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366116, "uuid": "08bde218-4345-40de-b6fe-ebf2a4bd6570", "comment": "Malware payload (AgentTesla)", "value": "7f166d360cc5f8a2ebde3ceceefcaa73cb0987bdfda206858a6efecf045122a989cb941dff192d337cd343d8a591872c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366116, "uuid": "ca74ce63-0c22-4eb0-8381-b8623bb119ec", "value": "T1E6F4F150336C2F33D8799BF56011A8400BF67C5B61BADA8C8ED37AD72636F025A52D1B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366116, "uuid": "ef6184c7-1b00-4f7f-bded-757c59e1d10f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366116, "uuid": "42e0afa5-ee25-4295-9ca2-acde091a4d3b", "value": "12288:zJ23/gPrkUbmuXaO0DhLyPJAZGbUuWq7MbrepvYg+O9WsgKnt9VMigz:SwrkcaOiQBAMwFqgbqpvYFO9WsTjVI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692366116, "uuid": "03d4a8fb-293b-441c-b557-6e306cd0eb2b", "value": 747008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692366116, "uuid": "1e1cd806-fecf-4aae-9ca1-39483c0c0180", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366116, "uuid": "705d1c31-c7f1-4e45-ba31-8d177a375f28", "value": "PDA Query - GGR-202754-1 HAPPY CLIPPER 1 ETA 29 AUG 23_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa0154d0-3d93-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1692341491, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341491, "uuid": "9b99a843-4772-427f-a81e-d6db14c7d8b0", "comment": "Malware payload (GuLoader)", "value": "8da233fb1be3e4d0d8655200074e124d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341491, "uuid": "5ba2a759-bef3-48f8-a0cb-03fa51213691", "comment": "Malware payload (GuLoader)", "value": "c23422702c4ff06c9e296a75051b8ccf2c54fc4971e63ff8f644a9a209c9829c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341491, "uuid": "7e03f6ab-974e-4208-9963-b33461b8ecad", "comment": "Malware payload (GuLoader)", "value": "6acdb3954715c1c2ad88f5107bc55778c6ebf5b6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341491, "uuid": "a47af06a-fb25-4a3c-a420-916e2a589acb", "comment": "Malware payload (GuLoader)", "value": "14c97afca9e89cddbeb61a64c7ae81ddf95708ff08979e7353a8aac2aee418107b403291abc271702e2849e6fe675ad8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341491, "uuid": "17a7834c-a4a8-4f9d-ab5b-f35829169c0f", "value": "T10AC4010036D4CC97CA9A1B3055FBE763AFB6AD635E5687072325B70E2CB33509A0971E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341491, "uuid": "808ed3bd-16fb-47c5-a52b-70d3f9ed5b04", "value": "1f23f452093b5c1ff091a2f9fb4fa3e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341491, "uuid": "6b840993-60cd-4a57-9ddb-cab0cbc16cb5", "value": "12288:O0hiVxinJv/UxrrbKSZmRd4DnpgLQ7zwHbdnVw8kZin785:O0hiHUJqrrbhERd4Dx2Vm5Wy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341491, "uuid": "ab4b9b11-927d-4a37-ae9a-1d6fcd718d1c", "value": 562520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341491, "uuid": "20181a4d-b7be-4686-b46c-325409a115ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341491, "uuid": "ebb6ad6c-d0f9-4784-ae5a-c77b0c7343cb", "value": "Zahlungsavis von 17.08.2023 PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61b6141d-3e1a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692399352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399352, "uuid": "52b9ab3e-9642-4af1-ad0d-2de2d99a23d5", "comment": "Malware payload (RedLineStealer)", "value": "9d619c2a457274b4c57a1691c940bae1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399352, "uuid": "a3df0855-8ccc-47ec-a8f7-bd760900c3e6", "comment": "Malware payload (RedLineStealer)", "value": "c246e96451aa566037ffcac0539c92ab2accb8d5918fc623620c81086b068bd2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399352, "uuid": "960f7d34-ad4e-4be3-b095-3af9732a30c2", "comment": "Malware payload (RedLineStealer)", "value": "874550c7807766d93dcdb802224fdc223ddeebc1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692399352, "uuid": "8a368f3f-6dbf-4aa2-801e-fd74373f9294", "comment": "Malware payload (RedLineStealer)", "value": "5e30e260cb6b737afc87db85c49bfbb9d13c3d1db3a32a799aef1bc89044972c1b10475e46ac1d7785b4ab9e4c875512", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399352, "uuid": "fa583a9f-c5ba-42e4-9fa9-5a25c0a8b24b", "value": "T1C113F10E1AA4A0DDE59651B280C39E77EA8433D314A673C8C173AFFDD787F81B591268", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399352, "uuid": "e946f16b-16c0-40e5-a6b4-c53c1a83c9fd", "value": "384:K9VD6tee+qUOTd2opQTLAdz1SvNmhpdvOjT7PbA6HBiTSnjxZMdP05ldpRMaYIBI:k6Qe+qUv8zcqdvOXA6XkPslJvGaVW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692399352, "uuid": "432e65f3-8794-4814-a6bc-95ec4736ee0d", "value": 45477, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692399352, "uuid": "40592b58-191f-4eaf-8164-54d0fcad8303", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692399352, "uuid": "d603dd5d-a763-4136-8de6-2df63c199337", "value": "9D619C2A457274B4C57A1691C940BAE1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3d5518f-3e01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692388806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388806, "uuid": "f0a9f44b-9fdf-4ebc-a8f5-8ffdd569da4a", "comment": "Malware payload (Mirai)", "value": "fe21b71bcd5fce3ec7a1fb9d6c057384", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388806, "uuid": "34f4869c-7f90-463d-84fa-1b9ddae6d284", "comment": "Malware payload (Mirai)", "value": "c2f11f9066ff343e54b0f1778f117adc55fb9d5e8702b8ff1122d122a06bc0f3", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388806, "uuid": "2885ffb8-6bb2-4c61-beee-f697825234b7", "comment": "Malware payload (Mirai)", "value": "0fd15ea300c8314d1c858f9aa5d51d1704247637", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388806, "uuid": "0017ddfc-6849-4a0a-b2c7-758aff4a0b20", "comment": "Malware payload (Mirai)", "value": "9bb5cf071e5f96803d25e3d29546a9f5db34de29125be6dfa60a2ef2f80f9f0203c5b38ce5178d3b39e6a60f7137e255", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388806, "uuid": "82f0b30f-4823-4d07-b29f-a9b06b890a14", "value": "T1D6C2D030A6E91CB5C7500531F6BC5AC5BE530FBDFAEE3C90114197BA38419462EEA9C7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388806, "uuid": "71e721fa-0e72-43a0-8e90-5d39fd89d3c6", "value": "384:Aot/koxisa34beDtZwuaCBsk+G9lLSsLYSTFs9u8OtqlrNEYPmmhymdGUop5ho:A8soTAZ3alkXLvFh8nNEas3UozS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692388806, "uuid": "b7951d43-dc88-478e-b5cc-319930b2faba", "value": 28176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692388806, "uuid": "67b5a098-ca23-4ff9-b96d-acb4ca21b1eb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388806, "uuid": "ca89a20a-935b-478b-8444-b1b77dcbaa0e", "value": "sora.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a54146f-3dee-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692380522, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380522, "uuid": "9e89d8cd-2972-455a-895c-6eaf92e834a6", "comment": "Malware payload", "value": "464f49be74107031a0c8930aed8e79a8", "object_relation": "md5", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380522, "uuid": "ed1f1f71-25ff-4bcc-83bc-62f16a189109", "comment": "Malware payload", "value": "c33d255f9d03d705b9d8f63eda57ff38fd62c926de5f2904324c4eb4fa5b861b", "object_relation": "sha256", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380522, "uuid": "20eca2cb-285f-4771-8952-71c3a65390c5", "comment": "Malware payload", "value": "187ee2895b60de77c97d6337c502cd6eee49bd71", "object_relation": "sha1", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380522, "uuid": "ece6020b-cf57-4b66-9000-8f2440f30f70", "comment": "Malware payload", "value": "de621382ebb9b893d3ddb485ebeba75744ee490207b7f51343f6ccca7b86000a104a9b8ab9c4553c4a374b2062a0069c", "object_relation": "sha3-384", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380522, "uuid": "c7033deb-1f62-4279-b99d-8ffd6e713cf0", "value": "T146263323BF85633BD1A94BB395DF133009A78C541F670A227221BA8C3567DF167E26D8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380522, "uuid": "1a54cf08-0e43-4f66-9b76-2124bdfcf24b", "value": "98304:S/3DagKhlQVMJ4SStU2iB6rAAfbvoIkgMUhQ+sLP1rgEANehXk0CD:S/+XrQvSMU2i0rAADoIkTwIZgEANehXA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692380522, "uuid": "918e05de-035b-4dfe-8494-764fff06d382", "value": 4531712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692380522, "uuid": "103334c5-eb51-4318-b8cd-7d1ea1340311", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380522, "uuid": "702e85b7-68e2-4406-88e9-140e74ac54c9", "value": "5ee5f2.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c64bc54-3ddc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692372634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692372634, "uuid": "22fddf20-68d2-4066-8911-abb4fa35dce7", "comment": "Malware payload (RedLineStealer)", "value": "204065aada4939bed7e0cda39c461aff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692372634, "uuid": "61765180-90b1-4cef-884c-5244b4d55c29", "comment": "Malware payload (RedLineStealer)", "value": "c35d875ea4abc7e2d3a2858413ee1add9e7328879450e5cd71eadaf57274298f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692372634, "uuid": "7b3c0428-a0a8-48e3-a23f-da81770045f0", "comment": "Malware payload (RedLineStealer)", "value": "f06a4a97da15d5e411ddfe01e4a43bb93be05e3e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692372634, "uuid": "fab179b8-1836-408b-b72e-bae9d6f23b0c", "comment": "Malware payload (RedLineStealer)", "value": "1ae271349e35bc657265c1f2c67d549950aed1db5f151af40d5358dda33b2e7c458ec6fb72db3d0a35a52884fd2e2665", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692372634, "uuid": "4e38908b-0dae-4ab4-b647-7297aae4211a", "value": "T198F41202AAE98423DEB853B050FA03931B37BE655E70DB6E2345A91E0C717D5E93077B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692372634, "uuid": "3e150249-2fad-4b62-9117-d16c3096ae71", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692372634, "uuid": "95513760-eec6-4b77-8358-a0e390839ad7", "value": "12288:DMr6y90NRmSZTZegyzYxGYUwKjue7j9aKRXyXwp7Nn/l/fN9weP8SNOifv5:9ylcZeFsAV7jEKly4ltHJPnNOifv5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692372634, "uuid": "a2122190-a0a3-4fa2-9851-9780dfe5c1be", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692372634, "uuid": "99a9abc5-eead-4d2f-a3fa-d8a5d3928d11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692372634, "uuid": "fe959d76-196c-46d4-bee8-40cd9dec0c80", "value": "c35d875ea4abc7e2d3a2858413ee1add9e7328879450e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "303fc60b-3da6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692349447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349447, "uuid": "931dd3db-5c20-46cd-b89a-c330daef917f", "comment": "Malware payload (AgentTesla)", "value": "1d3de7e01183dd7c778c1c1cbd155de9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349447, "uuid": "a8ae52ad-6fa0-4733-ab52-8630d039ce83", "comment": "Malware payload (AgentTesla)", "value": "c3ba59faa4c0ba202608bf67201c218d928f4df1a1dc09b37d42d164de554f57", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349447, "uuid": "d6f978a9-2afb-473d-849d-3bbc50ca123b", "comment": "Malware payload (AgentTesla)", "value": "c485b31a82b4ec5421df127416d782b5c0263cd0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349447, "uuid": "56a520c7-4160-4357-8cca-9edb54f2d8ac", "comment": "Malware payload (AgentTesla)", "value": "609c73c5493325cc9725da7c6e23c23ae16793040c2cbf33cfac502a4d7f962782231a2fb0d29a86bdce35d8b4923363", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349447, "uuid": "d9a87b72-ecfd-4835-8ba7-54a25d005ed2", "value": "T1DD251B5CFA09DA3FD34C8C3950F9DB2B69B99BAED0E1E351C01191B518E6CAD0DB6063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349447, "uuid": "b3140f18-ea68-41bc-b7aa-56b474386f77", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349447, "uuid": "2df02745-5032-4100-b719-c08a52b99046", "value": "12288:xzYlOlxl8geoscEXQPQq5+0CxmniRgD5PGqhnACk+5asbAUBaSWr:xbd7Qo4q5+93gDVGyACkuasb7b6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349447, "uuid": "24af4cff-a6d0-4a96-bd3c-19a1455a40a7", "value": 1024000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349447, "uuid": "94b34d75-e5f3-4118-a838-1964d7976069", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349447, "uuid": "489f2525-3e97-4395-8bb0-55cb2f73ca1d", "value": "Swift copy USD 222,000.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f7c31a1c-3dec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692379847, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379847, "uuid": "11cb6160-76ad-45f5-94a6-2bc224fbee30", "comment": "Malware payload (RedLineStealer)", "value": "8cdbe0202d8dc6650491aaff66d2e7bf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379847, "uuid": "1d93ba66-f87a-4258-b700-20ace130b964", "comment": "Malware payload (RedLineStealer)", "value": "c3effa22be0d2194372105638e15f76a773c0a9d6f86961f06d1bb45ceb6136f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379847, "uuid": "42a860f6-6e10-454d-a859-2793745ad204", "comment": "Malware payload (RedLineStealer)", "value": "3546e74e4f73b48bd5b719a7b4563fecc2323e9f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692379847, "uuid": "225a28ed-2870-46f4-8cae-93ea738ae16f", "comment": "Malware payload (RedLineStealer)", "value": "fe17907ce2adcb7c5dc4ef269f69fb866f0806ca53959415619619a6d71e878f7221945797583439ea7046159787e313", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379847, "uuid": "ded9690e-d93b-46e3-bb12-d1ed0509a349", "value": "T135F41213ABE84133ECB613B01CF622970FB57EB14E7856AB2345AC6E1C32508A57577B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379847, "uuid": "6ad854fe-48b2-4f5e-b2d4-59dc76c71d77", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379847, "uuid": "6f9c363b-b7b0-4a82-9b15-4f1c805c54ec", "value": "12288:eMr4y90wg1hz0ifPEsYwnS9VtkNgb4Z+F0fyiWEJ5QAckEnZx2dhW55sEqU9HKFi:ayPN5kSBb4Z+BG0AEZxWI5qU9HK0d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692379847, "uuid": "5d031b0d-69ba-4802-b1e7-c5f0f7e5ae7f", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692379847, "uuid": "ba786a3a-39ad-44a4-8371-48e9a4e541df", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692379847, "uuid": "6194b2c3-8d9f-4c50-99c8-7ba7eb60c11b", "value": "8cdbe0202d8dc6650491aaff66d2e7bf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d222b13e-3e01-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692388803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388803, "uuid": "2dc08cb9-0af7-4827-8cc3-8b9ae13d345a", "comment": "Malware payload (Mirai)", "value": "cdb7fd8f807a66d38bc620d0a11bdcb8", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388803, "uuid": "2946f178-106c-42a4-a871-58e4afe7c31d", "comment": "Malware payload (Mirai)", "value": "c497114a250ed00df7b53ed400cccd1c9ddabc9c373afe93efb418aba8b5dde4", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388803, "uuid": "cd9fcfc4-4b38-4821-ab30-9d7713a2bead", "comment": "Malware payload (Mirai)", "value": "7b17b0acc9cca2aa217c293c81ad3cd98e0f789d", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692388803, "uuid": "ded5f5e4-a57d-45bc-90b8-155430121de0", "comment": "Malware payload (Mirai)", "value": "4b7ba8b94c420d1061afdf06fd2c406484822bf8ff03cd1bb7b4bec59a703258d0f0d3170c41772ddd1ff80fd46b3037", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388803, "uuid": "7fb6de0d-15b8-42d4-b50d-107d30624c08", "value": "T118C2E1BFB7E52A67FA5C633DE035811B03A8F41C57AD2B5727404432A99E81D7532CD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388803, "uuid": "02839f98-a65d-4afc-9837-4877e611e5e5", "value": "384:Mp1DMwk8JPyGnT8WyopNEutTneSe3oECHjYlQ2NnE4+0o8tm3HWBKENAZH0KOGMl:UMwxdyoEUnDz+Y8tqHWXmDiz0N+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692388803, "uuid": "2445bcdc-61a0-4f94-b7fc-a61b7ab8e117", "value": 28048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692388803, "uuid": "fe753115-fa3a-406b-aea1-873caadb5fe2", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692388803, "uuid": "e080a12a-235f-4ca9-9b54-963ac4c664e5", "value": "sora.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9ab4e1f-3e20-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692402050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692402050, "uuid": "8bf7a4aa-24a8-49dd-b771-bd93ebc48c34", "comment": "Malware payload (Amadey)", "value": "0346011880970b12ebbc9116cedfb588", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692402050, "uuid": "c940936a-05b2-4ffc-a528-7c9b3b97f14d", "comment": "Malware payload (Amadey)", "value": "c4d68a528e98a94ac96ca5ce3f74f269f8d8c76ae54febe2e111b041d13e7632", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692402050, "uuid": "b6417752-de6f-4ab2-ad1a-a310d02c3c87", "comment": "Malware payload (Amadey)", "value": "cc7df23c7c0cc9c75f10daec8566ca0df02a9a14", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692402050, "uuid": "c03121a3-89ce-4cc8-9852-7e8c278148dc", "comment": "Malware payload (Amadey)", "value": "65a5bd0a9917acd23f558d14669ebe390ed642868a3f6e1755e7ba4886b1c8aeb35bb2b3b3de4b15cc3499a30cd13da4", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692402050, "uuid": "24be8cad-ff01-4b70-8b5a-83ed862cdbd7", "value": "T1B2E41253A6E880B7D8B5273564F706831E367CE068B9C26F3794DD8E0DB3550A836B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692402050, "uuid": "89a7f71c-ae40-4bbd-a0a3-1f839c9d11de", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692402050, "uuid": "eefd88da-8971-4c84-b62d-cc052e2d0541", "value": "12288:9Mrly90YKUHVEfjX6UsREPQ/OooUjdpcNR0bHXPjogCSgqmK4EYtFJTvUxE:wy3HnUIGooopnD/jomuDQE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692402050, "uuid": "6cd33afd-3b77-4e14-9ea7-07179155a896", "value": 657408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692402050, "uuid": "99f906d3-228d-4c91-b575-7194246f67c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692402050, "uuid": "dd0d8a69-b712-4fe0-954f-aefce05d6706", "value": "0346011880970b12ebbc9116cedfb588.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a8b1e19-3d93-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692341438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341438, "uuid": "74e5a492-7088-4003-961a-6baf0e6fa5aa", "comment": "Malware payload (AgentTesla)", "value": "b2c52ec386bebbb744fd0d620b418f8b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341438, "uuid": "edc710fb-b86c-4555-bef9-2de2a6a8d6e1", "comment": "Malware payload (AgentTesla)", "value": "c55bc8db8e2e82ba94d54b7e372cd2063608519f29815af447bacba01f4c33fd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341438, "uuid": "c0622af1-6080-44e7-9442-3627e2814347", "comment": "Malware payload (AgentTesla)", "value": "0ff475457607b9f3dde49e0760b4ad8b9d97e2f6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341438, "uuid": "866dba6c-8515-4756-8bdb-8b36c80639d9", "comment": "Malware payload (AgentTesla)", "value": "48295b55276098cf23a0dca854c94138a1446ad0399edcd09a9e83aabfeb4e99d0ba9520f78770ba718c0880a8cf1fa5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341438, "uuid": "11e6c5f6-1664-4f49-b161-ef1c04cd311b", "value": "T1CCE4E050339C3F33E839DBF5502268500BF66D1A61BAEA8C8EC339E72176F025A55E57", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341438, "uuid": "2910344a-4980-423d-9891-87e711a27436", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341438, "uuid": "83f3e49a-9fb6-4dea-b12b-407a9245f2a3", "value": "12288:zIH23/gPrkV2zfgA/sFQa6YQZU3AgoVmAqin/+pCJNtb09Z:HwrkV8DyQaAZuPoVmAqA8UNV4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341438, "uuid": "cb58cd08-dfac-4f07-86fe-f6bb813aeb54", "value": 667648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341438, "uuid": "09ad8488-cc50-49b3-a08c-fc9dcffbee2c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341438, "uuid": "deca8727-8284-4952-9638-07b1afd11d37", "value": "payment july.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a55e973-3e0b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692392951, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392951, "uuid": "74fd1ca0-0873-4260-ab32-d25ffa7b83f4", "comment": "Malware payload", "value": "292f4161120ea49d11f41aea7c50ca4f", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392951, "uuid": "9d6e753e-a4b3-4c06-a2d4-d1825e80b84c", "comment": "Malware payload", "value": "c72149c02f056f9bfd6928a82212a6bb5cc077659870c8bfbd35c49454973a28", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392951, "uuid": "72d5b28d-134c-440a-b0ad-e46f52c06350", "comment": "Malware payload", "value": "a5b652c86d21095da5ef176128f06f632200263d", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692392951, "uuid": "c629bf2b-1c12-4980-9f71-0f1d607c57e0", "comment": "Malware payload", "value": "642af979d34722d93fa96268d1f49dc31897dc72cd3cfa0f8f6518c29cf914322e5038a714e5b6de82a31c9fe678f4f5", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392951, "uuid": "49b32a6f-2b31-4e85-94b9-16fc0237f03f", "value": "T15151AD19DD30F8E8435E31A092753E8B20E59D17CB715BA8D9191CAB2E453C6EF2E28C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392951, "uuid": "d0c8a9c6-a995-4e93-beb3-93623b836f40", "value": "48:PhJ4sHcfxMxrfqn8XKNO/9lePxmBYKjplBejUCOrhm0nixi34fVj2L1nZd:Pbmn9A9EkYyplIjUCcE0nL4f92L1nZd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692392951, "uuid": "889851d4-b07b-4183-bcc5-0ab6d3348e2d", "value": 2486, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692392951, "uuid": "f5bbe705-e1a7-4cdf-b75a-07c393427fb1", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692392951, "uuid": "dd9ea921-9fd7-4b03-aa2f-fdce21eadbfc", "value": "web-delivery.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5422ce9f-3dca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692364969, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364969, "uuid": "133482e0-4ce5-40a8-b471-317a3157305d", "comment": "Malware payload (AgentTesla)", "value": "54e84bd3c62d3895d948a3c03f9abaa5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "keylogger", "colour": "#66C828", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "spyware", "colour": "#219679", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364969, "uuid": "c8dbdc8b-717a-4da4-903d-0dce352fe0ec", "comment": "Malware payload (AgentTesla)", "value": "c89fc0ef572fffab2637e8aff65b4ef5e57f101aea6dc24b9fb04ee56496dd1c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "keylogger", "colour": "#66C828", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "spyware", "colour": "#219679", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364969, "uuid": "c3532ae4-bc27-42d3-a91e-34ad75a20de7", "comment": "Malware payload (AgentTesla)", "value": "31eb87a54c4e097ad90d38578f31380abb01cd54", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "keylogger", "colour": "#66C828", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "spyware", "colour": "#219679", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692364969, "uuid": "f0cf9d38-9d1c-4225-8bda-6beffb11ff62", "comment": "Malware payload (AgentTesla)", "value": "cc0dc7a71b8ae8b095cf959f5163ee0a598ecc9956abfb6a47bdc8401a6963749c60d4df7a4840ba048d7dbaadd71c93", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "keylogger", "colour": "#66C828", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "spyware", "colour": "#219679", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364969, "uuid": "010cb948-8f97-4654-a905-88ae20dd3037", "value": "T15745E0433584C5A8CE294AB6F20B85642756EDBAE719D3197A8C73A30FF37E60931707", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364969, "uuid": "66a7f69d-675a-4e64-9c6e-d6a1ce32b88e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364969, "uuid": "6122d2d9-5c76-4378-9bb7-956bfe40e64c", "value": "24576:P4/t9iCb5/NJe+jvcjWlJE9vhGFCxTooo6SG/qZAYOo0JHs8qKo1:6955HeOvciPohGqTooo6SGuR0JHtqKo1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692364969, "uuid": "aa3d5780-f2f7-4a6a-97f2-05818f120c15", "value": 1177600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692364969, "uuid": "fbcecb88-f8a1-4a70-b097-86f1b9698e48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692364969, "uuid": "645799ee-eab0-42ed-869b-e95b5ad27de3", "value": "\u03ba\u03bf\u03c5\u03c0\u03cc\u03bd\u03b9 \u03a5\u03c0\u03bf\u03b3\u03c1\u03b1\u03c6\u03ae.docx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "423c23b7-3da4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Stealc)", "timestamp": 1692348619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348619, "uuid": "0efb8ade-cfcd-401b-9a8a-0fc576974a4c", "comment": "Malware payload (Stealc)", "value": "2e6c2186d62ebe438c3b8ae0687d92b2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348619, "uuid": "83bbd38e-40df-4457-a921-db733ddc40fe", "comment": "Malware payload (Stealc)", "value": "c8ad5b16a404af9d88ba5b0caf01c08272659a07c2b8281da5e012f7f9e33a49", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348619, "uuid": "59881f34-583d-43f9-bd62-eb83d46631fd", "comment": "Malware payload (Stealc)", "value": "5bb2676ad4951d9dc8b0c49488fd3663aada0e6a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348619, "uuid": "8b09f588-8ee8-4b3f-ac32-a496d9c2ae69", "comment": "Malware payload (Stealc)", "value": "3fb489ff1a76c62f5ab4da72bb7f363bbf7a0d909e99a6c11d9cde01371aa4fdc8e03219b6a96813e6aae4f1de209e0f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Stealc", "colour": "#D401CC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348619, "uuid": "b12695f3-0af4-4d3e-95eb-b0ad3cb6e16d", "value": "T157C60C44FA0B5AC5DF191EE711DBB02F46082B74DC73CD88D48D15A1B71B8A206AB7BE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348619, "uuid": "bc3d5ddc-ad1a-45b3-8143-59768815b07e", "value": "13a18680d331938d7cbfbebfd316332d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348619, "uuid": "b7fa5364-142d-48d6-996a-31d37080b00f", "value": "98304:Tq8OXwoCpn1X/moUTXwuw9abow8oZ20z5JdkDYIo2gZ:Tq3nCB1XmXwtabomZLz5Jdk0Io2y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692348619, "uuid": "2429b97e-edbc-438a-8ff4-bb78f931014e", "value": 11647128, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692348619, "uuid": "438fc590-fe66-4336-b03c-ec324f92769a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348619, "uuid": "d1582c47-f373-450f-b9e5-3497d4f6c748", "value": "2e6c2186d62ebe438c3b8ae0687d92b2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6426556-3dce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692366933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366933, "uuid": "d732ab5f-40ac-400e-bfee-03691e1b9580", "comment": "Malware payload (Amadey)", "value": "f372b8600396df47a9c334756fd39642", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366933, "uuid": "42b76261-b3f9-43ff-9638-dec6ec5ce13f", "comment": "Malware payload (Amadey)", "value": "cb8a37326f3d7c17fd73089d7f92dc02e266725fc0bfffaafa449bbb4022abc2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366933, "uuid": "de1705bb-2fc0-4ff5-b348-d1303be1643d", "comment": "Malware payload (Amadey)", "value": "b786cdaa691630a91bdcba8bd910f5bda6799054", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366933, "uuid": "e9cbdac8-2e72-4c7d-a176-43ef44f3a858", "comment": "Malware payload (Amadey)", "value": "9e11d15c9ea73b186784dfaed9210106ce4fe47dac7c80209f9c288b0e1e21f0025ea180cf2545aee32c893c29b192a9", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366933, "uuid": "71774b08-3e41-4019-906a-30610130560b", "value": "T18B15234395F84073DCB557B414F203A31A3A7CE65839D3AB27866A1F08B2AD5E53273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366933, "uuid": "e6a517b4-5975-4b17-98e4-b33091033628", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366933, "uuid": "6c8ecde9-0e46-48bb-ba01-5cb1a3e054d0", "value": "12288:1MrCy907qZOh4LIpux99U1EE29McbPVdYj6oMVqJ1Jj1QFMJH/hAWdjn:PyzZO2jLlE2Wcbv7lkJj+FMJHeWdjn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692366933, "uuid": "090bd87f-0e20-487d-a84a-c346f33b895b", "value": 875520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692366933, "uuid": "075bc2ff-9e07-4793-825e-955ff75b0d1a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366933, "uuid": "fddcc6f4-f8ce-4a40-b4ba-3e5858d4ca91", "value": "f372b8600396df47a9c334756fd39642.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "473d0380-3dd0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692367525, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692367525, "uuid": "9892d4d9-9d19-4664-912b-ba75012ed0d9", "comment": "Malware payload (RedLineStealer)", "value": "4b0e32db24bd47d4cde939fd50921334", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692367525, "uuid": "95f66dbc-a6c6-400d-b00e-50177f203445", "comment": "Malware payload (RedLineStealer)", "value": "cb9f8d7d3d2aa2119693adf0de44c60a4330dc7c0c2fbc13f119acf7a7fc600d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692367525, "uuid": "1e3f273e-bd6d-4076-badc-0861126e79b2", "comment": "Malware payload (RedLineStealer)", "value": "b4be0bae23ae15838f32915ec71cc99ccf1b98f5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692367525, "uuid": "8c7db972-9d36-4bf3-970c-92af80e02d3b", "comment": "Malware payload (RedLineStealer)", "value": "84a3ceadfab5087e3b01ae94e625890f8c1cec06ad96ca3b09e5c42433f66a4bf432f18a0d6ad25925daa5c89de192ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692367525, "uuid": "c1005e89-339f-4728-a733-eef28f458337", "value": "T1AAF41253B3E84871EAF5273128F71B872779BC915C78D3AA3781689A0C33685A871737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692367525, "uuid": "fa304147-9363-4c8e-ad23-7a58a8d47fdd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692367525, "uuid": "98bb5fa6-8996-48cf-ba5b-f810dc641edb", "value": "12288:FMrky903gAewpmSLVt2+jKpw304a+i7fUjOdFhO55RzjH0lzvpxjTfj0wGBvD0Lk:9yIg5AhLVt2TwEj97fmOLhO5/ivpxjT0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692367525, "uuid": "b5d7a582-f950-4d87-94f7-6d7033c9d9a3", "value": 741376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692367525, "uuid": "2dfdbed1-ee44-456e-bdc5-b90b3cef61db", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692367525, "uuid": "f38069c7-ba4e-46f9-9b31-df19cf4c2cbe", "value": "4b0e32db24bd47d4cde939fd50921334.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8a6e886-3da6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692349757, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349757, "uuid": "9688817b-92ed-4cba-8eae-f37409db7dee", "comment": "Malware payload (AgentTesla)", "value": "8e8622ea1c00b5d7d0e3e2f4a9496eb5", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349757, "uuid": "9a81e10e-80f8-408e-a839-45f860496a94", "comment": "Malware payload (AgentTesla)", "value": "cd985a9c05b60f9b3eb4c341ac4a20da7fe0e4e484226c619ae7f48c6d0d20a4", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349757, "uuid": "ab9eed6c-57a4-4938-b115-fddbc46591f2", "comment": "Malware payload (AgentTesla)", "value": "228e3966cf5434a738df150485dac5cb8fbb675c", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349757, "uuid": "255584b6-65fa-4c02-be7f-acb7da8c00ba", "comment": "Malware payload (AgentTesla)", "value": "178e7fca3e6419eb5921e95c20ef918b6ca135d47e50b4701d720cb79b2ef9e24e8d04153e0f74bf8861f6412c15753f", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349757, "uuid": "f5a118e5-557a-4cf9-994a-f7b8e7d7e352", "value": "T16F2302412D5C676D1BCE4B36B12B25A30739A06AAB875B103B768372B2B717EE4153D0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349757, "uuid": "21dd91b2-8302-4480-8c96-7170dda51d26", "value": "768:sT/cIbPyDbVa+nyZpJkxhnV09EVakSInbXQb4MuZBUeg5S3Hc2WJ1BNv00BG5etW:GcWPUbVa5Zp0BV09q6G33HaJ3Rue5qgE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349757, "uuid": "7a2f2cf5-9cf7-492c-9c97-51dfd0559e09", "value": 46150, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349757, "uuid": "18f21a6a-3bbc-4de9-9ba7-18375d697320", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349757, "uuid": "bec1b515-5d23-45ff-968b-081a0026804c", "value": "SOA 60045918350.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa42e971-3da5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692349223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349223, "uuid": "44d9c781-9ea0-4327-95f4-d941a70a2ade", "comment": "Malware payload", "value": "b2da7c8e25c5f3974a6075bdc8ac019c", "object_relation": "md5", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349223, "uuid": "9b5ca2cc-d019-49c0-a011-66dabdc14aee", "comment": "Malware payload", "value": "cf1d301c75547b1d941f97bea8a443b264159e07d37bedec783d9a219bc85b70", "object_relation": "sha256", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349223, "uuid": "61c9d362-cf68-4e2f-a19e-b0aaca33918c", "comment": "Malware payload", "value": "d1e316a5a7f65c368ec4317b4f5a3a5b55613d3d", "object_relation": "sha1", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349223, "uuid": "0a56bac0-cb8e-43e1-9664-15b48b641668", "comment": "Malware payload", "value": "fec667b1a1b21397a76f0014a43ad05653e6324f3c46da055bed32c16a8159be8cc01f1882fa60f638bbd5bcb8a37735", "object_relation": "sha3-384", "Tag": [ { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349223, "uuid": "acae7810-cd14-4c4e-8c80-09c1e2ca40ba", "value": "T1397302581B384D409BADE1E4C338685968F88F1728CF98DAB782DFA209D35167A73D16", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349223, "uuid": "851338e0-56e8-4ad4-8ca2-7faba9bfc08b", "value": "1536:aFn/UvU/VuZhfVqS7Hwk4WAl8+wu+wIJy2btOtuOcR0tAeMBIKGgTTH:G8vUdqVPH5Hu/IJXbtAw0ZMCvgXH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349223, "uuid": "662612bb-3ded-48ec-8893-fda3b3dd29eb", "value": 73450, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349223, "uuid": "49c0191d-f6e2-473b-8e95-ed622e9db847", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349223, "uuid": "bd591da2-6fa0-4ca6-b836-d2ff038f5220", "value": "Confirm revised invoice to proceed with payment ASAP.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "202dda29-3d9c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692345125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345125, "uuid": "7353fc32-74f5-4ab5-985a-22db3baea2d0", "comment": "Malware payload (RedLineStealer)", "value": "55994b5392dc148b6ffad440403bcf06", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345125, "uuid": "d6ad50ae-07e9-4df4-a706-4d521f0760a0", "comment": "Malware payload (RedLineStealer)", "value": "cfd3caa9dbbbb9d4f6fff3597a2155b5f04e898cd082c84b368fe94943830108", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345125, "uuid": "ddb67fa1-7f84-4671-8ff0-0bcfcc89b0a2", "comment": "Malware payload (RedLineStealer)", "value": "8d81e17eb48aa37f77bfde940d24cb912075ad57", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345125, "uuid": "f2271779-59ee-4c34-a7dc-62006a8a99c0", "comment": "Malware payload (RedLineStealer)", "value": "e8de135d8163b53fa0c30684c7868a3e273bd0cfc272a655f6b2ef007c11a33368e3679c4f1a8b4d7be8d3628036bc19", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345125, "uuid": "88b6c891-cfa8-42a6-b91c-74e3b00a5e4a", "value": "T157957B7138C08D72DCFE13B902EFB921066DE4A007E686C757D757EAC6206D16BF6682", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345125, "uuid": "c832e5bc-23a0-4ee9-91d1-8118bd20d530", "value": "71f7f5b946e95f0e200baef1abeb5c35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345125, "uuid": "1bb22dfe-88fe-4a85-99fd-cc63b8408f3f", "value": "24576:8HIsYF0d7MAjKPQuw0y+9qHfdLKt+i/Y:8Fd7MAjKP3k/dLz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692345125, "uuid": "2a521b16-c5a3-4915-8dc5-5ff426f0baf7", "value": 1889280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692345125, "uuid": "6dea97ce-b334-4216-a9c0-361879f4537d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345125, "uuid": "a4c4f3b3-1088-41a6-a6cf-88dbc1e7b273", "value": "55994b5392dc148b6ffad440403bcf06", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8bd4e1a4-3da1-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692347454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347454, "uuid": "c29697ea-d20f-4a24-9d00-f0474010250b", "comment": "Malware payload", "value": "88f3511f12f9b0c63cbf0cd3f74129f9", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347454, "uuid": "9f5e4a63-fe4a-423e-b337-8814060654b6", "comment": "Malware payload", "value": "d1928eb3c186ad6a3adef9d1d9221c936b47e75c5e55bf5bebd3178a1f62def6", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347454, "uuid": "05bb48e1-fc1a-49ad-ac10-2b44c27a8bdf", "comment": "Malware payload", "value": "df8162fae2a7aa012357b2d3e2aa743f1c9bccfa", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347454, "uuid": "5ee143e3-05bb-4a46-b989-fef96cd7ed4a", "comment": "Malware payload", "value": "31825cf53e2a716cf276c3a3522c7ece951179ebaf53d1860e79406b77fbed2ac3037b809410670e34d2c10e5b1bd730", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347454, "uuid": "2a6afad2-10a3-45d2-9c16-373d6fe41cb7", "value": "T19846F096F348AB2FC877503349FA163212974C578E82DB836958721C79BB5F40F5ABC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347454, "uuid": "ffbf23e9-fe3a-42e1-928c-eacfd41793a1", "value": "98304:cPypt7EsrVf9QxSAUKK56+5YYV/fDC5j2hwO599L6Y3LXdrk55:c89cSA2k+V/fDCkhwgfbX6D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692347454, "uuid": "d25a795e-217c-481b-b8d7-b2381f70fed9", "value": 5407267, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692347454, "uuid": "abb79a43-3035-49ac-89b4-ccdd22d6ae0f", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347454, "uuid": "cce36013-3b15-4201-8dbe-68b2a1da3c4a", "value": "Clock.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da6b5552-3da2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692348015, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348015, "uuid": "227a7b54-fb96-4bfd-87dc-e6ef7d196c9f", "comment": "Malware payload (Loki)", "value": "64248f401ff3f2e6b5a6cde26d471825", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348015, "uuid": "efd1fd05-bdc4-4a45-99c4-c448197461ff", "comment": "Malware payload (Loki)", "value": "d1c7799b276b84d13c7eacf2c8811e0e75c514d01a753b9319e3c38a5beb644d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348015, "uuid": "d359f936-d660-4ac8-85b6-ba24bac95d68", "comment": "Malware payload (Loki)", "value": "7dc95f125cb2b853585279f0b172149dc0afbe7f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348015, "uuid": "c0371662-156c-4c22-a184-c9e954ec2220", "comment": "Malware payload (Loki)", "value": "2c2cd3826fc874d7857d7e727a774c8bdd1acd2cc30f94bcdcb53fb8adce5ac65465e1146cc6337b8776c4c98ce480b9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "QUOTATION", "colour": "#75C1ED", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348015, "uuid": "9eb42a06-7494-4d83-898a-688cfcb35ca2", "value": "T14E831ABC26894A27CA6D5379EBC10144DFB6C25FA642FB5AFD8C95A41F5B3F021022C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348015, "uuid": "186ae79d-271f-44ec-ac2e-dc2ff7277626", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348015, "uuid": "ad28938b-1e3c-4e42-8dc6-605974f7de21", "value": "1536:4q85SBFa+cRl2545DT2B3YAUep5kD2q4Ycdq:4q8oB0+cRwffZp5k/5d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692348015, "uuid": "4adfc80d-8f19-4cb6-8109-e3f72ee8e620", "value": 81920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692348015, "uuid": "897ee405-3a8e-473b-b39f-794e7becda31", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348015, "uuid": "8ea3c45c-f7f0-4f42-b231-939e9973d638", "value": "Payment Remittance.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b3fe345f-3da9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692350957, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350957, "uuid": "d9b1f4a7-94eb-46a5-a722-3563e90abe1e", "comment": "Malware payload (AgentTesla)", "value": "d5dd06ed2736825ba8db2fc103ee4b29", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350957, "uuid": "84012ba7-fd7f-4f06-8be8-4a821a9ad38c", "comment": "Malware payload (AgentTesla)", "value": "d2a5be57181e2d0112d9dc0c21ff340265b56c7078e83fb0d6db2d3bf537e8f9", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350957, "uuid": "bd30ab59-fe45-4b4b-8d9f-fac8acfb238a", "comment": "Malware payload (AgentTesla)", "value": "11951a544b0d3bf914552e947e7933dac98f7d48", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692350957, "uuid": "4ae76cdc-2f94-471d-92cb-5ba3c483cbb8", "comment": "Malware payload (AgentTesla)", "value": "16c02f23e39962e3a4122599ff5716cd8ff7d8b9b2a0df7e360cbeefa8698396bc9f6fff26686e2de63d4e3939e2695c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692350957, "uuid": "e17c8c3f-3afb-4654-98f7-33d12f8461c7", "value": "T1F4A3BD6CD34F42A9CF525337AB1A0A5442FDBB7EB34552A1305C833533EED2D912A2B9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692350957, "uuid": "0dc8542a-f377-489d-bb70-fca4cefe9876", "value": "768:nwAbZSibMX9gRWjmgykvuD+o0zpS8gfdxJhH9yLLrljShASHA5D35t:nwAlRhD+o58q3HULLrCA9DX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692350957, "uuid": "44eac39f-869e-4c60-8fb3-acdfba6b3872", "value": 98487, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692350957, "uuid": "7f3e4b79-54e6-4c36-8e26-f5875db07649", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692350957, "uuid": "ccb64af5-bdc7-415e-a5ee-8ebaca1791e8", "value": "SecuriteInfo.com.Exploit.CVE-2018-0798.4.12046.10816", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48ec84c1-3d94-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692341758, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341758, "uuid": "6723b873-d422-44e8-b885-bdf3eeb07589", "comment": "Malware payload (AgentTesla)", "value": "8e601a518f32b88dd898afc2a3d7be91", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341758, "uuid": "01a02e54-aa26-480a-93c8-6e734ef50a83", "comment": "Malware payload (AgentTesla)", "value": "d318f22ed2ba6cf3c16c90c9b297357a8938f20c39748ab42bafbd90523cae37", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341758, "uuid": "1b3e3f7d-1f17-4ffa-8019-345e7b2b7c90", "comment": "Malware payload (AgentTesla)", "value": "bf678635ed849ea82974fa26852b31a6f7553072", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692341758, "uuid": "22290928-15da-445c-b134-500b12d596e5", "comment": "Malware payload (AgentTesla)", "value": "63300badb653a17c6bab386d0cdeb80c823a7b230a075b6eecfa8f71c10f414f6fb5ed0140900ecbfa5848e995feced6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341758, "uuid": "4877495d-9226-45ac-906b-d37d60b0d15f", "value": "T18C83F51A26AA4617D2BB81B8E5C502C1C7B2D16B3962FB46FDDC89E61F53FF050122C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341758, "uuid": "b13a1403-58b3-40c6-ad34-52e3a0716752", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341758, "uuid": "171f8891-5cc3-4138-8b08-b80ba9d6e3dd", "value": "1536:1XYqUTkdZ/Q7vhMfKP38kvMr7x+/WNIz0s45DT2BSYQ+pcSmLCHHLhLboAaM2qHa:JYlkdZ/Q7vKytvmNIzvc9LUrhLJeq6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692341758, "uuid": "a78f0a94-88af-45a0-a417-1315f97b74d5", "value": 81920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692341758, "uuid": "b95c69f7-1602-4f5a-96d3-264922378115", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692341758, "uuid": "3c00e760-4ec0-4ba1-a11f-a6b1d6f7f5c8", "value": "Payment Transferred Copy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2584a503-3db4-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692355442, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355442, "uuid": "84b5c44d-4ffb-4bce-a7cd-b84baa879e6c", "comment": "Malware payload", "value": "df4d3b2120cbb7c1c377f1df45214419", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355442, "uuid": "c6d63e8e-3d47-40a7-bb81-016b4cb1f445", "comment": "Malware payload", "value": "d3a293b206d36b03a3cdd24daf32559717577b2bb1daee36182083ba52f5650b", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355442, "uuid": "f1e5804d-5255-41f0-b513-cb5abf287e86", "comment": "Malware payload", "value": "ced6027d8274f5f3277299f14120975002a280f1", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355442, "uuid": "b3db2ee3-3588-4b59-997c-bd0a7435e4aa", "comment": "Malware payload", "value": "4e465fd9ff4d08839a2945ff114a5fffb3f21dd4c976e3ef796156531feb68b0fbec9558bdf56893b80450bba015ac5f", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692355442, "uuid": "67d88946-b25c-4c7a-9626-2294a3e806df", "value": "T18892ADCF95D1240C67F6D19FDA5A6288D46EDE232811A8A0F7BD53008F34C5AC7A3DA7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692355442, "uuid": "f94e2dff-dd9f-452f-a600-fcd5864ba8a2", "value": "384:vjEkKE06CtU49RK7USLl6vFP6x91sBYxkHcaHYGay:vjE+0rtj9E7tLeP6ZbxkHcAgy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692355442, "uuid": "ab2df0be-560a-447c-b73d-8998b2db4a70", "value": 19809, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692355442, "uuid": "9bfcc957-6588-4d91-8d9c-5f40e59f735f", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692355442, "uuid": "a5778e9e-c009-4027-bd7e-b413bbff0f69", "value": "Notice_9727340.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0fa1f33-3df3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692382842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382842, "uuid": "635f26e5-3b06-4317-a355-d8dafacd536b", "comment": "Malware payload (Amadey)", "value": "e6a636478033fde2ed68b5bf0bca24b0", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382842, "uuid": "1ac2d4f8-b307-4d76-a1a3-3433fadc3810", "comment": "Malware payload (Amadey)", "value": "d3e90fc7809f3158eb140359e68b4ae7b42e79dc2587fde781834e8fccdf2dd4", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382842, "uuid": "25858e8c-64d9-4091-afea-44dec13291a1", "comment": "Malware payload (Amadey)", "value": "3f41bf881bb88d537b452ed1aa29e1f2d433270a", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382842, "uuid": "b8af3c85-1b10-4e3a-a41b-7f6a1f0496d3", "comment": "Malware payload (Amadey)", "value": "6c9e4341dcf1908dbcea4d0ab2cc2c3a191dc3a4623a6fbfae44a4fab9b77a837746b90d5978b781a5f6e19cffba60c1", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382842, "uuid": "e04823a2-bfbd-414d-9106-314ea3e0a703", "value": "T130F41243BAE94162DDF4177058F703831B35BC55AA7882AB27865C9B0873BD4A835F3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382842, "uuid": "a782a0be-45d9-4458-a98d-8cf448a6c7d6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382842, "uuid": "d3f80252-1d0c-4ff8-86fe-40cffe0513cc", "value": "12288:CMrxy90MUHeV7/Cj7ZEg5IWfITXHVrpel4dVW+wKRWjXnp7dh/XPfcgSBzVd3UL:/y5RqjlffITXHiGGKwjp/XHcPJUL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692382842, "uuid": "fd40e6a5-626e-43b2-959b-e6f4b8fe30da", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692382842, "uuid": "ae5eec6e-e06b-4342-a740-b7c52a1cd4dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382842, "uuid": "dc012410-cd89-41b1-81a7-ac21e1270121", "value": "e6a636478033fde2ed68b5bf0bca24b0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e40f76c4-3dce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692366929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366929, "uuid": "08307bf0-0351-4aa2-ba98-cfcf0924cd5b", "comment": "Malware payload (RedLineStealer)", "value": "1fdfbbe7463b8784f5dc30b05802b215", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366929, "uuid": "d4cc551c-149c-4800-8d03-600d8e93d005", "comment": "Malware payload (RedLineStealer)", "value": "d5485e185b4663753bf65b8b1e31a292b6fd569feacd6cd7053c80a1f66cd92b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366929, "uuid": "e9720426-1007-4790-8c64-b2b49f2862fe", "comment": "Malware payload (RedLineStealer)", "value": "545872358dc4b781ad35390e9a0bbd78dbd925b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692366929, "uuid": "6f7c42c1-49ef-415a-b61e-95f66629e44e", "comment": "Malware payload (RedLineStealer)", "value": "efbfd53a259611dbaeaf6aae4f1ec3f9d8c0dc13163efe91e813438e8e9e8cbd2fdcbf44b39f72e1ca4f9cc5a9d5f841", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366929, "uuid": "4d5b12fd-36ba-4678-8ccf-8dbff0f697cc", "value": "T109F42243BAD841A3EC7527715CFB07830F367C9199B84B272285B99E0CB36E8653176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366929, "uuid": "013dce5c-6df1-4ff7-8938-b80544ddee68", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366929, "uuid": "86efae53-8ee0-422c-96f1-bc08b692be0b", "value": "12288:dMroy90xotNqBOwmPHYDw5dxBuEUgoTzDV6K9P8dKRXBXWp7lhJjuDTTogPhJN/:ZyLtNqBOWw7xwEUrs0P8dKNBWBiDbJ/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692366929, "uuid": "fba61a51-6c32-4f1b-aaf7-226d7c484956", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692366929, "uuid": "7da84921-58f4-40c8-88df-4ab46a306580", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692366929, "uuid": "ec69e70a-d4b3-4cdd-b5bf-acfb453a2e22", "value": "1fdfbbe7463b8784f5dc30b05802b215.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bdc2747-3de3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692375639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375639, "uuid": "822eb81b-6ded-4d06-8945-e032c90e2af0", "comment": "Malware payload (Amadey)", "value": "8f7bdb60a935aca42dc824d4f063351e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375639, "uuid": "0bf02395-787f-4176-8ec0-ef7d840b1e3d", "comment": "Malware payload (Amadey)", "value": "d67949b846fe489d99a442d830dfce720e14c3c6fa2c35523f20873e135b2cce", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375639, "uuid": "64233e48-714a-4cb5-8891-c06d3be0810a", "comment": "Malware payload (Amadey)", "value": "3453a447e4e5a55f48ecb739c9a06a544d51a0b9", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375639, "uuid": "87588d7f-8a72-45a6-a688-a321df0a6385", "comment": "Malware payload (Amadey)", "value": "3dc511582d2776713e2c0ed37c4ad081fc08b9afae8bf5036692a61ed77d8a20f9f3d09852f2935a262c1433c348cb3a", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375639, "uuid": "88e7a115-2597-4dfb-87c5-5e92a8217493", "value": "T19DF4124262D99072E8F62BB45CFA03C31B367DE15D38D33A2752D96A0D72255EA32337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375639, "uuid": "0bf14697-eef2-4fd1-a832-81adea07eb2c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375639, "uuid": "09d5d5c0-7db8-4bb5-a77b-fccca79cddb6", "value": "12288:MMrGy90wk7gXGepaxmZoKRvaa00ezljbuj6H+x5e3Y7ViKsnZx/:aydknep8fcaaJezhbuj6Hy5m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692375639, "uuid": "3c65054e-b84c-47fc-a2f9-edd6379fe670", "value": 749056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692375639, "uuid": "d41b11db-376b-4840-81f8-f89f1349c203", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375639, "uuid": "059d3558-89c8-4d0d-ac7b-ae912a14d337", "value": "8f7bdb60a935aca42dc824d4f063351e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8dd2b513-3dcb-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692365496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365496, "uuid": "1eac0888-f5eb-4961-9f30-9cc8ec4c596a", "comment": "Malware payload", "value": "4f3c28e8dc53736450a49f86cd86554f", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365496, "uuid": "928743bc-77cb-44c1-8337-62e2de08ed0b", "comment": "Malware payload", "value": "d97e48ce4a01b977e2f65bc20ac1fce0e72347a05a278ac2a5a58300cbc984a8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365496, "uuid": "e69e5be0-66f3-47b8-b516-d051fc4ff75e", "comment": "Malware payload", "value": "ef851b83872de57293642f79db1e031e87ee73b7", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365496, "uuid": "f451a4f8-a5d9-4007-806a-6c9380e0afbe", "comment": "Malware payload", "value": "5ce9829d6ad841c0d7d7bdd7c93d76eb94d6a5678baa845bb7ada0df47d949919675fe40d2aba7aceb061a21795a45cc", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365496, "uuid": "b9d7ed21-e88d-4e2b-b902-91426c5c9d32", "value": "T122B37C01B5C1C0B3D5BE1D350470D6A18B7EB830EEA46D9B37981A7A5FB05C2CF25E6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365496, "uuid": "fe8e5125-7142-4870-b0e3-984ba7b413b2", "value": "41094fb41caff385dbb69f88e1cb11f1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365496, "uuid": "b08c6d5f-f5c2-4300-9996-3923f2621513", "value": "1536:Z6nG5JxotYK7jDp1WgLsBju+2AjxurUyFtvUeLljMmTEFu87ZsWeocd7rM+MHWyD:txqNwgLsRKAxurxURuqS/MP2ccQV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692365496, "uuid": "0585a85b-ce04-47e2-8ae4-4efde4436d73", "value": 113152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692365496, "uuid": "298cfab9-f019-4478-8150-0da4457812fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365496, "uuid": "8ac492ff-78b5-435b-b2ca-6882ae2f6df8", "value": "SecuriteInfo.com.Win32.InjectorX-gen.13320.2607", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ebf3588-3db3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692355028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355028, "uuid": "fff35487-dbb0-495b-9f16-288229315b4e", "comment": "Malware payload (RedLineStealer)", "value": "f67b0b0905d4fdb43991d27803b6184f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355028, "uuid": "996e6680-a9ee-4860-9845-2abfcfbce6ae", "comment": "Malware payload (RedLineStealer)", "value": "dac50425fcdb65a499810117d6a046cded8e962bdcaf418e80679e1e3927a377", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355028, "uuid": "ca3f1283-4e47-4d0d-9ce7-c6206abd5cdf", "comment": "Malware payload (RedLineStealer)", "value": "1d63e3678dc72af7d178040084f9ef19739a7084", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355028, "uuid": "f6e04863-5d8b-45df-9a57-9c1cb66f1eed", "comment": "Malware payload (RedLineStealer)", "value": "710aba36cd2f00a531924254c54c9bbab080a598e17dceb700ff278ca5404a625aa6187887d4f8965e5586ea2b3ba117", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692355028, "uuid": "80364723-39f9-490a-85e7-35d7da2486e2", "value": "T137757DE2F9C1B521D9A2107642FCB76D127DF0F0072986CB6DC476FAC1259C5AA32B8D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692355028, "uuid": "7df550a6-c08c-4ccb-ab05-defec67ba636", "value": "71f7f5b946e95f0e200baef1abeb5c35", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692355028, "uuid": "832a9c99-b0f6-4481-9590-34b8d9b0bfcf", "value": "24576:qsMsYFgl7MAjKfA7c0yyNqj7lEljCSrhpjJXYh:qEl7MAjKfU0XlEljCA7oh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692355028, "uuid": "fd0781f3-7b50-4a57-a439-eb7819d624f1", "value": 1565888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692355028, "uuid": "bd7daef2-fb11-469b-acf2-484dfa496fe4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692355028, "uuid": "473a6e49-1b68-46e2-a906-d501fea621b4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6774b012-3e05-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692390342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390342, "uuid": "82942ecc-21ea-4e76-9ae2-97fa78d0c78c", "comment": "Malware payload (RedLineStealer)", "value": "9dad27f7942ac4df5a5909f7e407e050", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390342, "uuid": "2fdc722e-9f0f-44ee-a176-93bd68755c57", "comment": "Malware payload (RedLineStealer)", "value": "db5f51b54427a60c74a90f227023de17bbed8bf2346b660ad205deff6ff46084", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390342, "uuid": "0658a222-ec6e-42a8-9805-1ed6060b49a9", "comment": "Malware payload (RedLineStealer)", "value": "9fb325439a7c920618f57576a96d1dcfa9c2cb48", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692390342, "uuid": "28640dd8-0d66-4a98-8647-559afa1af907", "comment": "Malware payload (RedLineStealer)", "value": "1c2751606e7cd978a5a745069a2c3e2832faae7985af130a1ab8d36724ca8b4d4e115f6a21e27f5d951f20890956bcf7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390342, "uuid": "7d04d63b-6c52-4c95-833b-9b86448011fe", "value": "T130F41213A7DA9073DCB417F018F717830B367D611C7852AB6B86A85B09B33D8693973A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390342, "uuid": "a4b915cc-17e1-4e54-8f28-37135b267265", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390342, "uuid": "2bb023f5-322a-4977-b7bc-c3055d90a04d", "value": "12288:kMr7y90NmB0Tf/7G7GO5hMPUeA73NgWW5V4aKRysXXp7Lh2bENr+/9ajzRmDZZiZ:vyTB0z67xzZqV4aKIsZHo9o9mDnGR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692390342, "uuid": "05b41fae-c349-49c6-9b58-00553c8f5719", "value": 730624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692390342, "uuid": "ca3ff254-4fa0-4ec9-91a1-4fb5ac866153", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692390342, "uuid": "47c95160-22c7-44dd-b32d-d82592f07766", "value": "db5f51b54427a60c74a90f227023de17bbed8bf2346b6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d957a00d-3da5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1692349302, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349302, "uuid": "0ebf2b89-8719-408d-8bfb-5d841df4273b", "comment": "Malware payload (Formbook)", "value": "02288e5cf0757a9ed7c4039738ad0c93", "object_relation": "md5", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349302, "uuid": "3002e5a3-628e-41a1-a963-82892e2fabf8", "comment": "Malware payload (Formbook)", "value": "db66372c6b7aa0cf62904fd282fb32790cd3070dbef43420169e6687d150cd9e", "object_relation": "sha256", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349302, "uuid": "68fa5ec0-2062-4eec-abf5-796f11c675d7", "comment": "Malware payload (Formbook)", "value": "e9b6a6144e9f6440233598d7e52a1dfd4075cf85", "object_relation": "sha1", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349302, "uuid": "3590393a-1bb6-441e-bad9-286c9acb945d", "comment": "Malware payload (Formbook)", "value": "23ca30de5033d3e7eb2247794b9f3ef60933d9f0be6d23cb1a694de1d8f6a5cf5d24950bff24a937224bc5bd1a6e588d", "object_relation": "sha3-384", "Tag": [ { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349302, "uuid": "e17f2c02-15c1-4644-9cbc-587be1c75600", "value": "T1734422623228E13C5742AA2AAABF5D661751884591EBBB5F05B8F10E387FF6D9043803", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349302, "uuid": "68f135a3-4723-4e39-bdb8-d87ea9995376", "value": "3072:49SENFTQe7rYR+qH+1Vm4f9e89PUr6aZeGn6CI2XWzKy6Lq3wLcVUBGT/PS1JEOK:eTsaS1HoJfNUrzZeIbyjUgTCrn/i", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349302, "uuid": "5b857b33-a393-4e25-9793-5d06cf2c7289", "value": 264824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349302, "uuid": "b9e6e43f-35d4-4cd3-ba7f-6d4781b44b8a", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349302, "uuid": "32e1b586-4b9f-4906-96ad-131b840fc3d8", "value": "PO. 4300000894.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f05355c-3d66-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692322119, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322119, "uuid": "81ae385a-c0c1-44b5-b8ff-4d9efe22a8b5", "comment": "Malware payload (Mirai)", "value": "9c9f30ddf0f0c0ba511380599dd02530", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322119, "uuid": "85c15d0a-98df-4b29-a904-9b7ca16a91c7", "comment": "Malware payload (Mirai)", "value": "dc17203464e9d1dc52454b799c1de3bdfd3502db5c022b880f2e7e6da110aff4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322119, "uuid": "1106c135-0456-40bd-8e14-91a4809b43f4", "comment": "Malware payload (Mirai)", "value": "7ad0182dd30a65a569ae29075fd7a28dbf9c1606", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322119, "uuid": "219794e0-2432-4d65-8379-470cf1e4805b", "comment": "Malware payload (Mirai)", "value": "626053e1af947d12b80e43afac06e1a9a7937287303e06b5fa5ffe180e8ad9af8becff0435f85dfd1af437dd424475cb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322119, "uuid": "3b7d12c1-a2fb-4ee2-9614-f7385ea81edd", "value": "T167539FA5C5ACAE58CB1441B8B654CD398723F408A5A76EFBD646C796800BEFCF0187F1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322119, "uuid": "d08cc5f5-e1e5-471f-aea4-14b331762253", "value": "1536:PaAtVnz1/mUUNztiYmW6LhiYLTofs3wfpWIDNEJ7JC7:P/tVz1eUUfwN9T0f+whWONEJ7J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692322119, "uuid": "66995b23-c699-4f32-bdba-1d979f2554f9", "value": 63772, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692322119, "uuid": "4d79e9e4-8e41-4781-b277-ffeff21be20c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322119, "uuid": "250e2b86-db2e-45c8-87e7-8f5a5a9cea08", "value": "9c9f30ddf0f0c0ba511380599dd02530", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bda821d6-3def-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692381038, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381038, "uuid": "89ce1b78-dd1e-41db-a9dd-73e348f845f0", "comment": "Malware payload (Amadey)", "value": "f58ce2db21b58720069a9e756d117e75", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381038, "uuid": "fe817a44-5a23-4d81-82c3-cdd2f54b6d61", "comment": "Malware payload (Amadey)", "value": "dc36d236b0cd06bb2c434e3f0c26c9cd28d5eeacf0b628c64a3b5619e04aaae5", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381038, "uuid": "ace77510-4763-4658-b35a-6385aa376a1b", "comment": "Malware payload (Amadey)", "value": "fb7b2d48f1517aade56fdae4a6b66f07f204a66d", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381038, "uuid": "c2c03380-9b57-49c1-a7c4-2461faac2540", "comment": "Malware payload (Amadey)", "value": "f424dbcdc4bdfd212b1a65146b3ce59de8914b36caf956733f99b0b5d86a19c6d2ad6c16e7c28711ae9c5e9f77ba4a41", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381038, "uuid": "9fcaffe7-124f-4b4b-a6b4-755e23618d2b", "value": "T11BF41241AAED50B3DEB427F054F303830B36BCA0583C975F2696686E8D725D8A932777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381038, "uuid": "0bd54349-7288-4b59-8d0c-a1ad5cd594c4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381038, "uuid": "9edf4fde-0a54-4998-ade6-2ad8adcc0fad", "value": "12288:jMray90K50ma2tbZZOpUBVjkBkbKK+ne7ykdRRPXXHp7lm+cqvsXV:tyx0cDZtB3bKFe7y4RZXpA+cqvsXV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692381038, "uuid": "d67ff85b-1785-426b-9f8b-e443c4f0ecb9", "value": 747008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692381038, "uuid": "8ae5fba1-509a-4b3a-b2d0-b91d4c69be7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381038, "uuid": "79c4050c-a664-48b1-906d-c1c57b9df305", "value": "dc36d236b0cd06bb2c434e3f0c26c9cd28d5eeacf0b62.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ad01375-3da6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692349438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349438, "uuid": "483efb88-fbe7-4760-bd66-7e8393e44bc6", "comment": "Malware payload (AgentTesla)", "value": "042282f70c2ad6f60a539b365b351bb1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349438, "uuid": "b4784bdf-5302-4c6c-88eb-de72d981c1c3", "comment": "Malware payload (AgentTesla)", "value": "dd5d79373ef79c20904c2be7b4fb28016afc3e7d1881f7311eab200fc9876089", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349438, "uuid": "d5dedf59-fcbb-4af0-a993-b0d7113ff45c", "comment": "Malware payload (AgentTesla)", "value": "0610b7c21ef3853f3e9907a3ac503a94c2050a4f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349438, "uuid": "c497a743-acb8-4260-a1bb-8f1ca16bbdab", "comment": "Malware payload (AgentTesla)", "value": "8faecfd7849b8c2a6c629f478f8d7df0bd5006ed5dbea072a80b69d11656c389922e3c49ac48754c87a0863d9e39c81f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false }, { "name": "SWIFT", "colour": "#5D4DE8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349438, "uuid": "a6ceb569-55bb-4422-81b3-d61acd3a2e4e", "value": "T178C423EC3BF3C584B0B68BFD4585EEA15E789B01DE624C0BDA69675CF82814837D4A07", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349438, "uuid": "abd1766a-f69f-473f-be30-f900aec7298b", "value": "12288:HUslJQXGk01iR5J4+wuJZxlUMEmm0bDpHWmMgj1z:09T01iTO+wuJzad4Dp2VU1z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349438, "uuid": "9edce2e3-2c17-47e8-9d4e-229bc3f4f206", "value": 559869, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349438, "uuid": "35b822c1-706d-4c94-907b-8c63991ae86c", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349438, "uuid": "ebaa375f-9090-478b-9ca6-ee20fd710b11", "value": "Swift copy USD 222,000.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da3ddf45-3df8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692384951, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384951, "uuid": "a849623a-609a-4788-a607-71ba10d1b78c", "comment": "Malware payload (Amadey)", "value": "2b643be7948335c310b10f60526c27e4", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384951, "uuid": "f25f5cad-bd15-4bf8-af2d-5329aaea3d67", "comment": "Malware payload (Amadey)", "value": "df4d9baa4ea1ba0bc690128f095ee1920adc8743b900e157505cab393ce98590", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384951, "uuid": "103bd5b2-f606-4c6e-a45a-c1bcf7d541b7", "comment": "Malware payload (Amadey)", "value": "ada9a3d92537aa46e04015d3b42e7bc5e0a44b2b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692384951, "uuid": "7e06fef6-3887-4d01-9dad-c563ddc77231", "comment": "Malware payload (Amadey)", "value": "0a4f3b3b7b7e650c70f145b53fa259aee60e0cc698ba52f07c86699b7662509b03b7df0a8522aaa8e9375e56fe7c44af", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384951, "uuid": "1689fdd6-f0e0-4730-90f4-763fb9b4fbd5", "value": "T13FF41266E7F44071E8FB23702CF613C70F36BCA01C79C7AA6785698B0D72558A87572A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384951, "uuid": "e6342050-ede3-4db6-b5d5-22b55c084b80", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384951, "uuid": "5773f957-baaa-4fee-b3b2-d1680c250f56", "value": "12288:RMrRy9056LMOasPKbfV2qE00bhUc8Q726Uj+afmZSgmU+oCs/z/J8UBmB:wy2rpsybfV2qE00bhUXv3+aOoDoT6UAB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692384951, "uuid": "d1dc3ef9-cbfb-457f-9e07-22605c4ed02a", "value": 732160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692384951, "uuid": "5293e2d8-faae-4026-a888-1f8d8ff17b4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692384951, "uuid": "64cd5240-28e1-4ebb-9e1e-11625f529ffa", "value": "2b643be7948335c310b10f60526c27e4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "677ee9d5-3dca-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692365002, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365002, "uuid": "519025e2-5741-434b-b064-35031c072669", "comment": "Malware payload (AgentTesla)", "value": "232873be87a580cfc7692271ddd4cb34", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "keylogger", "colour": "#66C828", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "spyware", "colour": "#219679", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365002, "uuid": "60da0e41-02af-4ec1-a0b8-1ff0864e2945", "comment": "Malware payload (AgentTesla)", "value": "dfc4fe56ad505c398ca4f2d1ac0b0639501c5da024a877f78125773af98d008f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "keylogger", "colour": "#66C828", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "spyware", "colour": "#219679", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365002, "uuid": "f326fb83-2de0-42e9-934c-30911bebed9c", "comment": "Malware payload (AgentTesla)", "value": "eec4887ace9b2227be6bbc8a109ad2dc135b1391", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "keylogger", "colour": "#66C828", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "spyware", "colour": "#219679", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365002, "uuid": "0a912fb3-6569-4e3e-81b3-4405c10cad47", "comment": "Malware payload (AgentTesla)", "value": "ca1b11548f051c6526eca0c768e79c55c8bdf9ec3f0562dd5eff3ecc34a5f2369be7d995820c69c3f9b01b66c24191af", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "keylogger", "colour": "#66C828", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false }, { "name": "spyware", "colour": "#219679", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365002, "uuid": "e8611459-5f27-4571-9c50-9f8da5dfd60b", "value": "T1E51533E5B5F8E4A3524CD55A478708331EB369C9B12E6C1DB23E562CB7AB7E0C327025", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365002, "uuid": "7f186f2a-4bbc-4333-b587-c26b25978e0d", "value": "24576:pAT+9Gnp+ldfl2eSkv5xfCzoxHU9JT5gua:pi+Sp+ldYeSGx9HUvTi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692365002, "uuid": "21824e27-a737-4e63-a3e0-e4d35ed5ff91", "value": 960400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692365002, "uuid": "cd92e830-5615-44ed-8dac-78db3ebf486b", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365002, "uuid": "5f0730c9-2f38-4ba3-8bb4-68607ba397ad", "value": "\u03ba\u03bf\u03c5\u03c0\u03cc\u03bd\u03b9 \u03a5\u03c0\u03bf\u03b3\u03c1\u03b1\u03c6\u03ae docx.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d71b67af-3d9b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692345003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345003, "uuid": "843ea421-1b65-4622-bef6-99e53672aa57", "comment": "Malware payload (Mirai)", "value": "3e4c80b1fe8fec862becb5f649f14bbb", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345003, "uuid": "9409095e-5d1f-4e2f-b532-ac3b5dd843e4", "comment": "Malware payload (Mirai)", "value": "dfdb3672d3070ceb9aad20da79641d6713989566bbcdd6c96ee7fcd77c919f21", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345003, "uuid": "a98cb81a-55f7-4fc6-abbd-27f9097049d3", "comment": "Malware payload (Mirai)", "value": "de6226c597880cc805dcdb05bc47ff9d05f66a04", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692345003, "uuid": "d51c95de-6d50-4fc6-abac-b1e9616c7cc1", "comment": "Malware payload (Mirai)", "value": "e679fd9f54b87458414b65e06c9807f7d5c075159e7144b294cf69e2bcd395c54b669b084c5d5bb79a50f22778ee5716", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345003, "uuid": "75b7503f-ec9d-4a9b-bb63-ef2059be9226", "value": "T123E2E0B540DAC10CD5C09339BBC7663BA225ABF552ED6F57F808686177F227801E27D2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345003, "uuid": "85420a1d-4429-44ce-8dcd-7e5db912029c", "value": "768:hBHkj2QIr1bs09I+pYMM32YLyGBYDjDRT5llUhgnEAyeYsX7ryBKA:aO1AVKYb32YLyRhTkAdYsan", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692345003, "uuid": "1a5a7931-2f53-4967-8f92-e9e4ab679a00", "value": 31980, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692345003, "uuid": "2e592b6b-0a71-4c27-bb9b-c1b997d483e4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692345003, "uuid": "dbd69bd4-221e-4193-995a-7dcb8b8996fe", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14a091d0-3dcc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (STRRAT)", "timestamp": 1692365722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365722, "uuid": "c6a479b4-2916-40c6-a6c3-55fd4dfad216", "comment": "Malware payload (STRRAT)", "value": "108df93eef430d530c7554de038371f5", "object_relation": "md5", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365722, "uuid": "6f11ce79-7ee1-4f36-9d05-a6f0a8fe47c9", "comment": "Malware payload (STRRAT)", "value": "e21c5199346f5c21edacda6db7687e8b3ca8896a6165b4c34028f16e0898669c", "object_relation": "sha256", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365722, "uuid": "304307af-102d-4d1f-a1ae-6cacb70c028c", "comment": "Malware payload (STRRAT)", "value": "0590dfff555b05aedf684cb37265443f8c210ddb", "object_relation": "sha1", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692365722, "uuid": "916c876b-d25e-41f7-ba51-34ea348bf611", "comment": "Malware payload (STRRAT)", "value": "2a9c805db248e2f2d2abd79146a6aec47a4372452f5ba252c86a1279cadcaf0df8bc5ccf04b654cad3c6c305663300d1", "object_relation": "sha3-384", "Tag": [ { "name": "jar", "colour": "#3CA094", "exportable": true, "hide_tag": false }, { "name": "STRRAT", "colour": "#DA76AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365722, "uuid": "6d03650f-fcca-42cc-b5d4-32b211dde3a2", "value": "T1656302DABD44D9FCFD3BF63141C0405B554811EEA5FE123B666A19AE2E88C63460392F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365722, "uuid": "10430fbe-5a4a-4cc7-810c-6a0abc200ea1", "value": "1536:eugjLKW2GuTkX11ndkJ2gxgIcwK84b4kRtcVNU3iI:ep2GfnkJ2kK8W4wCVGyI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692365722, "uuid": "fcd457ad-f0f0-4036-bfaf-0e322a838213", "value": 69628, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692365722, "uuid": "29764f1d-1110-4428-ad33-be95a81883ff", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692365722, "uuid": "0816130a-737a-423e-aa4f-a69364893d4d", "value": "PaymentAdvice.jar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8563fbd0-3dd6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692370206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370206, "uuid": "fb3c06a8-6b1e-4a8e-b4c7-a8f7e455fde8", "comment": "Malware payload (Mirai)", "value": "3460e45703f55e284a121817653a626c", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370206, "uuid": "b99cf4f4-e084-460f-b459-2545470f8a24", "comment": "Malware payload (Mirai)", "value": "e40c86676ecc2226ef4e7310afaec9eb5a7f2bc6b9694b4e5a7b3a31bcecfb5a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370206, "uuid": "1e17899f-82c3-40e3-93c6-51627d5c1843", "comment": "Malware payload (Mirai)", "value": "a544d6ad58c6344e6bc68d5555b14fd7b9f253c9", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370206, "uuid": "e0ffb2ab-9837-4c88-9306-4d0660ff0748", "comment": "Malware payload (Mirai)", "value": "2220ee444fe8b1aad40d7884f9e485003c5945848702a8a1780d75e4851a8ff3bc4db4ff811882987b2fb72796e7dc05", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370206, "uuid": "ba4a59b6-0c92-496f-aae1-c20feb0276a1", "value": "T195A2E119BF1C85CBC832697555E9EAD21252FC72F2DCDC192A40C15FF0A33A96874F8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370206, "uuid": "0f8d7eec-2026-4cd4-8e51-52d3be95222b", "value": "384:MgWLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkXaqOKV14b+502F2vwA9dWuMW21bAKe:O98o08kxofBE+ZkXaqGbp2F2TWul0c5T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692370206, "uuid": "e3f4413c-3ea5-433f-b6d0-2931a7c7abf3", "value": 21500, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692370206, "uuid": "231459ff-5c27-46d0-8698-25143f9e7e02", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370206, "uuid": "9dee6b5e-5355-4515-860d-34a884d44b4c", "value": "boatnet.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57dcdf1b-3dee-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692380438, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380438, "uuid": "5744715c-3a56-42c6-9f4a-f4b5d8241354", "comment": "Malware payload (RedLineStealer)", "value": "4df77cc14f57bdd1e0d927d56cc75f49", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380438, "uuid": "06261e23-3a5f-4d09-bbe7-67e3930a4cfe", "comment": "Malware payload (RedLineStealer)", "value": "e494faf13a3dc85b8afd8425956f63de5530a83c6e856a397b4c62808e96fd94", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380438, "uuid": "6974dd0e-fd14-4fd3-9745-5b71c672d635", "comment": "Malware payload (RedLineStealer)", "value": "9b20638e0c006ca5ad5726fd425de091723b2662", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692380438, "uuid": "fe3492bd-7a0f-4010-a9a2-98e9cc5c75ca", "comment": "Malware payload (RedLineStealer)", "value": "07e84ef5965d048f36e7d1d7c578b7c7602cf9ab56c9f04cbd474e27c45d303a25704b428212575b8a2c1f521447c254", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380438, "uuid": "e38f766a-febc-46c7-9325-2f4390eace99", "value": "T1BF1522238AE85127D8BA97709CFB03530E317CA28D79835B27454ADE5C33794A93477B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380438, "uuid": "d79d3f9e-1aec-42f3-a746-f373e73e4efe", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380438, "uuid": "24fce686-8f7c-44f9-9e62-205f3a937f8c", "value": "12288:bMrdy90PtHKIX53vFtifW0VsDTg6LwaC3nkwqVLYef43nXiddIgBanqdnAE8L7Lt:qyORVX1UW0VcMXbHiPnmqNAVLbQvN1k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692380438, "uuid": "2a1ddee5-0e15-4932-8010-04ad43ae8d20", "value": 875008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692380438, "uuid": "7472f2ca-7662-43a6-984f-defe565d499c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692380438, "uuid": "c4e578cd-af2d-4197-a190-3c108892d85b", "value": "4df77cc14f57bdd1e0d927d56cc75f49.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6116acc-3de5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692376838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376838, "uuid": "97d35c4a-0efd-439c-af39-e9f8c3b3465b", "comment": "Malware payload (RedLineStealer)", "value": "7224fc4f1b8b4f9b72e9752f183855d8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376838, "uuid": "58544cbb-7ead-4e6c-87b1-c5b6a3152961", "comment": "Malware payload (RedLineStealer)", "value": "e58ea0269b9224841229e9b3bb9558935d1ba069f3a69beb7a7cfff65945b33b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376838, "uuid": "4c8aa52f-a7af-4ad4-9d69-9ca81efaee3c", "comment": "Malware payload (RedLineStealer)", "value": "58e99408e39bf16c72f4ff08a68517eb0af7fc43", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376838, "uuid": "c086452c-072b-4acc-8cfc-14969b6b5a15", "comment": "Malware payload (RedLineStealer)", "value": "6c77e88640989cfc911c7bc797cc243a06519c657d736fe4e6532f60934ac17c0b98f6a69b0551ee27eb6541d96699be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376838, "uuid": "430a74b9-ea76-4e79-ab54-b6376289871f", "value": "T1CE152253B2E84072DCE41B7068FA17C30E35BDE25DB9632F26828D4F1DB29A49436767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376838, "uuid": "16fa4e91-2fef-4580-b666-68d70f240347", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376838, "uuid": "61f2a9f0-a3c7-43fb-af0b-bdec1ae56cf2", "value": "12288:uMr/y90TeB4moGobP6bMGGQrR7sbVPsLIp/YYsSl3RuSwDd55T1n3jRXQSMrfEX2:FymmoG+SbMGGmQVP5sSxwx591ntSY2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692376838, "uuid": "28cf74ae-f32c-4916-a65c-87a918a4d961", "value": 875520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692376838, "uuid": "4c2e8aee-aca8-4c8e-b9ff-f4fd4914d081", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376838, "uuid": "9c6742fe-3d1f-4153-9848-1b86d7ab4e6d", "value": "7224fc4f1b8b4f9b72e9752f183855d8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2a8b2467-3d67-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692322379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322379, "uuid": "fbe4a488-5a97-4729-b969-09b4b305fde4", "comment": "Malware payload (Mirai)", "value": "6f2fb66fc99f58ca2738382316779902", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322379, "uuid": "6c45582a-488c-46cb-978d-0d5f702895da", "comment": "Malware payload (Mirai)", "value": "e6be29717e91c3226f374d586c6f5bd30e526fa9edd52053c9d1af009564eb3f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322379, "uuid": "010b7178-d3c5-4eb0-8f07-0898fc8a2c78", "comment": "Malware payload (Mirai)", "value": "1632870ccbf672aecdccc1cc54b7b5cc42808a68", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692322379, "uuid": "d2489a24-92ad-46c6-9d64-49d45d36a3b3", "comment": "Malware payload (Mirai)", "value": "9e3b06df69cd18a42301ff21ab81e4e57273f2e7cae81e2326f09bcdce8c7ec06a5ea89f0a6936a3717749677ea993e0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322379, "uuid": "26545921-6876-4d59-b5de-50a9b9b2d7a4", "value": "T14AC2E114F6015E0AEFE5EDB20F5A4DE237F1470AA9634DD0628572D33B2E42275A2DC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322379, "uuid": "76ac4a12-372b-4bfe-8ea0-dc1353b5106f", "value": "768:PVdafO76jpmNJXxyCUOKPLdgJ1B5H4uVcqgw090:7am+A1xJ52Sf4u+qgw090", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692322379, "uuid": "72c9cce8-4ed0-4241-bea4-7a420a89cf9f", "value": 27064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692322379, "uuid": "e1a65ebe-ff55-464c-b8ef-bc4d4b07d6fb", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692322379, "uuid": "a0475861-924d-4d76-a32d-a804beacb8a0", "value": "6f2fb66fc99f58ca2738382316779902", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03af7bdc-3da5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692348943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348943, "uuid": "0d158399-f489-4a85-9a7c-a73a2142bc03", "comment": "Malware payload", "value": "d5c3b878589963fd5a8dfe97be61c22c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348943, "uuid": "7e4a6d72-6fe2-4568-8dbe-134937ddd76b", "comment": "Malware payload", "value": "e73222d15ab07db8ecad8b6a0a99d3af7643940664c238e56ba390b09e9da3b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348943, "uuid": "d70383b3-f383-42e8-8ccf-4d6b812a3a44", "comment": "Malware payload", "value": "a7e274022cefa7b0fe2aabb9800f8fb5a3b0f4d0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348943, "uuid": "8650f3ac-48d6-4584-8c6d-e2f76c71362a", "comment": "Malware payload", "value": "998d8c69611990e29da379b3dd7935a7e1821a8b9deeddfc7beab9e5c22c7723ef8b5176154003e54f2330f182cac086", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "payment", "colour": "#E8DAD3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348943, "uuid": "fc7659b4-85fa-45fb-8181-32859b37be0a", "value": "T17D14E517B99689A5C2981B36C6D7CC140771D582B393DB1EF58E2BE90F433BB9C4260B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348943, "uuid": "edb02a6b-8e1a-4d19-bdd9-215ea71f8bfa", "value": "1536:SIeetu7ZJtckEFNTidH1W7llbQHia/U1zAPjb4uVvWatP2kW23WEm55VgxNag29r:xtIZjIX7bSD8e4uAFP5VoNagSjWbhi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692348943, "uuid": "4c58dd7a-5615-4d0b-8675-7279b2a7a71d", "value": 193024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692348943, "uuid": "880c03d1-6461-4397-a45b-55df38e6037a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348943, "uuid": "7c042fa5-eb7c-4aab-9567-756a4e180cb5", "value": "Combined proforma invoce.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2865a605-3da5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692349005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349005, "uuid": "b127bd42-486c-4d1e-90ed-70884a9fbf18", "comment": "Malware payload (Loki)", "value": "55a51d1217cf9d5e0eb8ad05f16a6542", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349005, "uuid": "68ed96ec-6e91-4dec-859c-58e5ced732f5", "comment": "Malware payload (Loki)", "value": "e7602e4215456b5ffa13d22b33e91990fff92708874fe6a5655132c0ed085eb8", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349005, "uuid": "1b797c9f-fb88-4a12-97e3-0007d24cf809", "comment": "Malware payload (Loki)", "value": "f2f5b6b6fd832d5d9d283ff8ca5061b1449ece0c", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349005, "uuid": "9f253ded-f43f-4ce7-b189-1bd732f06626", "comment": "Malware payload (Loki)", "value": "84dae840d9abb47684d6362333cd78a2d324373bc2ab610cad4be3f000dbdaa2dd6cf371420cdb990f9e1bf430f9fb37", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349005, "uuid": "1f6fa949-c4a5-4847-a5ce-9555501e2aad", "value": "T10BF322C492E93DB2CE037E792E04B7F73065664E716E144ABE50428188959F77D4F90F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349005, "uuid": "7f2cafb2-41c6-4fc3-abcb-2ce1057a7055", "value": "3072:TpOz8IaL7aucc9W09k7P3WPe3msnBBHhRsl2AuV6IM+pSMymcvfCj59cefbKV9:TpU8PLXcc9wDGPyBU2lvM+Mv1iNGemn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349005, "uuid": "87f9b51b-251c-462c-bf5c-9625663479df", "value": 171576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349005, "uuid": "a109d127-59d3-49f0-9cd5-85ce58241a34", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349005, "uuid": "b0432182-37b4-46cd-9026-8f2c550b5683", "value": "QUOTE 705[1].zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a11ebb1-3e11-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692395447, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395447, "uuid": "7bbd815b-56c8-417d-bd2b-2ebba9e0f79a", "comment": "Malware payload (RedLineStealer)", "value": "2283ec22f3c27c9c5d6c78e5631e6cc1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395447, "uuid": "ca65c5ca-3453-4fcf-bf60-9b7c439d1a0b", "comment": "Malware payload (RedLineStealer)", "value": "e784342049fda29970edd63b368de4b75544feb5b3674ebbbbf7f59f2530c273", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395447, "uuid": "2f72b59e-6560-4ae9-90f3-4a7b01b67bab", "comment": "Malware payload (RedLineStealer)", "value": "8c976ae7994f931179495fe0c883f7bee5c5c7e0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692395447, "uuid": "45626677-09ca-4372-b351-719d43c1498f", "comment": "Malware payload (RedLineStealer)", "value": "dd233a1d8ea75b51a18c4fad4762cfc5355dc9071c23fa612a5718700f3f715eebc5595259a12b61d7b40f14b470c587", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395447, "uuid": "54570273-46a0-4100-bc41-d671be4a4d27", "value": "T12E05225293F58963DCB50BB04DFB07C70736BCA55D3842AB7386A94A08B36C4657A33B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395447, "uuid": "16672933-0cdd-4bd7-85e9-9124a6079953", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395447, "uuid": "5a43db6a-8ad9-464f-a5ce-305f17472576", "value": "12288:7Mriy90oheaDsuUWpLGpCMmUKx/n3UE9VJ+UlTBWY0CvLgGpiOy0H+nTK/Z75+gU:pyZTZ1GpCM1S/3T9l4YBcuiv0H+TgE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692395447, "uuid": "4592f7a6-f448-4c5c-9f0c-6cd081738a5e", "value": 871424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692395447, "uuid": "139c0d22-ba86-45c9-8196-452d6eb99bed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692395447, "uuid": "7d4a2885-9363-49de-b325-a5fc1e07e426", "value": "e784342049fda29970edd63b368de4b75544feb5b3674.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4622a9bc-3dd0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692367523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692367523, "uuid": "627ae63f-a9be-4eb3-9ae5-5ddae95a5dce", "comment": "Malware payload (RedLineStealer)", "value": "a966031691d030d8f8da30e9d31e9aee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692367523, "uuid": "55dc2761-0db7-4066-85d8-a3e0bef42a2f", "comment": "Malware payload (RedLineStealer)", "value": "e78b42da77f30cf9d73b3d23c57698b3ff440139d5db5725667a867a507f47e3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692367523, "uuid": "7e711e7c-f109-4955-adc5-d35af7f1dc53", "comment": "Malware payload (RedLineStealer)", "value": "c0304d1a2f5e7d0f0b48bef27eed229cf398b3eb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692367523, "uuid": "bb3bd4fa-2e48-4c0d-81f7-0745e6f404d0", "comment": "Malware payload (RedLineStealer)", "value": "79ae3fbc2427acb0503e52c48c858165418f83dc1120b96f3befd47783cb05e1fc28d91762199805cb6e2e363be85dc2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692367523, "uuid": "3a9157fb-a006-43db-bb15-05cb91d8498a", "value": "T113C41252EBE88077DCB51B7048FB07A32B36BDA1993447662695E85F0D33794E43232B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692367523, "uuid": "1648525d-0bce-426f-b6fd-fc04cf8a5952", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692367523, "uuid": "0762fe02-e8a2-4ada-947b-6c20a5120d33", "value": "12288:9MrNy90Hcr8crWzb0e+5lsZiIxYSeVXBtzjQiTOMNb9:0yr8NzjoOYSeVXnzjQpMT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692367523, "uuid": "2d178f87-7667-45e1-8835-e47324bf2531", "value": 577536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692367523, "uuid": "865cff8e-8cf5-480b-9529-7353d1a6d583", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692367523, "uuid": "4e45d5f6-1e04-4f5f-9a26-3122b4fcfbc5", "value": "a966031691d030d8f8da30e9d31e9aee.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e1dd5f1-3df3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692382542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382542, "uuid": "8f9ca25c-9b1a-4f00-8a19-01e0df02b604", "comment": "Malware payload (RedLineStealer)", "value": "e290cb652c714833cca35ff661238bed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382542, "uuid": "a89ebecc-f11a-4f74-830b-e91db4073f93", "comment": "Malware payload (RedLineStealer)", "value": "e8a7042ca38b8dba9135abd86c8fed64ae7c2d9612264b217f2f3adcb9e94dd1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382542, "uuid": "728415cf-159e-4e32-a5f3-8871d23de9bd", "comment": "Malware payload (RedLineStealer)", "value": "c9c02a58878e3cf133448e9e2ec973e15df0681d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382542, "uuid": "90ada823-fe5a-4f5a-b9d9-9791ba8f979c", "comment": "Malware payload (RedLineStealer)", "value": "b37a5b3218aaf78818f5e2b136f41da80c6bc40b4852c7def6fd8d60c349c64b756fbf2114a1190644d648369f75a096", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382542, "uuid": "b48f350e-7118-4d8a-88ce-1893860e98fb", "value": "T1601522439AED4571F4E127B094F706831B36BEA20CF4861A2BD56C5A0C73BC9B07A767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382542, "uuid": "5d316f58-c87c-4eea-b5dc-c76d71ed7334", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382542, "uuid": "ead272ff-08c7-4eee-ab44-e573842834e4", "value": "12288:jMrhy90MOcB+rV1L4NPiQIg0AB53l/C2m+2lzSNPJmoMlG3sDCJuzUC5s1TCj0VR:+yrlE745i/ABr/0+jbmRDIuzU92j0kw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692382542, "uuid": "0da3a78a-99ef-484f-ac51-f41fd38edaa8", "value": 875520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692382542, "uuid": "905fca05-1b57-4958-a155-b8d28754e82a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382542, "uuid": "2e854ca9-a823-4dc6-a4ec-201264de4801", "value": "e290cb652c714833cca35ff661238bed.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4346291e-3de5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692376538, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376538, "uuid": "95c7e152-f9b5-4069-ade0-947e0a5d1d7b", "comment": "Malware payload (Amadey)", "value": "743ad88c606fcab78978fa536a26fe67", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376538, "uuid": "ef463150-64af-4171-9aa9-3495896dc3a1", "comment": "Malware payload (Amadey)", "value": "ea3710a55c4cde3cb50754c50c10d7e10f10ff3c6f23d02e314bec75bd39e0b9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376538, "uuid": "cff17d91-f758-47ab-b979-cac62acdf6d3", "comment": "Malware payload (Amadey)", "value": "fb4c1c173665c73e558fe4be1c3aedafdedc2d06", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692376538, "uuid": "1abd5eeb-a713-4648-a697-643bbf7dc474", "comment": "Malware payload (Amadey)", "value": "6095db5a704f54ca48afc488bb6e6248adf1fb671f3749405c2ea2c757cf7eaa8fff0f132086972cfee75de52704cf93", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376538, "uuid": "8677ba4d-0e2b-47d8-8eff-7271e78767ac", "value": "T1E8F41207B7D88833EAB527B06CFA138306367C6059B8C75B3356A9561872AD4F63133B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376538, "uuid": "69691b16-2375-4e42-b5b3-0c494e660cb1", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376538, "uuid": "b2dd8300-f93f-4540-999a-bd0ebeb0234e", "value": "12288:DMr6y90VVQFQTaxK/JpHiVL8S7BVO6KYbe7O5rKR+nX2p7BuFKdRP3iMzpC1r:9y87TI4ROLZ9g6fy7OpKcn2oUP3iM6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692376538, "uuid": "0ac75906-455d-4a88-adb8-5f0fc8db564f", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692376538, "uuid": "10c9949a-a1fe-484a-a4d8-1af94d33259e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692376538, "uuid": "ad0f209d-a051-4a38-a4b2-085f8f3fa507", "value": "743ad88c606fcab78978fa536a26fe67.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b523614e-3e12-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Cobalt Strike)", "timestamp": 1692396056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692396056, "uuid": "e43e0e1f-acde-4146-ab01-d2e71e7bb8ec", "comment": "Malware payload (Cobalt Strike)", "value": "6ab25d039ade9ed931520de5b0470876", "object_relation": "md5", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692396056, "uuid": "0fe028dd-bf21-4fe7-8504-41237226b41e", "comment": "Malware payload (Cobalt Strike)", "value": "ec305ea32222897120ab33d16c93e7c9a0a01e841553f72a8915268a5a454d20", "object_relation": "sha256", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692396056, "uuid": "9551ca84-3441-4f22-90cd-f0a7eb5f119e", "comment": "Malware payload (Cobalt Strike)", "value": "fb24dea17ed4e7f3ce66b83a88417860bd0f2067", "object_relation": "sha1", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692396056, "uuid": "c5e1cfa0-b5ea-4d66-b60d-7ef9c5835abc", "comment": "Malware payload (Cobalt Strike)", "value": "5f4dc881cdf7252147501950f34d1b43c11347e307929ec3054d453cfad721aa272930e5b4b0b1344e5ae3a73bf36b07", "object_relation": "sha3-384", "Tag": [ { "name": "Cobalt Strike", "colour": "#47EF09", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692396056, "uuid": "93ab63de-ef24-4bc2-a9a8-3835c01416fb", "value": "T186A26B62CB282D12DDEB8E7634D89A218A71F7939D40C5F76295C1414FC23C37BE92B9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692396056, "uuid": "5357052b-4389-42bd-bc5f-586627259aaf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692396056, "uuid": "9eaa6d3b-5f41-4f1a-b0cb-175c992fa741", "value": "384:j4FrBinQjyjKIheNyb8E9VF3AM+oUcV4E/4C7LAM+o/8E9VF0NyfAk6:8dYnQOWTENAMxl9ZLAMxkEaV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692396056, "uuid": "3e3181e8-93e3-40b0-ab61-b866443298dd", "value": 21984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692396056, "uuid": "80ea592f-c210-4048-a4c9-883717dffc30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692396056, "uuid": "39ca5bc4-5330-421a-936c-30a05dc08955", "value": "6AB25D039ADE9ED931520DE5B0470876.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ac00426-3de3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692375637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375637, "uuid": "5f2e68e2-9dd9-4eb1-a992-ac00b1faf574", "comment": "Malware payload (Amadey)", "value": "bb11017bdd29c127aa9e10bbf64b0ad3", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375637, "uuid": "c03b8b84-d8b4-40e4-8c86-55508489d4b7", "comment": "Malware payload (Amadey)", "value": "ed74f9b13e6237082b40fbfa24a3342b07a29d7d72504d27ee446673072ce0b2", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375637, "uuid": "bea4ba5d-479e-4480-bd63-b07101f29fb5", "comment": "Malware payload (Amadey)", "value": "8eaaf97896d03a2ef40f2b7a848eccc4491e7874", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692375637, "uuid": "623dbd1d-adf2-428f-8682-975837edbc14", "comment": "Malware payload (Amadey)", "value": "fa562c813b14b879e155b730bcd4362d088f2836fb655cf3d2ca3f9df2306025d6a70c7365c8d04866ee4ee9572a4a19", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375637, "uuid": "8cb77e25-a85e-4191-9766-6076f6f2c468", "value": "T1A2F41202BAD81026DCB6577068FB03D32F39BCA54975961F2A90A89D5C63E90A43377B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375637, "uuid": "85329412-fd5b-4de2-ae42-b23ccfbe2e9a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375637, "uuid": "ab7d792d-7ba3-45c0-aaf1-9da423780b8d", "value": "12288:UMrIy90aIDzujRdtqBGHNhz08MVoUZp8BfDO53KkJto3/VRE2wp:syDWY0BGHNhA8MVoUZ+Zy5a6c82wp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692375637, "uuid": "362171f8-903b-43e4-9425-5cffebdbc9e0", "value": 747520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692375637, "uuid": "cd0a3d4b-2c33-4bd2-bfae-506be7aea026", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692375637, "uuid": "e813fe5c-11f1-408f-adee-99fbf0506d20", "value": "bb11017bdd29c127aa9e10bbf64b0ad3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a320d04d-3db3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Quakbot)", "timestamp": 1692355224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355224, "uuid": "ab355d8d-ae21-4e31-94a5-0d8cf6ad4b7c", "comment": "Malware payload (Quakbot)", "value": "3add6472525f1f89c2a25fbba0b0e3dd", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355224, "uuid": "aa4b60e4-1f27-41dd-b3d8-bf2980306b07", "comment": "Malware payload (Quakbot)", "value": "eec3dce6ca41b66570a08433a5a9b9b2a1cffb037b5255bd589ccf089c12e8ac", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355224, "uuid": "cef6ac1b-c23b-4843-83ea-2abd752fd086", "comment": "Malware payload (Quakbot)", "value": "17ac5de19c77e20294282c2721afec977252d390", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692355224, "uuid": "202270be-6548-4638-b480-c3f886aa2d4d", "comment": "Malware payload (Quakbot)", "value": "80e71721f25fbd3abf488a44546cf2320b6c355173ef10b4b57f868e42a86a6574c0f0d9d31f0cbe00f5081a2e2a3caf", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Quakbot", "colour": "#9FC18F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692355224, "uuid": "a8b2925e-0b38-4cfe-8cf2-cda0e1dfe15a", "value": "T1AC369F7C79CD40FF22296423AF5053A1E296F90D61CB8DB8920528F9634E1F7E761EB1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692355224, "uuid": "e7aa9372-081b-4eca-934e-2d9c6608ce9d", "value": "24576:ZsSXps8YYanU2tEmfPWatGZ9F5VDsG1N3RHURSFH3W4ye385SyOQT+7Mu6MYpZcQ:GMOGaAiMzgmG/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692355224, "uuid": "44319eb6-ad0b-43f3-ab0a-e98a2315298e", "value": 5120007, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692355224, "uuid": "b85d03c4-343e-4e27-b2a9-674c86ef3f0e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692355224, "uuid": "087c36cb-d797-4180-a5c1-bec0dff48176", "value": "M.V.+TBN+-+SHIP+PARTICULARS.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "925f3497-3dd6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1692370228, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370228, "uuid": "c7ec4118-f920-4c25-84b1-66e2ae0718c9", "comment": "Malware payload (Amadey)", "value": "2a29d43da265a9c49402bcbe5b27cb71", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370228, "uuid": "9e698d22-c752-42c5-995a-a229f7fc12a7", "comment": "Malware payload (Amadey)", "value": "f039548be7cf4a555bae4b9f9a40750a51331b9f6b3599c41bbc5e4a68823b2b", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370228, "uuid": "ffccc2e1-4195-467b-8564-10af778bb9e0", "comment": "Malware payload (Amadey)", "value": "6da6119a0b85e7b8d81d4fbd67221de1d8e01c56", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370228, "uuid": "26870c30-4a36-4e85-a049-d6d1d204a4ed", "comment": "Malware payload (Amadey)", "value": "62ee798d106bc579d332092fa54254b6229d5040dbb9add30645d8cc053106e1156e58e8d91654df91141e03dee34046", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370228, "uuid": "8a29c054-9831-4401-97d6-c7d45d93ecb9", "value": "T1C7F41216B7D85036E8F63B7019F707C70B36BCB14D79632B2B89A85A4C73944A53236B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370228, "uuid": "105ab41e-a08c-44af-add9-f82040d93b42", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370228, "uuid": "9e5f48da-a2e4-4761-b37c-caea2cf7e253", "value": "12288:lMrxy90fIk0LjBg19X/PSumobanjTSfwN+N0ZE5pv/ptYPZYaQof/WHYFnK2:8yMSvA9nJbanjOfwN+N0qDv/PYPd/W4/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692370228, "uuid": "84ff9ec1-a729-4461-a832-29fb9d4b9e6d", "value": 749568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692370228, "uuid": "416e2687-bb9f-4f48-a41b-4050e0db21d8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370228, "uuid": "9bf9770e-48b2-4c3d-9ece-6863ccdbbf55", "value": "2a29d43da265a9c49402bcbe5b27cb71.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bed0954c-3def-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692381040, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381040, "uuid": "bb8814d2-41df-41a7-a237-2fdc32bdb73c", "comment": "Malware payload (RedLineStealer)", "value": "ac8277540975681cfa8326a602813849", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381040, "uuid": "777f05fd-8ef8-48db-a76b-2065dba011c3", "comment": "Malware payload (RedLineStealer)", "value": "f1efab4081969d110fc50cd7e7debfce7d9d0cb5267b739fc3ce51da23efa25c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381040, "uuid": "23994e51-1da3-436c-8690-62d34d2baa07", "comment": "Malware payload (RedLineStealer)", "value": "711128ae9232dd8d9d8a5f30f1ac02ce8968a7ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692381040, "uuid": "c5859538-6d19-420a-9d6b-8fe51e759b12", "comment": "Malware payload (RedLineStealer)", "value": "93857b5e0fe81fad66631af00e439518712b40d94b1497da06cc811ad68b3f3790f2a61392995035602ef389bfe50139", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381040, "uuid": "c4ff833f-829c-46bd-98f8-999a9e002425", "value": "T17AF41207E6E888A2D4F6677019F612970B32BCA75979832BA3505D1E4C73990F93633F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381040, "uuid": "5853e64d-07dd-44b6-a74e-debd9708f5e5", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381040, "uuid": "32821e2f-3c91-44df-bc0e-1c373cb9852a", "value": "12288:TMrKy90U1vi2yvsiv83+pVPSwHBn5KHSYI8UU0/zrHR22gqsR:RytQdE34qwTGUP/zV4R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692381040, "uuid": "2bc960e0-d2ef-452d-81f0-b79a2ca67fc6", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692381040, "uuid": "fe89e78e-3300-4077-b6d6-0024709bd024", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692381040, "uuid": "f8bbc592-782e-4448-94cd-249f1d004777", "value": "ac8277540975681cfa8326a602813849.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92e8e600-3dd7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692370658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370658, "uuid": "32fdd768-c8c5-4645-940d-8b3c002a28eb", "comment": "Malware payload (Mirai)", "value": "5cdeafdf1dc75ffb82ca47167e80ea45", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370658, "uuid": "49872471-deca-495d-8397-3bcb179fb2db", "comment": "Malware payload (Mirai)", "value": "f2c5ce260653f140447072da0077d7faf338b26a8b0e9f8fb8968e3379c533b5", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370658, "uuid": "fea7ded1-9599-4bac-97dc-051700d246d0", "comment": "Malware payload (Mirai)", "value": "5e53d0ac26338029b42b1c8fe475488e02c7ac42", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692370658, "uuid": "0174f3af-0121-4db2-a865-c8ec5ebd9a5f", "comment": "Malware payload (Mirai)", "value": "46e050383e6851eafb861c54e25ac504cf575d749035c10845f8b3a1b5ccc054452d5e2a26466ee69ad115313b3251ec", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370658, "uuid": "a6702589-9fd9-4809-bc27-69d76f868148", "value": "T141336C36E029DED0C6560234A4E88F751F03F1C883536EBB2AE546B2645396CFA19FF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370658, "uuid": "4927d910-da2e-4bf6-90da-752d6b87e673", "value": "768:Oa2vU7eng2qGJert7LrLMU6fgatQh+YbT/9+m3CZQoV/bnmCozw:Oa4U7G7SvT6ftBTm3KVrmCo8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692370658, "uuid": "f6c0b391-580c-4b95-9244-46cd7da202c5", "value": 50168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692370658, "uuid": "0c2643ef-ff37-4296-bf5e-a2466ec226ec", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692370658, "uuid": "de7852ae-b5ac-42ee-82e2-1529dc43f654", "value": "5cdeafdf1dc75ffb82ca47167e80ea45", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a18a54e-3de1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692374912, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374912, "uuid": "7f5e50ad-d51f-42f9-a9be-5042e5df2c33", "comment": "Malware payload (Loki)", "value": "9be6ae76e316be2aa2d0726502c255ee", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374912, "uuid": "370ab3cd-24d1-4c45-a649-e1837c76a0f1", "comment": "Malware payload (Loki)", "value": "f3a6d2199a650f53ec6fea8fa4279fcead3a3b58b1e0f1517ffcc92e1b2b77a3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374912, "uuid": "b190096f-3a23-467a-9249-773691d1fe18", "comment": "Malware payload (Loki)", "value": "863923497c63467435ff42038415544226d7ae49", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374912, "uuid": "71c11c46-65ad-4d79-8828-ea3644a40912", "comment": "Malware payload (Loki)", "value": "f18a51354f6576e9cf98530577e97d584723a588440d130a511154a4a3bd5d0cd584f82b7eda6e8c5899a09e7ded734c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374912, "uuid": "477a0836-ba80-457c-85fb-5342edaaea37", "value": "T13325E017BA9789F2E2843736C6C710145FB1DA917BA3D609764E23DA0B437BA9C052CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374912, "uuid": "cd98a8e3-3ed3-404c-a180-b72ad9eb08e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374912, "uuid": "4c249902-14ee-49d6-a885-1a99136e11f9", "value": "24576:L496BqUS1vLtE84aTWNyKoWbFtY6L8++Ryn:ImyvLqaT3K9BtJgt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692374912, "uuid": "76c329e1-cbb3-4531-ab03-d94a325dc251", "value": 992768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692374912, "uuid": "2807f298-3f1d-4f12-adbc-3d49e97e16b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374912, "uuid": "715a28c3-ed94-422c-9063-3efe6446b9e0", "value": "Payment Confirmation.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "570e0d58-3daf-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692353378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353378, "uuid": "466c6b88-b618-4292-a2d9-7d5b3c446f7b", "comment": "Malware payload", "value": "4a7ed329d2fc81b2561e520edaa5dc2b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353378, "uuid": "49aa21aa-7e3f-48fa-bce5-42c4c22d57c4", "comment": "Malware payload", "value": "f45ea12579f636026d29009190221864f432dbc3e26e73d8f3ab7835fa595b86", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353378, "uuid": "5d16e28b-0bbf-45fc-9258-77649146e4de", "comment": "Malware payload", "value": "27226b43156c968be4989615a9c5c2a92a64cc2f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692353378, "uuid": "4411fa6a-17d8-4f80-af2e-50a244700448", "comment": "Malware payload", "value": "4365407122efbf6d5cae0483deaefc0b08815d1f7abf94ee415772ef87edfcc2e436c170a1742344a2dd37516d64c2dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353378, "uuid": "6930271d-891f-41b8-ab40-64529ec82e98", "value": "T17793385BA6E944BBE0728679C8630E05A772BC121A25DF7F03A4435E1F673D18D2AF31", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353378, "uuid": "3717624f-d876-4876-abf6-381d74dcc49c", "value": "52f2aab1b05f1621cb9134bf7163bcff", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353378, "uuid": "5141270c-8330-43d9-a22a-1b73f5b74b9a", "value": "1536:Bx/G9PfyWB66O4mSNiOxRbxhE2vgqjsW3dd09dlNXB5J:Bxu9PfyWTBmEiaRbxhl4CM7x5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692353378, "uuid": "48b36d8a-8420-4157-9a6e-c4c9b81a56c5", "value": 92160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692353378, "uuid": "1d327063-a1cc-4322-9907-fc7df0f6beae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692353378, "uuid": "8621b59b-8df3-4db3-a10b-c0ec9f4a82ab", "value": "ntoskrnl.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28c50ebc-3da2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692347717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347717, "uuid": "4cb535cd-ea46-475f-9508-e6959c5e388a", "comment": "Malware payload (AgentTesla)", "value": "6b3555e924ef3a93c33dbee68f872f55", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347717, "uuid": "40c1c7d6-a692-4206-ad11-3a3bd4b9adeb", "comment": "Malware payload (AgentTesla)", "value": "f6e4963b0b1da4392146dbe8a0b01441f35ed8147be1388697806bb3977718c4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347717, "uuid": "a131ffe1-cfcc-47c7-8274-987151b43903", "comment": "Malware payload (AgentTesla)", "value": "9a4a5514e441510bb3e004270a1d818f175483b0", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347717, "uuid": "a0c13fbb-f55d-4b79-bcd1-b602285c5488", "comment": "Malware payload (AgentTesla)", "value": "9e71444e5b5b2359f7ec5c1e812fcefdd4079ca0528fb23335c45aad2073ae113fa7481fc7cc7a872b1bffd3b81679e9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347717, "uuid": "1c7bc9b5-49c7-40bd-a4d9-470ad3f37c4b", "value": "T175A2BF67CB11DC3CEF35C13251E6222ADA6CA187912A280EBB33F71D4C785CE1DA948C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347717, "uuid": "2f3f1c02-8e49-4f23-b409-513bf374316b", "value": "384:GG9/fSWG6f59UORfqNy4Y0Fivd7ZMM4EUS9rDhCl0mppOfFgOz7xC:GGggomfsRYKiAMx9Xg0mpqOm74", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692347717, "uuid": "0c667a3c-b405-4da1-a16e-253c9ec3c91f", "value": 23256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692347717, "uuid": "1d6e18dd-8052-4c90-bc70-37fdb76effe0", "value": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347717, "uuid": "512de017-e1d6-47fa-930e-3cf8babaead5", "value": "SWIFT COPY.docx", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cf417e3-3da2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692347804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347804, "uuid": "fe94e9b6-2189-4b26-89bb-2a2299c9adc4", "comment": "Malware payload (AgentTesla)", "value": "fe91e947afd12754d225d8040d8224bc", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347804, "uuid": "7af0d78a-b913-44fe-907c-2dfd02aff81a", "comment": "Malware payload (AgentTesla)", "value": "f740661d5fc2e451c509753bc9654acd8710de426bf01a7c4b39876d9fa52ea0", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347804, "uuid": "187af0f3-5f71-4210-a265-6ea736196c4a", "comment": "Malware payload (AgentTesla)", "value": "ede11961e894f43efdc1abd5f6a031f70e3ad36f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692347804, "uuid": "dcf8b15b-62b3-4b27-b07d-bf76e350c8f2", "comment": "Malware payload (AgentTesla)", "value": "bd15440f889668c4429240b7668ec4a4f5b4d6d0994aa8f74505ab23a1d5a23206728a2cc3ccc237824fc0e987679863", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347804, "uuid": "993f04de-01f3-45de-a8f9-a6ae0c751fb6", "value": "T120A35B28338C471BC3A82379E14F5654C3B881B75722F74ABD9C42EC2F53BD1A65A64B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347804, "uuid": "a85b0e97-f8d2-4e26-a31e-01cbb9bde4c8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347804, "uuid": "9f67e1d6-9290-434e-8aeb-4a262501770c", "value": "3072:ddd2PpGVdgBRa54mKEzD1YfWcPULORPHTDt4LdAjm5BM/h/W1+p0Xfe5H:zd2PpGVdgfa54IzD1YfWcPULORPHTDtj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692347804, "uuid": "2c141b4e-4dd2-42aa-9e18-2e01699d53f7", "value": 100352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692347804, "uuid": "485838b5-bfe4-44a6-8889-bfccdd42cd6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692347804, "uuid": "2933bf08-ccf5-402e-98a4-d5fe75060609", "value": "e-dekont.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30ad74ec-3da7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1692349878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349878, "uuid": "7507bbeb-5d8a-4e04-bec9-f41b14923e41", "comment": "Malware payload (AgentTesla)", "value": "9f7c782d21a2e0b5aa9c45a3a468353e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349878, "uuid": "b961fe53-675d-4a27-8fc3-ada9b436cc84", "comment": "Malware payload (AgentTesla)", "value": "f75c513b41300793212f332adde6e8998a5ca4dd92f3e5d79887e1b881538093", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349878, "uuid": "b9ea6f40-6edf-418b-9041-5ff4079473d5", "comment": "Malware payload (AgentTesla)", "value": "8be9d4062bcba5872bff09ebcdf842e0cbf1869b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692349878, "uuid": "b16584fb-76ca-4b24-a2a9-0499d150f1bc", "comment": "Malware payload (AgentTesla)", "value": "91357c471f1e8636a2a58af26d1b477ade379529872f93c47c1f347239befa07fc445bc78adbd10939ed2b0b464d1659", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349878, "uuid": "8553b983-c349-4f1d-9480-549106ac67f5", "value": "T12A15D95CFA09DA3FD38C8C3950F9DB2B69B99BADD0E1E351C01191B518E6CAD0DB6063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349878, "uuid": "687bbb56-6b00-4c5f-8fed-23b1f6eab47b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349878, "uuid": "655a7b9d-8385-49d0-9ce3-58e130c9dbc5", "value": "12288:4gm1LxYINUni14tdrKV71AjX5+29w4x+sfD37WSWr:45ini1oGVpAz5lxJfDj6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692349878, "uuid": "345d49a2-eaf8-431b-a523-9472a3ac3c5d", "value": 939520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692349878, "uuid": "793d5dc1-4103-4628-be52-ae877cfc1c30", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692349878, "uuid": "0b942380-722e-41ea-9fab-a3520f2932cc", "value": "PO132630.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "028b13c5-3e0d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1692393609, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692393609, "uuid": "4331529c-2786-4a6f-be42-a0e37c606226", "comment": "Malware payload", "value": "72bbf50bd4aca038a1abe55aa2928f44", "object_relation": "md5", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692393609, "uuid": "e8c4d164-355c-4e42-a0ba-d0ab57a524b0", "comment": "Malware payload", "value": "f91304601b69ac91a99cf4d19756bba46d8bfac1a4e54e55e12a30a941444353", "object_relation": "sha256", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692393609, "uuid": "da02488b-1e50-49bc-9b63-e973249b248d", "comment": "Malware payload", "value": "3985a6cfe4763eb3a319e5cc6cc9f360852f13a3", "object_relation": "sha1", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692393609, "uuid": "738af868-5b5a-4a5d-b1c7-6cf9ba81c43b", "comment": "Malware payload", "value": "28d2c59aae9390ebe147e33ef160d9c00ba0048068cb7fe80d962715152060412799f68a851dd6f5bb4477016b4177bd", "object_relation": "sha3-384", "Tag": [ { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692393609, "uuid": "5077397d-71a3-4152-92de-60d5aeb377af", "value": "T168F2D0D2CCD610884BFF529E86565199CC9B7D033923E825FBAE63014F3188B66F3D16", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692393609, "uuid": "f173e389-9a47-40bc-991a-41f4d4f4fa35", "value": "768:vcaZ04jjSOQpEwnN73//orNlCWLuZcH2pyRtSfUz2y8ynLpKQYlg7Xgy:EpEw1/orNlC5ZcH2pyPolMnLEQgg7Xgy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692393609, "uuid": "4cfcce23-a695-43ef-a7eb-52f9e9d5ec48", "value": 36030, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692393609, "uuid": "3b6be25b-daa7-4926-9364-727771c746c0", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692393609, "uuid": "fff7a236-9f3b-453e-a208-c7a8b14f8afb", "value": "Notice_1054361.html", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f21255de-3df3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692382844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382844, "uuid": "749763d7-4f9f-4558-bae1-832feef994eb", "comment": "Malware payload (RedLineStealer)", "value": "01d99ccd5a314e7fe9f14522767c4363", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382844, "uuid": "4a696bf6-c63f-401c-8576-4ccb12a29d33", "comment": "Malware payload (RedLineStealer)", "value": "f9bd50fa654a74c6bd7a2a8c817d42be126f3b154a7e61632dacd5ec6aac3af9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382844, "uuid": "293d65dc-de09-4118-a8e0-ba4f4262e23b", "comment": "Malware payload (RedLineStealer)", "value": "dad82eb38692a5f9c7274fe22da6630a90d1a4ae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692382844, "uuid": "d6c62df7-30a1-446d-b74d-e554bce29821", "comment": "Malware payload (RedLineStealer)", "value": "89e9114830a8560df6cc5087737d821bc75ce62bb1e58bc621d681753fed908815bd428cdc7983260bf2a18ce317e1f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382844, "uuid": "35a5fcc2-201b-48a3-8ec4-5db5ac5bd384", "value": "T11CF4125366D98072CAF9277058F702C31A36BCA2A878565B3744AC4E5C73688E83277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382844, "uuid": "a5405778-72f0-430f-a7bc-eb2e7589bf5f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382844, "uuid": "6a68c513-5b28-4b7f-bbdd-89ef7fcf9f71", "value": "12288:8MrEy90+BRmPkJxME9vvmjEZBJMF740ma5o2Xi+zh7ro5pepPQdo9Fhuyn/iWP9o:Qy7RCkJNxe+C740mU5/7rMw6a9nuYiO6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692382844, "uuid": "4a6d2d27-4fa3-4eef-a58a-c1b30882a48e", "value": 749056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692382844, "uuid": "2fba6d6a-f4cf-49f8-9149-be950e9528a1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692382844, "uuid": "f5cd2c33-81c5-4587-b77e-91ef078e2ace", "value": "f9bd50fa654a74c6bd7a2a8c817d42be126f3b154a7e6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bccb5d1-3d61-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1692319805, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319805, "uuid": "c204b343-7107-4415-86c9-acb003f5583b", "comment": "Malware payload (Mirai)", "value": "82754aaab98753500e694ecb4ba9c95e", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319805, "uuid": "539179bd-ee62-4bb2-9b90-337aabfd1f88", "comment": "Malware payload (Mirai)", "value": "f9c4ecf224cc89672c46429eb8676c22585ada6c8e1b06b36e24851800873e9c", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319805, "uuid": "dc9617c7-2db7-445d-bf88-a111998647b4", "comment": "Malware payload (Mirai)", "value": "134a3acf353f53c371852d3ea279e1c98bd71656", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692319805, "uuid": "44c8c953-ecc1-4ed5-bd4a-aeebfb427a2b", "comment": "Malware payload (Mirai)", "value": "0c671bcfbfa96ab82bd647c6ea1b4c3b01cf0fe4f1519079d11ec2781ea97bd45fbe8970cb68c5a2a3cb5103091ff334", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692319805, "uuid": "79d5dea5-45e5-4b72-ba93-7a19c3fa2b90", "value": "T1BC33011EA7B4ADF087608D3BD8AF11804D69336672CAB1FBB55E0878E1E76D1D9F8140", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692319805, "uuid": "a501b45d-60c8-4199-ac05-5355e640dfdd", "value": "1536:r3kMg2HUcWUzlNXMU5+TSdgUO3L1LrHnOImw2:Tg2HvlT8U5+3ZLtDON", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692319805, "uuid": "24834876-879e-4306-9271-c9add42daec4", "value": 52512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692319805, "uuid": "2e156713-e4c7-439c-a484-8996db54543a", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692319805, "uuid": "25172643-786e-4a30-af65-2f0238ad87d7", "value": "sora.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1a62d42-3da2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1692348027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348027, "uuid": "bf3d464a-43b7-4c1c-9f93-214a629cbbf4", "comment": "Malware payload (Loki)", "value": "55672d200b5d1aa434a31ad26b5e6d2f", "object_relation": "md5", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348027, "uuid": "0f04fe31-498d-47bc-b3e5-8f880d081283", "comment": "Malware payload (Loki)", "value": "fa370d0bfc8eff482745093393d23fc9d0ef1d4ba07ec714efcd0d74ca53f45d", "object_relation": "sha256", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348027, "uuid": "8d620448-0071-446f-b5bf-e18fb8a6493b", "comment": "Malware payload (Loki)", "value": "a9cae9e6376d0aa0a54865c720e4006e5f4837aa", "object_relation": "sha1", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692348027, "uuid": "b314caaa-a449-4916-832c-76dfb3c3bf61", "comment": "Malware payload (Loki)", "value": "6a5f75dd889f1d574388f0c4642250d675dca0d27c595d7e745da305e9d4edc95e767cc35e438b2d53546fd12b696926", "object_relation": "sha3-384", "Tag": [ { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348027, "uuid": "7803fb97-7c87-4731-bf52-cf9fd9599072", "value": "T12BF322C491E939B2CE037E792E04BBF73069664E716E044ABE50428189559FB7D4F90F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348027, "uuid": "9b6cac40-42fc-425e-bf05-109cb818c718", "value": "3072:apOz8IaL7aucc9W09k7P3WPe3msnBBHhRsl2AuV6IM+pSMymcvfCj59cefbKVk:apU8PLXcc9wDGPyBU2lvM+Mv1iNGemO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692348027, "uuid": "75312f5e-d41e-4eb4-8118-b2e0032d4908", "value": 171578, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692348027, "uuid": "c6826607-e005-4b35-b9b8-1752cf5755ed", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692348027, "uuid": "1d815ec4-bbf5-4e69-90e0-ad0b4810237a", "value": "PO No 2390920.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac1cdb7a-3ddf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692374136, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374136, "uuid": "93c50942-743b-4596-927b-7bb2bf07dd97", "comment": "Malware payload (RedLineStealer)", "value": "f6cc2d065f6b72c3bc54cba679967e34", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374136, "uuid": "e336aae9-0191-4814-96d6-0b4f88b513b7", "comment": "Malware payload (RedLineStealer)", "value": "fbed7d3a503c4753b39d027a97298fd445b7ef15679b99e4af18cc1c93a4968e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374136, "uuid": "9cca5f21-30ab-4d17-88e8-eb35d8cb8640", "comment": "Malware payload (RedLineStealer)", "value": "752d5bd31b429bfd3c593682f12b26b84d5014bf", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692374136, "uuid": "093d06dc-e0af-4467-82ed-22eed402cf31", "comment": "Malware payload (RedLineStealer)", "value": "8370b067ee0006984a8400a02fa22c931f10f1b91db8d30f380b6c36879073ad537426a910cc725a8c9998327869dad4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374136, "uuid": "b868f25f-6231-41db-879c-f51668bb24fa", "value": "T1A21523427AE84073E9F65B7159FA02831739FCB019A887773781999928B3FC0793536B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374136, "uuid": "bf468f71-df13-4382-8e90-c2ca98548ed0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374136, "uuid": "496eaf09-97e9-4d94-a492-4a1c05b5cb56", "value": "12288:TMrKy904ub4KYvY2VPGYDS4osOctj6lKKfHG5sNNm+huD4wccvPY2HSVO8nhg61R:FyVu4rVPRic96lNyEm+rwPY2HGhg6c0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692374136, "uuid": "e1838a27-44a0-48dc-8803-5ea903958f2a", "value": 875520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692374136, "uuid": "71249cc8-f227-4ab1-8784-2736dcca9bfc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692374136, "uuid": "f45e88f9-ef63-43b6-988c-3f5863152221", "value": "f6cc2d065f6b72c3bc54cba679967e34.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b12837c-3dd4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1692369330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369330, "uuid": "aeab67af-7291-4ed4-92ff-5d1a6fb7414d", "comment": "Malware payload (RedLineStealer)", "value": "53d26bba45e31cc9ae2378b7f93f8216", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369330, "uuid": "f46e1c06-7bda-4055-b0e0-acb3e67930eb", "comment": "Malware payload (RedLineStealer)", "value": "fcafb0a74973bf15975aca7d1cde45abeff66a2c3cd0950564ceb139bf461c65", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369330, "uuid": "2d50e35d-b415-4099-9cbb-fa5c2cadd663", "comment": "Malware payload (RedLineStealer)", "value": "976bae1a396280d6d8e0fd942eec7aec8def56c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1692369330, "uuid": "48eabf4e-1c59-4a1c-95db-a5b2a9af6163", "comment": "Malware payload (RedLineStealer)", "value": "1926c0e7f510669647a486cfb39d9cf67d55ac79995f24969d17fce691f213db081b3f7277013f6258c967006bf4667b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369330, "uuid": "75fd9a0d-572c-47de-912b-c99d5e9a2f96", "value": "T1A9F41207EAE81072E8BA17B014F617971B367CE16DB893972381648E5C73684DA7273B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369330, "uuid": "d10cb469-a488-44c7-9223-14e48e90b7d6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369330, "uuid": "dccaff88-cbcd-4286-a63e-25e3045770e6", "value": "12288:hMr+y90vlRytlG+VrTwCuacYf8m2DQ392rQLJ+d7g9fM2HoDcdBINbQzl/Lo:TyLlhrukElQ3VLJ+dgxM2HSYL1U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1692369330, "uuid": "02113183-e8de-4f07-8f04-4fcf29be129c", "value": 749056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1692369330, "uuid": "785f0043-9697-4d5a-8bcd-cb538e6ceb1d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1692369330, "uuid": "9b18e7f6-4277-477d-900b-2883d7870fa4", "value": "53d26bba45e31cc9ae2378b7f93f8216.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }