{ "Event": { "published": true, "date": "2022-01-22", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2022-01-22", "timestamp": 1642896181, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "6e75210f-2101-4836-b2d1-2510d37f5002", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4442d074-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865445, "uuid": "fda2aed5-d924-48af-a613-6861d43cec40", "comment": "Malware payload (Gafgyt)", "value": "61f6b1d452693b6a3fca2bf0fa9a6839", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865445, "uuid": "6678dd49-e0e3-4731-964c-cf8fc8cadb40", "comment": "Malware payload (Gafgyt)", "value": "00bc13143adca982b6ffa2a2bdf0b7ac5c058e1a8263d87cd512705cf7c0945a", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865445, "uuid": "69cde22e-40ec-4be4-843a-8f49607a34f4", "comment": "Malware payload (Gafgyt)", "value": "439e318a6d4a667e09fcc1694f584024d3ee0a07", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865445, "uuid": "4acfab70-c7c2-48e9-a8b0-417c5d76e1ca", "comment": "Malware payload (Gafgyt)", "value": "aa1dadbce146154a0b28b1bc9426fbf3e9cd5de9daaba8b0a7c5b21c8c312cd4faf82b6e4f37b42b5bc6d90a161343eb", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865445, "uuid": "2b895ece-9bc9-4fd2-a104-3398f0f793ab", "value": "T1FAD31904E551876BC2D223BAFA9F424E37232FA8939733165A347BB42FE179D1D39910", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865445, "uuid": "5f917c43-2dc2-43c4-a9f5-1313a4b62263", "value": "3072:iVQIxjr5nA9K3yacXHhg/OCj3mP+hIWP69OMXbRkmheQHnSu0NU:6QIxjr5nXyamHhgC+hIWPXyVkmheQHnf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865445, "uuid": "04175bb1-5058-4e42-8982-83818a97591d", "value": 134909, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865445, "uuid": "08a38f22-ba2c-4c02-b104-6e7b1ab805a7", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865445, "uuid": "bc760ea3-b36f-43ee-9046-548424173917", "value": "nv.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb69870f-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854585, "uuid": "5256fba4-58a3-4d08-81b2-4c41ccbebaec", "comment": "Malware payload (Heodo)", "value": "9b653e7a063231df565c64d097068f33", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854585, "uuid": "bf598072-32da-4f94-9fdb-822f1a399caa", "comment": "Malware payload (Heodo)", "value": "0342d6d09b51b1044ea4a151bc943ff66972d99406a49fcb92f220a798408749", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854585, "uuid": "91ffbc3a-d6fa-4dd5-8d94-06dfb6846bea", "comment": "Malware payload (Heodo)", "value": "00c464988151835c303d690ee8e40f6fc32908a1", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854585, "uuid": "852fd8c5-e486-4066-95db-335d1088f76b", "comment": "Malware payload (Heodo)", "value": "98c499bf7bc259686ad6aa0dd1153756697c228c4f459927801181f482dfdcfe382f934409f4d8f4430bad4ef4c0a1f1", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854585, "uuid": "9b92d251-a4e7-44a2-968c-93f661a79b55", "value": "T1C5D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854585, "uuid": "90eee589-ee7a-4768-acb8-ac87ebebf7ff", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854585, "uuid": "8e527d76-23d1-4e63-8bb4-cd0b1089e2e2", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLSkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQWkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854585, "uuid": "ef5492e8-039b-4326-b5ce-854206a215d4", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854585, "uuid": "425bfbdc-b61f-4324-a426-63892dcff219", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854585, "uuid": "59bdce5e-dc20-41fa-bb0d-2d00e8feb9f1", "value": "emotet_exe_e4_0342d6d09b51b1044ea4a151bc943ff66972d99406a49fcb92f220a798408749_2022-01-22__122937.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa878966-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854584, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854584, "uuid": "265ae5e4-823d-45eb-98df-8261e3457e0d", "comment": "Malware payload (Heodo)", "value": "941d279a4e492c0979c775fa8254dd49", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854584, "uuid": "61b87f29-810b-49be-90af-911abf70a9fd", "comment": "Malware payload (Heodo)", "value": "059216c60c0ba993a3e69e88e7d952a75daa1ed5f588bcae71bf45d37e034cfd", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854584, "uuid": "1fc83233-8c99-4710-a6ae-78716c5c08db", "comment": "Malware payload (Heodo)", "value": "4131b7e81be159d5b2b4634bbbeb2cc7b87e9e1e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854584, "uuid": "b6d799bc-aaef-49e3-8c96-bea975464104", "comment": "Malware payload (Heodo)", "value": "150e46819b219861499f822a61921e7b62b1bc4b693d6c7dcee45e5f63166c14e4ac70cb9e8ad7dd52b457e09cf51bda", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854584, "uuid": "756126fd-0e6b-4266-b3a5-f12ee1c66926", "value": "T1D2D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854584, "uuid": "861c230a-fa4d-4c68-a124-a553737ba582", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854584, "uuid": "225f5cd9-f079-464f-9cdc-d73dabff8b92", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLHkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQLkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854584, "uuid": "dede9399-4c39-47e2-9dbb-5d9547a6d494", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854584, "uuid": "78e60e6b-934b-4eea-a6dc-10de5c2c3ba9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854584, "uuid": "01ae9977-9e3f-4d2c-93af-7b07fcfcf5b2", "value": "emotet_exe_e4_059216c60c0ba993a3e69e88e7d952a75daa1ed5f588bcae71bf45d37e034cfd_2022-01-22__122936.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87a0959e-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642865987, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865987, "uuid": "d7dcc2ba-b915-4237-b886-70165194c4de", "comment": "Malware payload (Mirai)", "value": "9d4da99aedf167f006c109cf471386ae", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865987, "uuid": "ff33dbc3-cae6-48bb-8b1d-4b25774cc370", "comment": "Malware payload (Mirai)", "value": "072f9f12bcf8e0f9e6e53b759e3bdf50fe56887ff40621f5f9024894770b0473", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865987, "uuid": "01a98ea1-2962-4647-9594-3b1ba9ff8e2e", "comment": "Malware payload (Mirai)", "value": "066fb0b3a4ee621b15e566e28a357412cbbcc7c3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865987, "uuid": "2ea91050-66e7-47b1-919f-9763697be37f", "comment": "Malware payload (Mirai)", "value": "b1ed9e0d59562d2c4079281bc372882a6706d06a00e9c32a4bb0e0aa636204d39ab0acf5f77bbccc9b8db53f68425a9b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865987, "uuid": "ca25fb19-0a3f-41a1-9dad-c4a55e5011b5", "value": "T11B532B42BCD19A2AD6D0637ABE6F609E331163DDD1DA3213DC245B247BCB60E0DBB641", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865987, "uuid": "c1099329-ea0c-444e-a108-baef72b86e48", "value": "1536:M/D5m0Lthj2zz/AlLY2YK42XTtAXwq+6u4TIIk/:m5m0Ltt24ubQGg5j4vu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865987, "uuid": "e8f741ee-bd39-4cff-a5b1-2868ae4a5483", "value": 64320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865987, "uuid": "24845399-61eb-4b4b-859a-0093d3c4738f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865987, "uuid": "308e47fe-b939-4a5b-89fc-f8e21dcfe631", "value": "9d4da99aedf167f006c109cf471386ae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f748e2af-7bbd-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1642881636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642881636, "uuid": "85ab32c7-865e-4bc1-be5f-02dbfce63145", "comment": "Malware payload (RedLineStealer)", "value": "18a00e77b2cd5ea4256d58be8b7260a3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642881636, "uuid": "7c60d549-2e9b-4264-82d8-2b96d22e39d6", "comment": "Malware payload (RedLineStealer)", "value": "07c18e8e0f92e75367df02c4114947b038e86fcbc7c8e5a77df739deb955263a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642881636, "uuid": "0220be36-2d2f-442f-8c9b-c19439199a8c", "comment": "Malware payload (RedLineStealer)", "value": "2efdcd8fc69ac26b0577c49db390df24bb18921a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642881636, "uuid": "e328ae24-e334-4a0c-a75d-b8bd421b9a50", "comment": "Malware payload (RedLineStealer)", "value": "61c65549d7cc0480222fbd30a1de8aa2733624a05c33ca0cf693a765025b10123f1e1686ba8b29fab07dc6b6a09df122", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642881636, "uuid": "3c9e6f09-e545-4883-9ebd-25d883b35199", "value": "T16C2633103B8AC47BFE0262705C986FFD61B5E39C0A3854CB573485097F2A998E1BBD5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642881636, "uuid": "05072449-a3d7-4a69-aa99-20e720887b08", "value": "32569d67dc210c5cb9a759b08da2bdb3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642881636, "uuid": "d218ea30-33d8-4b51-a145-e438594623a3", "value": "98304:xfCvLUBsgReEOeNU0w7h28K0Qgu/h/IZr2O7gZpkfG3TIC4dMxf:xsLUCgR+2N+pQjeUZpkwcC4dS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642881636, "uuid": "fd6bfa13-bac7-4233-9f2d-e0f838622526", "value": 4441675, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642881636, "uuid": "193fa01e-2b26-4866-8fdc-52b9a389ad00", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642881636, "uuid": "2ecc5e2d-161f-4a14-9df6-3509ef1c3234", "value": "07C18E8E0F92E75367DF02C4114947B038E86FCBC7C8E.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5aeaf4e-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866118, "uuid": "54d7210d-7acc-427e-bfb1-b3d7b0d7c7be", "comment": "Malware payload (Mirai)", "value": "8cf073e7e262cf7db8d7c11cd4234979", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866118, "uuid": "9dd7e535-6601-4e52-97de-12389046efdd", "comment": "Malware payload (Mirai)", "value": "08f5bc463ab8ba9281e8ad415f3274a33e427864933a442df85e215095f0ded8", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866118, "uuid": "0fb19e12-02ab-43ba-b0de-0c7770b25396", "comment": "Malware payload (Mirai)", "value": "addbf48dd8ff204e07e2421aeba2b67f06377206", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866118, "uuid": "112de2dc-648b-4ed8-a8ce-383a2780a9bc", "comment": "Malware payload (Mirai)", "value": "4f03914841aa8037697311572bd804935dc5f0731071bb45f933b4f7eb448c3f41be84a6cb6102acf40b83d324e4cf2e", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866118, "uuid": "84df8981-78ea-4846-8e78-4a996e7df2a5", "value": "T10BE34D46F6414E23C4D61776FAEF424633229794E3DB730699285FB43F86A6F0D23A06", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866118, "uuid": "5dc944e5-874c-44fa-8895-c9792e5aa0bf", "value": "3072:zthhF4j0NiJv1AnFSJa2l/SB1Emo5lMv5fPi/ElSji4M/9pBi:zLnI0NiJv1AFw/dmo5lMv9PjlSjpM/9C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866118, "uuid": "72edc05f-10bb-4b9d-96e8-680e7baf0be9", "value": 156050, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866118, "uuid": "00a8df82-48a9-4fb3-8afd-69a2edf1eafb", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866118, "uuid": "a725e446-7833-4d1b-8f2d-9ec7072c801d", "value": "RSec.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84174e73-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854385, "uuid": "10fcf3b1-3cd3-48a6-a6c4-e5d188227ef9", "comment": "Malware payload (Heodo)", "value": "fd5c9eaf79bb0abe8372364553933215", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854385, "uuid": "2965ede4-12c2-4bb4-9d3c-9dd4c92589b5", "comment": "Malware payload (Heodo)", "value": "09a7c4f3878793169f3a1c2467a1c160534255b5d0ca13db6b4c5c4178ef3379", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854385, "uuid": "4c7dd2f4-2746-49ed-9537-1b43a6d80387", "comment": "Malware payload (Heodo)", "value": "4c4ebeca53e35088dae8b4d391ff009a9f99708e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854385, "uuid": "d1fb3b17-7742-4bd1-993f-763202308ca9", "comment": "Malware payload (Heodo)", "value": "93963e648e09d780d03ee45d76bb8348c1e17de759b10da1587c6b6b01b67b44c24ea82262cef277d35856a54391f845", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854385, "uuid": "e237d5c7-3bdd-4956-a1fd-95b4de31ab07", "value": "T172D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854385, "uuid": "e4fb7b33-8598-408e-ab2b-694d41f199a5", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854385, "uuid": "c735897f-751d-444c-b076-506e36b761c0", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLlkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQZkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854385, "uuid": "a30bacda-6b6b-49e7-b387-32e3f7513c55", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854385, "uuid": "58b663bc-ee8a-457b-af87-a8c6503b873e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854385, "uuid": "53df5e81-e02f-4234-a558-30b2cb4ccef3", "value": "fd5c9eaf79bb0abe8372364553933215", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61dd0818-7b5f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642841013, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841013, "uuid": "e4a6f838-90a9-4bf2-a41b-1cbe02b97abb", "comment": "Malware payload", "value": "45d25d1d4637ea3f01bf67f70f408fdb", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841013, "uuid": "62d5691e-803e-42c4-8496-99d0766d95b9", "comment": "Malware payload", "value": "0f0de0a1fe03d028e395189c38736742f05b61834363d4dec12b3f6c27719ec0", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841013, "uuid": "2e270872-2ada-4050-acfa-ef7e6910a59c", "comment": "Malware payload", "value": "970a686f2eb655e4349406c2463f3a64f689a379", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841013, "uuid": "4583e51b-ae33-4939-a142-7a3721f10cf7", "comment": "Malware payload", "value": "dff6f1dc5692649d161ab08f83c4a8131a4646d8d6fbcbfaabaed19d7bc494ccf15470a088af7990da14475cc79a2282", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841013, "uuid": "6911a924-9f65-4c77-a8f9-2476b7c5d567", "value": "T1078128A9034FD9FDE367BC8495E51A47EFBA8626462CEAC0DF607EF6240047CD4E1488", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841013, "uuid": "33509814-a582-4338-bb84-06783fe83af7", "value": "96:zUtEX5k5nz1busbyqgLPWvDNBZJh/P+vfceI1XF+ah1CGp:zUtmkdzBuVqgLPCpBZJ9PkcdF+azCGp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642841013, "uuid": "d40d81d7-5717-47d8-98a8-ec4a5aca5b36", "value": 3968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642841013, "uuid": "11e92ab8-07e3-475a-8b95-62d478ab1ab1", "value": "text/html", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841013, "uuid": "a29c3361-ce47-45e6-b922-d35f1e7c6d40", "value": "11892AU11892_11892.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1557e507-7bbc-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642880828, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642880828, "uuid": "981af9b4-ce9f-4f86-a535-3e9d8dae14c5", "comment": "Malware payload", "value": "7b736df08e1652c3e4cd221b08913d83", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642880828, "uuid": "f9b3582e-265e-407a-a72b-59a5981f510d", "comment": "Malware payload", "value": "0f7bc2915159c81f5c76b11a3f5d7e476ed1cbac7c0c34fc58565763b1d5f81a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642880828, "uuid": "4ca3f06e-d220-4f53-a73b-74ee82b6d33d", "comment": "Malware payload", "value": "1a08f6fe20dcd4cd36de0f0255a0df37e94927bf", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642880828, "uuid": "5fffeddf-0db5-4337-955d-feed3f582a0d", "comment": "Malware payload", "value": "a433c6383373682f94e0a137746c24144f34249da160a97b335b0b86eb8c6e09f7a858004a237a6a640a752de2618336", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642880828, "uuid": "e8f86e04-382d-428b-9490-cafc7ee5cc31", "value": "T13D16E03BF2A8653ED45A4AB58573C310493B7E61E85A8C3A17F4360CDB3AE701F2B615", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642880828, "uuid": "09255f70-2a09-4434-8b1b-8cd22b8d5aca", "value": "5a594319a0d69dbc452e748bcf05892e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642880828, "uuid": "b34ce1ab-cd61-4dca-82b5-61d6c85ccb6a", "value": "49152:4qeNVPRvwykFinqCqFbrIWaeI6nQY8pdbUunM7Jrs7WxdknyWeNg6iG0PKOvVPUf:NElaNxAoI6qpdbZ+IWMnyWkglG0COvqf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642880828, "uuid": "3e96b490-b668-414e-bc99-bb8738571056", "value": 4134008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642880828, "uuid": "21e951d2-9492-4a39-acaf-7c1571ca5589", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642880828, "uuid": "8e1cf13d-ecab-4084-a873-049bd34cd272", "value": "7b736df08e1652c3e4cd221b08913d83", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e896cfa7-7b85-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642857560, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857560, "uuid": "94e8c969-3114-4c25-97e3-0ba8aeffe5f3", "comment": "Malware payload (Heodo)", "value": "394093d2d087c69c24daddbc8d301024", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857560, "uuid": "e213966d-c609-48c5-9370-625b6ec9e4de", "comment": "Malware payload (Heodo)", "value": "12b14e1d093009f703a29394303f53d511ad4e41875f038c51cf075dcf3cfe4f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857560, "uuid": "df2cf7f6-5f63-4e2d-8f99-ff39650c0bf9", "comment": "Malware payload (Heodo)", "value": "1fd2381dcfddfe1c496282b2a607c8f396992592", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857560, "uuid": "bf3d1d66-33ff-4962-b9ab-a438f880674f", "comment": "Malware payload (Heodo)", "value": "f09c1c1d8a59c9375d9d3c9cbc31e384d8cb2fa5a718978f308190b4c36500bfb4f3a248666430585bb5f68a8f17f0f5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857560, "uuid": "b0f95490-bd13-4e67-9aa5-d9c6677bfc0c", "value": "T1B9D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857560, "uuid": "d9e2d7cc-a97d-4c88-be32-c52554067198", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857560, "uuid": "78b18809-c8fe-4229-8f4a-90fb0733617d", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQL3kMZR+TTD7vgEPej:0hn7dA19ZCOyDaQTkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642857560, "uuid": "aa0ea3f7-45e0-4243-a8ed-8bc31720f4b7", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642857560, "uuid": "0274ed7b-9c7f-4a4c-8156-bc9be2114a21", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857560, "uuid": "ef076ffb-f464-489d-970f-7c0455bfc66b", "value": "394093d2d087c69c24daddbc8d301024", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ed574dc-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865489, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865489, "uuid": "cc9e73b1-8d11-4af8-8f4d-4e68bfaa02d6", "comment": "Malware payload (Gafgyt)", "value": "96c6e6b51f4b0e6774ad490af2fb3c2a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865489, "uuid": "ae1fe91c-a4fa-4110-9abd-51a534372721", "comment": "Malware payload (Gafgyt)", "value": "135543fa3a29bb63b5c5497c7e05e81a107985cdae704d1ad77998245c14a6e6", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865489, "uuid": "183e63e2-c882-40e7-97d8-167b6f7f7ac8", "comment": "Malware payload (Gafgyt)", "value": "c2606e4e2647ea21ba06038c78bf2adea577228d", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865489, "uuid": "229d1fea-422a-423f-bbbe-ea53b1edf9d5", "comment": "Malware payload (Gafgyt)", "value": "c4e95d12f8deef37b552514171e862e62bf12c54c56c285bea93d4466fb4a64d57ff633b35b611502922abf409ef9ccf", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865489, "uuid": "392dfa0f-0f4a-44b0-9131-f1551d03580f", "value": "T126A36B27A561C67FC08766F92ADB86129853BCB90B32210633E4BDB93F358CC1D6DB15", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865489, "uuid": "3c625e0b-07cd-4822-904f-4b281a1e7d07", "value": "3072:Ae62ka6r4eiqbZLSBl8Twz7USqCDm7FPI3aEoF2LNn:maqVGewJm7FPI3aEoF2LNn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865489, "uuid": "61769b84-290c-4a92-91b3-f82fc082ce9a", "value": 106970, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865489, "uuid": "305c8272-8c7e-4937-9b89-8e8b52cd1467", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865489, "uuid": "4abf943d-740d-4dc5-8ea5-fb2564f83d73", "value": "nv.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9181aa85-7b62-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642842381, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642842381, "uuid": "d051dd5f-0dbb-4b96-b89f-ad59271a15e0", "comment": "Malware payload", "value": "9929c4e05f8efa96066adc653e5ca21c", "object_relation": "md5", "Tag": [ { "name": "pw metamask", "colour": "#31123A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642842381, "uuid": "2ae9cb53-b702-4d8a-8473-9018ec272132", "comment": "Malware payload", "value": "13e506b2808af7ad66383da3f1f8e725749f1e725b391fa5ec7104793094f939", "object_relation": "sha256", "Tag": [ { "name": "pw metamask", "colour": "#31123A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642842381, "uuid": "fc76f968-126c-4e2c-be50-852e3b2af27c", "comment": "Malware payload", "value": "711d6ac1ce88649c15d3d77e8cb1ac3f03d07cf1", "object_relation": "sha1", "Tag": [ { "name": "pw metamask", "colour": "#31123A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642842381, "uuid": "62a247a2-fc6b-4604-b1ee-a9d536428902", "comment": "Malware payload", "value": "a1a763decd06ffb93e28b7eebb28c55bc34b07013f3ba361ec6264106c3e5a9fededc22a1225e9a759a6221127add6d7", "object_relation": "sha3-384", "Tag": [ { "name": "pw metamask", "colour": "#31123A", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642842381, "uuid": "c833a4a9-3ee1-4a31-8109-15e1f8a2e27e", "value": "T16095337399563353187EBE20349C236EC55343D65B88A256C36469B24FE32B0FE6FC98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642842381, "uuid": "d8fe6ca7-4cc1-478b-8950-f08a74da2f8f", "value": "49152:qTfFe8phKiBhjXIof9JltwP8eyY5I8rfpAUvmi4OzFNhjfzamYtMRv:H8G+zxf9pwP/HI8jaUvmDKvzamYte", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642842381, "uuid": "22fe028e-8b09-4823-be4a-98f497e3bfb8", "value": 1995923, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642842381, "uuid": "ea43f229-fdba-4a2e-ba4b-794aa31914ea", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642842381, "uuid": "a178b060-6f7d-45f8-9d6e-df8247d7d648", "value": "MetamaskBlackWallet.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e5b041f6-7b85-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642857555, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857555, "uuid": "64c61ad7-ed17-4bff-b496-0e2a7a19e7de", "comment": "Malware payload (Heodo)", "value": "79add0e5683bd972773e1e335804b6f6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857555, "uuid": "37f5d795-8ee1-453b-83c7-d81f89d1cba1", "comment": "Malware payload (Heodo)", "value": "15008beee8b1f7b67fe44eb95492aedc93985b0492618faed9dd18515b849bf7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857555, "uuid": "43917d3c-52bc-4d9e-85dc-84937567ddb4", "comment": "Malware payload (Heodo)", "value": "be375a8ae3e2fbb74e9ebe339621dc8e86a969c7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857555, "uuid": "5668aee5-3ada-4b43-b74b-d549bc27b78e", "comment": "Malware payload (Heodo)", "value": "45bf2294a4d0bb9cacc4a087e9566acd4319e0d0482005f8d0807717f29784b1162e0133b5f3dd55005cd99e29cea66e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857555, "uuid": "46333004-325f-4a44-9cbd-268161568a53", "value": "T15FD49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857555, "uuid": "04fe4d7d-bb5c-4ea4-9e5b-aedceecdfc34", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857555, "uuid": "a7a700a3-b775-44d8-bd07-34b2caa94701", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLxkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQNkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642857555, "uuid": "0b62bcde-760c-4445-88c7-8a3fd40f26fd", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642857555, "uuid": "358b6858-99b9-45b6-8e6a-a362ad752e66", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857555, "uuid": "1a002abb-1d91-4538-bd8d-ef94a45994e0", "value": "79add0e5683bd972773e1e335804b6f6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e65bfd0a-7ba0-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642869153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869153, "uuid": "f7f111dd-4a40-438e-bacf-1cf7d8c3e1dc", "comment": "Malware payload", "value": "6591593a140f9f9ecf16b2c59d8c55e0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869153, "uuid": "95d10c0e-2b04-47e6-a48b-771c968e3088", "comment": "Malware payload", "value": "162bb64c2a825538fb674790fb4fece37faba6b573f76d9b1753fac4ec0feddf", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869153, "uuid": "092bd032-11ee-44ab-a74b-70b0cd07bee4", "comment": "Malware payload", "value": "85cfdeeb3046056779d48956ecc011d8d5c98ba4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869153, "uuid": "910a3b58-2531-4ed4-a855-019b0c76ab64", "comment": "Malware payload", "value": "23f97d903594f253ba880e78eb8cf597fe3fbe3b2840dc827552ff0cd7a6eeb936535eaaab38370db8cda0473f5de974", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869153, "uuid": "4ee3dfae-1dfd-4a20-b2e7-67de6921f982", "value": "T1522301327E826AB3C3153EF4893D0F46104D2BDB81BF74795C454A5B1DAA8B122B45EF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869153, "uuid": "f0dfa027-cb7e-4592-a835-04f196f3e033", "value": "768:qOsH3TSQB4+Uj1QpuJw7FD/Yq5aY/mHCBHf/Q12qdlSiPusq3U7/0ZKy5MkdLIQZ:dsH3dOrZJJ4yUarkQ1NZPf5yGWgsLu+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642869153, "uuid": "34031b27-532c-475a-b9e3-a39522ca5b3d", "value": 49284, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642869153, "uuid": "699616d4-b1fb-46e4-8abd-528b121f748b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869153, "uuid": "23365e08-63ee-4bea-a988-a7247ff63ced", "value": "6591593a140f9f9ecf16b2c59d8c55e0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6adf6c56-7b5f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642841028, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841028, "uuid": "9a0a85e3-203b-4d1b-aca4-c64567ae2931", "comment": "Malware payload", "value": "be2fd7fcee5f8ea06446bf5c03d5c1e2", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841028, "uuid": "7f26bde6-bd41-46ff-9c22-cb4a91a6b7f6", "comment": "Malware payload", "value": "1667b86745778e1005191a56e7e132b4a904e83f4fbca61d3aae3b6391bf16f1", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841028, "uuid": "a2d5022c-5303-4087-9ec6-2fcebe38aac3", "comment": "Malware payload", "value": "c578c7bd11df00400011bdda55155e938d16b715", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841028, "uuid": "56faf2c0-67fa-495e-a56d-3414687d9cf6", "comment": "Malware payload", "value": "06ac4ff91bfdb44c1574bb18d0221c81b1b463c9e05aea52146ab2b0b5f8fa981a27ebd37e24402151c4b30d967e668b", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841028, "uuid": "1fef59b7-d7c8-46c0-8adf-52685ca5c668", "value": "T1458126A9074FC9FDE667ACC4C5D81A53DF6A4626472CE7C0CFA17EFA2414578A0F0498", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841028, "uuid": "ee81d4cd-ffbb-4e1f-bfa7-92041d7fb4a4", "value": "96:xiltGIenDHEIVHDgAQYOk478LJbOZ8mDoDfWFn2TIvkkq:ciBDHhVjg/k11bOZVDoKF29", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642841028, "uuid": "70329bba-5997-4189-91d8-1118b2eb5aa1", "value": 4026, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642841028, "uuid": "48615597-a583-4dce-956e-96fe54c2009c", "value": "text/html", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841028, "uuid": "1e021209-2443-4584-b0cb-40a493f5ac3f", "value": "24408AU24408_24408.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1bba4dcf-7b22-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642814696, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814696, "uuid": "13311746-c315-4e68-9269-ccfaa3bca3fe", "comment": "Malware payload (Mirai)", "value": "df0f3c82cc90ffba2b36d34c90f62686", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814696, "uuid": "2682a244-7cd0-4feb-bae9-58ce9aff9e64", "comment": "Malware payload (Mirai)", "value": "175565ba93b80c18d575d6cd0a3805e38ac57c406e35987a6daf4abfe8669237", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814696, "uuid": "f14b21aa-ede0-424a-b56b-b5a6c37feaf5", "comment": "Malware payload (Mirai)", "value": "8ead906d877305b4adba7d729181dfafd83454d6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814696, "uuid": "b936e93c-b7bf-42d0-a370-5f204874ba61", "comment": "Malware payload (Mirai)", "value": "13a40a429e5676da6c97454b9d5fa55c5f650a88506fd7b9605cf42d209727030b3f2e4bcd95f155bbab4c5da7a78d27", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814696, "uuid": "a95b362c-13d9-454e-9e77-3fa3f8a27f86", "value": "T1F7B2D0B17025B8B7C6E100B76EEDCB83FA811EF8D0E473295465099DEAD5C52BAF0147", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814696, "uuid": "e7ff33d1-4b86-4ac3-b25b-41a36cf10b55", "value": "768:5X9nxn8o9wnBoWzEQf2EjKb3p1Xs3UozD:5tn+o9wjfBAZYzD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642814696, "uuid": "8b9bce28-b64f-45ab-a5d2-3c5c7a72c73c", "value": 25004, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642814696, "uuid": "1dee3d94-138e-4ee3-93de-a1a53db6a230", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814696, "uuid": "b477ea0b-956c-47c5-8d7c-6d3cb9e7d6e5", "value": "df0f3c82cc90ffba2b36d34c90f62686", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2f39a75a-7b9d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867557, "uuid": "0f2599f2-9441-4586-88bd-4cc5044b2a45", "comment": "Malware payload (Mirai)", "value": "e507e96396821ad623e9a8829942f771", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867557, "uuid": "22fdc1e9-7da3-4fce-87e4-8dfbf09df21b", "comment": "Malware payload (Mirai)", "value": "1803ce1448f3bede15b9e96d1555ed017daf54e8498a5f1ec7bfa882a514e3c7", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867557, "uuid": "3bc7639e-7b89-4eac-a081-66fe9eb79375", "comment": "Malware payload (Mirai)", "value": "3041df893eb9b6fc7bfac7e76233f2fb7111d36a", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867557, "uuid": "3b69d36e-e587-4583-8515-42af0709873b", "comment": "Malware payload (Mirai)", "value": "7b202e69d6378b15f9051b147971db1b27c81c47795569fee8d8a56d4b8ed1115243b016f069f9c20d09ec54a162e0b8", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867557, "uuid": "01daa25e-4257-482c-9216-7fc780af13d8", "value": "T159833B47E9A19FB7C0866A7565AB5E300B13E9912B4F1A4A303CA7F8434F4CD790EF64", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867557, "uuid": "1bbef8e9-9346-4fcf-b70d-910bc8c87ef2", "value": "1536:ClN9YyOXmMSr4k9dgGwKGg0CfjGJCpdojMyTRLmkxVqOEeofzee:g7OXmMSr4krG3J6BQLmkxVqODofzee", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867557, "uuid": "dda000ba-3076-4ad1-b63a-c7b0a566a9a0", "value": 88733, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867557, "uuid": "2eea6df7-791e-4323-890f-18cd885f7d58", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867557, "uuid": "88325412-94b7-4e6f-b7bd-73e9d289a590", "value": "s-h.4-.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9f972cd-7bab-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642873803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642873803, "uuid": "6b578cfa-ee73-4f38-ae88-9cdc759a2523", "comment": "Malware payload", "value": "6ae1918de381b473e7675d7c2ac30e1b", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642873803, "uuid": "17ed8de5-e07f-4883-9f62-d76c9364a1df", "comment": "Malware payload", "value": "183e1d0f0087b5032b6b5c9ce429e25c3830ac6148e56d5fee297e4e6bd38df7", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642873803, "uuid": "212acb18-bc82-44ee-a54c-7fd8056a385d", "comment": "Malware payload", "value": "2428120390e6f6701eaea8296703bf3da2f817a3", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642873803, "uuid": "5d871d96-b727-402b-a3ac-e1c59f28072f", "comment": "Malware payload", "value": "ba86b007ef309be08a4410c36ed6890c6a973e61f3da18e56312c430cb80c34da7bc94bce5975f1679c3aaa89a360908", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642873803, "uuid": "a33e3ecd-db3c-4e25-9e37-be2d8cb71358", "value": "T16F63B8253A61EBFFD66D82300BF34B3043D565962AA1934AF26CEB5C1F7128C1C5E7A4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642873803, "uuid": "05d6a49d-5706-49a0-8c74-7999d136a63a", "value": "768:40i7xZNHfB/s0ztx9DxY1ym3+eS0HInL5gxvhVXSL9Z:40AZNHi0nV3eS0HJkhZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642873803, "uuid": "16d43af6-70b5-4ee2-a07b-5e16e9ec0353", "value": 73379, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642873803, "uuid": "16c0abcc-db62-4bb5-948b-d6cebdef7617", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642873803, "uuid": "96a9d930-09f8-43bf-8d67-f7574d58d939", "value": "mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05579f62-7b80-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642855031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855031, "uuid": "ce60393a-0be9-4286-bf19-c1f34bc5a2d9", "comment": "Malware payload (Heodo)", "value": "a2200d69b077f26afbb223d01a33e29e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855031, "uuid": "ed6f2e42-057e-4592-9dfb-aa19b99dba26", "comment": "Malware payload (Heodo)", "value": "199b4aecbb01ae573b295e5232b4292287b1f167a40d6df3df154eea806b34d0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855031, "uuid": "c0acb4a5-7d0b-48f4-9711-81969abc8ce4", "comment": "Malware payload (Heodo)", "value": "7d427d5da04f413310b4dff92b5b566f6597de07", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855031, "uuid": "39454359-caba-48c3-9df1-c7aedbbd0097", "comment": "Malware payload (Heodo)", "value": "5377eac7818032d51329386cc4cd3da354cf345dd5ac0fdf6109de2e9ca1321df6c2f69aa82d08ad580d44f963755191", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855031, "uuid": "d8b50558-c52b-4089-bd90-6d60edfd6e3f", "value": "T1E0D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855031, "uuid": "0dcc117b-c708-4f88-9976-4a1db9f9f884", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855031, "uuid": "c8295b28-03f1-4232-8e86-abc16cb59357", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLekMZR+TTD7vgEPej:0hn7dA19ZCOyDaQ6kqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642855031, "uuid": "9ba051d1-3194-4921-b890-bf8c38eaee55", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642855031, "uuid": "2ef755d7-e7ee-4ac9-9a89-46b4bf8b6a47", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855031, "uuid": "1c5732cb-9036-4dd2-ae68-904048690123", "value": "a2200d69b077f26afbb223d01a33e29e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ceedc36c-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1642874697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874697, "uuid": "453d6aeb-541f-4957-bfbc-5d3aad052846", "comment": "Malware payload (Formbook)", "value": "c47d3c06fde2676459485489fdbf2ada", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874697, "uuid": "0af5a9eb-eab8-4d36-804d-12cc5a18356f", "comment": "Malware payload (Formbook)", "value": "19ffbef45e9877dada9edce2f6483f8f38df87fb4f19209b700b6b297bb6c29e", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874697, "uuid": "2aa53974-bc74-4ad4-8b58-922de5148815", "comment": "Malware payload (Formbook)", "value": "a5efb7f2fb61da3575b302d562bd9663b91266b8", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874697, "uuid": "918993e7-8588-4e47-b6b2-85dbab54ea35", "comment": "Malware payload (Formbook)", "value": "0e5c35bd2963da4a9c8e10283802cc8efe35485174b2eea24888912688ced2b91b9d87e6368c13ada14026e86be7f615", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874697, "uuid": "a3274a69-883c-4aeb-9b77-1172b8badd8e", "value": "T13294238D6503D8026FC586B70C48C28CBE188524C9D79C7F6889A6F45A5E9FFCE753B0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874697, "uuid": "75223f10-6e0a-43b2-9161-ca33b7ef7596", "value": "6144:Za6auYTzdyOhGTKoRSy1lqzLo8ONcVr+326jMeDtcAIUadGy4Fd5DFGFSyFkk8pX:odTTQT0y6Ho80m8EdGy4DDokzpS2iu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874697, "uuid": "52de20b5-e232-4543-a782-475d924a2df5", "value": 438978, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874697, "uuid": "48c203cd-c0d7-4a46-90d1-6bae57b71b2e", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874697, "uuid": "69d962f1-3f1c-49cb-a76d-9974d23ca123", "value": "Nueva lista de pedidos.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df9ba09a-7b85-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642857545, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857545, "uuid": "a0f520e6-5b8f-4604-98ec-ef813c09b12b", "comment": "Malware payload (Heodo)", "value": "75c77bbe36617db1a1a2508281bd7fd2", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857545, "uuid": "e8e8d96e-17e8-4cdb-a5be-3eb2bd3260ac", "comment": "Malware payload (Heodo)", "value": "1aeb17ac4dbda53f942d6552925e1f03a87b0c71141d71dc961c6bf78f7975d6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857545, "uuid": "93784513-d256-4b34-b051-5a7d1677a798", "comment": "Malware payload (Heodo)", "value": "bc0b75594fd5e89ad198de591153b4ba3b818045", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857545, "uuid": "f2f47cf7-0f0f-4e74-b986-08014b40a7f7", "comment": "Malware payload (Heodo)", "value": "daad8376d24adb0106d85caf8d2a081c1d3028a6c158ece6566827d30ca891cb3b0ce99a87ddd28c4baa0db370e746d6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857545, "uuid": "64f54614-d3b3-4824-983d-bc48a7078e55", "value": "T105D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857545, "uuid": "62bfb34a-7007-460d-b938-51394945cbac", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857545, "uuid": "d5ade615-233f-416c-81ed-75a74988dd99", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLukMZR+TTD7vgEPej:0hn7dA19ZCOyDaQakqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642857545, "uuid": "3cb67e61-a3a2-4f2d-a016-1766ec051516", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642857545, "uuid": "14165229-c70d-4c87-bddb-7a0bc02566f4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857545, "uuid": "c049496d-0ae6-46a5-a277-594c19999fd2", "value": "75c77bbe36617db1a1a2508281bd7fd2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9c628344-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874612, "uuid": "89b7a9ac-4b84-47b4-8b3e-27b6afebef9f", "comment": "Malware payload (Heodo)", "value": "44a07b029a5044b23cc427a77a38ddd7", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874612, "uuid": "58741f9d-6c44-45dc-8f95-7c2a038ad281", "comment": "Malware payload (Heodo)", "value": "1b985305c462d631542e3d0085e203d275741bb38dd47e255769304e8b943c08", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874612, "uuid": "a1f9b39b-5401-4e81-93a1-98a3a2ee22c4", "comment": "Malware payload (Heodo)", "value": "8042e4f7c52b67ee4356062f3cb7d179b9099373", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874612, "uuid": "655743d8-73a4-4aa0-99dd-7dd773fc6d84", "comment": "Malware payload (Heodo)", "value": "691a54a95f20eb231bf8bc088b79f32c63738b7fa8f51b61b9964ace543a47071580d916d47a5a864ae63a7ac27647fc", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874612, "uuid": "63be842a-c0a5-4d6f-b15d-ac241febb451", "value": "T17CB3ADE777DB4889EF25037A8DB606186763FC615BE313472345B3266E74AC09D03A17", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874612, "uuid": "0efa4ce0-5113-42c2-8751-dcd151ee1096", "value": "3072:+C+nBqmxk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIFxe53lGvFTQ3IzxgdrvxpU0O:R+nBqmxk3hbdlylKsgqopeJBWhZFVE+s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874612, "uuid": "0e460951-d293-454f-aee2-a0b995d6334f", "value": 111058, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874612, "uuid": "fc9d0756-f96d-4510-8bc4-ba7a229024d1", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874612, "uuid": "a2c4e32d-10e9-4521-bf64-ada4133ecbcf", "value": "check copy_1.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9ab4add-7b85-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642857535, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857535, "uuid": "9b026798-138f-4587-8283-f6bc047b4250", "comment": "Malware payload (Heodo)", "value": "1ef774aab3d6419851da8594e4652f9c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857535, "uuid": "28050c68-933c-4d2e-9ae8-eec418a3346e", "comment": "Malware payload (Heodo)", "value": "1d8b306392378bf72b00a8529a302511a0ac36940ba9e61e8bb2205669dd03ce", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857535, "uuid": "c670e711-3e4e-4a2d-bac8-28ca0d0e6218", "comment": "Malware payload (Heodo)", "value": "9d5ca68cd797edbd27e6b8847c852c2e8293533d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857535, "uuid": "00e932f8-fd61-44a4-9afb-13a72892e2a7", "comment": "Malware payload (Heodo)", "value": "184d783c707f2c6da1e148d5fa789ea58d34cd9c9c70eedc583df01f82a776c4add3839d7b786ad0e194bf346865bca5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857535, "uuid": "e4893200-976e-42c9-81b8-5396b9377332", "value": "T144D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857535, "uuid": "a557aea2-fe45-4aa6-af10-7f51c2bdd718", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857535, "uuid": "ecdac6ed-ed5d-4224-84f2-9b0485911dd5", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLQkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQ0kqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642857535, "uuid": "76108291-2725-4cca-840c-3f1b37aa9788", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642857535, "uuid": "788f939d-454b-41fc-9048-460406dde8f0", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857535, "uuid": "bfe05729-0509-42bc-a8ca-dc4d81d966ae", "value": "1ef774aab3d6419851da8594e4652f9c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "408d7aba-7b78-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642851695, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851695, "uuid": "4e5cdf54-1556-4aef-8802-1fdb6342e12f", "comment": "Malware payload (Mirai)", "value": "c56d74eb8f760fc5b668da550cfacc61", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851695, "uuid": "adf7dd15-2ef1-4310-ac50-03bb4851ae87", "comment": "Malware payload (Mirai)", "value": "1e3a778344463ea080f21bf5973593cd80f5f8533caf3b0266b5ea6cd39ec5fb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851695, "uuid": "1fe83545-40ea-4535-8478-60cd658812a4", "comment": "Malware payload (Mirai)", "value": "d2088684eb66d78244055398d19485722f0af968", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851695, "uuid": "54ef1409-18fb-4a56-a0bb-3f27dc1281fd", "comment": "Malware payload (Mirai)", "value": "7659d42b48cb329d27735f0c60c770a24b5b70e4022f779afb0244cacb3daf6ee4a1920dad032cd07319b78d7abdf38d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851695, "uuid": "3cd6e901-7bf5-4610-b797-be12db5bb158", "value": "T1716319817C80AA26C7D0177BFA9F108E3314ABD8E1DB73478C141F95769A81F0D6BB5A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851695, "uuid": "5b98e899-ca22-4b27-91f9-600e9777068b", "value": "1536:GbtexU5L9XouIRhb96pUQzXtwavaJ3V8OHxouJeZWDFI88M:GbtexU0r8QCKw2Fbl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642851695, "uuid": "7f0981f3-0a69-4e32-be48-9eecc53f1686", "value": 71864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642851695, "uuid": "eca9c827-99a3-4d04-a7cb-dc92fcd7c7b3", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851695, "uuid": "dbfa0553-3bdc-407c-9b7d-108bf9876c02", "value": "c56d74eb8f760fc5b668da550cfacc61", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "405844ce-7b7d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642853842, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642853842, "uuid": "6950e0d2-255f-4212-9b23-23efde3239d7", "comment": "Malware payload (Heodo)", "value": "0d535034794711ce7b5915c9d0afa437", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642853842, "uuid": "2f813bf2-7aed-4b8b-83c4-3a02c33ee52d", "comment": "Malware payload (Heodo)", "value": "1eb2dd191b964bb28748fdf47829115d4aacba86e53552b27879bff0984ef663", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642853842, "uuid": "fe6e84fb-b194-42f4-9cdc-3a3ba98733a9", "comment": "Malware payload (Heodo)", "value": "2a202980f01cd2b1cd09328b586ed7bd4c12f6f3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642853842, "uuid": "ebf8a9bc-ec6c-44f2-a24c-885ecad23374", "comment": "Malware payload (Heodo)", "value": "f9091058cda4941dc3597bbf3dc1a5efb49dfa267e359ce1087ee5f80918a034a00748fdb8579a118898d08a19fece87", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642853842, "uuid": "3d3241e2-658a-4465-8a0c-7dbde1991207", "value": "T127D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642853842, "uuid": "f86681e9-4def-460d-ba33-6b3dfde7dab8", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642853842, "uuid": "58ee2267-55e0-4786-b864-b010f045259d", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQL+kMZR+TTD7vgEPej:0hn7dA19ZCOyDaQqkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642853842, "uuid": "a96e4f5e-7c58-4f1d-921a-a146715eb8a6", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642853842, "uuid": "ef729e05-5c4c-4b38-bd4d-fa1328883d84", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642853842, "uuid": "c8b3208e-bc5a-42cb-a859-96ed3bd2a866", "value": "0d535034794711ce7b5915c9d0afa437", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "770c087f-7b42-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642828593, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642828593, "uuid": "e92f0670-e89c-4104-8a54-eee36c7f4f4a", "comment": "Malware payload (Gafgyt)", "value": "bbee037d45fcaff29fae7763e6be5a33", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642828593, "uuid": "7a4d0f5d-7dc0-45cc-8f19-a79e492e78b3", "comment": "Malware payload (Gafgyt)", "value": "1f2636846e62666db1b2248e4afa0ef36de166ba6a86675747ce542411787c23", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642828593, "uuid": "cdde144c-4ed5-4a5a-a400-5a5b9eb24e08", "comment": "Malware payload (Gafgyt)", "value": "ada93f424246e79861b26a86203fb207d235dbfa", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642828593, "uuid": "4b1b84b1-33a3-4aac-9a7d-d2e575798552", "comment": "Malware payload (Gafgyt)", "value": "bce24c345592979e624b0036562766cce208dff80c78889d84fb5eaa6eb2e3ff7a2e5e3d13866ef59405a1a71dce38df", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642828593, "uuid": "1daab961-3aca-4181-be02-a6e29a719ed2", "value": "T1C613F1EA435ECA78DC3CB8B716FE5940DE52FC15B653675B0981233ECC597882E260E2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642828593, "uuid": "385acab2-b378-43ba-993d-8d3a64d4c77c", "value": "768:boOeDv/AebPq2qtSj4M9u4TyiLwsEfEy63r5ex9U3m6DMsv9sPPr5tgZDIioEI:bSDpbPStY9Ho5G8w3malFuxsI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642828593, "uuid": "d65bbf8e-cdb4-40d8-96ac-65804b8b3604", "value": 44744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642828593, "uuid": "6bf8ede0-204e-4803-86cd-960872f24b11", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642828593, "uuid": "fb663490-997b-4176-ac96-a24165616197", "value": "bbee037d45fcaff29fae7763e6be5a33", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6916c36-7b85-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642857530, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857530, "uuid": "89cbbc87-4986-4ad8-9d36-62f67ecb1e6b", "comment": "Malware payload (Heodo)", "value": "5ccc3015f04d1836bc2ac99aa48fc1e6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857530, "uuid": "da3194c8-6ee7-4fa8-bc5b-d86bb973a70c", "comment": "Malware payload (Heodo)", "value": "21e817434a7f98f9cd5d604fd14777e58b72ea31968ed6398985600c83ee3a37", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857530, "uuid": "11d53b9f-8ba7-4f8c-b820-55d346a793c2", "comment": "Malware payload (Heodo)", "value": "1bf8904c86c4f4221b4646ffe87f8aad33c359d9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857530, "uuid": "c412a51a-f02c-4fad-a52e-198978e2f0d0", "comment": "Malware payload (Heodo)", "value": "94e38b45c64bc7d39682c9d46dbb9c485dd87a3941830c736a4df8d0ed82ad5650b74ef4eadb349e49ae36d3c276e210", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857530, "uuid": "e061b766-141e-43d0-a639-ded91db1e68d", "value": "T12AD49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857530, "uuid": "ecd51713-4bbe-4f00-8712-245d2113535d", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857530, "uuid": "4ed7fa3a-b1b2-4dc3-885a-7f4613cb843a", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQL9kMZR+TTD7vgEPej:0hn7dA19ZCOyDaQBkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642857530, "uuid": "cc3bdd4d-dd7e-4422-9dc0-763d8a8a420c", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642857530, "uuid": "ed94afcb-c317-42e3-9dba-9d6ffc7c0384", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857530, "uuid": "f8c5e6af-101a-4bd8-b5dd-4a7bf0dd9132", "value": "5ccc3015f04d1836bc2ac99aa48fc1e6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a90833db-7b50-11ec-9275-42010a9c0029", "comment": "Malware payload (CoinMiner)", "timestamp": 1642834690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642834690, "uuid": "987042fe-0721-4bf2-b98b-0d06f80fe5bb", "comment": "Malware payload (CoinMiner)", "value": "af138c985103aa87821fffdee3af6468", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642834690, "uuid": "d2a7c659-09bb-4a3d-b41f-bdabc6bfbcbb", "comment": "Malware payload (CoinMiner)", "value": "22c1d081da11e8836052f14b42d51264982f96043221300f8e2e639b4ca6276d", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642834690, "uuid": "61e101a9-d653-4db9-ac4f-0178199e987c", "comment": "Malware payload (CoinMiner)", "value": "6eb7e5781fcd87ca3e415a309e7db41534c66d9e", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642834690, "uuid": "2f3df326-d038-4854-a4b8-5dd4aa6d4ccd", "comment": "Malware payload (CoinMiner)", "value": "8582b01636b2a503f01f0bc7037edfd9972301ece9598d2393479a481f79ede31a5afbb35bf28d292c429be9cba1a964", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642834690, "uuid": "e28e1ab6-168e-44a0-8775-eed0526607c7", "value": "T1894633109E461D79D5381638206F6F1D3DA00EA6C46EE1D343F9F9DF22DBFA08597924", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642834690, "uuid": "7a144208-980b-4618-a29d-1259b44fea28", "value": "9bfd2dac39af50555ae9789117b36b66", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642834690, "uuid": "309abdc8-05e2-4844-9475-671383199636", "value": "49152:7V5D4ZEjhwXpfkIXbNRy2xhMO9ug3QvXDnmpL2ZdaiQq8CO1dtzmVjx6EbGY0ZuO:", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642834690, "uuid": "795f8bef-919d-4ffe-a68b-dc47b302ea9c", "value": 5637120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642834690, "uuid": "2ff7b369-bcaa-4714-9b69-51778916ba3c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642834690, "uuid": "7a427a53-701d-42e6-afc2-30f21555693d", "value": "af138c985103aa87821fffdee3af6468", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4affcfdf-7b16-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642809621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809621, "uuid": "a68723aa-9e1c-44c1-9614-b207071a55ab", "comment": "Malware payload (Heodo)", "value": "7c6ba88f228ea44f5d41edde3ef25cf6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809621, "uuid": "cff6586e-e986-415a-9e94-4dab456c7fdc", "comment": "Malware payload (Heodo)", "value": "22d7a060d04a87401e160b929456a2e0927838a9f61339032416f370ece38c9f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809621, "uuid": "a6e4bac7-3645-4faf-a88a-ac6a27aa65f1", "comment": "Malware payload (Heodo)", "value": "fe446d5d39f0861d4ccc55003bd4ce18bec63b99", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809621, "uuid": "0d6d726b-169d-4bff-aa8f-80b0c0c47e8a", "comment": "Malware payload (Heodo)", "value": "aac46f400a303137fe6ad39cfdf4dcf6dd36417cf2e53bf4003f8a6ff86be1a3d74f42082d139c687483e53ed2404e69", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809621, "uuid": "d491b108-4e4d-4b60-b7f0-7047a76b00dc", "value": "T1B4D4B011B2E2C07AC1AF0175595297A973F9BE90D9FDC247EFC06A4F5E315828B38722", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809621, "uuid": "6a6d9891-a170-4dea-988b-36f17c3eb049", "value": "24b46ffcf60dc8d39e8124f411ebd08e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809621, "uuid": "44448026-0027-4405-aac7-0747b7c1249f", "value": "12288:vClISqMT89ornPmGZtn5yzrDG1ywIdO3D7AfojAxOBnVV0KOFD3EPO7:vmTWornPDryzr6ywIdOz7AfOAxsVZOFZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642809621, "uuid": "3ec3b138-a210-48b0-8df0-b435ff05a28b", "value": 634880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642809621, "uuid": "dc65bcd1-846f-495a-80f7-cb6d587d9ba9", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809621, "uuid": "78b2a3b4-9616-47f9-b88e-629bfca75992", "value": "emotet_exe_e5_22d7a060d04a87401e160b929456a2e0927838a9f61339032416f370ece38c9f_2022-01-22__000011.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb804215-7b85-11ec-9275-42010a9c0029", "comment": "Malware payload (NetWire)", "timestamp": 1642857511, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857511, "uuid": "6ce01079-c1c8-4738-995c-c897a6cf8a67", "comment": "Malware payload (NetWire)", "value": "e216d0383eba0be804c27f8ef757561c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857511, "uuid": "72b89ab0-602b-414d-8628-b4a396841f11", "comment": "Malware payload (NetWire)", "value": "2335d5c9dea706909a69b949120c856012a6dbd3b66897d5cf0f21cad7bbd088", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857511, "uuid": "4e1c3cd8-8cc6-47fc-ab92-660f1b8afabb", "comment": "Malware payload (NetWire)", "value": "7d5cced03bdfc21957417aeb9d227930b62b7ed5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857511, "uuid": "9c7c219e-20a8-4c55-8497-1f4272f8a4e6", "comment": "Malware payload (NetWire)", "value": "0e3550909157710f0cfb07febbebc6452e7afc49b68cdd2933c597f719e243d91726e95e148c401fdea7ae7af378bd1c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NetWire", "colour": "#B4CCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857511, "uuid": "5dde9328-2612-44a5-b81d-53e735a57f57", "value": "T1216412BBF770C213E8510B34ED6681B4C7B058A3679B9B9F9144067C98F1B6489C2A3F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857511, "uuid": "92882543-2435-4bfd-9f03-3fd00bb59032", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857511, "uuid": "fe08ec03-f90a-4c0b-95f8-39985266193a", "value": "6144:fyvK5UDxinZSTSNUyp9lmrMlVFNECs3ZAY1nk+8zdJHkSzt5lQlARLEY3yUT:cKixsC2P71NECNYZk+a5k3C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642857511, "uuid": "1c3ffff6-6548-443f-8e63-94a6fb2e0564", "value": 326144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642857511, "uuid": "af886474-138a-4fe6-81e4-d8ed8d38a900", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857511, "uuid": "4d8fc141-29bd-48aa-a198-bc459924714c", "value": "SMS Report.com", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41a7f9ae-7b49-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1642831510, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642831510, "uuid": "cbae116e-f2cf-49e4-9f09-edcf5c09f26f", "comment": "Malware payload (RedLineStealer)", "value": "711fd5523133f8e810752612b8e36440", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642831510, "uuid": "849e9041-57ac-40c7-80c7-8d2732d951a4", "comment": "Malware payload (RedLineStealer)", "value": "24ad0dc8467cc51c81137bc9c534111a8bc7dfbb8cde9c649006d8ff80452e84", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642831510, "uuid": "f74bdb29-b5f8-480e-a239-1152aeebbec1", "comment": "Malware payload (RedLineStealer)", "value": "a0825d55cf77c78cdb0920fcca9f759e620ed9db", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642831510, "uuid": "5c93d4c3-aa61-4255-9eeb-305d1658da2b", "comment": "Malware payload (RedLineStealer)", "value": "33f3338f8e97863d37cea4401666c4e8ab73e0e9557f0db4cc36d0f3bfce8066d46d9da43cf4129c7a7b031d021336b0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642831510, "uuid": "6fdc8a48-da02-43c9-a2cc-5f0f35fa54a6", "value": "T1E4F533A753FA69A7D5C0A2391560573430DD5C48AA6E98D16AB3C2BBB7B1106FC0C3F8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642831510, "uuid": "20890ac3-c331-410b-96a2-0f05fa6b4329", "value": "c284fa365c4442728ac859c0f9ed4dc5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642831510, "uuid": "769808ed-c3ee-4255-a7e5-3bf91475c499", "value": "49152:bMs6Ab1k0qg9A18tglhqJuSwyPTq7I9JLbphGmvy3gqeTuLqz/0LDEQso1NSvEMW:bMs/kk9A18tgqJuS7R9xvkewQ0LLbAdw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642831510, "uuid": "67eae043-5b0e-4762-b906-b6e1f9d34820", "value": 3631104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642831510, "uuid": "06f17b82-9bcd-4b95-80a4-1fe30e63aa86", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642831510, "uuid": "95d24530-7630-49d6-81fe-eeca9c04f3ca", "value": "711fd5523133f8e810752612b8e36440", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e79cc55-7bac-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1642874159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874159, "uuid": "26ae0444-9167-416f-bf86-1e7c6e4cb53b", "comment": "Malware payload (RedLineStealer)", "value": "85712f61fc6779726bf7788d062a7494", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874159, "uuid": "71d5fe28-5b64-47c1-a4c2-fc3d916934df", "comment": "Malware payload (RedLineStealer)", "value": "26eaca0fdba3ef01a3a43f06ccaa97bcd824d70fe2d8722a8f2d89d096a2e04c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874159, "uuid": "147249d6-d50a-4623-bcb8-be313a99679d", "comment": "Malware payload (RedLineStealer)", "value": "b17bd18a986779abef87c5d0d10343b3cd124c7f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874159, "uuid": "1f982ae6-9c5b-4865-8524-70d6517d4254", "comment": "Malware payload (RedLineStealer)", "value": "8f8ae533c84b9209fa2feff145a8259d5bbd2ff7e517021fdf903d5bf91e72093a0dfc7706791c49424c6a54ae9082b7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874159, "uuid": "4bed9fbe-942e-4f2b-b2b8-3a0d4126177e", "value": "T16434CF307780C476C4871630582ACFE0E97DFC354A55863BB7A9BB3BAE73294196621F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874159, "uuid": "1103474c-52df-42eb-8949-3a0426352ed2", "value": "4adb5b675c5b789abd19cfb9137e0dfa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874159, "uuid": "c55b5151-990e-4aff-8da3-261e63218bf0", "value": "3072:i3wLVY2iDhn+EZGDP4irY5eZLH3ZUbM/h3Lfed:i3wLVY2Khni7NBZjZON", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874159, "uuid": "05fa95d6-27ad-4859-8dfd-a3155affbef7", "value": 243712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874159, "uuid": "d898f420-9050-4787-bd0e-2c90b8a7207e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874159, "uuid": "1ea465c1-8593-4808-8672-3f65fd0deedc", "value": "85712f61fc6779726bf7788d062a7494.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e65b450-7b59-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1642838457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838457, "uuid": "b34d7f60-b03f-470f-9089-31762cb24b86", "comment": "Malware payload (AgentTesla)", "value": "4a6b64ca903b0cf007634e1bcda2b7a7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838457, "uuid": "835a4022-3311-48ce-80a4-42c489fad4b2", "comment": "Malware payload (AgentTesla)", "value": "27900c91623e4badaea8a763a5865d7ea0814e012ef300865796633415c5e107", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838457, "uuid": "4236cda8-1bbc-47c2-96c3-a7b082926816", "comment": "Malware payload (AgentTesla)", "value": "9115cf6303259a254841763d9c0b2eca6009ab44", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838457, "uuid": "60e330db-0c39-45a7-93b4-fe611f6383ee", "comment": "Malware payload (AgentTesla)", "value": "868794ad7ad564a9b98c4e1cdead581f4e78d00a89eee1162140fee67d458d0c06f3b2c485143c67424fed060adec99d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838457, "uuid": "713dd189-a09e-4f5f-ae4c-988d81e11c1a", "value": "T18CC423DF7F7474D396136AAEAAC57D099D12448B5061F0DABEECA74E0792B313E0220D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838457, "uuid": "046aacaa-1edf-4ca4-9bf9-fc34e5d76471", "value": "12288:pnjUfnm0W/ccG/tYsA9zU4yfhdhD1ux1JhnbbbOX8U3LR5Rz3n/4:pnym0ucT1YsYA4yfhnE1JhnrOBTJ/4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642838457, "uuid": "b524832a-1012-42bc-9448-5515bb6f68d8", "value": 566100, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642838457, "uuid": "b428d68a-e4a5-4a85-b21d-c60bcd988fea", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838457, "uuid": "b8634ced-0c3f-4ede-8f93-341a1d0a95f3", "value": "Quotation.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2aa319c0-7b77-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642851228, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851228, "uuid": "2b8b9dd6-098e-4365-90d1-23eeb0100004", "comment": "Malware payload (Mirai)", "value": "b3bca556a13055a3a68185bc95817d3c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851228, "uuid": "2380d6df-2c45-45a3-b7b1-b03fc0dd6101", "comment": "Malware payload (Mirai)", "value": "28714ff8bb4e292a53fc465d01798caaaf64c36f9c165f56e51a47e29f460373", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851228, "uuid": "7d834ccf-fb64-43af-978f-fca0d1546acb", "comment": "Malware payload (Mirai)", "value": "b9d18d22fa16798ee6c20694338b39cfe0ab1a9c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851228, "uuid": "54d714fd-f934-435d-8611-d26a114219ab", "comment": "Malware payload (Mirai)", "value": "9db79f576b7716a378774cd33f18b174b802b207fe22e2d75c34346eaa55d48de1f3590bf2676f96b3f65e8cc7abe6cf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851228, "uuid": "3b89698b-f29b-4bcc-8148-7d1ec57cc07d", "value": "T141530A817C90AA29C7D0577BEAAF108E3354ABD9D0DB7347CC044B917ACA90F0D67B86", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851228, "uuid": "fddade8c-3da9-4b3c-9c16-a45422897e7b", "value": "1536:dOxGfyRWiPLacGXWzM9l6yTzpl84ETjpk19y20Yvck6YceZWGzDcMH:dOxkyRWiPkjX0QckVcwLZH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642851228, "uuid": "b9dfad89-b770-44d1-9e5d-cb280d4f61af", "value": 62680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642851228, "uuid": "72271ca0-84af-404e-b349-0a6a96f62b49", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851228, "uuid": "e29c315b-d775-4107-84d9-1189487d65fa", "value": "b3bca556a13055a3a68185bc95817d3c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcc2d165-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854587, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854587, "uuid": "9b0a5950-51a0-4c1c-a33a-1cdd840e9e55", "comment": "Malware payload (Heodo)", "value": "4d1e6a88b4788dba5b66a21fbef80d84", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854587, "uuid": "6622c813-775f-458e-84b2-0b6aa1f706e6", "comment": "Malware payload (Heodo)", "value": "288a287ce78408b0115d30195bb22289a850a836fb5edbbd537c2a28b50d5161", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854587, "uuid": "587821eb-215a-4f92-b358-59cb2b4d7525", "comment": "Malware payload (Heodo)", "value": "5302c1cc51d3e7eaa593136d0198fc10bb111bb5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854587, "uuid": "d777a05c-a2bd-4275-929f-4935980e444f", "comment": "Malware payload (Heodo)", "value": "cc32497d4e438f6f7ea15913867a3a6f3730bb847319600713c4a26dd1349cd91aa171c010520991390a356dee9c9d01", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854587, "uuid": "0b62e0b4-9cd1-40a1-b55d-96cde9f6bcd5", "value": "T139D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854587, "uuid": "182c1603-5f3c-4df3-a993-78de13a0fbf1", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854587, "uuid": "f93cd196-f2f3-47cc-bcd8-395ed8d7e7f6", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLbkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQ/kqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854587, "uuid": "d8e82efa-d3dd-436d-ba45-9988e56c50c3", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854587, "uuid": "01420718-3d96-4012-a90f-4edbba26b3de", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854587, "uuid": "188ed787-f7ac-4fed-8a84-4473a117e84d", "value": "emotet_exe_e4_288a287ce78408b0115d30195bb22289a850a836fb5edbbd537c2a28b50d5161_2022-01-22__122936.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "446bc606-7b9f-11ec-9275-42010a9c0029", "comment": "Malware payload (DCRat)", "timestamp": 1642868451, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868451, "uuid": "2f18391f-a317-45e5-bd77-dd2476f1ac02", "comment": "Malware payload (DCRat)", "value": "afdf852515e10992e7f8b3f643ad0b27", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868451, "uuid": "23ffc7fb-7526-406d-b62e-b6b42971b5e9", "comment": "Malware payload (DCRat)", "value": "2b9ac4b1b80df1654cee367a618a5c536d4c97c7b2956fe8fc18815264ff79db", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868451, "uuid": "37423a91-4af2-4d4e-bd08-c3b93e823244", "comment": "Malware payload (DCRat)", "value": "2f4d3c8e843e2fae1393e7704033290bfdd55130", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868451, "uuid": "4fba8cce-aa65-4899-845d-2b37aa2e51b8", "comment": "Malware payload (DCRat)", "value": "b4f4d600d15e707622359584c4e5fa388c1110b69761694a1c7d079696dba8cc59aca6be2785ea19f53b7e5b5a5185c1", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642868451, "uuid": "ac926e04-dc06-4ec7-b978-54d3275dfc04", "value": "T17D15F7027A45CA01D0BA17B7E5EF8414C3A9AD417662EB1B7F6F33AC21613A71D0E5CE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642868451, "uuid": "0d707d1c-f149-4847-82ec-49f7b0223441", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642868451, "uuid": "19e6cbd7-ba22-44ed-964d-5163172fe0c2", "value": "12288:8oGHpa0V9JA5iZNJMeXkTRxVnEk9tw6JGr7CUoTf43wu6:R0VI5iZDMnvK627ChTQ3wT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642868451, "uuid": "ed4bc9b5-d74d-4b39-90f7-bd8cf7cb8b84", "value": 891392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642868451, "uuid": "f4ef806c-a66f-41b5-88b9-c5f4564fbd18", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642868451, "uuid": "e0232d1c-ac15-4a8f-849c-88e90e5de1e5", "value": "afdf852515e10992e7f8b3f643ad0b27.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "88f445ee-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854393, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854393, "uuid": "6daf46c5-c2c5-4571-aed3-683e1e583057", "comment": "Malware payload (Heodo)", "value": "3677819a63a436c7d90d01e8fab38eb6", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854393, "uuid": "5673d0bb-6acb-4169-8a94-ffb27f2cfd18", "comment": "Malware payload (Heodo)", "value": "2c4591542b85eb8601213322454ba4aabc683ae03b70a8244436895575732be8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854393, "uuid": "04268039-8a3a-4c77-9837-b84a2f6f0003", "comment": "Malware payload (Heodo)", "value": "6859b714f0878c8170a56d6aa41dd7aad3c7b44e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854393, "uuid": "632d2ce4-8a2f-4b2d-b807-e65010b7ea1c", "comment": "Malware payload (Heodo)", "value": "3bf476230d36c2195fdfb169d54f22ff7ffcefaf050d5d62474aa3507cdae620f466beb4a773481ab47f281baeb059c7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854393, "uuid": "3b0a7ab9-9b9e-4519-bacb-fd0f8ab240bb", "value": "T1D2D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854393, "uuid": "6452db29-8ebc-409d-91a1-65698b614e6f", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854393, "uuid": "8e3e139e-88f8-4b5e-85e6-8ef8ac986e59", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLVkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQxkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854393, "uuid": "a4ced633-629e-4009-ae4f-17e60e520c6f", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854393, "uuid": "28d95a32-0383-42c3-a423-d773cfd29fdd", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854393, "uuid": "7f648b16-9895-4203-aaaa-8644ffbc4235", "value": "3677819a63a436c7d90d01e8fab38eb6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef6bcf55-7b59-11ec-9275-42010a9c0029", "comment": "Malware payload (PurpleFox)", "timestamp": 1642838674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838674, "uuid": "d5af0d59-31e5-4cda-94f5-e0d72d92defa", "comment": "Malware payload (PurpleFox)", "value": "3ec149660a6808f711ca6cb6b20c1dda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PurpleFox", "colour": "#FDE7BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838674, "uuid": "fab25a11-9ead-4d4e-b28a-0d11c62d7d01", "comment": "Malware payload (PurpleFox)", "value": "2d288f2cd6752a01360f2669959e2c61f676f8156d5cc40d4b415245ae04cf6d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PurpleFox", "colour": "#FDE7BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838674, "uuid": "cce7d109-e618-447e-b314-48adb62f5a04", "comment": "Malware payload (PurpleFox)", "value": "45c3d1d8dd512c01fd6c897c67b35c13c49828cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PurpleFox", "colour": "#FDE7BD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838674, "uuid": "56e5d66c-5fd0-4c52-9617-ca976c3548de", "comment": "Malware payload (PurpleFox)", "value": "2b39634440dcdf0337d5837cbb17a69aab6ab91fafce66ebfdcb07499e567a53a7a0a34ab73adad421c935c0b8cd3cbc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "PurpleFox", "colour": "#FDE7BD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838674, "uuid": "cabb2204-149a-4622-9306-5dcad008037f", "value": "T180E4A736B2F30099D9ADA136AF566325A5D13CB5CFE0C34BC105361A1BB19D1B93A70F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838674, "uuid": "5cb3e81e-2821-42c0-9c3b-56c4a80e386b", "value": "9c7cdf472434e99b4d5708b7fb3ea6ab", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838674, "uuid": "461d6a27-8998-4283-9187-0e6eccb2f742", "value": "6144:iKDggLeO+QiXhxkwN4LTZZbY/9qnkZy7uPjldp/jq:iKDgNO+QiXhxX4J0qnWjF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642838674, "uuid": "4cb62a35-a7ff-407d-844f-3f939f85aefa", "value": 673792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642838674, "uuid": "dbff3352-d414-49be-806f-ae047694f178", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838674, "uuid": "4f571bb2-3423-49b7-b55f-f440656d2e01", "value": "3ec149660a6808f711ca6cb6b20c1dda.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e143a594-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866138, "uuid": "4cdc1897-276f-4365-b17e-acd62a94d6a4", "comment": "Malware payload (Mirai)", "value": "459bfc3d3ce42422b1aca413ab844efd", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866138, "uuid": "c2129d22-4c30-4c42-9f88-87b21aa34444", "comment": "Malware payload (Mirai)", "value": "2ee2035055d4c8dd204a7f880ad0ae677bce796b16b9d6023e69d59a6ec7c1cf", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866138, "uuid": "9fdabd72-5a67-49f2-9d51-0998498009ce", "comment": "Malware payload (Mirai)", "value": "f2feb0f9d3aeab620e34ef15289f3c66fe82450e", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866138, "uuid": "927aacf8-90ad-4e05-9818-dae21f1c297c", "comment": "Malware payload (Mirai)", "value": "bf85e28adf1caa12089d285f8fd398c9645055346bdf2957566506ffd0b6bffd64a469a3ca9bea6725d26a329c6c5494", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866138, "uuid": "ec99c88e-ce87-40f8-95d4-54f8fd77849b", "value": "T1EB734B0272590D1BE9D30AB0283F2BE187FEE6D055E0F685695FEB568831E33554EF88", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866138, "uuid": "e399872d-07d7-4824-9b39-831c88e8cc11", "value": "1536:h2fihV5EUDg/V6f4rqKS9PR5syJOQRVbKDDpIvGVR:MfSMdY6qKAPR5ypI+r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866138, "uuid": "59611572-78fc-4c67-a5cb-d9d0eaac9888", "value": 76108, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866138, "uuid": "ec9da03b-df33-4dd3-af01-e3617aff579a", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866138, "uuid": "d36dcc18-1911-4d65-bb7b-781ad41152e1", "value": "RSec.ppc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0f9daa35-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642874376, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874376, "uuid": "61ab0cf3-9009-40b0-b017-1c79bc419136", "comment": "Malware payload", "value": "af618578d1dcf96e22e4ca124bd9fe12", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874376, "uuid": "cd343955-7bd3-4514-bc75-f1250e8f0c5d", "comment": "Malware payload", "value": "2fb05089af4acd587b14341b9061fbc368e63ac042ae88a042afb02bc996bc31", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874376, "uuid": "817d23ff-0b31-42ad-987d-122e1c7ab19b", "comment": "Malware payload", "value": "e48bf5a45c5128941944613f3b786e5a3808d5f4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874376, "uuid": "12e24aab-4710-49b4-ad99-4718bbaf6742", "comment": "Malware payload", "value": "513c3b53ee86e94d3f8b76359f758b6841dad7e1490910c1e1ba420a9fd8894a79f51fe1e7dcd4ee5984d8f3b3041e24", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874376, "uuid": "c5b35c5f-0131-4942-a6b5-f168d520c364", "value": "T1CAE2F1A1998E36E3C1802C76E6BC560B435E1FBBF7DE25B98710EA08C79651133F9B11", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874376, "uuid": "2afabcd3-4ffd-42f2-aa92-084179fd5602", "value": "768:HKE9Mwb8TrqFFB8waSa4u/C/wiKsm1Jzy97e/w/9wb3Ug:HKmMwbWrqFFfvu/CYHlxy9S/w90", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874376, "uuid": "29829e6e-e79c-4fb3-892b-58cded7f0b77", "value": 32832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874376, "uuid": "51e3e146-aa0a-47d2-baeb-d47aefdad641", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874376, "uuid": "570fbd9c-4cde-4a45-9a8c-bbb9b7f1f729", "value": "af618578d1dcf96e22e4ca124bd9fe12", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd2f1b2d-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866104, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866104, "uuid": "ffdefbfe-30bc-46cf-89d5-49e60678ac39", "comment": "Malware payload (Mirai)", "value": "4de9a343e31db7a4608b2eea00b5a63d", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866104, "uuid": "3b9128d9-b367-470e-9afe-faab2281318b", "comment": "Malware payload (Mirai)", "value": "2ff142a87fbc16d3454d694591d95bf41e7d6fbe3a808bd0c56996353ea293bf", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866104, "uuid": "b84fa245-4643-4842-bd58-141dcc90d05b", "comment": "Malware payload (Mirai)", "value": "4dcf68dbea245c9098762e8cde807c2825fdc2a9", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866104, "uuid": "bb0dfa56-7bb1-4190-9a26-a90b160bcbd1", "comment": "Malware payload (Mirai)", "value": "b3af839476e99499502e4dd70ea74f92623e66d87b428b2408c2785daa2c67c75c1b2389a8a600e1dadb304d59b1a885", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866104, "uuid": "f59fb733-4eb0-4a8f-94eb-c58e99861cb6", "value": "T132833B41BD825A35CAD46377F6AF01CE332563D8E2DA32079D251F5077CA82F1C67A8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866104, "uuid": "605e9f75-1fcd-45be-9c44-7d557ad7a402", "value": "1536:S8YE8SY9F0SgqOPhIv1cAa/l3qZaDapN/vxB+kBdXRoukZfDaaK+ijs3Ga8goxT6:S8BY9FhUa4DIVI25mi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866104, "uuid": "3c5fe0a8-d281-422c-a27b-b9b0a0c5bcf7", "value": 83340, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866104, "uuid": "273005d9-c0a4-47ee-9ddc-32b75c4ef279", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866104, "uuid": "b59aed68-7fa3-4bb5-b320-aff4858766d1", "value": "RSec.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78e08803-7b84-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642856943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856943, "uuid": "f7802d05-8c37-47f2-b383-e8c1809ea62e", "comment": "Malware payload", "value": "82d5ec59a96e43169dd1c61013138859", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856943, "uuid": "c1447478-968e-48db-bd5c-1742fa0bf660", "comment": "Malware payload", "value": "343111fe3b0d18fd33a37bbddd1e3b029886f6829cb4f039588a391eff49b01c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856943, "uuid": "6100aac5-e043-4ed6-95db-b665e730bbb4", "comment": "Malware payload", "value": "3dbb80b7bd2b493edbc7c3bde3b928f2433e4fc0", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856943, "uuid": "f6828705-cf26-4740-9f9f-27fd16064680", "comment": "Malware payload", "value": "e699745fd0168b5c5c3e043d5d6cd329321c89485c44354fb6b0285e4dcfe2fbece4b555eab9a3921fa4d5211a9d41bf", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856943, "uuid": "a5f7f3f6-7cdc-49bb-baf4-2ae80da85fa9", "value": "T10BB32985F9118727C2D22BFBF79F479D3B355A64878733117A2D7EB02B82B491E29210", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856943, "uuid": "37ba237e-b05a-401b-939a-0e65e3ab832d", "value": "3072:kMOau1x8PZC0kCxlrZXC6Li0WQ2LBox/uA:kMW1xYCLCxlrZxLi0WQ2LBox/uA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642856943, "uuid": "67ebb154-20e8-4fed-9814-1a8988a35cf9", "value": 114530, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642856943, "uuid": "49cec859-c53d-4e1e-aac1-c04bea9ed6d9", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856943, "uuid": "8541fc72-0eca-45db-8e74-ace8e092dd20", "value": "82d5ec59a96e43169dd1c61013138859", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "665152ac-7b84-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642856912, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856912, "uuid": "20ba2eee-5ae3-4674-9f0c-d0a9b131383b", "comment": "Malware payload", "value": "4d0f5c6ffc911477212d4ace7b601dae", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856912, "uuid": "78bbdb27-420b-438f-88ba-399db4b404f5", "comment": "Malware payload", "value": "34c0cb78cacef4498b5d7a572a4e25aafeb4a6b49fc9f24cb6b3ac9e6aaaa781", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856912, "uuid": "08cd011a-5334-445a-9750-de0616473e62", "comment": "Malware payload", "value": "0f3d60b00980f71050302a6a85136be326b0c7c8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856912, "uuid": "931cc3df-f46b-46b3-84c1-b13abbb54323", "comment": "Malware payload", "value": "a419b546e0bed37ad81a6edc4dfb8df9f4def40c6d6cd6ad284f07b7673c05b9d3137e847c6096640d04adb7c8e2eb51", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856912, "uuid": "2f8e7be6-a5e4-444d-8451-da9bc00aecaa", "value": "T122B3193B77170E73C0D664B212E70331AAB6C6493979438BB9DC2D9C6F16AC435263E5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856912, "uuid": "e79f0c68-c5c2-4397-83b5-19fabbb75ee4", "value": "1536:vC49IC7tOQo5Bafft0FVq0ftxkKmtIQ9JCU43tXc5n4A:f5AQAcfaPqStKKmtIQ9JCU43Zc5n4A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642856912, "uuid": "c428ff61-8bf6-4d43-9ce6-d7cede13aedc", "value": 109568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642856912, "uuid": "0c009e5c-6b6f-4619-bd0c-88f7b384eef9", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856912, "uuid": "8625e75a-402d-4e5b-9ddb-dc8a68eec610", "value": "4d0f5c6ffc911477212d4ace7b601dae", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a556dae-7b5a-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1642838933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838933, "uuid": "b7ec7085-0d1c-4095-919b-fedea5d79624", "comment": "Malware payload (Formbook)", "value": "b3cb30362fa6bce0e4e67f229d004e11", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838933, "uuid": "4125d86f-2a2a-4099-b495-be83c4b86c89", "comment": "Malware payload (Formbook)", "value": "34f46dda75810eb7a5f92544fdbecf589cc3633a7ef163b54f338477598af7f1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838933, "uuid": "0e652598-81c4-4135-8f41-5fa0d0b1d677", "comment": "Malware payload (Formbook)", "value": "f543e8e3ed6337b0f5993f1255e9571d1b1a56ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838933, "uuid": "778d5b1e-f451-47e4-b21f-d27b6f006e24", "comment": "Malware payload (Formbook)", "value": "a5b6a8d45964f8f8b350f1a9a45204fcd51b2729bb36f4be73c9551b36c63ee132d8c0db687d121dd7897b01aa1a9967", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838933, "uuid": "4da8cbd9-63a7-47c9-95c4-4072ca602698", "value": "T1FD0508AD325071DFC867C572CEA81CA4EB61747A971BC207901311AEAE4DA97DF242F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838933, "uuid": "16611719-d69d-42e4-adf3-6258135d9e6b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838933, "uuid": "8143dfec-18b1-4f28-9db2-743dbe924a74", "value": "12288:/eQmD3v9POXtpQcwXSGRMoatlGbkX5IASxZwYjW683vq6+i9vYFloBTZlwezcASD:/t7pQcwiUhYGkXhbe6+i9vYFl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642838933, "uuid": "a1980139-5897-495a-b29a-77b628efdfa1", "value": 849920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642838933, "uuid": "ed93b395-cf4b-4d04-a580-eeb0e4f17071", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838933, "uuid": "1514de38-e778-4173-a1ca-8ed2b921a6bf", "value": "b3cb30362fa6bce0e4e67f229d004e11.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8261de2f-7b81-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642855671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855671, "uuid": "b83003a6-8684-4a65-9abc-742163b9738d", "comment": "Malware payload (Mirai)", "value": "aaf466b42ee549a7ec504c89c4c14258", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855671, "uuid": "b9e87583-7b99-4d6b-bfe0-f7fd52617955", "comment": "Malware payload (Mirai)", "value": "351f4f084d3af49c2282a824ba1e240f7f359f7320ec0c3d0df9368a3733c47b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855671, "uuid": "5132b800-8b55-4b4e-addd-fa9aadb255b0", "comment": "Malware payload (Mirai)", "value": "702f1bac7ea4030bd363dba12411227102835e09", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855671, "uuid": "bc0dd0d2-5d57-4145-94b6-8a4532b525a2", "comment": "Malware payload (Mirai)", "value": "593d5e97d972f0d77b1e817407085f93ce2d76510e31f289e7dc41c640a3e850672df65c4cd7b2af4162fe05cf2a0db2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855671, "uuid": "101bed65-0a52-472e-8562-12ea0c4cdc61", "value": "T154735C34A97E2F26C0C4A17E52F78750B2E5220F2AB4965D7CB20F4FFF24544A8562B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855671, "uuid": "0dc13ce2-4fcb-4307-944e-7b6eb5bf6839", "value": "1536:vsnCSemCLLWeKNJ+1kbOSYcpC636v/bcYSZ0FFi:rS1+SYccv/gpai", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642855671, "uuid": "c8b78f34-a5b1-4136-916f-87bbe03ae387", "value": 75388, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642855671, "uuid": "3f198249-c0d0-4f3e-ae36-a516602f05e4", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855671, "uuid": "768df0f1-5651-4ca4-a7c8-6659ef38734a", "value": "aaf466b42ee549a7ec504c89c4c14258", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "259b2d9b-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload (Socelars)", "timestamp": 1642837476, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837476, "uuid": "c935055d-8730-44d1-a13f-f9e506940713", "comment": "Malware payload (Socelars)", "value": "d378ff46778b6df2db179434c76d8674", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837476, "uuid": "b861c9bd-b0ce-4448-8156-ffc24d3c56dc", "comment": "Malware payload (Socelars)", "value": "35ed41c8a41d884981c5d7124f2b91ba716b38d54fa42fac018e45fa259b715a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837476, "uuid": "b97dbcf8-21df-45f0-94b7-ede68d7b485d", "comment": "Malware payload (Socelars)", "value": "c10f85fb1febbb9dc825ea5367df9fa7092c403d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837476, "uuid": "ac256409-b5b1-4c45-b56e-505dadbdca68", "comment": "Malware payload (Socelars)", "value": "6ddb0997d29b3893d3af5d26eb5b9f71eb1e9b2edefd8871ac8b1dab049943c58a1ca918b7479b25bbda48a4a587be2d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Socelars", "colour": "#22908D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837476, "uuid": "f11cc884-d02a-4d3e-89f2-1fe0172c2b1f", "value": "T150658E11F642A036E8E310B2C1FF96FE8D286E21431854D7E3C47D6ABA715E33A36657", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837476, "uuid": "3b17d1d4-981f-45eb-9c9e-bda7c7a09439", "value": "d69e4c13e25f0ad622344ac56118c0df", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837476, "uuid": "d2e14f6e-676e-479b-8b32-b349541352ab", "value": "24576:UETpNoFKAfIL0AffU/WbTPxb5wWThCfTCMeno7VCX5tuR:TpwSyeGmMReno7VCp0R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837476, "uuid": "40427275-c89c-444a-9788-2d2a82ba9b9a", "value": 1490432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837476, "uuid": "51bd3896-1add-44f7-b3ba-ceed57ccb580", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837476, "uuid": "c6911bcc-2c79-4cd8-a99d-f6acea6d2032", "value": "d378ff46778b6df2db179434c76d8674.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60807c6b-7b59-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642838434, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838434, "uuid": "1ea80673-498f-4c26-a8e4-2893e70e437e", "comment": "Malware payload", "value": "573c140e36af0389db21b11df2064c35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838434, "uuid": "de00303b-1a5f-44ef-bc65-63058c707d0b", "comment": "Malware payload", "value": "36b68df823345a430cce8f75f1c62b10e14214ebaae05eb072df23067d76abcf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838434, "uuid": "924dd5a0-bbd8-4043-b54a-6f94c783e8e4", "comment": "Malware payload", "value": "67e7981360358dc5e37c971e3e3d9e44f0667754", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838434, "uuid": "d6047940-5e9b-4b53-b142-7ad9615c54a3", "comment": "Malware payload", "value": "afc0f9299db1fad202d5d0a5a18fd0ca0dcb363b210dd90ece86c2dfedc8f29dda5c97123f34524e08ed266451a83a94", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838434, "uuid": "07cc46c5-e238-4001-84a7-cd111289920f", "value": "T1CE14125B32E5589BE957173305E7676BA3B6DB02A760008FAF600FEF7C85042892A1D3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838434, "uuid": "8bbd0494-318e-4164-a999-177794540a4d", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838434, "uuid": "69e6b97c-c751-40b3-9943-6d880af02fe0", "value": "3072:oNyah0mJoZ0a1f64n1QIrGKJxnRSDwKCnmCy20zwRxWrziRvAgEbz+xn/FCx5cVu:ow11ii1QS4DLwmNzwHiziRHt/FCfciIC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642838434, "uuid": "0651154b-bca8-4efd-b395-5c9012d814e7", "value": 190806, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642838434, "uuid": "d322b458-b5b5-46ad-ad8b-4413b5e04fa6", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838434, "uuid": "d35e3867-811e-4448-9035-ececb35fab81", "value": "573c140e36af0389db21b11df2064c35.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd912b4b-7b58-11ec-9275-42010a9c0029", "comment": "Malware payload (GCleaner)", "timestamp": 1642838160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838160, "uuid": "587da164-047e-4226-9586-b907ed99a761", "comment": "Malware payload (GCleaner)", "value": "a8728dd1eeffcc3e1fc073e23fa81d05", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838160, "uuid": "570ef9f2-f1c4-4fad-ba3e-66ece02562e2", "comment": "Malware payload (GCleaner)", "value": "38066ee9fea009a8a6c2575e1a05fadd49a2cfe205dd8a6604eea85f5c7a42bd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838160, "uuid": "8119e3d3-0117-4d72-b676-1bfbd48c1604", "comment": "Malware payload (GCleaner)", "value": "de9a04bb02a531451d335b1eb8f752db42a21050", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838160, "uuid": "a57dede4-d7de-46c7-a721-b21f96aa0d27", "comment": "Malware payload (GCleaner)", "value": "cd567edf3d30c7f1647361253b106a0a3ce37b7c2336179fcd6fec1a782cb120ec8fe1c621ab72b90bfa45ca21167bba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838160, "uuid": "1c2391df-06cf-458c-99fb-09ef2003fbea", "value": "T1A1A6335AF4D65CFAF82301B045A873ED6CB407C45E10C72FA79D1B99DB66988CB48CE8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838160, "uuid": "f1fcda32-f204-40a4-a40a-a32d4973980b", "value": "32569d67dc210c5cb9a759b08da2bdb3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838160, "uuid": "cd03b52a-b689-4448-bf05-c7ddde50fa12", "value": "196608:xpLUCggVcHcMrB8Yfp32lQAq6udXSFi4N1nI7jJ6Cskk4BU2cFu:xpdgQcnrBrf4lQVjdX4N1nEUkkaL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642838160, "uuid": "01c567dd-1c7c-4f81-8c20-a21bf4693d0c", "value": 9911846, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642838160, "uuid": "f95314b1-418e-4969-930f-b46af2987798", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838160, "uuid": "a27f7916-7209-436e-ae95-93d3c199f003", "value": "a8728dd1eeffcc3e1fc073e23fa81d05.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a9c32fa-7b16-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642809621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809621, "uuid": "6be30060-4cd2-4998-9e09-1057e79ef0bf", "comment": "Malware payload (Heodo)", "value": "18dcdd4e556a6994985dce7b65a6c442", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809621, "uuid": "6c812629-6cd0-49d8-a56c-18e69506e233", "comment": "Malware payload (Heodo)", "value": "39a746fb6b243fbdeb879d1a1d6baa66ba66f144a9a2f78541bd99f0baec7eea", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809621, "uuid": "a2f7f681-b25a-49e5-8ad8-429feb692c69", "comment": "Malware payload (Heodo)", "value": "4742af40b2992bc7891f94420c4a75252fd6db4a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809621, "uuid": "3214234a-0784-4696-bff6-1b4ba21f900c", "comment": "Malware payload (Heodo)", "value": "75aac87077591aefbd7f7e16fe071a6d82f7ddfff4e86817facba0e0e57dbd5372fab46619fad813ebd5a152157f9a42", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809621, "uuid": "14c64a0e-800e-4ecb-902f-f31598773302", "value": "T1D7D4B011B2E2C07AC1AF0175595297A973F9BE90D9FDC247EFC06A4F5E315828B38722", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809621, "uuid": "7e393516-4d51-4c4f-85ae-8c49b062753f", "value": "24b46ffcf60dc8d39e8124f411ebd08e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809621, "uuid": "2f83b2f3-28e2-4c4c-b464-5e99247a70db", "value": "12288:vClISqMT89ornPmGZtn5yzrDa1ywIdO3D7AfojAxOBnVV0KOFD3EPO7:vmTWornPDryzrWywIdOz7AfOAxsVZOFZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642809621, "uuid": "9b814bd1-895f-414a-8864-183f4edca85a", "value": 634880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642809621, "uuid": "84600d05-261e-438f-9a89-304db3303f37", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809621, "uuid": "033c1b43-e90e-482a-9621-c9e23c33e542", "value": "emotet_exe_e5_39a746fb6b243fbdeb879d1a1d6baa66ba66f144a9a2f78541bd99f0baec7eea_2022-01-22__000008.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2df7de4-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866113, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866113, "uuid": "a3bba11d-bfd0-4988-874c-c9abc8d71178", "comment": "Malware payload (Mirai)", "value": "76718420ff85f1695458bbe5cda44dea", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866113, "uuid": "9385d2d8-2e8c-44f5-8247-d494a49526f5", "comment": "Malware payload (Mirai)", "value": "3d7ef591ae81df76a4e878da4f869d2f56594e666d96743505d5d6e8bb8d05be", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866113, "uuid": "2f800ce4-8a67-49bc-befd-964699d43c81", "comment": "Malware payload (Mirai)", "value": "e1c196e1b9475f81109b231a11d80d4ccf7b7bb2", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866113, "uuid": "19931a9d-a472-4c10-91f3-5d98608eaa4a", "comment": "Malware payload (Mirai)", "value": "eadf1edebe9051028c43a42c7a3e847890ee18c3ee5aaed53e592aec81724585710c18398b64464ff37b71c175068563", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866113, "uuid": "8a1fb0eb-4724-4eb3-bb4e-1d095980c4c7", "value": "T104932A86B8814A21C5D5137BFA2E118E331657E8E3DE72139D201F747BCA96F0D27E4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866113, "uuid": "92b13e39-44ce-4515-8d01-3d13ab3b493b", "value": "1536:NhBn+o8hLKrTehRjmc3nRIpu8HfnvbGZDWVWLUY3lwOHIzcJPIwimYqm9d9sV:NO5hM4j73nRAX/nzGA0TVJnYqm9d9s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866113, "uuid": "f08a57b0-7c22-439c-a6e0-9ec72804a389", "value": 91452, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866113, "uuid": "4a88938b-6489-4284-97d6-4ac3cb51c493", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866113, "uuid": "cf66b936-c683-4f4c-9118-540d6e1a401b", "value": "RSec.arm6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c497671f-7b29-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1642817986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642817986, "uuid": "13567d85-5945-4bb4-abdc-19af9e335dc5", "comment": "Malware payload (RedLineStealer)", "value": "1ee417a844775dce689c0a4fedae94cd", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642817986, "uuid": "8fd00772-1b08-4820-b410-f7c99277ecab", "comment": "Malware payload (RedLineStealer)", "value": "3d812b2e320667c27f17889ab1ce9710ee126c1e0866a698c0aea3b3c1567a4a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642817986, "uuid": "4946c143-c944-4581-88fa-b02b1622e98c", "comment": "Malware payload (RedLineStealer)", "value": "bb98e2f04419dd47d4ab209a3018784e2f719a78", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642817986, "uuid": "7c286e21-684f-4812-9e48-998ca9373cac", "comment": "Malware payload (RedLineStealer)", "value": "5aa7fd585f26fd8937e77b2d2a019403e2d6abbea3f88c1e31f575fe61df6dfef25635a0a08d30b59f0e7319ea755f2d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642817986, "uuid": "e3535a28-94e9-4ec7-9c6c-a20a8ae87e78", "value": "T14BF5337F1520DE5AC4DB67F4724B8B960322324AF6F064C3A111EB43BC646F69A2D8D6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642817986, "uuid": "080113ec-a341-42fb-8bab-87f8ddd5f751", "value": "c284fa365c4442728ac859c0f9ed4dc5", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642817986, "uuid": "58dc10c4-d785-408c-9e01-da39d2ea993b", "value": "98304:MuX/J09V9Zmqc93+ovSX4T3S9hiHJ2QkuiaC:Muv+xZncgo84TC9oH8Qti9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642817986, "uuid": "19ddcaa0-84d5-4e3a-a642-870e005af527", "value": 3569664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642817986, "uuid": "b28d7a9e-2e4e-4bb9-8bd4-b4fcb4bb22bf", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642817986, "uuid": "6bee0f84-10a4-4396-91b0-44b73c834e83", "value": "1ee417a844775dce689c0a4fedae94cd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6eb37d1e-7b5f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642841035, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841035, "uuid": "be254882-7433-4883-9105-88f05cfbaf7b", "comment": "Malware payload", "value": "d6e3764494ab6b61d1cb1e5842a3e76c", "object_relation": "md5", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841035, "uuid": "50660ec8-6d1f-4e6f-9ebf-4fcd7958d312", "comment": "Malware payload", "value": "3fc165ca43d44593fff04715d273bcfff8a830f353bcc7be9f28079e805cee62", "object_relation": "sha256", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841035, "uuid": "4ce4d270-361c-462f-a024-1e5a99ccbe9c", "comment": "Malware payload", "value": "86630c939bdb7c796ac0754ef9d752984d1cdf39", "object_relation": "sha1", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841035, "uuid": "bd00c335-8d28-4eeb-b2b0-422fe724334e", "comment": "Malware payload", "value": "9dd57b055cebc24f4b36e50d5d7d645e63f8a78a093c10c5ac1a47eaa7a75de09b8bf45e8554a4fa832da8d0d7f96b71", "object_relation": "sha3-384", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841035, "uuid": "93c00324-6e59-4c3b-a0f7-57f97a3970ce", "value": "T1DA4108562D64D813C7D0A23E0853C39E10ECB1A4563D3CE9CD69A5C85C68B837DA943F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841035, "uuid": "73c15a71-6292-4fa9-be56-9f3f1d094591", "value": "48:9cjOIrcJwdCVQrqDoSaUleGBwafK/cKU+URdVwDOq2C:ejOIr/4QrgohCwgKfK9qj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642841035, "uuid": "7c8e2fbc-a018-4dc0-93de-06d88326b284", "value": 1939, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642841035, "uuid": "9059a3c1-5021-4c72-aed9-2b4f8cb85800", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841035, "uuid": "23d5f443-b4fc-4933-8338-f366f30e929a", "value": "11892AU11892_11892.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db40c9eb-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866128, "uuid": "6ed090d2-a0e2-476c-9a74-915e83b84629", "comment": "Malware payload (Mirai)", "value": "460d37d3adf5d05825b2d6ed3d09665c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866128, "uuid": "0f3ae0a1-d61f-414a-bee3-19e2aa6d3434", "comment": "Malware payload (Mirai)", "value": "42c873af1bd4938eb6479490aa199ea95656797baa2e31e0b7d67b2e95982b09", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866128, "uuid": "f4d38f15-8f81-4772-8f72-a5f8d827c344", "comment": "Malware payload (Mirai)", "value": "8afbcdf9dadaf914f0aeda09ffd8375e937b4b01", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866128, "uuid": "9cc57037-ded5-495b-a7d6-02065c419817", "comment": "Malware payload (Mirai)", "value": "131939de86cb815d5c8e644d2f92c8a126aff4e7e51f22763ff56cec475649cb97ae730335d022faf59356bd30f4b3b6", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866128, "uuid": "32a5d9fc-25fa-4a24-80aa-81b7274a99dd", "value": "T135A3B7197E259F7CFB9C873847B78E119A4823D667E1C581E1ACEA005E7034E345BFA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866128, "uuid": "c91dd688-cded-4ca3-acff-3295a36334f8", "value": "3072:XDXPqGHBMHfBtEt65TtzhRfd5eHesjbCC3:dM/BtEM5TtzhRf/e+s/3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866128, "uuid": "52895527-4d4c-4bf4-86a0-b7e2eee10c5c", "value": 100580, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866128, "uuid": "9fc4af69-4415-47b9-bf03-6fd37c90ef63", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866128, "uuid": "1763b6ff-9cf7-45d2-82ac-aee9716dc328", "value": "RSec.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d00de8c2-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866109, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866109, "uuid": "6aa75720-8470-4574-a8f6-25ad8de09b69", "comment": "Malware payload (Mirai)", "value": "077e63826a41ff57d9aa941622ccc088", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866109, "uuid": "52dda6b2-2592-4934-aa9e-9d40498a8fd0", "comment": "Malware payload (Mirai)", "value": "430432852c443c19264c9e08e744a3b68a0e589c7aeff67d1fc17e214bc59d28", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866109, "uuid": "669796c3-39ab-49fa-84f8-8e1692403c5f", "comment": "Malware payload (Mirai)", "value": "e9265844734a84a5958b0d0e4435e9bbd4c2afb6", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866109, "uuid": "ba78acf3-8539-474f-b34d-f3b343b0f401", "comment": "Malware payload (Mirai)", "value": "323c214a5aa54425183c0609bfdaea86fe0891b7ed63535a37c1d3d96d159adfaf2e5ddc4046333991ad301f83b745ef", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866109, "uuid": "8b8aace5-f842-4531-8812-7800307e2ecb", "value": "T19F833B41BD825A35CAD46377F6AE018E332163ECE2DA32079D251F5077CA82F1D67B4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866109, "uuid": "74d43eee-9956-438e-8c27-e47afb7daf09", "value": "1536:vjk5YYKSE2KF20FaVOTt51WdhaTaMN/vxB+kBdXRoukZfDaaK+ijs3Ga8goxT5K8:vjk5YY4pE+2gTtVI+5J9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866109, "uuid": "dc6263c6-49a1-4cbe-ade4-7b3c0e93cf54", "value": 83420, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866109, "uuid": "723416ca-a60c-4666-8c88-a1883b5cdb6b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866109, "uuid": "4981f9be-f482-4781-b557-186052bc7e6c", "value": "RSec.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc586893-7b90-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1642862237, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642862237, "uuid": "94d460e0-81f4-4c00-8927-7865bf0caa59", "comment": "Malware payload (RedLineStealer)", "value": "21c09fb0896cd1aec6cb0aefd8dd4d2b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642862237, "uuid": "83b99917-12d8-4922-ad1d-d001a69d94f4", "comment": "Malware payload (RedLineStealer)", "value": "43365f6524bd2907fe8151b8e198a1da027eaf8d682f0534d9f84201d4f553d1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642862237, "uuid": "72dd8d85-4ac9-4637-9629-6095e562ed60", "comment": "Malware payload (RedLineStealer)", "value": "c70cbecb43788c98ffc5d58fe38aba01fedc5ca0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642862237, "uuid": "ffc9ad7b-2c53-4a2f-aa6c-6f8e075a30a0", "comment": "Malware payload (RedLineStealer)", "value": "449ac35737b5c90d41a7ed198c7633e495e94a6ccaaac30c98bfdf9583ae5c9535adacf18584155da83279014cfc74e0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642862237, "uuid": "8d5d0923-1a97-48ec-b002-ab372ed4b4fb", "value": "T1C584F060BA50D436C4465273492DCED1EB7DBC24F8A5864773AE3B2EAE723C049A531F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642862237, "uuid": "b76b4833-4d0a-4ed3-963c-8e0e99f98422", "value": "7dcbbe9c7ee048ad6c29be29a72766de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642862237, "uuid": "3e1ea34a-86ba-47b5-b155-54aca3f38d60", "value": "12288:w7i+0aE9ZwKcYlnuQvFhTeNxw2Gkot4HN:6wa/sD9hyy2CKHN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642862237, "uuid": "59dfb452-1d2d-419a-9ef4-d31d472c3064", "value": 395264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642862237, "uuid": "d3c430e4-e352-4efc-aaca-07c4048f4fcb", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642862237, "uuid": "a7ddd7be-5a69-468a-91c3-8ee2d21f0f82", "value": "21c09fb0896cd1aec6cb0aefd8dd4d2b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a6748f11-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874629, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874629, "uuid": "60682101-e16a-4c8a-887e-e18004559e31", "comment": "Malware payload (Heodo)", "value": "d71224b18c18eb99ca7ba30827f9a035", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874629, "uuid": "015ea8bc-7e10-4585-bef0-d4a10b59563c", "comment": "Malware payload (Heodo)", "value": "43c9f9efaf6856547f4d99c31ac8d78dbed381cfd09826b6a1b08efc9b261397", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874629, "uuid": "9cbc63ce-3494-4b97-8328-29cdb545920b", "comment": "Malware payload (Heodo)", "value": "b0b12d9eb8d74633dedd69d0c481bb09766ac9d5", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874629, "uuid": "c8d1b598-b30c-4216-9754-430e5e3a8fdb", "comment": "Malware payload (Heodo)", "value": "5235e76877df1ee26662124758ecefdb303feff94ccc395a943957e4d57dc15e85c5831b08ed3f2027d98e2e06d42dfc", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874629, "uuid": "79a720f3-48e9-4df2-bef0-269a521cc0b0", "value": "T11AA3B0527BC6CA59EA4547710DBB024AA723FC105B7A63473285F3783FB89E08D13A1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874629, "uuid": "8419bc30-66a9-4d27-bd74-21dc935e278c", "value": "3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874629, "uuid": "e9121f57-94fe-4371-93f4-505a6209cbcc", "value": 104466, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874629, "uuid": "598e9c44-a51a-4354-bd8a-267168de3646", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874629, "uuid": "b24c83e0-4363-44a2-80b0-b40bae5745e0", "value": "Form - Jan 22, 2022.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22fa253a-7b9f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642868395, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868395, "uuid": "bbc8ee10-1402-4b7f-87da-37d8ea308b39", "comment": "Malware payload", "value": "e7d9b4c0ec2a24e3d978be726c242297", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868395, "uuid": "d2aabe16-95b2-4629-afce-e182326ddeff", "comment": "Malware payload", "value": "46f34041de783bdf3140902d2108d5f3af6b1c5acde4a94b71d3cc3da3e0c770", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868395, "uuid": "52985160-9f7f-4343-9aec-2a82eff1b93e", "comment": "Malware payload", "value": "543766dab561b77ac03b44cae99cdadaf0e06b04", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868395, "uuid": "63816b7c-a8a5-4792-9bbb-ade048b1b114", "comment": "Malware payload", "value": "8bfdc68d8dfcf5f17a461caa6a42404379da3b1d5eb4bfd2e88b303e358ce42fb0aea3fa7c68f935c8288962c7ecb3da", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642868395, "uuid": "f7b2cec7-92a7-4ecc-b767-406ae80d97de", "value": "T13113F172C205C471E5F03836C6D3858DBB1A6AF0A819724086181BFCBDA5E87BFBF950", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642868395, "uuid": "a1bbe8b9-52c7-4c6f-a008-1a586532d7df", "value": "768:y1MEprinCPKk48pMPtt6+/34yVRdrDopki3UjBri8n:yZp+nn1Omn68v7Do+Yu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642868395, "uuid": "b6ff72fd-ebac-4fee-b371-4261a6778764", "value": 41596, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642868395, "uuid": "0f1b7c0b-c88d-44e8-a2a8-cfe5cfecef04", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642868395, "uuid": "f8603332-8062-49b9-9d7e-ac66977d6879", "value": "e7d9b4c0ec2a24e3d978be726c242297", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "935bc8f3-7bd1-11ec-9275-42010a9c0029", "comment": "Malware payload (GCleaner)", "timestamp": 1642890059, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642890059, "uuid": "51e7d3bd-3f46-4a0c-a104-e1049bcd4e20", "comment": "Malware payload (GCleaner)", "value": "6a5e17cb8195f94a52d571567ec64f2c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642890059, "uuid": "8222f7c3-39e5-41d9-8dac-379fe1b0169f", "comment": "Malware payload (GCleaner)", "value": "47e9b75457446a3b3c86622dd282065b0f88603e2c009670c1f7eaf00183a407", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642890059, "uuid": "8d9834d5-48ae-45e6-b7d1-db76477555ac", "comment": "Malware payload (GCleaner)", "value": "946b8ef33d2edcfe03444356023611f7c2681b5f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642890059, "uuid": "3d0b8ebc-9c96-4242-aefb-958263224efe", "comment": "Malware payload (GCleaner)", "value": "d8ba6d9fb6d5f496c08554523a3bdf24364a39a8507e443e56e03380b20dd19002261ad4e128c8c1d61eecd679719f78", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642890059, "uuid": "43ebeeaf-190e-45c7-af75-1937a7009ead", "value": "T1B4E53320BA86C9F6E64255309A46BF7550FDC38407360CC7B3A5D60E2E38FDDC63AA56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642890059, "uuid": "61a091d8-55f9-4788-b5e8-a6f3cdcf0335", "value": "32569d67dc210c5cb9a759b08da2bdb3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642890059, "uuid": "345617ad-6dc5-4cc5-8054-9dc48c45ee74", "value": "49152:xcB2EwJ84vLRaBtIl9mVLzfBOqsAOV6Y7D4V5CkIdVIp2UboTfMmpdNCvjlmrl/h:xYCvLUBsgHfBxkH45Id22UbAfjjim5/h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642890059, "uuid": "aa469a1c-34e9-4af8-a2fe-ec6565d1038c", "value": 3024056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642890059, "uuid": "f53a8eab-ab00-40b2-aa9f-af774630f264", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642890059, "uuid": "0d819e2f-5370-4d6b-92b2-9b7fa3db7c89", "value": "47E9B75457446A3B3C86622DD282065B0F88603E2C009.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93089b6c-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866006, "uuid": "c7c889e6-31c3-456c-8753-b422644fee5a", "comment": "Malware payload (Mirai)", "value": "e996ba75fcf41774977139cd43276fd1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866006, "uuid": "323436f5-cc5a-46b5-95ce-e5691634fb77", "comment": "Malware payload (Mirai)", "value": "48c1ed378cfe4a42edfe205a318914c9b4d7173bf4498c1c4143cdb7ead3f8e9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866006, "uuid": "2d55e538-8d4b-44ef-b4e4-fff0105baf63", "comment": "Malware payload (Mirai)", "value": "f3bd50fc7ac3b11a979e1c7ac7c12794457ed408", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866006, "uuid": "464fdd06-8692-46ef-96ad-a469ace46770", "comment": "Malware payload (Mirai)", "value": "63949b5526a821adf614b63a28f39fb113fad610c7a351e22d997f67562a4a16bb351ef049756d2edf5a3c26a3685e0b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866006, "uuid": "c1696ec4-473f-4f30-ad2b-927c43ddd01c", "value": "T17853AEB7816C1D64C15D4638A6388F790713E60596637FF18686CEA6400BEECF64D3FA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866006, "uuid": "adb9e833-8bed-4ec6-8cec-38fd6c3c17d3", "value": "1536:raC/U1laA+wtuN7eK1GJeU3F88enZzQnkDVCSDJ:rb81UvNaKe+8enZzQnkDVJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866006, "uuid": "341409f9-60da-4738-9669-c9b725e64607", "value": 66596, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866006, "uuid": "7820643d-0850-46ec-8ff0-6dbc713d661f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866006, "uuid": "d211b690-6877-4f62-8607-b174f170ef95", "value": "e996ba75fcf41774977139cd43276fd1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2b9b74d-7b85-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642857550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857550, "uuid": "21769850-8bd0-47ad-9737-6bc7c59cb007", "comment": "Malware payload", "value": "058e5c820388ef9e327bdc10590af9e0", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857550, "uuid": "d4882132-324b-4232-8151-125c29eece45", "comment": "Malware payload", "value": "4c305ea291d1b3074465c84c242af06a719c59afcb069052ca00f16aae6bebab", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857550, "uuid": "30a2a3ec-7fb6-4076-b588-ad6235ed46a9", "comment": "Malware payload", "value": "d1ed7437a1cee7093cc36e7d6447bbe709bd0092", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857550, "uuid": "61d100f0-4ca4-49cd-bec9-34451b23506b", "comment": "Malware payload", "value": "958ac0f3ac26955de85867deabeeb239e56c89100ab0051da1ccdeac1ae76fec5567827b1717703f46c2abcd7eeb17bb", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857550, "uuid": "22d51565-b5c1-4a4c-bd1c-d3c03f31c001", "value": "T185A34B13E593C2BFC4E3A6F62BDBC5219923F4391B36620933DCBDB56B15AD85E18201", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857550, "uuid": "60525b78-4acc-4569-a62f-6933dc05f121", "value": "3072:GVcEp6om3o4QRUUje4j3w+A4wrUBGBqkodyk3GmX0VA:TQRrj8+A4Vkodyk3GmX0VA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642857550, "uuid": "f75dcf87-cb29-41a6-aa0b-7331abc1f7fe", "value": 101625, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642857550, "uuid": "51164886-0657-42df-a683-4975b5bbbe1f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857550, "uuid": "02d23500-4778-4710-8adf-5a04fb20c9e6", "value": "058e5c820388ef9e327bdc10590af9e0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6656ca34-7b81-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642855623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855623, "uuid": "be81cc6f-4291-4af6-9827-464709b74b70", "comment": "Malware payload (Mirai)", "value": "46e5b369a23524d6d8e93771e5a8761f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855623, "uuid": "33b83096-7177-4285-82de-1cc2cc5da62d", "comment": "Malware payload (Mirai)", "value": "4c360b629b5747b69e2834d9ab919bb0804cbf84598c46d3457b74aad1603117", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855623, "uuid": "6499489b-4eef-45e2-afa6-43f5bc92f842", "comment": "Malware payload (Mirai)", "value": "338bc926c10c205fe4a4832d2be424e355c2c674", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855623, "uuid": "4cdeb5b9-2d6e-40cb-82e8-de806ea429da", "comment": "Malware payload (Mirai)", "value": "e9f3b867af365921b387ce8b01ecdadafff672f3e3942fc195117ea98db8a6931f1625cd0baac6aab3df0d2fb82dfe94", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855623, "uuid": "345e0bed-f975-4255-8183-90720ff956b6", "value": "T126831981B9809E15C6C5177BFA6F108D331247A9E2DEB353CD145F6477CA82B0E37A8A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855623, "uuid": "84b5907d-6f1d-40a5-878b-d7f45a34c5d1", "value": "1536:29n7/xkRBFg3yFhk20WtEu+1F4YPjaduBcPYO9mrsplDKZUlQBKXAVan1X+F8Jy0:gJTyHknWt/+L4qjmugd9mrsplDKZUlQi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642855623, "uuid": "2920698f-7bde-4402-9d40-55169100bf36", "value": 83072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642855623, "uuid": "f5450b12-fc5a-446a-9b75-2f73b5321d66", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855623, "uuid": "d8dd5a2d-78fe-433b-a499-f2c0e8a8b893", "value": "46e5b369a23524d6d8e93771e5a8761f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2237e3a4-7b22-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642814707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814707, "uuid": "5a231d90-3a63-4ff6-9da8-0a228bf9e8c9", "comment": "Malware payload (Mirai)", "value": "df6b2a1174ea871181340a5b19434325", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814707, "uuid": "94199015-acbf-4a3c-9c78-16b54b5027e6", "comment": "Malware payload (Mirai)", "value": "4c4284d10680049b22f7e743628606401256e506e54da5d037ce3f65b78ef7be", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814707, "uuid": "4c5ef6ce-1c85-45bc-98e1-8d0134803b5f", "comment": "Malware payload (Mirai)", "value": "956ec9cb4fe1314f53e9abb5d53ccb230dabd27a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814707, "uuid": "f8a602a3-2455-4552-b86a-4add55ff83eb", "comment": "Malware payload (Mirai)", "value": "c4dd96d4866c2ebe4381f2c6df19a0adfd578666c5a88045cce9a105ee41081097e5a058ef893416ba2af023171f62dd", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814707, "uuid": "19994449-5414-4e81-b282-c1929d89ba12", "value": "T187C2D0DFF49B7985CC1C5CBC219C5AD116A9A2C6234A8F0837202DC9A67645FB89C8BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814707, "uuid": "f6184618-3086-4396-8e27-3f3f4d4b7b7c", "value": "768:MuCUFskb2JgIs/E2+OocrfJiHNjfmQ2q7IoqdBeWm:5CrJgHiOJrfwmQrcti", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642814707, "uuid": "be7e1509-425f-4fb2-a2e7-445c5799b4b5", "value": 27244, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642814707, "uuid": "765751f4-4121-41f9-bd12-265d11f571ec", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814707, "uuid": "a082ebad-a3a8-4924-a366-b5fc8c8bc83f", "value": "df6b2a1174ea871181340a5b19434325", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "319fc6ae-7b22-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642814733, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814733, "uuid": "25e02573-67f5-42bd-ae1b-88ab342f2bfd", "comment": "Malware payload (Mirai)", "value": "c42e00c158c5652ed7acfcf8fbc9ce33", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814733, "uuid": "adb32a5f-9fe7-4c9f-bc98-83e2ead27f37", "comment": "Malware payload (Mirai)", "value": "4c52c4c2dc923fc2f1b6f3b194719c2f4469ad6631a1de57d78841dc1b308eaa", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814733, "uuid": "dd6169de-78a4-4d34-a040-19549a85941a", "comment": "Malware payload (Mirai)", "value": "b339ac48fbcc591de47b15621b5228ab0907327e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814733, "uuid": "52f6ba72-4ba1-49ef-9fc9-8df983b2c93e", "comment": "Malware payload (Mirai)", "value": "f45709f517cf444bd974222735375ddd31f44a2bcf8c7672f9ceb35c93af445bb13dd26b6831252e3ed2a2c1aa50fdf7", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814733, "uuid": "0e80ac3a-c2bc-4154-9c6d-f4a2d3359cfd", "value": "T18523024320D7FA03E03098FE45628CCDB61A96BDB1BF7BA725450E154C75DA2ECB08AD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814733, "uuid": "387b0d9f-d1c6-450a-8beb-901b05ddc4e4", "value": "768:aK7y1XGO1LCNgukEkvwtqPnH7u83nc0iFrF9q3UELWt/iw+kvBGg6+fYtrBHg:E12O1LCNguovDPH7TcrhYLWhiw+kvBG2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642814733, "uuid": "9b4d0513-3f9b-4456-8b11-7c01d9474f01", "value": 48696, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642814733, "uuid": "e4ceec38-0826-4eb9-9d51-7fe9b313dfb0", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814733, "uuid": "d6686445-6015-4b91-9e72-842deae9e63e", "value": "c42e00c158c5652ed7acfcf8fbc9ce33", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "471c87e5-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865449, "uuid": "ad10a2ef-e694-403d-aac8-593f002b17d6", "comment": "Malware payload (Gafgyt)", "value": "ca42789fb51549bfd044f012fda2ba49", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865449, "uuid": "961cebe7-7117-4c8e-a08c-e89129d648c9", "comment": "Malware payload (Gafgyt)", "value": "4da2be13d5504f18a00649d481f42f3f7e0b16f999039ec323655dfec6f53687", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865449, "uuid": "6df40fd2-90ba-47a7-a9b6-09ba32613c50", "comment": "Malware payload (Gafgyt)", "value": "cd272499307109112efaeee78adff31d1c6b034c", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865449, "uuid": "75a072dc-496f-4ba0-a454-324d7737414e", "comment": "Malware payload (Gafgyt)", "value": "f1bc6cee786a034dfae5ba9a9c5778168e55b6fcac50acba0768b8c80d0ca56ce35ad1331a43d2991d7a1386762e4908", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865449, "uuid": "72f6a938-03f4-44aa-8dd6-3854c5b827f7", "value": "T1D3932A85B741CA73C18319B616DB8F110531FEBA2A5A9E46F36C7CF49E35188B121FA8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865449, "uuid": "d556d63e-8cff-4025-8cf5-36c0d9e21895", "value": "1536:D4Zaq3CNcz9aTjzhyUOOOOXLHGnB3NuoxFnROS0/3NpmkiWikJ9wevhwmmiI1p3/:8Zj3Cy9aTj9jOlJnB9uo/nROSgcWxFZ+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865449, "uuid": "8ac77993-3f1f-4f73-a392-e17e84fb8551", "value": 91821, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865449, "uuid": "72eaf806-24bb-420d-9a54-b85613c45070", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865449, "uuid": "e1495c10-97a0-45e0-b472-46e053ed7a04", "value": "nv.i586", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "914acbf7-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642837657, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837657, "uuid": "f8350ea9-d364-4525-a3c9-71e750762720", "comment": "Malware payload", "value": "a7bbfcd8a7595aa594bb8c44ea79b3ff", "object_relation": "md5", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837657, "uuid": "52994aa4-9de4-4af7-bdfa-2fcd039e444f", "comment": "Malware payload", "value": "4e081b449c94fca3f6f3a31d6f1e5185726a78b20de6406f2d71942fd53ce8f0", "object_relation": "sha256", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837657, "uuid": "006a189e-ef75-4e52-8f5d-a20845535cb9", "comment": "Malware payload", "value": "084a67e75ddb396da24348bdc10856c651d5788e", "object_relation": "sha1", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837657, "uuid": "88cc3e50-7013-4a3a-bebd-eab3592d0354", "comment": "Malware payload", "value": "a1c53d7bd90d53155c86c79ae99b6669eedf082896746d0120269208ffe89d5871afbf200cb9f178be2da5fe0fedac60", "object_relation": "sha3-384", "Tag": [ { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837657, "uuid": "e98a416c-6844-4022-a2bd-dced532be3e1", "value": "T1BE559E23F2C14537C1732A398D5BA365A939FE202E249C4F3BE82D4C5F756907A262D7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837657, "uuid": "9d0b1eb4-b65f-4f72-a95c-99e323de032b", "value": "24576:ER1F5dzkUe3W5A/ivkCtTugI7ZO51o91ya2TAa7RIjTU+oLrve5OYL/A:ER1KgnyZO5WaVQTPHOYL/A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837657, "uuid": "d868f556-08cb-4bb6-98df-3b97c41b386d", "value": 1377792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837657, "uuid": "77b18210-d57c-499e-8e1e-1a2f4f0fe097", "value": "application/x-msi", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837657, "uuid": "1bcae1f8-7e55-4259-bb7c-b1b3c92a3e6d", "value": "ArchiEndes.Factur2101.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2b7dfb8-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874703, "uuid": "8e272080-8d4d-467a-a4b8-4a9f9bc8d0a5", "comment": "Malware payload (Heodo)", "value": "60b16098011ccfafbd9af6c60599f3f2", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874703, "uuid": "03f524ad-53ae-4bbc-8901-8267041f068a", "comment": "Malware payload (Heodo)", "value": "4e568efe3b7b6208a1948ac631958eafd202908b13cc2da77753ae93271e4bd3", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874703, "uuid": "3aabb1db-91a1-48f8-9e1f-e980c0981afa", "comment": "Malware payload (Heodo)", "value": "2da83c3817163d296db96f15c2bac367b0fc3c30", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874703, "uuid": "8cac0487-ed14-4e47-985a-3b3cfe61d8a9", "comment": "Malware payload (Heodo)", "value": "de86ae56929f0a32ff8e66309782030b4df81f3d2b853cb90c9646b902d6000e70abd4b7ddbd170d13596a02f00a5986", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874703, "uuid": "190825f7-e9df-4e9b-8f3d-145d2f914563", "value": "T103A3B0527BC6CA59EA4547710DBB024AA723FC105B7A63473285F3783FB89E08D13A1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874703, "uuid": "75c0df89-2a9f-4f96-911e-5be517320566", "value": "3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874703, "uuid": "ebd90e34-bf7a-4c7a-83a7-10ae638488a2", "value": 103264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874703, "uuid": "a6453216-87b9-4346-bf73-2049c0db310d", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874703, "uuid": "17be2a2e-b963-49ef-be33-79f51e8599fd", "value": "payment_2.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "729af0a1-7b5f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642841041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841041, "uuid": "df7457c4-dbe5-4005-b783-e5745fa80289", "comment": "Malware payload", "value": "ec2ffdfd9222e33e8305ef44be02da6d", "object_relation": "md5", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841041, "uuid": "1af826d3-191c-4ace-808b-21d0900ded2c", "comment": "Malware payload", "value": "5053f0b0856bc04a1be497dafd1dfbf868a1e9398308bf1d612b8f821cc9ee5e", "object_relation": "sha256", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841041, "uuid": "c2735bc9-921d-453d-a7ad-41cbb0e65548", "comment": "Malware payload", "value": "6a085a3d3df4b802b3afc914f5ca93e15c74cad0", "object_relation": "sha1", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841041, "uuid": "86abe349-cd49-4431-8371-db5943044c03", "comment": "Malware payload", "value": "d12955f49cb84680853e14ef882d845d10e9c3f13e9be614bc2d05e2515185a5a2caa40abd0b68d1033aab8f91307a09", "object_relation": "sha3-384", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841041, "uuid": "5c3585af-be3b-4c8f-bd70-e5d1b4c651de", "value": "T1ED411B90E94E0F13D11AAF72D69DBD02F6C3E3D02C79044DE9BA9CAD4060599CBC318C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841041, "uuid": "cc61a427-19a5-4455-9075-76637fcfcb6d", "value": "48:9ClBm1PGwyR7BYQdvIrHKLPuCf/CiyTUJngxlQ7rx6mI2y11dg5J6LRbX1y:sAPMh6HSViRIJgxoEmu1dIJUpy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642841041, "uuid": "4434fdcd-c05a-4c72-b411-2750e65b0a6d", "value": 1934, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642841041, "uuid": "727d8006-0580-47f3-b5f7-5cf21bdb85ad", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841041, "uuid": "8b81e13d-8f0b-4a9c-83ee-717b530b49c3", "value": "23530AU23530_23530.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e0ae6fe-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (njrat)", "timestamp": 1642865461, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865461, "uuid": "e3afde88-02b1-457d-bf6a-ff45132b4e6b", "comment": "Malware payload (njrat)", "value": "af75bf198fdc4a21ce1758f5843b1036", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865461, "uuid": "f9750639-0241-444e-a704-d921ef82fc49", "comment": "Malware payload (njrat)", "value": "50b8b19e4501f07b8bb5cff4640776abddc175a8bf352eebdfef908c2b456e30", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865461, "uuid": "a667dc80-62bf-4c8b-85de-b96b5c880511", "comment": "Malware payload (njrat)", "value": "673eb926d11c448cc2a2af4907544068e6c28e25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865461, "uuid": "ea53b139-0085-4171-a288-d0bfbd313894", "comment": "Malware payload (njrat)", "value": "65db270d1f45a3c9edde18942c664b61dad2c94b1f3faae596a5bf8c504ee6a6e0930336d3171adafdeccff5bd2dda7a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865461, "uuid": "ecf87f30-6913-434a-b615-fe3236e0e236", "value": "T1E8031A4D7FE18168D5FD067B05B2D41207BAE04B6E23D90E8EE5649A37636C18B50EF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865461, "uuid": "e75ca6e4-e484-4d45-b502-1af85e507bb5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865461, "uuid": "5d7cc510-fb9a-44a2-b245-c1403af4146a", "value": "384:Y+VvEiTbTvpWNcZ0y8fvCv3v3cLkacJEJrAF+rMRTyN/0L+EcoinblneHQM3epzI:BV7TZ38fvCv3E1cUrM+rMRa8Nuyht", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865461, "uuid": "b3f24015-8ee8-4f66-97d3-fb82e9f696d5", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865461, "uuid": "39b8b3ed-817e-4009-ba6b-be5b5ea41ba2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865461, "uuid": "d0ac55ba-8dcb-4a87-b2d7-7367fcc1ecc4", "value": "af75bf198fdc4a21ce1758f5843b1036.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee09cdd3-7b9c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867448, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867448, "uuid": "3f2e187e-09a7-4704-a340-c178b7c269e6", "comment": "Malware payload (Mirai)", "value": "6bb9fc2a7f7872ba24c3ff21fd29ac8c", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867448, "uuid": "d549abcf-34f8-4ece-ae78-fd02e49e4f65", "comment": "Malware payload (Mirai)", "value": "5265052ea7cc1695b4290fc98b5ace8aabbd5e3e71aff066c2fb391292ffcb14", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867448, "uuid": "cade7020-a114-4eda-9518-1079869a8a27", "comment": "Malware payload (Mirai)", "value": "f29fde90714730998de43de46770478f22e9ffb6", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867448, "uuid": "db0d0547-10ee-466b-9924-1cb7c295c143", "comment": "Malware payload (Mirai)", "value": "8c850b365e2c9123d84c2c0092818e46127e9f58ff7dbbf4a8f0edbac3e153a7932438c01f2fce040ede19849009f851", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867448, "uuid": "c1323945-710e-4468-b4d1-13e7ad29e8ec", "value": "T197B31845F8408727C2D327BAE78F479D3B36579467DB33116A38BEB42BC17892A29520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867448, "uuid": "ca67b23c-6d4f-410b-bbcc-8afcddcbced1", "value": "3072:MSY+46m1qOzssmFPPKNy+AmkZrQAhPDCXFke:06mgOzJmFPzmkZrQAhPDCXFke", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867448, "uuid": "9bb2e372-5830-4f4c-99d9-7c8781a7bf4e", "value": 108417, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867448, "uuid": "129c4495-9535-4077-ab46-a5594070d55f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867448, "uuid": "aa50a733-6668-45c7-a718-d9a377dc3b51", "value": "a-r.m-4.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef2b5aee-7b85-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642857571, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857571, "uuid": "42dcda15-6768-4557-a18f-afd172211d80", "comment": "Malware payload", "value": "502aefa80f69ed7cf1d3ede869713a83", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857571, "uuid": "be6a1f1b-5527-4ae0-b237-20b59d1abf9d", "comment": "Malware payload", "value": "53fc71912180fb0f59a9fab074948a96cfe96b6f596f89dd8f496dc80b5cb6b8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857571, "uuid": "ce8fb4e4-7bbf-45f1-a53f-7ae02afb94ef", "comment": "Malware payload", "value": "634e8268ae4d007311d6c374cf0391c2854804b8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857571, "uuid": "13dbe928-f8e3-4d1a-86f4-bdbbfd78f512", "comment": "Malware payload", "value": "8b16e91a8536f36ebded6f5a2f2703ba3a2509c352a1afaccaa90ece522b20366db2f97a54ea6e71d4500b517b90a21d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857571, "uuid": "56478535-634d-4710-9ec4-e7865f9ed6da", "value": "T132D394693E21FBBFE268863007F34FB08795219226A19785F16CEB185FA138D1C5F764", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857571, "uuid": "44f74b80-7811-46ef-8b37-ca8ab8b5f8d7", "value": "1536:S4FwRwb6fntG/azrdgmZ73YfYXZGEazvuKU4cozTz6GidlV0kHL/2WihdwIo7zyY:yY9rnDH/RhhZ4C7EHGDmj4Lq/WoleA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642857571, "uuid": "c38a4c1d-2dea-47ee-bf81-0852cedca1dd", "value": 131692, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642857571, "uuid": "849703db-9438-4e53-8274-ed048542d01f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857571, "uuid": "ae9f20ee-0d19-417b-81a4-f4003bec851a", "value": "502aefa80f69ed7cf1d3ede869713a83", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e43968c4-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866143, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866143, "uuid": "5e0a7243-0cc3-4899-823f-2b7fe130db54", "comment": "Malware payload (Mirai)", "value": "2ce2d47950906a4fd78e717353661f50", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866143, "uuid": "99b42e64-e404-4517-b657-a4692eaee7a5", "comment": "Malware payload (Mirai)", "value": "541584245fc43ea66d048e567273c7e3b6f8dada5979b4c21593997117f3b783", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866143, "uuid": "2708f30e-572a-43da-a9ff-e4f0543f7f5c", "comment": "Malware payload (Mirai)", "value": "e3ce7f2cb04a1f3f59966ff86abb6563b7cb209e", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866143, "uuid": "0d692a85-e957-4f62-96f2-46d61b4a03b2", "comment": "Malware payload (Mirai)", "value": "30abf54baf2e2d70ceee151abd5dacd1aa17ab978a588f1c623a653cb131019da51121b841f3124ee8977f01cbabe0c7", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866143, "uuid": "a3f9c74d-e888-4210-bf0e-2d45f9775baa", "value": "T19563AE32D15999E0C084023469E8DE785F63A6C4C3662DF79AD947F19807AECF809FF9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866143, "uuid": "d183a533-b604-4743-8d88-11b82e6deb5e", "value": "1536:V/ciKYqaLmfRAZsCyDK+7BwvyxRYFlCOxCPfV:Vk/PjRAZs80ZOFlzx6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866143, "uuid": "13c5039b-867b-4708-afe1-a0fd7df9b7ee", "value": 72188, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866143, "uuid": "aca7b157-3948-4394-8e69-cd6d31409d41", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866143, "uuid": "b17cc8ba-2bda-4d0e-b19e-8dddd778468d", "value": "RSec.sh4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "71cad3ea-7bc6-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1642885278, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642885278, "uuid": "ff9a0bd2-74bc-45c6-8e42-cb4260534b0a", "comment": "Malware payload (RedLineStealer)", "value": "325c6021ce7b691f124ec4ee2024ce28", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642885278, "uuid": "1ffde7ec-52f8-471d-a6aa-cf62fcda7a3b", "comment": "Malware payload (RedLineStealer)", "value": "54bcd3308c140c8ec030f98697cc7f0e9d4585d54334a2eb77c58879510d5c8c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642885278, "uuid": "16c15d6e-c615-4da0-aaf4-75409b6d6b61", "comment": "Malware payload (RedLineStealer)", "value": "673eabe039a32982a47d088342844775822996c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642885278, "uuid": "2d5fcb88-f6e9-4c38-a47d-551b05b29778", "comment": "Malware payload (RedLineStealer)", "value": "b6f8dbf7325be8c936cb10ccf67228cfce1a1329f8b4d876177c1616ab52aa9295b3eb074e79743a561ad6ba34f6a768", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642885278, "uuid": "903ea200-2f6b-4d92-903f-526ab5f0e5f7", "value": "T16C06330176EE51FFEA93213392687FA572B1D185162CD8832374AB4A3A3CDC8D53B51E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642885278, "uuid": "3d2692b4-28be-4f4d-8ac5-9090e0e3d876", "value": "32569d67dc210c5cb9a759b08da2bdb3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642885278, "uuid": "b2264411-5d88-441b-86d8-9e5f34942877", "value": "98304:xKrRBmGrBkLq9TqlSKGTuoQC2T5wRZLkU4u0jy:xKrR8yqLc2T5wjWjy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642885278, "uuid": "067e0776-e05d-46d7-9d1c-a621172df3f8", "value": 3936952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642885278, "uuid": "edac5849-8a5c-414c-ba2e-128ac05b5478", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642885278, "uuid": "407b89ea-5324-41f7-a61f-76025e6626b0", "value": "54BCD3308C140C8EC030F98697CC7F0E9D4585D54334A.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1c9aa9b-7bd7-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1642892767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642892767, "uuid": "9d0a6e23-fd37-4f84-b77d-253983884088", "comment": "Malware payload (RedLineStealer)", "value": "914f22fd3b49942bfd32258d2811dcbd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642892767, "uuid": "0e857f05-407d-4f2e-bb59-77ad7ceaca58", "comment": "Malware payload (RedLineStealer)", "value": "56637e06a35402eda9bf01f868a88cd3e3a683ed0ee092b8bfcb8118c36d04a4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642892767, "uuid": "ce6d5be0-1148-4684-b2f2-ae6260246965", "comment": "Malware payload (RedLineStealer)", "value": "4b7cc9a4030e2ac7be47ce22f4c7ccb8824d3a15", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642892767, "uuid": "42c95412-4d01-4346-898b-811a34fb235d", "comment": "Malware payload (RedLineStealer)", "value": "9ca91f77b1258c0ae702d9d122d77f0f6f10ca0d40730f4f8a693761019ddaed48735275aec9f3b536ebf629006c3ed9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642892767, "uuid": "94ceb881-1d6f-4bf2-8c35-0e834c6b1c0e", "value": "T17A25220207C99231F0E417B0CDF543532669FCD67A2863AF7A8965DB09712C0BA797AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642892767, "uuid": "0a1a967f-af05-41c7-916d-153f5267dcdd", "value": "0ebb3c09b06b1666d307952e824c8697", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642892767, "uuid": "dc3a5dc4-00b6-4c06-8e10-3fedc90045bc", "value": "24576:feWqbXDbNx51h0L96vglzRs+Yu4bRDDE3tpMh0:2WqbV/s96vgdlYuw1w3vy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642892767, "uuid": "8c458956-fb15-40e0-aa8e-a1e5e2f75f5c", "value": 967680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642892767, "uuid": "ca4089c3-1a89-4616-848b-f6b71835f7c4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642892767, "uuid": "d61347e4-626b-42d1-8b62-e3ad689d1487", "value": "56637E06A35402EDA9BF01F868A88CD3E3A683ED0EE09.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "27abfa25-7b22-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642814716, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814716, "uuid": "515104aa-ee7a-482a-8914-1572a7fc47ef", "comment": "Malware payload (Mirai)", "value": "50bf2fd99c37dc58cb5c76ed18923e4f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814716, "uuid": "cddd77c0-b858-4e03-a1db-c2a792011219", "comment": "Malware payload (Mirai)", "value": "575e0d85d7b6ea3b3d2324a8459f17b651996ed3a640f6df4f1e52fb565340e4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814716, "uuid": "f7752c23-d443-4f6e-935c-8074bbce1c8c", "comment": "Malware payload (Mirai)", "value": "64a1fdbadb886fe622664ed359118b82bd004c9e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814716, "uuid": "ce836e0f-a618-4130-bafd-6e2bb5a10860", "comment": "Malware payload (Mirai)", "value": "745a729ac160b4e3d8c71cb85c32273c81243817f823d6afa26e2647e8b325eb6cb7eb9fda6dd868acb160dfa4a8782b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814716, "uuid": "6bd57cde-95bc-4691-b33c-0227f313edb6", "value": "T161C2D088174929DAC2F9C13847681B6D1DB40BAAF809DC8578FCF7A29D8A4753027EDC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814716, "uuid": "d35bf292-50bc-440a-a2da-4c011467137d", "value": "768:I2G214DFyosXqgvV9o1ndB08VMJgGlzDpbuR1Ja:I2GdDgosaaO1ndEVJus", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642814716, "uuid": "22251222-ee10-4b9c-a155-859a6754bf38", "value": 26184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642814716, "uuid": "23073b98-73d3-410b-945a-b86e815b5c16", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814716, "uuid": "191c69b8-cd9c-4a45-a87a-94e9b54e0b19", "value": "50bf2fd99c37dc58cb5c76ed18923e4f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a98c1e83-7b52-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1642835550, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642835550, "uuid": "40984d48-a6c5-4dbd-bfb9-872cd1e49e48", "comment": "Malware payload (Formbook)", "value": "e1c16d90f07bc1d1540256db01ee6be1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642835550, "uuid": "729b42d8-9dbb-4109-ac40-e9ed93f60cee", "comment": "Malware payload (Formbook)", "value": "57db8a6dc112c8d4b4202ba07774edf9bf54fdafd6fe11bd8d0e7ae328fcc369", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642835550, "uuid": "099ecd04-004b-4060-b09c-c750c4f707ce", "comment": "Malware payload (Formbook)", "value": "0e3295b972ea3a2fb9f47e997f3aa694ece200bc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642835550, "uuid": "ca022a29-87f2-4c6e-82dc-476f42cd37ee", "comment": "Malware payload (Formbook)", "value": "028b36ba87e0f89330a279d7e5c31dd0c96f0dd41866abd36dbf0b878a5a5355924fe632c5c01c82e58bf9ca91183595", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "xloader", "colour": "#EA12D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642835550, "uuid": "0e1f5fc2-d0fd-4ef4-b838-eb2cbc8a750d", "value": "T1F164120F21C048ABCA5744B219AE2757EBFB6A4F1E69058BD3087F7EFD710931936189", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642835550, "uuid": "4079f7ec-a67a-43cf-9920-c705799a5d24", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642835550, "uuid": "6224d49e-1671-4e3c-908e-82f15cc12414", "value": "6144:awOuJVLmT3lKXnr4Va2+YQiNydh776xyfLS5OHqfLNZBjz3:QuJV2qKJQ8yH7djS5P7z3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642835550, "uuid": "31cfe28b-bba7-4325-be93-cf141379be36", "value": 317477, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642835550, "uuid": "114b7fbe-3eaa-45e0-9136-da9415f6cfee", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642835550, "uuid": "57b78bf2-55e3-4ee1-bdb5-9123d0665df6", "value": "Originalgoodsorder2022_196532012.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5028ff8b-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865465, "uuid": "88dee85b-c52e-4c14-a516-5fda2ba7c9f0", "comment": "Malware payload (Gafgyt)", "value": "4d1a84d1a1cfc528b7c6983e8ed078b0", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865465, "uuid": "14efca68-a008-4c37-84f7-a6d4f3aafecf", "comment": "Malware payload (Gafgyt)", "value": "58194d8417a04abdab4f049da91be52b9b23228bbe0b49c0f98376d5293d535c", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865465, "uuid": "ae2ed0d9-6489-423a-b7b5-265fae6e07de", "comment": "Malware payload (Gafgyt)", "value": "f42a6354d48353e20d3a5ee57a05210de50bdb47", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865465, "uuid": "328ecc2c-8095-4098-962c-63dcff57b6dc", "comment": "Malware payload (Gafgyt)", "value": "0e06730a489ae3e4d50429d0a195b95c58bf86c62f78bbecc6455b80f320e20e50504e0e84a3b84deaac7f2139015065", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865465, "uuid": "f2282f7b-fb94-49e4-bb0d-eeb842a6a260", "value": "T167D3943A7E21AFBFE16982310BF75F70879529D22AA19341E26CF7185E7124C1C5FB90", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865465, "uuid": "a3aafb68-2d6d-42ec-8ce8-2a1329ec6843", "value": "3072:zYAKdMrsS5NRXl527MIu4oBMz21qyWyM2tsgzdODEuzqm/ihBr+z7mxVNn:cAKgnMkPOD6m/ihBr+z7mxVNn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865465, "uuid": "d4e28fcd-0c71-4c99-93ea-2bd5f684b6b7", "value": 140989, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865465, "uuid": "2fade123-42d4-46b4-9684-514802ecd10f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865465, "uuid": "9b501e1a-c679-4b82-a7fa-05a16f8cf2bb", "value": "nv.mips", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c1e9bab-7b2d-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642819475, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642819475, "uuid": "96efde2e-d318-474b-aee6-62c1ec0921b3", "comment": "Malware payload (Heodo)", "value": "df6027280fd3d85ad368c765fed357ee", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642819475, "uuid": "ab699b03-969f-4915-ab5f-cbb202ab7131", "comment": "Malware payload (Heodo)", "value": "58997b4775788b8d911a3c9540180323fb3e3191fc76072e655048d7ee8c4f0e", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642819475, "uuid": "68c50ca1-62c8-427e-b0dd-c30036f74852", "comment": "Malware payload (Heodo)", "value": "20bf85f2b0365b1209c1ebd90bc8c16f78f84f94", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642819475, "uuid": "54be5304-0f7d-4cdf-8dad-6dfc15788bf2", "comment": "Malware payload (Heodo)", "value": "1f47c5df88b52697e1313b80127b010eeed1f8da2a9c14c669589a2b52cd1a461fe8f3c15d2658c61470ae876703f49d", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642819475, "uuid": "429a21aa-7eb3-44e9-8e96-aa4801ae1db5", "value": "T12EE4BF127BC2C076C26E31B0459BE7B966F996308F34A6C7BBD10F3E5E741D15A3821A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642819475, "uuid": "3eb02b28-f9c1-46a7-81b0-8ed70397dd1d", "value": "d986dd84d593c1266f1531c47644f308", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642819475, "uuid": "e4b1cffd-e9b6-408b-948a-b4c80a1526cf", "value": "12288:agvTeqrCeX329Soy/O+TCJJU2QyDqXkkpldzR6TqKCKD9:tviEdX3Y7GTCRhukkpwqU9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642819475, "uuid": "fc1803f4-597a-4558-afc7-91301a49a193", "value": 658245, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642819475, "uuid": "1c8d658c-a4ce-4c9d-adee-061322bec85f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642819475, "uuid": "06eb6eae-d47f-43cf-93e8-c2c669f341db", "value": "emotet_exe_e4_58997b4775788b8d911a3c9540180323fb3e3191fc76072e655048d7ee8c4f0e_2022-01-22__024430.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3721a3a7-7b22-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642814742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814742, "uuid": "a81451c0-810a-4f4a-bd8c-6523aedd8d30", "comment": "Malware payload (Mirai)", "value": "38d541d237be3c603ebc77d855eb4dd7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814742, "uuid": "43ab6f8c-1d24-4037-85f1-fde1aa158298", "comment": "Malware payload (Mirai)", "value": "5ada45835ad92c29d594bcfc06f9b8b1f2955b7534a0e66cdb590cfcf4fe3fac", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814742, "uuid": "13b9bc01-571d-4ae8-94bc-70422cf0dd0b", "comment": "Malware payload (Mirai)", "value": "87e958fe9cac55999486c7ddb54f938132b8c0f9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814742, "uuid": "28b568e0-b6b2-4e3f-89c2-af80b7172b98", "comment": "Malware payload (Mirai)", "value": "ed725d551c6f106f423e2e792cb1e224ec532971315c3269e46ffe92f85fc89cac89bfc5e578eca7d397bf68cf3eec34", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814742, "uuid": "247e6c17-0c08-4067-8c16-aa3c751188db", "value": "T111B2D01AC0AE6EB4FE9B7D355941E2817FA19BDF3A62CDC016C05B110632D2C5F986E8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814742, "uuid": "0ce0c863-9fbb-4db2-a3a8-e5cc5661485f", "value": "384:2OA0AeimAzNCdvw1PwIWWtKfz9VuBFoeIoA8FXw2t7tTmojIo7M4uVcqgw05VxJJ:2AApCdvwJr69VJoA8FZtxCo8p4uVcqg7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642814742, "uuid": "2860bf5e-8684-4306-ba8c-77d8b5e900f3", "value": 23936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642814742, "uuid": "e8d4f704-2247-424c-8ce2-a0835382920b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814742, "uuid": "d2786b58-d6fa-449d-b9e6-c25ea3d15ad2", "value": "38d541d237be3c603ebc77d855eb4dd7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "831b45cf-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload (AsyncRAT)", "timestamp": 1642837633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837633, "uuid": "e9fb4cac-e227-4761-ac9b-fc32dc05f059", "comment": "Malware payload (AsyncRAT)", "value": "cecfdefc8f201d03066386a9a6b011f0", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837633, "uuid": "2de50b28-16f6-4e61-a5b5-3389e6e547a3", "comment": "Malware payload (AsyncRAT)", "value": "5b476b935cae4bf02299f7dee135b0bb091fd7716b2973d7172e04f4f2985d72", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837633, "uuid": "3f7ea85d-7a52-4054-be31-1a6dfcabfd3b", "comment": "Malware payload (AsyncRAT)", "value": "fd451496139859f387cfef71404d50d042297ca0", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837633, "uuid": "c2fec9a4-2aa5-49ab-8068-52ef3297e323", "comment": "Malware payload (AsyncRAT)", "value": "28d7d4cd514f5e39b9e3885c3c2750917d3b9a5249b5c02b968a01ab82449096c1260aef9f435c6ff8160ce307a6e911", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837633, "uuid": "93a0acdf-939c-4573-8475-a2c43921d776", "value": "T16C639F35F2828852D4A40279B49A82B47367DFD00F039A3B6B677F4E3F62F438E46595", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837633, "uuid": "8a6ad48f-a461-4a3e-add3-6152879e5ef7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837633, "uuid": "06b9a9a4-a33b-4b03-b207-d2ca2e9a88b5", "value": "768:5wKWFOhOl6nf6wk9VaP8i2XkRFTmOc5N9WBwzNt:5wKBhUHwk9VaEi2XwpeZL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837633, "uuid": "3fddc366-166e-4cbd-8f85-486813a141e0", "value": 70656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837633, "uuid": "b6fb084c-08d0-4978-9973-5bb9a874eda8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837633, "uuid": "43ddcc46-fd7f-478b-b581-8f8f88ae5e9d", "value": "IMG_212022100120011.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77cbce88-7b5f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642841050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841050, "uuid": "05de2a19-a06e-487d-970d-05767263bce1", "comment": "Malware payload", "value": "b3b2571e979e2c9cfa4b499788858e61", "object_relation": "md5", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841050, "uuid": "8242af4a-62d3-495f-88bd-5c585fae05b0", "comment": "Malware payload", "value": "5dc5843c66fb4a0549597c2470d02c3fc14562b66f724dc9c10d07859ea4e226", "object_relation": "sha256", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841050, "uuid": "d20b506e-485b-4831-a29b-45a0174ccea5", "comment": "Malware payload", "value": "6d26646d18b5e6557a4894de5eb7c353837d99b7", "object_relation": "sha1", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841050, "uuid": "a1e5dd51-358b-4317-8e32-74d88f2937dd", "comment": "Malware payload", "value": "99b409a41bd8c10dafc29f48705dcd4d3ee4cd87723652e6a61da4e48dcb9c902f0afc34d45f1291a2dab4ce7f5ff20b", "object_relation": "sha3-384", "Tag": [ { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841050, "uuid": "0f2759e2-1b6f-4659-b58d-86af4f6ddbc1", "value": "T1DD412A38EF825CB0FA0C8C78C34BD6049873CE7E114649DA8305664718B40895F42FBC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841050, "uuid": "ade3fde9-23bb-4a2f-881c-f59e57625fa4", "value": "48:9y3x68ZYMMtS68vvbBJtrO3AXjVFgdNH1iJDX7u/iELmT59:wx6BDSjlC3EjgHIF4xs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642841050, "uuid": "a01097c9-be21-4c26-8d21-6318fe6f44ff", "value": 1968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642841050, "uuid": "e760827d-fdd3-4107-a050-21010cdfc31f", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841050, "uuid": "e03c3144-c515-42d3-b497-69f0a6042e91", "value": "24408AU24408_24408.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69c10ad1-7b84-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642856918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856918, "uuid": "d1b5022c-80be-49f9-8589-82facab1cb79", "comment": "Malware payload (Heodo)", "value": "d95f50c322c00b412fec9ee6510570e1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856918, "uuid": "1fb17804-72ac-4d19-b1ab-47837a351ed4", "comment": "Malware payload (Heodo)", "value": "5f3f5eed0a1bf93970791b31beeb98a623f0afae123408e59fcbd0d5eaf73046", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856918, "uuid": "04d74008-3af6-4a76-b89a-045bf42f0166", "comment": "Malware payload (Heodo)", "value": "55a988905fce9831e018d30024fb9489f848230f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856918, "uuid": "1f2d6a5c-ef99-48cc-85da-c1ba0c1a7563", "comment": "Malware payload (Heodo)", "value": "db4d043885218dbd407dfc91243de656833660bdbb988173725f43b5c874dafb8ada19a4b341dcd6c5f576eaad35652c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856918, "uuid": "9f139a6e-7008-4fa2-bf96-d4ca253b0bf0", "value": "T125D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856918, "uuid": "f7903fa4-6d30-4ec0-85db-ae649f976404", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856918, "uuid": "78a05f53-b1fc-444b-a0e9-da812c320a92", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLCkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQGkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642856918, "uuid": "fbddcb14-41e7-4916-abe1-8b96d37f8373", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642856918, "uuid": "e3d68988-e55f-4b6e-85d9-39e6bf1a81cf", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856918, "uuid": "5f2b3098-06c3-43c4-bab7-dbeae49166f2", "value": "d95f50c322c00b412fec9ee6510570e1", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbc09c1e-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "6cafaf87-2715-425b-b508-ceed3571b0ee", "comment": "Malware payload (Heodo)", "value": "139e4c87038bb05b4567078e234b0855", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "14193c70-6045-4c0c-8bda-b71b7e9b5d0a", "comment": "Malware payload (Heodo)", "value": "5f51b50d01adaafed2342d7e5b40e328d3d939e946a2d717500e25ea21de8286", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "22f571f3-60d6-49c4-8cb8-278a8e10734a", "comment": "Malware payload (Heodo)", "value": "dbfd22670d5df5852f76313e75619a214d4d0ec3", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "c4aebde8-69e9-40dd-beac-0af5b45d9548", "comment": "Malware payload (Heodo)", "value": "46665f20f14a4b5e281517f8c5b08e683989c4239dbf5f1e9fb01c26e1e3f95664721ccf102dca4f519c7849b55c59bf", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "1ea8fad3-2ad2-47f1-abbd-a6dca96eaced", "value": "T1D6D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "ad34e9e8-acb6-4fe3-8144-dde6422df3d1", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "45207a0b-4d06-486d-959d-33da2f77513e", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLykMZR+TTD7vgEPej:0hn7dA19ZCOyDaQekqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854586, "uuid": "105f6edc-3df4-4de2-b828-5bfcca76c908", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854586, "uuid": "c2d4026a-d670-4581-ae2a-4cfad347189b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "9378661f-8d8f-4086-837a-446d079d2504", "value": "emotet_exe_e4_5f51b50d01adaafed2342d7e5b40e328d3d939e946a2d717500e25ea21de8286_2022-01-22__122938.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f3d979e6-7b9c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867457, "uuid": "cd2ed094-b156-4729-a355-0592199dffb2", "comment": "Malware payload (Mirai)", "value": "36d0dcffdd70c876de45753eef535e86", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867457, "uuid": "dfaaf8bf-53c7-4b46-8dca-29b2780c2c05", "comment": "Malware payload (Mirai)", "value": "5ffd88ee6cb020c565718998e8588dbf4662e29908e227546c525b9318c926b5", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867457, "uuid": "bb42e5ca-3ffe-4226-a468-ccde45e85fe9", "comment": "Malware payload (Mirai)", "value": "5edd93a541d1da627cb2348f3a7d8f8491a7e460", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867457, "uuid": "77c928d5-9753-4ed7-86d1-05559385aede", "comment": "Malware payload (Mirai)", "value": "e335fc84f15c7fc350e44e003df2fa4355ea27c31a3fb4a1f788556ca271602ab188eff54f4e8eea34133df4251d1623", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867457, "uuid": "409ea76a-4dbd-4dcf-ad72-ea74041ff011", "value": "T19CC32805D5508767C2D3237AE79F825D37325BA4A3DB33215A34BFB82BC27891E39921", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867457, "uuid": "e2750a60-75f6-4d17-8578-06de90550a58", "value": "3072:ekYPUfsgnsb0J2ag/Vf2kDN0dn+mTQOY5NX3cn:9YPUfsgEo2a02kDy+mTQOY5R3cn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867457, "uuid": "e3e95660-b277-4054-bf76-7629ce121a5e", "value": 121007, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867457, "uuid": "e0352e02-dd3c-4bac-a0ce-787815ee34a3", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867457, "uuid": "aa932702-b69c-4b3a-b434-4e17b42a58d7", "value": "a-r.m-6.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bc6ef3d-7bd2-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1642890368, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642890368, "uuid": "fdbab2ac-a0cc-4e33-bcbd-16f4142c95f6", "comment": "Malware payload (RedLineStealer)", "value": "7289c24e6e34cf7ed1d518152eb64eac", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642890368, "uuid": "848edba8-8950-4bf6-94e1-929dad7fe3d4", "comment": "Malware payload (RedLineStealer)", "value": "6104f2b4049168fea236bb6a5b9a5194b878b61f87336eafb0fe5a5fab93144b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642890368, "uuid": "17d26192-c7f5-49e9-96a9-6ebb1b26d53e", "comment": "Malware payload (RedLineStealer)", "value": "e7996ee499e594195cf25be007ba862c299d50ab", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642890368, "uuid": "3fa09f8e-422d-4cad-bc04-0a9ab619354a", "comment": "Malware payload (RedLineStealer)", "value": "295b4fa8632b5eeda2965867f57cee96438c358fceff7954f6ee55b893616cd6f594a0d870f083a593c3ace535c575ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642890368, "uuid": "0179af0e-b387-4873-916a-ff5884adafc5", "value": "T120F533BE62DA1E63E0B7C6F67CDD61A5A2FDE0308519176A2324B2517F181C76E3D320", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642890368, "uuid": "9a85898f-a499-45f0-920d-888f24891509", "value": "c05041e01f84e1ccca9c4451f3b6a383", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642890368, "uuid": "9c027274-406d-43df-b68c-8599cad43031", "value": "49152:EgHgbCWLFWrstzhszJ/qGQa6Q516nVMYYQmPBFuyZz6niQkuCaUbhe:JRWLFS4h8/qGC4EaYSBFpgB+0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642890368, "uuid": "8aa82abc-97e8-4063-ad3f-ee58bf43c14c", "value": 3329751, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642890368, "uuid": "d0bda756-be9a-4a6f-9e21-b20ab2ee89fb", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642890368, "uuid": "c7ae6af8-fccb-4514-bfa6-f6c60c2c24dc", "value": "6104F2B4049168FEA236BB6A5B9A5194B878B61F87336.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6a4aba1-7b59-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642838659, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838659, "uuid": "7828cf7c-f08d-4feb-92bd-fa986f538123", "comment": "Malware payload", "value": "ab5b7e07cf347e2e7c9c985aa282af2b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838659, "uuid": "43561e2d-edc4-4203-9fec-ad165ecf806b", "comment": "Malware payload", "value": "632956665873dc83a8ebc4b2d8f4d0ddbd3e838f867f68db01bb46ebbc5a4f24", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838659, "uuid": "14a053a7-f1ed-42f6-9da7-94d4462224b0", "comment": "Malware payload", "value": "62319faea280e00d382a17948f8b02af9ae01dc4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838659, "uuid": "97974650-e807-4e02-a4d0-447732aa1f35", "comment": "Malware payload", "value": "cc827e0c37b108660ba66e5d8a1b985ffaa64f42a23fefc7964837666a2689f9fe52582c52931fd1545b3404c1e3a6f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838659, "uuid": "fee2f817-fbde-49f1-8d44-4b5555cc9093", "value": "T1B724128A35C4D4BFE11AA9341CB7A383E7B7F61A1360845F5FA01FFD6821083A752293", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838659, "uuid": "a2f518ea-706f-4acc-b7e7-f47dd653e37e", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838659, "uuid": "04198efb-c795-4f99-ac7c-7237a3a3b0da", "value": "6144:owYmmR84FFUHAeiQeJu/eGsjJxqzVTyaZ8GcRHP:CR84FpJ4/REJkuLRv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642838659, "uuid": "c3980e83-8986-4cd0-8ea9-a09331c628ff", "value": 216870, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642838659, "uuid": "a247c342-b19e-466b-969e-4351664b45e5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838659, "uuid": "db9bdfc8-9847-4916-a395-e634da5ce3df", "value": "ab5b7e07cf347e2e7c9c985aa282af2b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d1994571-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874701, "uuid": "d9dabfc0-4d06-4750-a7e9-95f6d7268b4c", "comment": "Malware payload (Heodo)", "value": "1687db9a923f48cab5a32cdfc450b66f", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874701, "uuid": "2a7e68e9-ab50-4e92-9b8c-2d4d0c073a51", "comment": "Malware payload (Heodo)", "value": "6486f4730c2041aa4e8c96ecc214d10c1b014e958e85d01c2da7934b984fb42e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874701, "uuid": "4ea048d3-0485-4201-bba4-dec32f408a1e", "comment": "Malware payload (Heodo)", "value": "bea928fd72be2c9846d95f0a5c183e0b4f8a22b6", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874701, "uuid": "9ea46250-3279-4147-8456-d3a9036aa738", "comment": "Malware payload (Heodo)", "value": "1143f7181b9effe7fa350ccd82b6f47fe9ba11aa99d23bcf213daa5da99fa816fbab093c625fdd7c74a4a34568b5c3ab", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874701, "uuid": "da3d5017-9130-4194-b908-3bd0c88cbc29", "value": "T14DB3ADE777DB4889EF25037A8DB606186763FC615BE313472345B3266E74AC09D03A17", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874701, "uuid": "5fcde6b2-3da0-47ec-b9db-214b314b85b7", "value": "3072:+C+nBqmxk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIFxe53lGvFTQ3IzxgdrvxpU0O:R+nBqmxk3hbdlylKsgqopeJBWhZFVE+s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874701, "uuid": "9a919e87-1c81-4523-9cf6-3f89b97557ce", "value": 110301, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874701, "uuid": "0c7fac4b-77fb-4fe3-9d43-b8a1f87507c1", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874701, "uuid": "927a9fc2-eaba-4e60-895f-9636087862d0", "value": "payment_1.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cd02f0c-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854400, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854400, "uuid": "dc496e79-9e67-49d9-8380-2b68e7cdf6e4", "comment": "Malware payload (Heodo)", "value": "83fdeaf19ae60e26dd0b53ab74a66f55", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854400, "uuid": "81b85b5a-b5e3-4906-9f73-1b56286e6c1e", "comment": "Malware payload (Heodo)", "value": "65104ef88eb6e5e0416a33fe16709450ff79b3698266b9ce96af3d848cf44c48", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854400, "uuid": "05afba05-ac95-40fe-a246-c6dcd2cc2631", "comment": "Malware payload (Heodo)", "value": "cd85c9f211ac8ca31d5f7b096ee76f1ed10f47b5", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854400, "uuid": "385aa8ab-2b8e-4b36-9e5b-d8ec28e3b954", "comment": "Malware payload (Heodo)", "value": "973f5c7e0498cd26df78d286767a0b16c7cf5ee9b0bc71812ce3996d611d54762d28c8edd17af3e9233ef9774cd45bc8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854400, "uuid": "eb3402cd-705b-4767-93d7-3f7aaed1da14", "value": "T1F3D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854400, "uuid": "6698785d-6e94-4f55-9c3f-3f95509fd009", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854400, "uuid": "42175b37-138f-4879-87d3-871e06b3a4be", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLqkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQmkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854400, "uuid": "3e077213-fb79-47ae-9250-fd0523d8aef6", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854400, "uuid": "b53aaacf-40a3-49f8-bab2-3a7bb4fa0e18", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854400, "uuid": "957883c2-925c-459b-8cf4-650a6c2a98fc", "value": "83fdeaf19ae60e26dd0b53ab74a66f55", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2544f1e-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874622, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874622, "uuid": "3e4b2f36-1c67-4c00-a448-8965b3302e71", "comment": "Malware payload (Heodo)", "value": "ccb845b6b3f32b856328f138cde8e5be", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874622, "uuid": "a5a835d3-3ddb-4161-863a-c33d4df5ca8a", "comment": "Malware payload (Heodo)", "value": "65e756cc7cbb530ce22eb343803aad4ce6d6c356dc6db4aa0db139e71485803e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874622, "uuid": "ea480c64-3b3b-4ecf-bfab-aea78b23324e", "comment": "Malware payload (Heodo)", "value": "7a011823c083c3012c5d708fd863cbb6ea4687a2", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874622, "uuid": "15512f9a-8b4f-4dfd-9e56-f607ca747be3", "comment": "Malware payload (Heodo)", "value": "7f7e2d8803735b811e5483b43364740aef18da6427972481014259d1fb667579aa294d9fa6052a310525c7aef0600b9f", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874622, "uuid": "c02ca8ff-3f6b-4765-967d-00f0f2bac2cc", "value": "T126A3B0527BC6CA59EA4547710DBB024AA723FC105B7A63473285F3783FB89E08D13A1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874622, "uuid": "8392c2d7-ad94-499f-8ee2-e2855246d6ac", "value": "3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874622, "uuid": "a18f6351-31af-4f73-bad7-ed110a22608a", "value": 103534, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874622, "uuid": "b238cc54-3a81-42d8-9e03-15c9398af23f", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874622, "uuid": "6b4df267-334d-4f44-8d4e-32278233efd6", "value": "copy payment.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "704e254f-7b84-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642856929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856929, "uuid": "65637e4a-fa74-447d-9d1b-f159f6d04b14", "comment": "Malware payload", "value": "325f326232680d70d21d122369014774", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856929, "uuid": "1fb74c34-cf0d-43c5-94e7-e7ddc1d6ccd2", "comment": "Malware payload", "value": "665cae85696a397d5cd63a86b95ac321779552b56a441021aecea57e89a27563", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856929, "uuid": "43a59d1a-343b-4900-881b-bc5a5f3e1a61", "comment": "Malware payload", "value": "07e7899c9944b978b5d5c851b7c8c782f405b517", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856929, "uuid": "662f2781-4709-45d6-9b71-197e6697b260", "comment": "Malware payload", "value": "7bfd3896f4cf89f4e8d962acce6994b10db452de5ff297da0b98d217e185e5b8776f5c7b98ebdb286e0c15347b4a4ddb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856929, "uuid": "ef040529-4195-4aa2-8f69-fd06240d1822", "value": "T1A6A34A43371D0E67C1BB99F51EFB23F087A5F86216626280B51DBE8A0333BB46416F95", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856929, "uuid": "d6db6eb3-b0bf-4113-b262-2657f8130046", "value": "1536:H/4DdLlRoNOsQj325Q2UO0Do7IchV940/W6JW2gHgQCU4jto25Z3A:8Y8W3UO0DQ94CW4gHgQCU4j225Z3A", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642856929, "uuid": "c7168584-9972-4da8-90ec-6416f1a4e04e", "value": 102657, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642856929, "uuid": "a8862ebe-d391-45ca-a188-87797a50e334", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856929, "uuid": "a53ba9c0-271a-4717-adf7-d9c170dc1785", "value": "325f326232680d70d21d122369014774", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbf85288-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "5c33e4bb-0c1a-4820-b7e4-a85aa57da05e", "comment": "Malware payload (Heodo)", "value": "a24ddc13d41a4f267ea6b3b2971f3c5b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "460109d3-2a12-49cb-b27a-cc7e7553a081", "comment": "Malware payload (Heodo)", "value": "66fb5747723dcdc41058a470e65d8a27f150172c99c71e170aa394f7e8c125b9", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "dc023844-60fd-4fb9-9c22-e21445f76201", "comment": "Malware payload (Heodo)", "value": "b568003f7ff16bec314ab2a74ce1698be8d4bb92", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "b6ec9308-8b33-442c-a90f-227fa094fa1e", "comment": "Malware payload (Heodo)", "value": "5b728137ae2937ea1b1b11486b31728332b8d9ce16924e3cd7ded8c4007b4d487487374acbf7932cbcccd5922e425931", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "cef69046-4b18-4ae1-8e22-b84b4d0bf3be", "value": "T14BD49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "379f64ac-c7ec-4a68-85ba-58faa811f76c", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "15592047-bd38-4137-a61f-c3999e4229e2", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLrkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQHkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854586, "uuid": "fa618b5e-322d-46be-aa67-9e2210362ad4", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854586, "uuid": "b541c9b4-7485-4906-ad6c-bb236fcf8c30", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "13d7f90c-96f5-4b86-8eac-812259f33a66", "value": "emotet_exe_e4_66fb5747723dcdc41058a470e65d8a27f150172c99c71e170aa394f7e8c125b9_2022-01-22__122939.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db9ff12d-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874718, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874718, "uuid": "76b26919-2d13-43c1-b6b2-9cb8a9f8ae29", "comment": "Malware payload (Heodo)", "value": "da005e1d77b790b4e7f13b8b33d47eb8", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874718, "uuid": "5de463ac-9d4c-4d67-bb3c-e063be289b9c", "comment": "Malware payload (Heodo)", "value": "677e96c45b7d459b90128c62cea326921fd521e88bfe6b4cd0ebdeb4d099dd21", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874718, "uuid": "9908cf3f-9965-46ff-9ac8-5775aa2a610c", "comment": "Malware payload (Heodo)", "value": "8026e06d9af5f82ec2dadf77d70baf4615758c91", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874718, "uuid": "76714638-5899-423c-a31a-bb0996305c68", "comment": "Malware payload (Heodo)", "value": "f2c465ea28c5166625201c2ec347d88f650e06c3b5d415ee3cde3e2d3de368d3c11a9dd40d496b31ebb3ced45a581169", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874718, "uuid": "3f8dea5c-fd7a-47a5-8b72-0acacb32d6c7", "value": "T1FCB3ADE777DB4889EF25037A8DB606186763FC615BE313472345B3266E74AC09D03A17", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874718, "uuid": "7294f633-e043-45af-8f12-26220a41eae1", "value": "3072:+C+nBqmxk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIFxe53lGvFTQ3IzxgdrvxpU0O:R+nBqmxk3hbdlylKsgqopeJBWhZFVE+s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874718, "uuid": "69e91313-4faa-47ae-bc43-5f62366a9c50", "value": 111330, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874718, "uuid": "4732f5cc-a3c1-4f8c-8520-386e3c103dc0", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874718, "uuid": "6adb7605-6efd-4ae6-8e9e-93921a1c5fd4", "value": "report 01 22 2022.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c9c06e0-7bb3-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1642877136, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642877136, "uuid": "3681dabc-4ba4-4592-8f55-0cf31b1d42bb", "comment": "Malware payload (RaccoonStealer)", "value": "b10d7186f4a2d0655f2f6a38e4eb9c6e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642877136, "uuid": "79974f3b-19a6-4786-91f9-a86d99e36afd", "comment": "Malware payload (RaccoonStealer)", "value": "67e030c1c7dd08138eb1d6a12a4d652c4a304f22db556afce411c32a23bddf23", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642877136, "uuid": "4d1b4a5a-3dba-4d37-95aa-111f9c9252b0", "comment": "Malware payload (RaccoonStealer)", "value": "3234b9edcd1ff528bd32dab60aaed001f53c19fb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642877136, "uuid": "ab57854b-3da6-41d8-89ca-44121d49251c", "comment": "Malware payload (RaccoonStealer)", "value": "72f74fb95d1dd2b371d210b67bb42b08bc4f073b8fea7f747e36a99f2476054f976e5b5bb9d94c3666018c9c10da8658", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642877136, "uuid": "f26fb9fd-b1e1-4137-9f00-f0f921d509a8", "value": "T171A63355D9A25582C342AA3B49325824681CA2A39F54D46EB33F1F6B5B3F2F13EC74F0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642877136, "uuid": "dfb33cda-bba4-4423-aca6-02e66943d46c", "value": "c05041e01f84e1ccca9c4451f3b6a383", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642877136, "uuid": "63aec227-c80e-4b12-b39b-73c6ebef832c", "value": "196608:JCJhQjNtKF2tSdZbHrSUsJA3dLCQydYebWttjwf6ebc3Q:JdjNtK9SFJA3dLCfIttje5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642877136, "uuid": "716a7d16-ee57-46ae-9bde-41c647bee9a9", "value": 9808087, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642877136, "uuid": "777c19a7-f563-41fd-9e48-641cdf38187c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642877136, "uuid": "8b044b24-94a5-4454-a35b-504c7ca41fb4", "value": "b10d7186f4a2d0655f2f6a38e4eb9c6e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5327482-7b62-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642842441, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642842441, "uuid": "7667c5b7-717f-4228-af3c-6980b6526eed", "comment": "Malware payload", "value": "bf7fad08608c4a26af0e59f382175d79", "object_relation": "md5", "Tag": [ { "name": "pw metamask", "colour": "#31123A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642842441, "uuid": "02d715c7-27cf-4331-9634-46c6ecb50372", "comment": "Malware payload", "value": "67f7d63019c6653b27fb5012169cee151caba41f4b9c9953e574c17ca4c9bce2", "object_relation": "sha256", "Tag": [ { "name": "pw metamask", "colour": "#31123A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642842441, "uuid": "323f5fae-4560-43ed-9c3d-43c0e15fdc42", "comment": "Malware payload", "value": "8a0f273f1f8ced755dc6a67bce0fb315bce441e1", "object_relation": "sha1", "Tag": [ { "name": "pw metamask", "colour": "#31123A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642842441, "uuid": "7d2e2de5-9a7d-48e3-8cbc-bfeeb53d46ec", "comment": "Malware payload", "value": "65ce1cbbf6138aea0b1c8a4e8c9b710dac77cddd24b4ac1b82e37f8f65cb22018dfdf27dac4ed496d83792772b817421", "object_relation": "sha3-384", "Tag": [ { "name": "pw metamask", "colour": "#31123A", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642842441, "uuid": "2f847e32-261c-471a-b220-4d9de09b5841", "value": "T1BFB50129F4653A61F88DC6B806F01CB4C3E96C34136B67C82235759FA663E2E9F34935", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642842441, "uuid": "cc28ac40-c75b-4179-87e5-2afaa5ac5949", "value": "49152:+6s4VQ+6ywljeYquSB/O5rbdt5H2LgfNDFf2RVnT:RHy+6sduCMPdt0L+FWh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642842441, "uuid": "8e5a2792-97a7-4aac-a900-2fa90cb7bde7", "value": 2293084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642842441, "uuid": "eee0300b-5a95-42b8-988d-f26074481ed0", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642842441, "uuid": "d7ade68a-97c3-43db-93db-8fd6ebe1b35f", "value": "MetamaskBlackWallet.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f69a5b9f-7b9c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867462, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867462, "uuid": "5a0ec56d-2bab-454b-916f-6b9b39651f15", "comment": "Malware payload (Mirai)", "value": "5734532d8c2348fa14546a08079728fb", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867462, "uuid": "b874abca-54bd-4738-8c8d-05f6c3a46b35", "comment": "Malware payload (Mirai)", "value": "69ec2b065f3ba05b7669d8f2e8a257ed1c1435306b882a1f8b92f2354e5d6b5a", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867462, "uuid": "b4cc4460-feb4-4451-8352-2ae594e9cde1", "comment": "Malware payload (Mirai)", "value": "a5a4e83b2f5abd1ef364de3d62955fee00289a1e", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867462, "uuid": "02353776-b0ce-4825-9280-ff6b32672919", "comment": "Malware payload (Mirai)", "value": "5a29019aba125ebb5c322b6d61421ff31fd6b283d2a8bb82eac1a5d3a7973e62af0323b7dda19ab1e520065005a9bbd4", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867462, "uuid": "4a4a40ee-b037-447f-af87-bb3e70273db2", "value": "T131933A47B71C0B53C59B5AF12DAB3BF08B69B9E113D76185A10AEFD00372EB12412FA5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867462, "uuid": "a2a3a749-56f9-47ac-abcf-8632238017e7", "value": "1536:QQK1n7bzX9jajzvxRq57wBRcGCMCZDxeBk+8xl4umXxVqDrstKfz9e:Q97vk51RcG7APl4umXxVqDrIKfz9e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867462, "uuid": "24988c46-e3be-4e8e-b307-e04ec940d440", "value": 93907, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867462, "uuid": "77af2290-471f-456b-954b-880c6d60410f", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867462, "uuid": "b42d162e-1700-42b2-8e87-7b73fe33e16d", "value": "a-r.m-7.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5632662-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload (OrcusRAT)", "timestamp": 1642837717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837717, "uuid": "6180dd78-e501-44fd-a5ce-c3beef0876bc", "comment": "Malware payload (OrcusRAT)", "value": "3ae1f7f2e628833914909d54bdc88c2a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837717, "uuid": "1e760916-1d5e-4079-ad6b-0dda84736858", "comment": "Malware payload (OrcusRAT)", "value": "6b2bc89a82c41241a24f0a8c7972b563e30303bf7c277d767ac5766510e8f03e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837717, "uuid": "5dfc2e54-b722-4586-9698-ad558d60703c", "comment": "Malware payload (OrcusRAT)", "value": "bd8beea63e9607fc41b80e6c6ca90764b3cbd3e9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837717, "uuid": "1877069d-8c5d-47d1-abbb-533bc6c96daf", "comment": "Malware payload (OrcusRAT)", "value": "5d0a4e9c4e24ae9e708f8088c5dde11c42932d154b254b1760c581b6d3fa6df4486f19bad5ebfbe0f5f97e9dd570e1ca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837717, "uuid": "e5a36d0d-93c7-4b62-b0e5-69d3b25121a4", "value": "T11315AF413BACBE06C1BE7B7C66731AC60BB8ED065052FB4E095461EE0DABB42BD11357", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837717, "uuid": "f04316c0-84c5-4107-af57-b669b75fa10f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837717, "uuid": "39df40ff-e422-404b-bf94-34ac08e30530", "value": "24576:O8c4MROxnFj37rkxrrcI0AilFEvxHPnViooZ:OGMi1PqrrcI0AilFEvxHPn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837717, "uuid": "c125d041-c04f-472f-953b-18e3d92ae1d1", "value": 950784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837717, "uuid": "e8809eff-563f-415a-b56f-a02c5512bde7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837717, "uuid": "b2cd7b55-c405-47db-8126-a901628d6704", "value": "3ae1f7f2e628833914909d54bdc88c2a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "225afa39-7b6b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642846060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846060, "uuid": "a731b6b0-65d7-4bf2-a490-768242f84d4c", "comment": "Malware payload (Heodo)", "value": "69438828fda2b733dad66153594eab67", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846060, "uuid": "99fca55e-6528-4b45-994c-8b218740f775", "comment": "Malware payload (Heodo)", "value": "6dbc7e5ab3416d6c32626779f27a9c7a3d0cbfaef102e9cb6ccd5c592a39624f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846060, "uuid": "7a15bdc3-7f83-4c6a-9982-797216a73081", "comment": "Malware payload (Heodo)", "value": "2f3060a9de15fcfdb52530369c3d738968d52dbc", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846060, "uuid": "7519868e-74ba-4f18-9314-15ddc2a88053", "comment": "Malware payload (Heodo)", "value": "3232c4df40f7cad1d9136b86574cdf65e155cc1ea59ca1155118158c2eba602dc1c0f374b1d31ff109b44d2e6a9c4b9b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846060, "uuid": "40eace61-4f4c-4cd1-9afe-6b5b7e41bf7b", "value": "T118C4AE12F7D5C07AC0AE12356A2A9B9C63B6BD51DDF1C217EFD53A4D5E34A028F24322", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846060, "uuid": "d5445c62-d776-4d54-9325-a8f20a3d4c2d", "value": "883fcc468f82171d3a7cd0480cf7c8d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846060, "uuid": "d5b34e2b-3ab2-4b4c-adc7-1d7b841ec6b6", "value": "12288:P78OGF+L8/4UUNyrLdMhTq/n4vAzdkPs7:D8Ody4aLdbkii", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642846060, "uuid": "7c040b9a-8a56-4d04-8770-587394fe63ce", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642846060, "uuid": "a4042da7-73e5-4ab0-838e-791d9e23dbb1", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846060, "uuid": "fc0b8d27-fd96-4f97-a1cb-a7d85c03e413", "value": "emotet_exe_e5_6dbc7e5ab3416d6c32626779f27a9c7a3d0cbfaef102e9cb6ccd5c592a39624f_2022-01-22__100735.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6f54cbc-7ba0-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642869127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869127, "uuid": "76d7a995-7a80-4709-8348-9167c39396b3", "comment": "Malware payload", "value": "2783fece39b263098cdeb3f6bb92941b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869127, "uuid": "33f18ed3-5448-47ac-8cf4-9e25324aacd8", "comment": "Malware payload", "value": "6eb5109cd7387bcb2543a9f3fc3251f9e0c1baa76d0e72be00aecd4dd752eca4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869127, "uuid": "9199db5e-b644-4a6a-9492-3420eccc3e10", "comment": "Malware payload", "value": "bc15e64bab1b534012b78e19b5bd71eab20a2c7a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869127, "uuid": "b6b41798-0372-4e4e-8a17-0a1e7bfba967", "comment": "Malware payload", "value": "e350d0c1e63685ecd9ee396d2328978348f8a7608a1e60095d6de872e69880ec5c62ef5c0196835e88f18e412e044252", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869127, "uuid": "12ee0c6a-8d51-44a2-b9ca-d42463c574a5", "value": "T15203F121D179CEA3EFEB69B15DDAC5D09FA08384A6C9C576124CBB74CA2133354816CE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869127, "uuid": "a5b4a37b-eed7-4606-b381-3f40fe644d89", "value": "768:AGbGy7wwv244trZOVy5pib84ZLCoNiDrn4uVcqgw02NWXHt0rWYt:hGyMU244trZOceXCoIDrn4u+qgw06WXY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642869127, "uuid": "c68b22d9-884f-4a6f-a87d-47551add42a0", "value": 40508, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642869127, "uuid": "e8099ed7-347c-4e94-a791-c3e9b475e7d0", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869127, "uuid": "85a00fa6-1de6-42a4-975f-dae234b69997", "value": "2783fece39b263098cdeb3f6bb92941b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e185e3ed-7ba0-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642869145, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869145, "uuid": "ec614b71-c181-4bc3-8138-05a7b2ea9082", "comment": "Malware payload", "value": "bf5ca7ad81c05352b2d4ee1c22d61255", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869145, "uuid": "c7ffac8e-1735-4224-8ece-8b70c9022a82", "comment": "Malware payload", "value": "6efb7e3571ff25ae3fed395e1e1fa502fb2f0b8260ec6c1bbf77af6095d6f428", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869145, "uuid": "e1617bc0-a42f-4809-bef7-274683712eb6", "comment": "Malware payload", "value": "772636072b19504d6185b35977557bae44307dd2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869145, "uuid": "0bd64e64-7339-45bb-857a-3a50b5d6abf1", "comment": "Malware payload", "value": "a3daa24c5d3f4efa38d616bb75baf2fb6a3979b07b958523dfcbf1360416d9d56b1660036eae51e74ca0e2a526c9ce54", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869145, "uuid": "2df5a46f-7701-4b41-814f-79f35341bef6", "value": "T1ED13F110D5CD3470C8B70537D3B69B0213A955F861FBB729762CB9FC48834A3E38A694", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869145, "uuid": "f7e325b9-43cf-40d1-a2b7-c4d286d96dc3", "value": "768:6jizcvefBjbWee+JAeZH8mJqqApJ8HFRMQ3EYw86/++bLT3UC1nccu+gWvnoXMN:6jsy9+Jj3MQ3U8iP91Y+7Pz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642869145, "uuid": "e9db40bc-522f-4d3f-a9f5-a7330fd617d3", "value": 43712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642869145, "uuid": "861ee1ce-54e1-40fe-816a-4291b1adc60a", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869145, "uuid": "fcf04876-f3ba-443f-8f84-94670ac0f89a", "value": "bf5ca7ad81c05352b2d4ee1c22d61255", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1109b681-7b58-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1642837871, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837871, "uuid": "dfe99786-44d9-44b4-ad43-52b5c6995b5b", "comment": "Malware payload (AgentTesla)", "value": "78368efdaa2d49599f6093ac56f0e38e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837871, "uuid": "815a7a81-565e-4577-9270-af5403825a0b", "comment": "Malware payload (AgentTesla)", "value": "7162329049ef9e88afaa46525dabed19ed2f6d1a619c6ad09880bef3971d30be", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837871, "uuid": "37109e57-636c-4e3d-ac2c-e95ed787361f", "comment": "Malware payload (AgentTesla)", "value": "f524f6cacfa1ef59e0ad89d7464fbbc38845300e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837871, "uuid": "0d33cab1-1d6b-4ddb-a5b3-0cdefb4126e0", "comment": "Malware payload (AgentTesla)", "value": "745ef16d987465f03dbaf83d861fc9226207560067725caeb74cfaf679f6c206a06d3f250c9d6e2ea18c3199de509b5a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837871, "uuid": "22f305fa-de57-4263-a2be-3c485b453ebb", "value": "T1C81518AD325071EFC867C972CEA81D64EB61747A571BC207901312ADAE0DA97DF242F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837871, "uuid": "e7c2a657-dde8-4884-bde8-6851d7b13226", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837871, "uuid": "05e35c17-4543-4e61-850b-195f303caef7", "value": "24576:HmpQHB65gKYuJCWiiBbwo2Ta6+i9vYFr:GpZYobiieo2Tr+i6F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837871, "uuid": "feeb0b11-4201-4e69-b100-e258f04b1ce0", "value": 896512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837871, "uuid": "b2531fa8-7f00-49c7-abc4-c01a2038292c", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837871, "uuid": "74a2d06b-7bdc-4ec4-adf8-72db93186517", "value": "78368efdaa2d49599f6093ac56f0e38e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "379d6134-7b6e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642847385, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847385, "uuid": "35953e06-ede5-48b7-ac25-53f3aa7da2d8", "comment": "Malware payload", "value": "7361c89b6c4b78603ea4505efdc5d034", "object_relation": "md5", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847385, "uuid": "4aa190f5-8ce3-4eaa-8797-d4939ab3512b", "comment": "Malware payload", "value": "71c6f423d06d23aa0a895fbe57ce13a981be7c6c037c6f3724f0cd8d9eb37c24", "object_relation": "sha256", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847385, "uuid": "c3db0fd8-3b64-4787-9dc0-4caf2c5d8cca", "comment": "Malware payload", "value": "89d07428a250d9864dbe76ea72b4719025524496", "object_relation": "sha1", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847385, "uuid": "fe4e03f7-5b97-42d0-a68c-b064973f2c13", "comment": "Malware payload", "value": "ef034a602b652f28d60ba8eec108f89d4eb19e333b1f43d918cfe07afa52bcd54be13ae72778a32e3603d8ee46db4ea1", "object_relation": "sha3-384", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847385, "uuid": "e1f0cf57-7c8b-4272-aa66-38ee4d133556", "value": "T15AF2D118CBEA0002D3F5CD760A0A790F127BA415570867FE6795B82BC5726177F7632E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847385, "uuid": "0c9ecc51-683c-40c7-aee7-7fccf27cd082", "value": "768:UHaold417YaK3wCCe6z4ks1wOOvMA807Dxg:BXYacSkksIMLL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642847385, "uuid": "93559fe4-1a47-4fcb-aa13-b817437e4765", "value": 34660, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642847385, "uuid": "d03d6c67-6d73-4f1f-8cc3-9523b3618638", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847385, "uuid": "02ebfd3c-dd3b-48a9-8819-0c3af3a2c2d0", "value": "exe,71C6F423D06D23AA0A895FBE57CE13A981BE7C6C037C6F3724F0CD8D9EB37C24", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cd60bc8b-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874694, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874694, "uuid": "3c47681e-428e-4a76-a195-34f6753d6269", "comment": "Malware payload (Heodo)", "value": "ca77072260e840394b611b95ab2598ed", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874694, "uuid": "5369de90-cdd3-43b6-ae55-94c8c88d37cd", "comment": "Malware payload (Heodo)", "value": "72dbdd222a22cdfd3b4f473900823bb9ad6276636eda6cdda895602292f7325b", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874694, "uuid": "349529d2-9804-4718-99b1-5a3c6a72badb", "comment": "Malware payload (Heodo)", "value": "9d7141b06e8329660acf2bcf74213df24906c5db", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874694, "uuid": "02a93cc4-ec5e-4e57-99e3-e72946cd7367", "comment": "Malware payload (Heodo)", "value": "8c9a439a4331fc3eefaccd02b3fb281e6ba1746a43a21473cf925de2378cb96d0854bd400870fce91d056d15c8033445", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874694, "uuid": "1f82028b-d0f4-4c8f-8410-eeedb05e7a73", "value": "T1CDA3B0527BC6CA59EA4547710DBB024AA723FC105B7A63473285F3783FB89E08D13A1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874694, "uuid": "cefa959b-c79b-4d91-9e59-908a58e8a5c4", "value": "3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874694, "uuid": "403d6502-2ed0-447f-9612-7caed430c5a6", "value": 103676, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874694, "uuid": "827ca14d-a7c0-44d0-afb4-7bfe27371155", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874694, "uuid": "1bee509d-aec9-404f-b5d8-2adfc99b1635", "value": "LS2842645362.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1941e2fa-7b9f-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642868379, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868379, "uuid": "b5c990bd-b226-4324-a509-c5e832f3370d", "comment": "Malware payload (Gafgyt)", "value": "73e6c1fae2a29479c5694711ebc2a408", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868379, "uuid": "b63f2243-2c20-4d88-b223-a675b4d05115", "comment": "Malware payload (Gafgyt)", "value": "72ebfa99f4953e5039a69c9dda64c51525eee217037f441fee9d681bc2e34de6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868379, "uuid": "73783151-46e2-4e91-bdc3-6bd5c2cd6f71", "comment": "Malware payload (Gafgyt)", "value": "a5e9fd94b0e727d8fdb49b2dfbc5cbd60ba0e1c9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642868379, "uuid": "43f618dc-7d44-489b-bb7a-cbfecf13f890", "comment": "Malware payload (Gafgyt)", "value": "e20e21a62ef1fadcd04ccd91424739b3f0940a07f10d4efe28fb74b0f3c393050db354d4caeee66a8e3bb929e857ab8a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642868379, "uuid": "f9e821f4-3828-402e-bced-041cfae21deb", "value": "T10103E1A54DAF9019EC2904F941BFBC8C7430632BE2D094B8B9DF75A9FC92B542A11F1C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642868379, "uuid": "7f16170e-2cda-47cd-9933-4745798aa399", "value": "768:dps9N+7IqvXbIcyUg8rH9t5mHwIG/r5BlunbcuyD7UWyqKbivJUi3SF+Zb:dps9sIEXbIzhIBmQIIBQnouy8NqciBUo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642868379, "uuid": "4b16bf4f-e107-4887-b890-88d125d86046", "value": 40796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642868379, "uuid": "2a5c31cf-51a4-4bdb-8923-4b00f41ad4dc", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642868379, "uuid": "839c9e9b-1d4d-4588-9e5e-2218db73cbf3", "value": "73e6c1fae2a29479c5694711ebc2a408", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9d116480-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874613, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874613, "uuid": "7fc84a03-534b-4c1d-930f-3ce9240a0b3b", "comment": "Malware payload (Heodo)", "value": "07e76595d883e0688aa563c068d2392d", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874613, "uuid": "80f8aadd-fe22-471a-b559-7c445bf2fbf6", "comment": "Malware payload (Heodo)", "value": "73155a5fbadd138c8c2fe019fa6ddc7867e92e0749241b6820f2a78425b25064", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874613, "uuid": "63931a53-bcd7-4a51-ac34-e2c75de0ee31", "comment": "Malware payload (Heodo)", "value": "3c195b785fb71c33bfefb742e8740b0edc1dba2c", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874613, "uuid": "aeeeedfc-d1b7-499b-87a4-d3955f1a131e", "comment": "Malware payload (Heodo)", "value": "73162149c20013f7babc52b1776b8d2d4c5ab7e9a3920a27e28c5321682db9b35c61e099059a4a0ea6ef51f63f8589db", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874613, "uuid": "f450d4ee-0ef1-4320-995b-76008c09a0e6", "value": "T176A3B0527BC6CA59EA4547710DBB024AA723FC105B7A63473285F3783FB89E08D13A1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874613, "uuid": "1daf77dd-0a9c-46b5-b860-b5f3930d932d", "value": "3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874613, "uuid": "fd297e44-5cb9-422a-a7e9-93ad02514d9c", "value": 103865, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874613, "uuid": "5e9dbe36-ccc8-4a4e-beae-b0e1c1431c87", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874613, "uuid": "a67646b8-5930-46b1-b9c5-35b1a1cc93d6", "value": "check copy_2.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ab0f0f6-7b6e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642847363, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847363, "uuid": "d5236376-8377-4719-b11b-7dca4ff9146b", "comment": "Malware payload", "value": "f230653351b4987ac448b2681b43afa1", "object_relation": "md5", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847363, "uuid": "1965e68a-56f9-4b9d-90e9-480f54f151b6", "comment": "Malware payload", "value": "73663d2e74c293d4df3d95eef6d4ed181748105f5aa4549eb93f27a81a69d791", "object_relation": "sha256", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847363, "uuid": "0a3f904c-23ac-4fc4-b606-b17ab12b5db0", "comment": "Malware payload", "value": "62929e26d5ebd4619814205748976755288cdc9c", "object_relation": "sha1", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847363, "uuid": "28c32a74-01d0-46f1-9693-3e0871469259", "comment": "Malware payload", "value": "e02efb18cca31b3a65a9562496d6f2d47ed88928d39464826791d55200736c179edd7412378d83adc74a98b48fcd6569", "object_relation": "sha3-384", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847363, "uuid": "4062d4f7-7a35-482e-8bbc-3c1b65288400", "value": "T174F2BFD8B26D40F1D3564832E78BA5B2F82ABC1C672956C74A01F23F2938755FAAC514", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847363, "uuid": "0f953c74-1baa-4708-8ddd-d6a25ab6b9e1", "value": "384:tndP0mYrUSVz6wUnhJRFClV37ZNKy6K3x3KFXXDGCsYlH53LS25rCdqB7/O53vTr:tndP3ZMj3SdK3McA5bb5rCdu/uR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642847363, "uuid": "401e8b6b-8c04-46d7-8fc6-e0d212da6cff", "value": 37236, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642847363, "uuid": "0b9a6d9d-138f-4570-a54f-e7aa4ed31d65", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847363, "uuid": "b520b896-3b33-4cd1-9764-eb5200d79749", "value": "exe,73663D2E74C293D4DF3D95EEF6D4ED181748105F5AA4549EB93F27A81A69D791", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be97a56f-7b29-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642817976, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642817976, "uuid": "9dede091-47b5-4d8f-8e6a-02699b119728", "comment": "Malware payload (Gafgyt)", "value": "31a6f15ea663730c2a9fce77305a3390", "object_relation": "md5", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642817976, "uuid": "aab8fd7e-8436-4fbf-a497-a0350be62ce2", "comment": "Malware payload (Gafgyt)", "value": "73fcfb03ad89a105e1210f2b32cf4a38ceaa09beac6fdb9b9202c4a66297f83b", "object_relation": "sha256", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642817976, "uuid": "252bc1fa-85c8-44f9-9d9f-b8ad561a178b", "comment": "Malware payload (Gafgyt)", "value": "b8d543a314718a93c6f229bf51634b00b8783045", "object_relation": "sha1", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642817976, "uuid": "21fd0e85-483c-43ce-a8a3-f2fdd5bdc4be", "comment": "Malware payload (Gafgyt)", "value": "76cedb26c4cdbbb7d567a057a81488562a71741c87214c926ea1549e17bcc4fe8e0bd12bbad6e1c9afe8e83f82b1ce89", "object_relation": "sha3-384", "Tag": [ { "name": "64", "colour": "#6D7DCF", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642817976, "uuid": "0c79080c-c2fa-43f2-a6a7-1454b9be286f", "value": "T1E133025DD3ABE63AC435993142850980F7713097E0038A974DCFFABE846F68E9773A19", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642817976, "uuid": "f89e7b4d-739e-4566-a710-c8fcbdaed3f6", "value": "1536:sR6gmOGUtzpPA+QcaLO6m82p+qLfvy5FuefClcpfN:k6gvG6S+ELO6m6qLSjuDcBN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642817976, "uuid": "8253d4bb-0b31-4c82-92f1-3d921eb03fd1", "value": 51576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642817976, "uuid": "aa67d120-c23e-46ab-aa85-5748963e6302", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642817976, "uuid": "f53d1926-87f9-42f9-9f6d-8af30e353c3e", "value": "31a6f15ea663730c2a9fce77305a3390", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ea0d3f2-7b6e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642847450, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847450, "uuid": "ad5318db-4040-4471-8143-11e5ef33fd12", "comment": "Malware payload", "value": "1f429497006142aa4dc26905a94ed43f", "object_relation": "md5", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847450, "uuid": "53745fbe-3302-49d4-b963-2a79c34d1cb1", "comment": "Malware payload", "value": "7438e191c205f926ec706f0f1738c5da265b3279281cdf9e95eccb5d0fa9c2dc", "object_relation": "sha256", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847450, "uuid": "c085615c-97ba-4cc9-9c16-3c1fd74d382b", "comment": "Malware payload", "value": "f5a6c8b23aebb3073d60f7597cbcf29ba8b2c4e1", "object_relation": "sha1", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847450, "uuid": "c1779dbe-8f69-4b53-9036-59675b82f00b", "comment": "Malware payload", "value": "f78cd228241d0de6a0dc0e142541e8e9b698ac102b065ee03629fadefd4b7f6c2250322cb1bc470a6a1404e210791135", "object_relation": "sha3-384", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847450, "uuid": "700514d3-b19b-4f4c-9946-826764ff7df2", "value": "T185B2D024CBEB0102D7F6CD76080A3A1F6372B018570CA7F9A799993BC5516177FA632E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847450, "uuid": "802eaded-a64d-4069-81c3-f2d6a6a7b3e7", "value": "c4e6282ffd1ffa097fd4cb2b076f2dae", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847450, "uuid": "27901651-4aef-47a2-b90e-f0296edda05e", "value": "384:5wle/TJC417YBViblK73+fnCCCPF6z4kSJ1EejcDq4tkFQJVvMXwtC07vvxlL:mld417YaK3wCCe6z4ks1wOOvMA807D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642847450, "uuid": "935a49be-7370-46e7-9c06-349167d3ae91", "value": 25444, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642847450, "uuid": "61f1fe9b-0d17-4d2f-b422-21ccd5a0b993", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847450, "uuid": "888543ba-6b17-4a69-aeef-d9d667ad2775", "value": "dll,7438E191C205F926EC706F0F1738C5DA265B3279281CDF9E95ECCB5D0FA9C2DC", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc04a096-7b93-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642863606, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863606, "uuid": "0c6488a4-0413-4145-82fe-e4287ea5c295", "comment": "Malware payload (Mirai)", "value": "290a2883af3c97ba5c44a0874016819c", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863606, "uuid": "597a3d9d-c5f1-423b-92ff-d1d5214cc73c", "comment": "Malware payload (Mirai)", "value": "757bf6278ec84b8136c56bf37ccfec018404e9282cb26432025513019cb56d5b", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863606, "uuid": "6a9e5a56-3979-43d8-a3f9-963448a8238a", "comment": "Malware payload (Mirai)", "value": "d5a10615a98a4ba196e0af012ac66bbfc36a6d97", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863606, "uuid": "8b3afe4a-cead-4007-8b02-facb49ac5df3", "comment": "Malware payload (Mirai)", "value": "0af6324b90318d27f21693d06cd9deb556433dc3c697ed158543ff844d1af63ba6c9cfe82a56b0c561424c2aa732195c", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863606, "uuid": "a3c56c00-3627-43dd-a2d2-2ed26b0b20f9", "value": "T1B2E35B46FE408A13C4C52776BAAF414A3323A758E3EB73078D189FB43F86A5E4E67505", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863606, "uuid": "c1958425-7450-46f4-8f2c-cee9cdd49301", "value": "3072:urYzzI6tJF51byoZ9iKjAk9Ub/6ZM/9XyqtNy:urQzZnNbyoZ91jdUb/YM/9X5Ny", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642863606, "uuid": "61b5deed-7f0d-4cd8-95d5-ca8d37b8af19", "value": 146945, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642863606, "uuid": "5e9f6c87-389c-4cd3-8234-079dbd797189", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863606, "uuid": "14acd63f-2b0e-4257-a94e-7f54c376d520", "value": "arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33c7613a-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642837500, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837500, "uuid": "17bc6577-da5e-4509-a1c4-908263fd3fce", "comment": "Malware payload", "value": "1d31aacec59b79e4160a7ffdb56721ed", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837500, "uuid": "59b6926e-a387-4548-b7f7-8bb5daa2bd4b", "comment": "Malware payload", "value": "761d38b98e8ad5fa5a0a34aa94dcefda97bf633e39e6f37879034231fd9d4d11", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837500, "uuid": "cf7c0fb6-4ff1-47e2-b4cd-68efffdb95c4", "comment": "Malware payload", "value": "8b37b4c51bf77f60567fa4e1ec75706f65a8d573", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837500, "uuid": "938dad26-023c-4ad1-88d1-b8d5494a7f57", "comment": "Malware payload", "value": "2bc62c9c256c20b2eeba21bfdc99b263f929e27b503e626088171817d3475ac4c0d24a92ac09ac2582eca310e1ba20ae", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837500, "uuid": "d8b00b84-f70b-43f7-adb6-bb4d3fc23205", "value": "T14C521E0177F90C34F3F75F75AA7149984A3BB9A27EF2811D0448444E4A32BA9DE39B13", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837500, "uuid": "68c176c4-aa08-4217-ad37-bf62097d8267", "value": "384:YSoIrHLWIeoC7RO0ouuGAMDc6jgMRIRbrjc:YSXHWIeoCMd16cNc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837500, "uuid": "3eee98b8-56f0-4701-8d1a-c7908cbde786", "value": 13534, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837500, "uuid": "b5c488ce-bc61-4022-8d9f-f55aae4d7cb5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837500, "uuid": "4a8cb83d-c5d4-4533-a792-8ef8ac982d6b", "value": "1d31aacec59b79e4160a7ffdb56721ed.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ab01524-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload (AsyncRAT)", "timestamp": 1642837619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837619, "uuid": "1c26edcc-786a-4419-9d09-7c36d2410f73", "comment": "Malware payload (AsyncRAT)", "value": "faf1041f0493d771cbf14d5b31f8f2a1", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837619, "uuid": "49129db6-4e1e-4e1a-8cea-bb3fbe4490f5", "comment": "Malware payload (AsyncRAT)", "value": "799763440e6afd098c97b79ac8e9e947bc49b69b311e98ceee8b9153ce9397e6", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837619, "uuid": "29302d6d-c957-4e89-b428-94c873a3d540", "comment": "Malware payload (AsyncRAT)", "value": "6a21be7f6188e1d7300e8ca0b860bdc2cd5d8c23", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837619, "uuid": "20f31e28-3aff-4709-a63b-2db37f08335a", "comment": "Malware payload (AsyncRAT)", "value": "2a4445a350dfe177aba2d6c9c9bc905aa3b45c15b99dac17abfe897dbb4f02cd5fcf5de091c47225429ca03ee28fd25d", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "iso", "colour": "#ED4E86", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837619, "uuid": "d5236263-6db6-4e15-88be-6706e907a75d", "value": "T193D37D35F2828452D4A40239B49A82747367EFD00E239A3B776F7F492F63F438E06695", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837619, "uuid": "89a8704a-f5d1-4fa2-8adc-6eb388284125", "value": "768:I3wKWFOhOl6nf6wk9VaP8i2XkRFTmOc5N9WBwzNt:WwKBhUHwk9VaEi2XwpeZL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837619, "uuid": "f9f92ad6-2543-4545-855e-752634e58a2f", "value": 133120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837619, "uuid": "9b49d127-90a8-4726-975c-4358980f55bb", "value": "application/x-iso9660-image", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837619, "uuid": "c8d9f6f9-514c-472d-81ef-107c875b1880", "value": "IMG_212022100120011.iso", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "057a3e62-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642865339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865339, "uuid": "4084098d-3745-4ce7-b2d8-f354bbfa76b4", "comment": "Malware payload (Mirai)", "value": "5b4ed84037db3014e2588a9718c18141", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865339, "uuid": "ff85060d-5189-42d2-b2d0-5a059aeeae76", "comment": "Malware payload (Mirai)", "value": "7a3e478364e29c0e6478a291cf75fee51e3fdaea47f1dfd86c3e545e87592ec6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865339, "uuid": "c1ed4b20-fc5c-465c-bd95-0ad5c95ac2e2", "comment": "Malware payload (Mirai)", "value": "816aeec689fbd8a5d5ec297a5a6a6658a6a66275", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865339, "uuid": "6dbc4e6b-53bd-478f-8621-161d755ec741", "comment": "Malware payload (Mirai)", "value": "393ad861a694831069302b84254f4ae509558830108d34c8f12fdc2f6945f18ca35db39c7a504aaa28e548ad85f7d79b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865339, "uuid": "5d5ebfa2-c7b5-4058-b428-8ead00de7f9f", "value": "T13A634B0177684A07D5A61EF8283F17E483EEEE8051F4F9842A4FDA0B4276F33554AF98", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865339, "uuid": "ab439894-2531-474a-88d1-1cd54b91a9ad", "value": "768:mySxULVx315vW1ORm/mNmfRLLflK+ue+QoGXfziOQ2Sp5LKb+zHaFLeJFKI:XVJvW1O45fFNxusfe6b+eloV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865339, "uuid": "1d19837f-5c54-4f9d-9383-3fed5e14926f", "value": 70792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865339, "uuid": "233a5c29-964e-40eb-b561-d1787827c5b3", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865339, "uuid": "75f03dcd-2f96-411f-884a-fee1ee3e7406", "value": "5b4ed84037db3014e2588a9718c18141", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a340949d-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874624, "uuid": "1ee85f78-0cb6-4512-b06e-e6d76a67050c", "comment": "Malware payload (Heodo)", "value": "02d1b1924125f5441508e9534d6e63f9", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874624, "uuid": "6b13aa41-a5c7-4aa7-b10f-dc064239db6a", "comment": "Malware payload (Heodo)", "value": "7bd1caac9273f146c98bf66f7e1c2194e1aa3076a3a1676e8a5cd18739457e08", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874624, "uuid": "fd36e67c-400f-438d-90d7-4bcfe218de2e", "comment": "Malware payload (Heodo)", "value": "ca22efce505105056c809028f719c568ce3d2fea", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874624, "uuid": "acd10501-7f44-45af-937f-85d9dd5a5860", "comment": "Malware payload (Heodo)", "value": "cb37803f6dfc2de6846e48269a03c01d43ce1059ded6c308950e642a411671b708299b2bb66121c43705a11d67f9d076", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874624, "uuid": "09978eae-86d0-468a-ab5b-fc92e8da0c89", "value": "T137636CA7B78299EADA0483394DB643C5B717EC104F9A43C73694F7346EB49F08D9324A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874624, "uuid": "836e9aa3-cd65-4d3e-b049-d62384bcb961", "value": "1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874624, "uuid": "b9841967-f5d8-47d4-b68e-17601c628d6e", "value": 72452, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874624, "uuid": "ba553194-c7f3-401a-8dc9-533f9ec8a0e3", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874624, "uuid": "7ea0935a-4050-450a-a8ad-fef3a937e6f8", "value": "CT639492126536393.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4c2976d7-7b16-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642809623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809623, "uuid": "410929f1-e51e-4528-b1a2-ded01e4c7572", "comment": "Malware payload (Heodo)", "value": "80c419a6f9918c6ea222188423e152c2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809623, "uuid": "e6ca5cf8-f5fb-474f-9e63-421cf6af41f5", "comment": "Malware payload (Heodo)", "value": "7cc4eec4a3fbc84103be35f6261d71812f2ca0471750ca1ced5a4945de4a4f91", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809623, "uuid": "a34f0dfd-d4e7-477b-abd3-ee1f5908cb13", "comment": "Malware payload (Heodo)", "value": "5c75ea261f87807c1acbc002976f37cc6ca0b77c", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809623, "uuid": "034b2d08-56fc-4584-a151-88ba4fcfe12d", "comment": "Malware payload (Heodo)", "value": "af0e6c18ec484ac9b5bf42f8f465646f34135e0391fc5579719250408f449858d855c20f9bf2f5d3be4489eaa77384a9", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809623, "uuid": "aca7570b-bd2c-427e-abd8-539596e8d55d", "value": "T11AD4B011B2E2C07AC1AF0175595297A973F9BE90D9FDC247EFC06A4F5E315828B38722", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809623, "uuid": "69266723-f201-4d89-b170-cbb011768df9", "value": "24b46ffcf60dc8d39e8124f411ebd08e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809623, "uuid": "eda9dfc7-0239-4a87-b6c9-cfe3b5411513", "value": "12288:vClISqMT89ornPmGZtn5yzrD11ywIdO3D7AfojAxOBnVV0KOFD3EPO7:vmTWornPDryzrPywIdOz7AfOAxsVZOFZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642809623, "uuid": "82636845-caa9-4ba9-a8fe-9e4adc49ba88", "value": 634880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642809623, "uuid": "cafbb020-6759-4865-b667-0931facf03ff", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809623, "uuid": "c574292d-55f6-4a2f-a37a-baf6c3103592", "value": "emotet_exe_e5_7cc4eec4a3fbc84103be35f6261d71812f2ca0471750ca1ced5a4945de4a4f91_2022-01-22__000010.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59a69341-7b40-11ec-9275-42010a9c0029", "comment": "Malware payload (GCleaner)", "timestamp": 1642827685, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642827685, "uuid": "f18e0e52-4740-4493-aa97-a24066d5af7c", "comment": "Malware payload (GCleaner)", "value": "a242b30ad3dbfa3009ef29ba79c6b196", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642827685, "uuid": "bb7e47b7-ba63-4b8f-b17c-8b8712bc3212", "comment": "Malware payload (GCleaner)", "value": "7d8de08a564f08ee20d746a2c445245b75247e772248073431fc30d16a4b9b14", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642827685, "uuid": "e83926dd-852c-4866-96b7-1066d95690b7", "comment": "Malware payload (GCleaner)", "value": "5ab9c91b9b9cd987f1dec6514792a2656a702581", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642827685, "uuid": "c488b48c-96d9-474f-8faf-067171c3359b", "comment": "Malware payload (GCleaner)", "value": "66a75d2c783ed2416f5ebaed0312a2645b89b6af11901d1264874894e72be4f113ef2c6d4b71bb6d8bd0cb64a4832217", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gcleaner", "colour": "#6323B2", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642827685, "uuid": "6c30a89f-bb49-4a94-91c5-4fa3d5a1b8dd", "value": "T129C52302AFD1A8B2C7B10E364535B550A23DB8514FD89ADBA3C00E6DDA35CC1EB35B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642827685, "uuid": "bed839cd-f70e-4463-8d71-5a57cf4a4286", "value": "fcf1390e9ce472c7270447fc5c61a0c1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642827685, "uuid": "ad271a65-55b1-4f00-831e-2edaf4d9c5c5", "value": "49152:PbA37xJPeKsyMV/mmoAkSr+EHgHjCLZsSbGEpD6e3h3Jgtpz+vDzfvmWvKDe:PbqeKlABgDmZsSwO3epgfuWv3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642827685, "uuid": "93caef37-44e7-4b48-8acf-66317aac00b9", "value": 2673064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642827685, "uuid": "d89acda4-2548-4327-bbb5-1dd50d549f28", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642827685, "uuid": "cb1e642a-0855-4c18-89c1-eea0519a3c1b", "value": "a242b30ad3dbfa3009ef29ba79c6b196.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa8fe822-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854584, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854584, "uuid": "536cb8c4-3e16-4bbf-8b47-3c729d977751", "comment": "Malware payload (Heodo)", "value": "322573735a5314a8132eb205a96de32e", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854584, "uuid": "0cc8ff0c-1f5d-4700-971b-e4cc73c122c8", "comment": "Malware payload (Heodo)", "value": "835fae32b0f5425f737bf9b5b02e5b97f2dd60083145a4834d3364fa8f05066a", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854584, "uuid": "d2362a7d-32ff-4a39-865b-cc7d7e84b308", "comment": "Malware payload (Heodo)", "value": "67ffca898eb7444151d6240f8a6e50310bea19b0", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854584, "uuid": "c3e380ac-6749-469d-b64c-aed4207fac17", "comment": "Malware payload (Heodo)", "value": "cb6092e2812cb8a49bff7427240d4c233305ebf7b00ac259dd0d4a7a7fbb043932d80de142a67d8c44eb6443fa333f2c", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854584, "uuid": "78779ece-fd9b-438f-9a25-11fefd3f5993", "value": "T106D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854584, "uuid": "85fa5639-aa30-4b40-a6cd-cb9d3f971e82", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854584, "uuid": "f537728a-3e9d-493c-bca2-cfa5a8a4d456", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLhkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQlkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854584, "uuid": "a8a6b307-d9b1-47f1-a6ca-ac9c2c666316", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854584, "uuid": "01e57f8f-69eb-4ab1-8548-33699d8dda52", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854584, "uuid": "dfbd9ca7-d080-4d99-92ca-aeaa156c44be", "value": "emotet_exe_e4_835fae32b0f5425f737bf9b5b02e5b97f2dd60083145a4834d3364fa8f05066a_2022-01-22__122937.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14b1aa18-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642874384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874384, "uuid": "c16c9127-4efa-4570-9fc4-8717aa0aa5b8", "comment": "Malware payload", "value": "fc88229ed8e58095084cfaef3a5c7b5a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874384, "uuid": "0c4f3adb-47be-4658-a43d-d344097ce7f1", "comment": "Malware payload", "value": "83f776224290e8a004e00a00c4f7080075c64cf6ac010a7c9d25846da43864cc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874384, "uuid": "c80ea594-12e5-4fe4-b5b0-c6c3c47307ea", "comment": "Malware payload", "value": "5f031f24b344c3136b157f399a5eec9496f24dcb", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874384, "uuid": "53e763dd-8346-40f1-a509-5a27ec245093", "comment": "Malware payload", "value": "96c7cdf49cb813fe86d4028fc342f3303ba277d562d62f4e2d61d97c40299292291b4b3ba0775802f90d9231e15b4397", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874384, "uuid": "7eda8eb8-37d8-42b7-8433-2f59c3424283", "value": "T1D3F2F0F5631DC1E2E8700D71B57C8423AA85CF58A6ED2417A87852C68ED370B1EFAE46", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874384, "uuid": "631c80fe-1261-4bf0-ada9-00a8d4c15b10", "value": "768:ncNFJjwUyra+4dG/l4SbZp1dZD1zKhfXm4TsBpPPd25q3U73t:cxwUua+CG/Lp1dZDEZXrwPu9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874384, "uuid": "39ecfcc7-afb9-44e1-ba0a-e9cf2287e5b4", "value": 37284, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874384, "uuid": "03e84580-97d1-4cfe-80a6-1d2709cbb3f6", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874384, "uuid": "93139a4c-8097-4025-bc32-26d2a868275c", "value": "fc88229ed8e58095084cfaef3a5c7b5a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0dc2e074-7b80-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642855045, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855045, "uuid": "25e06706-047a-4815-b8b5-a679af8f24fa", "comment": "Malware payload (Heodo)", "value": "e75488d15c32ff07fe4f704761d79fc3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855045, "uuid": "ff21f5ec-e956-44f1-a78a-048988c42487", "comment": "Malware payload (Heodo)", "value": "84245ae39f1575f467da0b4335d7f62f6a8ee121b0d39a3d7ee0bd764f762936", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855045, "uuid": "61a81a7b-b95e-4cce-a502-1ffaae490d45", "comment": "Malware payload (Heodo)", "value": "efad083fc2664ccf380e1ee384e56a68bfae44e4", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855045, "uuid": "63543d06-eae9-44d6-80a3-b50d1c35c37a", "comment": "Malware payload (Heodo)", "value": "b83ac4b211ec53e3429d1251cf3c7b950abf0568464d1f003fdf82f15aa2c86d8d9dd7a1c04b533fa6e57aa48485fe57", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855045, "uuid": "e6cbc27a-6302-4822-897f-3bff7c2a16ed", "value": "T1D9D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855045, "uuid": "7d0d7501-41e5-410d-906d-10c74a5cab98", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855045, "uuid": "05dd8502-c0d0-4603-bf09-5addcff08d9b", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLJkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQlkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642855045, "uuid": "58f97f03-d91e-440d-b1e7-7adb752922e8", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642855045, "uuid": "6e1cd7b7-16a3-4572-805d-2fa318ed7229", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855045, "uuid": "1f13c8d7-329c-4bbd-873f-ebeeaf5632a4", "value": "e75488d15c32ff07fe4f704761d79fc3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f0d9f788-7b9c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867452, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867452, "uuid": "cba0edda-355f-4500-b7f9-4f113913dfca", "comment": "Malware payload (Mirai)", "value": "2785ac9f5e9fa164a96e231d0e7e027a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867452, "uuid": "85d43a97-2448-4078-bdb1-3ec11e5a1f48", "comment": "Malware payload (Mirai)", "value": "847635504c56c09758ec432f52ff3468c813d80faa02f006dc4745fa6dc8bb7a", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867452, "uuid": "725e13ee-f77a-419b-8e6d-98f6674f0eae", "comment": "Malware payload (Mirai)", "value": "9ddaddf471faa9584537298b60d240211ca6b507", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867452, "uuid": "74daf2c1-4934-4244-b387-0dfad3dd1013", "comment": "Malware payload (Mirai)", "value": "2ff8697d01819cbbabaa0c7f0c1580ad76805335c4071307f894639d0a35b101765d9cd530ada26c762b656e252d0e52", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867452, "uuid": "b040e96b-f3b6-4501-b5e2-4c2dc6bf59d5", "value": "T1CFA32A44F841872BC3D327BBE78E479D3B36569467DB33116A386EB42BC17C92E29520", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867452, "uuid": "c72b3e52-ce9f-4324-8c91-4e7468715599", "value": "3072:VSx+i6mqaObhNPnPNKV+qKmZuqQ4DPwXXtse:y6mRObnPnP7qKmZuqQ4DPwXXtse", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867452, "uuid": "efec0c63-1df4-47f7-aecd-2f6cd06d7055", "value": 100871, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867452, "uuid": "2fd53bcd-95cb-46f4-aa8b-c8384025c044", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867452, "uuid": "315e447c-97f8-442d-b65f-a4262b5a4342", "value": "a-r.m-5.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6c0fe13-7bbe-11ec-9275-42010a9c0029", "comment": "Malware payload (XpertRAT)", "timestamp": 1642881985, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642881985, "uuid": "4161a89d-5485-4f6e-8e36-c8906abba241", "comment": "Malware payload (XpertRAT)", "value": "0fba4fe17da6f869210904e2b613a95e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "XpertRAT", "colour": "#0B8513", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642881985, "uuid": "6e15b15e-b3d8-44f5-8127-6dbca83573a5", "comment": "Malware payload (XpertRAT)", "value": "857e88abbcf84ed98d208749da6457a7858176656f7ed4916adf355794e67fec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "XpertRAT", "colour": "#0B8513", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642881985, "uuid": "b39cf156-a242-40f9-8ca8-1b47e064aaaf", "comment": "Malware payload (XpertRAT)", "value": "d43d9a8cd8c8ab443a8567e8e467f58395b9c307", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "XpertRAT", "colour": "#0B8513", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642881985, "uuid": "0c111be8-18a2-471f-b434-74fcb9dbe1bb", "comment": "Malware payload (XpertRAT)", "value": "6983bad5ea0fd23f1e95e7e216e63140b8975abc9037dc32fe6ab0edde7cfb22bf8ef5764124e12a95367c7e0ffc03d8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "XpertRAT", "colour": "#0B8513", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642881985, "uuid": "e3e6f9ed-3de1-493e-a448-b43089297e05", "value": "T10384123903FCF35BC5BE47B9F8A1008853B1D617B351E38B5B92A56D0D633C18E169A2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642881985, "uuid": "bb72efa7-eadd-4761-ba20-f00eee6d958a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642881985, "uuid": "1d1965e1-e6c3-45c6-9d65-0a13352fc1e5", "value": "6144:Igfey1Xs+i68+gv1geuaddfUtu7ZgNPJTBjWuqFC/Bc2OvttYK1YGSoOhpRRRRRP:Igfpi687v6ezdBUE7g8uqFwQv3f7kRRy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642881985, "uuid": "c530260c-9416-4ef1-a197-42f76d4522a8", "value": 390144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642881985, "uuid": "ae7dee41-a732-478c-ab2d-8abcc854c174", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642881985, "uuid": "6ea69d4b-cde4-4067-9168-441a6af57fa6", "value": "0fba4fe17da6f869210904e2b613a95e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7244f173-7b81-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642855643, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855643, "uuid": "9819dced-db90-497b-9d5b-9972920f54c1", "comment": "Malware payload (Mirai)", "value": "8e27f14aa1cdc71addb94b456d21ef44", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855643, "uuid": "3081baaa-367f-41e3-ae80-0bed41912098", "comment": "Malware payload (Mirai)", "value": "8819d04ffcb61fb1e92cef238d4904d1f15c506232ceeef1fef46cacc4f97b57", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855643, "uuid": "748a62ed-5b15-42f9-a1e0-14a24c14007e", "comment": "Malware payload (Mirai)", "value": "48c0260ab0e5aa43e001345238461608b42e2b3c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855643, "uuid": "fdfa8f95-0c4f-472a-b2f2-692150b5c0e3", "comment": "Malware payload (Mirai)", "value": "cfcab76064956a584c4d5ed6a6dfeea64de495844732524b9443909b2937520c77090e21610173f28952a1286ba354eb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855643, "uuid": "10e6f6b6-bd5a-41dd-9b4c-83234f0f9307", "value": "T16CE34A42EA408E13C4D51B76FAEF41493322D765E3DB73078D185FB43F86A9E0E62A49", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855643, "uuid": "bbf1f808-d6ac-4cc8-b78b-3e03ecc30b6c", "value": "3072:walgM69pe0QmlTvIUdt9mrsplDKZUQQBKXAVanXX+F8JyvSPhLZ85iBMR6yoC1Qf:walgM69pe0QmlTvI8t9mrsplDKZUQQBa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642855643, "uuid": "083c57d0-ab9e-45d5-ad75-095ddb9d91d7", "value": 145189, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642855643, "uuid": "13f5a288-af58-4b05-96bb-cf99d6eaad5a", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855643, "uuid": "fbe0273a-f182-4712-89ea-b8090a9dc246", "value": "8e27f14aa1cdc71addb94b456d21ef44", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15cb0168-7b22-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642814686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814686, "uuid": "4438cd49-b100-404c-b404-38a6a8dbe893", "comment": "Malware payload (Mirai)", "value": "d6aa2c3c3892ef083ff9b81a95b3bdf9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814686, "uuid": "3b16c38d-b596-45b4-ad71-e2e4a2271507", "comment": "Malware payload (Mirai)", "value": "896efe8ea08f69220020bd328809cab8ec2f348b8676a11699a204389af5a5cc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814686, "uuid": "a462e697-0270-4037-ad66-f02307189814", "comment": "Malware payload (Mirai)", "value": "57c82a8b2d1a6630b4c1fdacb8f629cdff14e99f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814686, "uuid": "6cf65a0c-ab37-48aa-a307-79a430305555", "comment": "Malware payload (Mirai)", "value": "666a85bf523fa5ca4989ba4f8dbd632323b9c751063554daeef82c47cfd119e2675834f12c7fa7dab09a6bb772eaa8ef", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814686, "uuid": "4f60367d-e7e5-4137-aa03-af48dbed6c86", "value": "T17FA2D01825CDEE72D1B0943AE23CC347AED743BA56FE717A1E0807D9E48151AD3BE948", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814686, "uuid": "8c53baaf-7c76-46d0-b59a-dbf7bdb26da2", "value": "384:YAmog4c6L5i4+stIW01vhQIE2TQKMpI8QwxZVFjfPnSbHp9hymdGUop5hXn:Ypoh/DxCvhdR4IjWVFbS7bs3UozJn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642814686, "uuid": "2f2fd780-359f-46fe-930c-b77046691200", "value": 22132, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642814686, "uuid": "60d04883-e8f1-4a5c-8269-172647431aef", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814686, "uuid": "7660ec46-0922-4b27-a2b0-dcfefa6c0e2a", "value": "d6aa2c3c3892ef083ff9b81a95b3bdf9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb50a30b-7b93-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642863604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863604, "uuid": "45e63068-9010-417d-bc73-953c523d17bf", "comment": "Malware payload (Mirai)", "value": "62e7ab47db8f1d520c01eca27eef7afb", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863604, "uuid": "fd5a546e-0f47-4c8d-9b88-9221849d274e", "comment": "Malware payload (Mirai)", "value": "8ba812a21123e599b605dd67dbaadd146af9ba83c9d31b05f92c952deeb8bed1", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863604, "uuid": "3d1a4409-004a-46c4-8f9d-bbed94c89108", "comment": "Malware payload (Mirai)", "value": "1088a0745a588c4c5afc7c1dcd2acc42cb207866", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863604, "uuid": "3f8f6e16-0da7-4d53-ae2b-1d929806159a", "comment": "Malware payload (Mirai)", "value": "dd0dd7db69dfc26f0f8604f13f96dabc0cdd2c2ba5e10e7a51bc6d1ed6b67d0d173f907eb7cfcfb9aeebc1bb1b878d28", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863604, "uuid": "90b11825-5d69-43c6-a34c-dc7925fe6247", "value": "T1A15339C5E593D9F9DC100A74307BEF729B76E63E206DDA93D3A8A8329941983D11738C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863604, "uuid": "d1e81de1-08a9-4b00-b2f2-d212fd3d0769", "value": "1536:yqkqTxx7yc3YW7mzslhUHxcGfScqhUyjSZd/Co:xkqTrehW7mzslh6cGrqCwihP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642863604, "uuid": "f02f509c-4244-4b82-9efd-b49e2966c92e", "value": 66416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642863604, "uuid": "9059c0a1-f5ae-4725-a8d6-6c4f1b906b84", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863604, "uuid": "77de53c8-677c-48e8-9511-e2531966c4bd", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8019b5c-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866149, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866149, "uuid": "dcb0ab22-d61e-49ea-b377-c1ff86e81f88", "comment": "Malware payload (Mirai)", "value": "5f32dbded4b1b804f8d45dfe79c9ca2b", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866149, "uuid": "f1450bec-2f42-4b38-afc7-ced3928a9fd8", "comment": "Malware payload (Mirai)", "value": "8c90d8a4867ecd964e6cba01c04f1fc67682572d910b26640de172cae1dbd94f", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866149, "uuid": "d9c81af0-871c-41e8-af4a-0aef471b2bd0", "comment": "Malware payload (Mirai)", "value": "082b2542ed5c07bc7e858cc68f33154eefd7df6e", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866149, "uuid": "8d8d6828-ff59-421d-bde7-73b24dd55b12", "comment": "Malware payload (Mirai)", "value": "1cc026b81d6883ddfd17a4142d641de7049bdcb6c38c47fc8850b6266b7fdcfc549c92b8689fa2cbb34bc6bf2d693664", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866149, "uuid": "d0313218-0ba0-4583-8c82-298a861b8938", "value": "T12E833B21BD392F27C0D0607A11F78B15B7E1278E25A4C72FBD720E5EBF616442907AB9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866149, "uuid": "2be5ff41-c6a8-4372-885e-e25fa695379e", "value": "1536:QjKPAet5Go8ACDwwe7nqIJ6TQ4FLSkZCukQuyzVHN:EaMFwBfMyCCujzVt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866149, "uuid": "f5734506-a99e-4c40-8ca0-b81d966d73fa", "value": 85232, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866149, "uuid": "6f61c279-52c2-4f70-b3a4-e4068cd0f75c", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866149, "uuid": "8dc9470e-d8c2-4303-8b49-e8cea6c42bc2", "value": "RSec.spc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77d7f883-7b81-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642855653, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855653, "uuid": "b3ec99eb-5567-4fcd-b1ea-204f8dc181c7", "comment": "Malware payload (Mirai)", "value": "3c00c3d80a1ca4ef0b16276323338fca", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855653, "uuid": "325fbb38-ba92-4d35-ab91-4b738fb40d36", "comment": "Malware payload (Mirai)", "value": "8fd0fd9e96ff259bb8d7567f21646fbd98ea52ae293b614e0b913a5b661cf53b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855653, "uuid": "812151ae-ac36-4b40-838e-727b4a974839", "comment": "Malware payload (Mirai)", "value": "2d5be14b0ebb7f1dd902a25704ea99d1810cbe6b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855653, "uuid": "966b8999-045a-437b-b2ad-3a7e78734f75", "comment": "Malware payload (Mirai)", "value": "4e32711da25e4f9c8f62195223917e9cf9d3341c336774ee8bf55801e9febab9fbd64e6edcf6afb820bb2432cea7a496", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855653, "uuid": "f96381cb-bc8b-46ee-a041-34fa706907a8", "value": "T1BE534B0277684F07FAE61AF4243F1BE483BEED8025E4B588690FC7424635E374999E9D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855653, "uuid": "5d99255a-2395-41f0-a559-2a8b5e6936da", "value": "768:Sr5Eg6nb5usRVQq8WTUqYhcBJcIGsllk5M9Bv6GG4TlW2c5sjgi+DDiZ/voBbsVf:2KbpuqJlzk5xGpJgbDOZ/vouN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642855653, "uuid": "ee01b0f8-fff8-4dfc-b504-0fc7ffeaea61", "value": 66468, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642855653, "uuid": "e194df5b-fee8-4bf0-9623-44d8e31698b6", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855653, "uuid": "6494bca3-0f5e-49f2-9853-e74235149de0", "value": "3c00c3d80a1ca4ef0b16276323338fca", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0fc6625a-7b67-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642844311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642844311, "uuid": "acab62c0-9647-4857-8f3e-f3055689d012", "comment": "Malware payload (Heodo)", "value": "e146fa892bd3ae2526c71e08d65757e2", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642844311, "uuid": "74794cd4-643f-49f2-8cc3-225306265e4a", "comment": "Malware payload (Heodo)", "value": "92989db3869817de5849a5872f44e9d68050fe56160a6e57b0ec08bca386e484", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642844311, "uuid": "0f4a3b58-1988-4a63-8388-495f5484932b", "comment": "Malware payload (Heodo)", "value": "d49b741f94b0dfd57d3e492bc442038c0251dcb5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642844311, "uuid": "f4b3105d-1de0-4622-ba35-5b953c496f0f", "comment": "Malware payload (Heodo)", "value": "3380f9ad36445b8b8872a63237c68415b1b4a5938ddb2be98814273b49e58ca3c9fa7389a342e71668e92dc24c352da7", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642844311, "uuid": "0ef2d567-6642-4fb1-93c3-4833b58fd729", "value": "T128A4BF517390D036F3EE3178554A9AB05EED7C708BE19387BF802A7D5E316D28B3861A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642844311, "uuid": "1819c445-d4b3-489c-931f-a02e4d8748b2", "value": "6d1d8c8ae132591dccaaeee10258dcba", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642844311, "uuid": "4f31880c-ae2f-4375-a415-c214d17fec2a", "value": "6144:FjjHl52ek2r4vRnFAbN7ZmNWXpdJlc+kqmUlcb8/cKzLiag1/kO9IHSCgzUzA:1k2M+BZmNWZdHc+FYb8DzLiag1/knyC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642844311, "uuid": "b599f26f-ea19-4589-b73b-d047de968e32", "value": 490496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642844311, "uuid": "7eac59a6-38e2-428a-8186-a57f1fe1710e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642844311, "uuid": "f8f2fd35-f842-4bac-87e3-c71c517f39c2", "value": "emotet_exe_e5_92989db3869817de5849a5872f44e9d68050fe56160a6e57b0ec08bca386e484_2022-01-22__093826.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd3153ea-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1642874721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874721, "uuid": "7632da2d-ef0b-4f3f-8070-a422c652514b", "comment": "Malware payload (Formbook)", "value": "ec847d05e7820bfbf9afddbdf7fe2877", "object_relation": "md5", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874721, "uuid": "ebe474a0-7b4d-43ec-8fde-b4fd40c9b788", "comment": "Malware payload (Formbook)", "value": "94d896ef290e49071db37de97179eab015471ba6e4e007b39b7755045283c455", "object_relation": "sha256", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874721, "uuid": "3204aa05-b7c9-48c5-985a-e3ca393b4508", "comment": "Malware payload (Formbook)", "value": "f7b9fec56545e6ce67ca81f161107e734cc39d01", "object_relation": "sha1", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874721, "uuid": "533ab27d-d993-4b5f-8b55-97ed0d3def1f", "comment": "Malware payload (Formbook)", "value": "5b3e5dd6195dd62288f1ea0dba8d538e549b54ef7a0e86363099b8e408ee6a4f72eeee5eada473daf81aa508e42ee5f8", "object_relation": "sha3-384", "Tag": [ { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874721, "uuid": "71992930-4a90-4522-a5bf-4dd45d20a32e", "value": "T15D64221B17D0131EA928E2F0B53BEE5151027A98EF19D2C73E6B1D82977A6DC3E0B05C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874721, "uuid": "dd54bb03-c63a-4618-a0ce-6de042f17ed6", "value": "6144:yNASSRxsRNVRzERq1uvBjc9KnV8xTrz5Ty4pN/aFNRJ6NC:GKxgDErBjmR57pgT6NC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874721, "uuid": "1524d849-d421-468b-bfc2-cdb848534c4b", "value": 316096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874721, "uuid": "ce612e85-d8d2-42d2-bfb7-f22edad8090d", "value": "application/x-rar", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874721, "uuid": "55848daf-a0f5-4ed4-bafa-22df54d99363", "value": "swift copy_20220120000.rar", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cfcc983c-7bc2-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642883718, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642883718, "uuid": "ffbe193b-2738-4216-84ce-4321be5d451f", "comment": "Malware payload", "value": "937c3ce527ab130f539fdba438a28855", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642883718, "uuid": "a97edfcf-1b1f-46b6-b6b6-7cdf60d08809", "comment": "Malware payload", "value": "96d85c668b069a1c5180c9fed4bf94bd8a001ee4088ac352eb7cbbcdd07fcbfd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642883718, "uuid": "017f5407-b145-4d1f-83e5-63a213e4136a", "comment": "Malware payload", "value": "13e27f2e5cb1f0edd2a7dbbb5601772e7e872a60", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642883718, "uuid": "34cf1011-5fb0-4f6b-8f6c-5a72060456dc", "comment": "Malware payload", "value": "812b699564639f6396fed4acb7a96c977d35a90ab3272e97bce39817100c407521900b13bfdf69bd43f540134f7cd05e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642883718, "uuid": "45acfa7a-13c6-404b-85e9-4bac6bd65998", "value": "T1D3F35B68BD9ACCAFD4972775C8F747BB7D38A4C00B178B6398208836CAE77A514D4346", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642883718, "uuid": "9de19cf5-7826-46fc-b096-8ad2bb4c59f0", "value": "8eb1269a8647f0f5d2caed350d9c4020", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642883718, "uuid": "c144c8cb-eaa9-4643-9b62-ab5aa78b50d2", "value": "3072:CqdwPlzvcvqgP6tbaNK+yyv4OF/qGWELzsNtp9qIWHF2:1qPlzvcvqgP6VANEUMtp9qPF2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642883718, "uuid": "4a25fcc2-6000-4c97-ad2c-f234ceba5386", "value": 158893, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642883718, "uuid": "e0feaead-ee86-46b8-acff-6badf3f6fa92", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642883718, "uuid": "59bbf992-4551-4f93-8a07-3bc73fa85a19", "value": "96d85c668b069a1c5180c9fed4bf94bd8a001ee4088ac352eb7cbbcdd07fcbfd.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9778223c-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866014, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866014, "uuid": "1089c612-4f02-4816-8fcd-e3e7986fb2de", "comment": "Malware payload (Mirai)", "value": "fd283dd487aee432a5e6fb6a397bd6ac", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866014, "uuid": "92fcedc7-e722-4790-b334-bca9e8c0db01", "comment": "Malware payload (Mirai)", "value": "96fb77cc820600d5ee92218e7c8f8a31f48eec7b6d0078d7e896653ec0ef5741", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866014, "uuid": "9f577b73-c2e4-4478-bec4-363b0913d62d", "comment": "Malware payload (Mirai)", "value": "c4cbf04bffb0d5f6afb527eda6f3187e5af53b77", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866014, "uuid": "5a568bb3-2091-456a-b086-3425e4a46cb9", "comment": "Malware payload (Mirai)", "value": "3eb244f4cfb286cbaeb2d74e9092befad84e2243f639c9d5acc13fba0c6b7e98db174ec624106806533244f95a0e2820", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866014, "uuid": "94d0b765-c0ad-4c16-afdd-0fd80d1a5a5b", "value": "T1A593A40ABFA04FF7E8AFDD3709EA1745248D651A21987B75BD34D828B20B64F15E3870", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866014, "uuid": "7e48d5f0-c73c-408d-96e4-863993f2afdb", "value": "1536:pF+2d5uuQv85NqjNzW2GX4L2LR6AZTzJ8ObT:pwq5u5vaNqjZW/6AP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866014, "uuid": "2b2b79be-1deb-4e17-aaca-9b1091ad9eab", "value": 97496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866014, "uuid": "9088507b-1c14-4f59-a76a-e34663e7b283", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866014, "uuid": "bcbf1f02-2b76-472b-8498-4b0a196440d0", "value": "fd283dd487aee432a5e6fb6a397bd6ac", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9afe78ef-7b8b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642860007, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860007, "uuid": "d4fdbc70-475d-4917-8964-7bee20f7a788", "comment": "Malware payload (Mirai)", "value": "181864230e2594ce3151794a6a0a5294", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860007, "uuid": "776ca1fb-bbbf-44d2-98bf-f3b8962e2157", "comment": "Malware payload (Mirai)", "value": "974faf1ab08b219668b754ef7db8ec6ff99db66378173351ed729ac5c03237c9", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860007, "uuid": "41708b3e-2d11-41c4-b41d-9612bef37ad3", "comment": "Malware payload (Mirai)", "value": "2b20b37fc88dee4fb17302ce00f290d995830a66", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860007, "uuid": "b2acd510-cba0-4378-9d3b-65e9d135964f", "comment": "Malware payload (Mirai)", "value": "d5bc823f3e11644fc8f1fa1d46ae217df21074ccf93e83073cd39c059e04b30136cc6eaa979dfcf0a12fd24d4038b534", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860007, "uuid": "370b749d-06b5-47d7-ad87-d00b113585d8", "value": "T1C3D2D0382644ED41D568D53ABB7CCA5BD6A237B1C2EDF0BD3528AF5148C33068EB8583", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860007, "uuid": "6ce9b9e4-3e0a-4e67-8006-f4ef43078101", "value": "768:2Y2Dc2wddCTC0HSJVJLiDyKg6tyMqoYJV7aGGG0iWas3UozH:2vDctdMlHSJvG7KaGVPWXzH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642860007, "uuid": "dd0a8e04-a6c8-436b-8da3-ae5b24888636", "value": 29848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642860007, "uuid": "a4eb6f73-0ff8-4b86-ac4f-95d1c395fe03", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860007, "uuid": "d5fc3b1f-82b8-44b4-82ec-bf31a47e40c6", "value": "pop.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "744baa53-7b84-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642856935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856935, "uuid": "9dd56851-1939-4f99-8bc1-acfd9b5f05b9", "comment": "Malware payload (Heodo)", "value": "a22b8a73018dc891102888536662f789", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856935, "uuid": "1d5532f2-01a8-4dfd-a312-ab5858ccebc8", "comment": "Malware payload (Heodo)", "value": "9a029e8ab5e131c6ce16c1b7b7f138a4f0e3630696a2984af009071efa909103", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856935, "uuid": "9759f032-2028-4948-bafc-cd3d5e751bd2", "comment": "Malware payload (Heodo)", "value": "a867beb94a44319850cde262e5e7c9531a93c324", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856935, "uuid": "312e2fd4-527d-48f3-89f6-c327eefae348", "comment": "Malware payload (Heodo)", "value": "5c66ba24ad6586071701a59a1d0c9131ee61f7fc917e00aa51380a880df74017018ca2e71f1e8eda99e6a462d0c9a70a", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856935, "uuid": "eb25b6e4-5dce-4e47-8b50-f89873ec5f19", "value": "T136D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856935, "uuid": "62bc0848-b4ed-4ec2-a0a4-9356c51378ef", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856935, "uuid": "076ba96b-7bbe-4dda-8c71-9f394bd19245", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQL0kMZR+TTD7vgEPej:0hn7dA19ZCOyDaQQkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642856935, "uuid": "625dc8ec-2f82-4c74-9ce0-43fca0fb75ca", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642856935, "uuid": "e5b060cd-dfd3-420b-b94d-529897bb7982", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856935, "uuid": "33d938b7-267e-4c6c-9157-0faf8f48479c", "value": "a22b8a73018dc891102888536662f789", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc8e40b7-7ba0-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642869136, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869136, "uuid": "7ed546d9-d2c4-4795-ac2d-c1f83f3dca9f", "comment": "Malware payload (Gafgyt)", "value": "9bae3c3a5efa2677b1518700775f9560", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869136, "uuid": "b7b00a6c-327b-4966-9888-972df15a1520", "comment": "Malware payload (Gafgyt)", "value": "9a2f1b1c9245507d677b703c865cb6e90b9bdd73e1e5041c6e4f23774f67d84d", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869136, "uuid": "8aeba1c8-4560-4e22-96ce-213697e92c58", "comment": "Malware payload (Gafgyt)", "value": "b8ccf3b4ef8b7c2cb86178c573e64c37da251061", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869136, "uuid": "5a8fbd4e-ce09-4cd3-9924-0b5f195fead4", "comment": "Malware payload (Gafgyt)", "value": "e03de789ce2c0c81d53908ffadf5dc3f55f362d67d1430c2c34eab9d2c3e51d15896f63ade80aaf5c424b25d2d903e8f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869136, "uuid": "e09ff2fb-4d14-4395-a97d-55dc5b4cbfa1", "value": "T12B03D062E245525BD4D602755C6FFE0C5C74B38F63C582B8FED822325D6172A2B2E263", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869136, "uuid": "b3a51597-6ade-4086-bf4e-c83009035aec", "value": "768:Q5iV+EEu2pzoeoDT3wqPEfZqf5DgRpTvEHL7nbcuyD7UryqkjZjYAa5:QjBzoeoDXu25Qgnouy8mqjF5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642869136, "uuid": "0cbb7f73-3ff1-4d0c-961d-8494ffaaf10a", "value": 40604, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642869136, "uuid": "1360b18f-0ddd-4b75-9053-4c10470be697", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869136, "uuid": "ba84c151-3499-4f78-8054-735c4027512d", "value": "9bae3c3a5efa2677b1518700775f9560", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fc06b2f5-7b9c-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867471, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867471, "uuid": "83091e27-c251-46f1-b3a2-e2412eefd0cc", "comment": "Malware payload (Mirai)", "value": "3a12ba0a46c3e236d21f38607a411c84", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867471, "uuid": "69df91c4-d832-459a-b107-927d22d9d459", "comment": "Malware payload (Mirai)", "value": "9a3bf7d1c7e115ec46cac34ae614223fa4f5de1fc6ac9dbca6f5651859753680", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867471, "uuid": "ba0b1bee-7fa1-4c50-9593-5e6a495e6b47", "comment": "Malware payload (Mirai)", "value": "cec6b02b453835021e00142e8ae27d464254c793", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867471, "uuid": "24c1c519-b9bd-4d6c-9b04-287e33357333", "comment": "Malware payload (Mirai)", "value": "28616888a92606f4098b1c93119dff01f396edbd29b79a4c9a525598cc03e6e30608e2fba29b9d7fdcc93576d3e145dd", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867471, "uuid": "d4bc6a4b-040a-4a7d-b2d2-3c036c4334d5", "value": "T1BEA3F896F800DFB7F40AE67604D34B24B670BBE14E532622731739A6AE762D53823F45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867471, "uuid": "241ba597-8682-4b4d-a8f5-a159da9f4437", "value": "3072:Vgdr2vIBAxMyAOLRcft0hOemuxVqDr78fz1e:Vgdr2vIRyAYcOhOemuxVqDr78fz1e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867471, "uuid": "4dbcb5c3-1eba-4e11-8366-08c83697fa2d", "value": 98919, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867471, "uuid": "414f7e09-4518-4247-8758-f24262bd9e79", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867471, "uuid": "21b3dac7-af3f-4740-b3d9-08234115f3f5", "value": "i-5.8-6.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a5cc3b3a-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874628, "uuid": "ffc94b15-68bd-4b9a-974b-c29e48a6e1e3", "comment": "Malware payload (Heodo)", "value": "124c65eb13f6f3365ab29c6c18e54a87", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874628, "uuid": "85b8ca7d-ed14-4130-b363-557c3201b237", "comment": "Malware payload (Heodo)", "value": "9ae234d53391aaabe67979636eb96396d92a3efc10efae792c2702488f221b22", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874628, "uuid": "2b4b236c-f4e6-4795-b880-fabbbbcbad30", "comment": "Malware payload (Heodo)", "value": "d7c5727ee214bac344ee7fd7a1c496e731e6edea", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874628, "uuid": "de691fce-edc4-4816-b659-7e6274e79b68", "comment": "Malware payload (Heodo)", "value": "a2223c0fa9aa8bb44d29bee1f63b3eee611eebe4a22db7de68d64d1b8c79572262eca61f3808ef5b10b023aa9be4c6f1", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874628, "uuid": "200a8aa2-2f98-4120-b491-8cbe443744a0", "value": "T155E36C0361459F86C84883B86FD74690DF12ED3DDA922BCF21867B173B79EA14D0A53E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874628, "uuid": "50dd3cdd-cd5c-4489-a197-fbed3afefea2", "value": "3072:4Rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAlhEvN8B/W6X1yxYovrepMUdQ6gSz4iq:Qk3hbdlylKsgqopeJBWhZFVE+W2NdAli", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874628, "uuid": "523307e9-0cf3-4e91-a9bd-9df33bb40d1c", "value": 144703, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874628, "uuid": "81b6cd19-0774-452f-af79-6ab3c509b840", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874628, "uuid": "00821a83-7248-4858-9bb4-18fe4d6bfb8e", "value": "DOC_589886478465041.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0211466b-7b5f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642840852, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642840852, "uuid": "21f0366b-d7e6-482e-9177-d39d4ac0dc65", "comment": "Malware payload", "value": "a7f2182c5ba2f1847eb3ce72b2ce1d6f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642840852, "uuid": "19b8ad87-7e90-4144-83fb-16d33050a539", "comment": "Malware payload", "value": "a206d34bbfb7274775956f308ae81339a673c0e894ed55ee1e8e0f01f20ba5fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642840852, "uuid": "2d7af6c8-0ccf-4744-a369-78f3902e6e18", "comment": "Malware payload", "value": "0e44c5c90b2b83bb85708048c82bb0145ee8ebe2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642840852, "uuid": "3b7a02c4-1be1-425a-8944-97e15601d96e", "comment": "Malware payload", "value": "96c988d3673ac703340f4063ffaf030c6ff3233eba8f03fe56255c3ab2863bb1cf14790a49ebe974f45d64807cf871db", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642840852, "uuid": "28c58c80-5a66-4568-8860-edb435ae6960", "value": "T10AF36C2579D1C031D66205313AF4DBF4896DFE314F70999B77801B7A8F202F2A6A5F2A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642840852, "uuid": "2f56b4e2-2c50-4759-8b8a-518b01a54417", "value": "b729f0e96e3a4a76f606dc40e4bc36c9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642840852, "uuid": "1310e71f-44d8-4b7b-9f11-95221d091ca1", "value": "3072:Iu7T8LJYAhDPNKELukm8qr0bXHmFrdOyppu/A9YeMr9ugBo:NQFthDPNMkmte6rdTppu/AAC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642840852, "uuid": "1dbbb798-c1d6-43d9-8546-0c553af0628b", "value": 162304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642840852, "uuid": "67c4e969-a7c8-46eb-8064-1b25c79aa481", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642840852, "uuid": "f1b48ab5-86b2-492b-8bad-9422d6dd6614", "value": "a7f2182c5ba2f1847eb3ce72b2ce1d6f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "801532e0-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854378, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854378, "uuid": "459d8c20-3bdb-47f5-a5fa-d0d19fe95918", "comment": "Malware payload (Heodo)", "value": "58e92e6cfff4308c8230029dbb2fc7dc", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854378, "uuid": "50e5b064-d4ba-4496-8c60-5cc608092c75", "comment": "Malware payload (Heodo)", "value": "a235934102427575e795f70c9d4f4471fb85740c42c6e281b6c0a68d9e9002c8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854378, "uuid": "51a724ad-68e4-49d7-b85a-26352c7a29e5", "comment": "Malware payload (Heodo)", "value": "5d5e615cc0f01f7dcb2b29329eec71d1e7773100", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854378, "uuid": "55fb450b-799b-414b-886b-69e5627a1a23", "comment": "Malware payload (Heodo)", "value": "9b56875ed92289be0ad8384e44e8868f1500fdb7626d351c29034c5a376284065d4e7b07d16322ec2d6b5e493f5ed6c3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854378, "uuid": "59669ebb-ab3e-443c-b140-fe0df51cd325", "value": "T11DD49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854378, "uuid": "9126a2f1-a4fe-441f-b57c-de809215c7f2", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854378, "uuid": "064287ba-3db8-45c6-80c0-cc18dc25878e", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQL5kMZR+TTD7vgEPej:0hn7dA19ZCOyDaQ1kqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854378, "uuid": "3f20976e-e502-4487-91ce-c53aac07e3a2", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854378, "uuid": "d7abc65c-6914-4486-a777-8d81639f425d", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854378, "uuid": "82eb4125-d28c-4010-902d-4ec25401b3b6", "value": "58e92e6cfff4308c8230029dbb2fc7dc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d876405e-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866123, "uuid": "1927d859-3244-4372-8025-3e4f56bd5c7c", "comment": "Malware payload (Mirai)", "value": "dbf1cb2092de4730550ab76a0fcfbcd8", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866123, "uuid": "37afe6b8-9e64-488a-a16d-1f761482638c", "comment": "Malware payload (Mirai)", "value": "a260d43ee0aee133519e5ae313f526de2e93f30d18b705ddc1473b084f7f19b4", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866123, "uuid": "e7867e20-0217-45bf-abf3-232a25137b05", "comment": "Malware payload (Mirai)", "value": "c9e7cdb64b3f7a9a79985e2b355cab4c9e55627b", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866123, "uuid": "c1c1d58c-910b-49e6-8e5c-6bd12b0203dd", "comment": "Malware payload (Mirai)", "value": "e67f644f2643beadfafbfc5e864622c2b8a7726f2f84319f32c1ab82dd122b1240a19b67c59438d50030f1e7fa9807bf", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866123, "uuid": "3bee4429-e9a1-48f0-bb34-22d3c2607474", "value": "T136735B95F802CE6EF40BD97984454E5BFE3063851A831F2763BBFDA36CA30226D42D45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866123, "uuid": "5506ad69-d347-47b5-b481-2a996fb2ab23", "value": "1536:eIxzB8irmE5D3OWj1wt8LT4ioUfvqU2pwiSq0/VmW5YZ1J45Mzi8PD:LHT4+fv2Snt64yzLD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866123, "uuid": "07fc1f44-4abd-42b2-8f6a-81b251a00a22", "value": 79364, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866123, "uuid": "0fea494b-1a9c-4352-b1bf-359e51c05a67", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866123, "uuid": "96939d1c-22a4-49e9-8578-fdb951bf38bd", "value": "RSec.m68k", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82a3223c-7bb5-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642878005, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642878005, "uuid": "5e900c54-4afc-44b4-9705-88206a09e371", "comment": "Malware payload", "value": "6e6b970c1343d9b90a8b559fe02f8d6a", "object_relation": "md5", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642878005, "uuid": "74ec0cb1-dbe7-4937-93ec-4905a7cd8cd2", "comment": "Malware payload", "value": "a2a9a3119dddd686f9f7b342a6552337773af8ce27ab7a9619dd5b40c84db59e", "object_relation": "sha256", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642878005, "uuid": "d418ccbc-ccdf-4df1-b372-16a4637ccee2", "comment": "Malware payload", "value": "547bc30f149e1f5536dcc0c284f6652f58d7cb50", "object_relation": "sha1", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642878005, "uuid": "80fbc94a-4b62-4424-bd00-c78bdc1ff258", "comment": "Malware payload", "value": "ecd176eb8db08119553531553cb3485327f81a54666043c56b849dbcc66603c9a375a6e9a9d9bea85945b357cc03ff99", "object_relation": "sha3-384", "Tag": [ { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642878005, "uuid": "366b5ce9-28c3-4b6a-8ba7-f36096dd85a0", "value": "T105942308A1F33099E2BF5C7853631A949B8FD4F190EDA5AE53C84CD910B6B3D3386392", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642878005, "uuid": "3b956472-02c0-430f-91e9-a8a55e82bc87", "value": "12288:IV19zIoFyUS1omjXhObEq88LhnnE12foZIB2RPy:IVbRYvjxOgOhntwZIr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642878005, "uuid": "ce245b53-8a34-47e2-b625-444c52c10196", "value": 434176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642878005, "uuid": "b7c95676-3dee-4299-9c6b-6c59aa50bff0", "value": "application/gzip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642878005, "uuid": "edc08208-5375-46c2-bfa8-c3ad4f42eea1", "value": "a2a9a3119dddd686f9f7b342a6552337773af8ce27ab7a9619dd5b40c84db59e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "530094cd-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865469, "uuid": "9af6edc1-1f15-4db7-a601-d74c7e0e8dd8", "comment": "Malware payload (Gafgyt)", "value": "3ba57ead139ed5ffad00b403078f488a", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865469, "uuid": "528d503e-69c5-467b-99eb-e2bec6326464", "comment": "Malware payload (Gafgyt)", "value": "a4da7cbcd9d558344fbcf8f165d6c01c31b3ea6d14dcbfbf6ca8b9e8044330b3", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865469, "uuid": "9df82007-118f-47f2-be16-9e90e13484fd", "comment": "Malware payload (Gafgyt)", "value": "fd343b2cb2db26c7c840c06a41ad6ff309290ffd", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865469, "uuid": "18faa3cd-7f58-4fd6-b0f0-a2006c2307d5", "comment": "Malware payload (Gafgyt)", "value": "ee677afbcb1109777bb8368081d0f715da6d6420ba941d69c3f681e269036d1c2dd4d1069cb0f8a702831be841245eef", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865469, "uuid": "c3b792f7-406d-476b-ad7f-ea249158874d", "value": "T1F6D3B716BB518EB7C84FCE3305AA4601208DAD9A02D96B6FB2B4F65CE767C4F08D3D44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865469, "uuid": "877e843c-e55d-426e-9fd7-0f8395d31e05", "value": "1536:deTBseHUX7F9VT/IwQk/+Jy7QZL8d5T4DKA60kY63KxmWdu4dTm/iimBr+z7mxV5:AseHUuJQQemK96oOhm/ihBr+z7mxVNn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865469, "uuid": "a211ce16-43ab-4427-ba3c-676cd27c9c88", "value": 141053, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865469, "uuid": "a7a68ae4-f2e9-46cd-9c5f-5f76937be026", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865469, "uuid": "9ebd8037-8875-428e-9368-2fea5d25fb35", "value": "nv.mipsel", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2361ad64-7b9d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867537, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867537, "uuid": "f1402966-e907-4c5d-93b0-8e157f602be5", "comment": "Malware payload (Mirai)", "value": "0dcfd7367184f5b06bdb19d2d18d7677", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867537, "uuid": "b779bd3f-c7e2-4f5e-a4a5-304979391746", "comment": "Malware payload (Mirai)", "value": "a5771950fa11119601274df3665d2821ce04b055fffb6306dd97e5eb8767a191", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867537, "uuid": "3b517590-2cc1-4f47-bcad-44d36380f681", "comment": "Malware payload (Mirai)", "value": "4af70bc5df40d47d6e02e37d7c75d9624e2c1b7d", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867537, "uuid": "ab6aacce-f931-4112-9fb5-df05a2cb0a8a", "comment": "Malware payload (Mirai)", "value": "f5570246299c26ca6e686019dc09e3916fc1ee856199156c4ca601230f470f5f07f2ad127ceff61bcd7d9fc8c4722e97", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867537, "uuid": "8307c8ca-6b2c-4053-a645-936668a84d91", "value": "T12DF34905E6408B57C1E2277AE6CF824D33338B94A3EB33155938ABF43FC27995E26915", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867537, "uuid": "eeeccbf6-9330-40b1-9673-9b348e4ec58f", "value": "3072:T1g2/eINNlzx2kkQCMOaQcvBhYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/3YnydM/9MmFwfBxE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867537, "uuid": "c88bcb04-9a78-4434-beb3-5ad34fc51953", "value": 159888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867537, "uuid": "5af51b7a-a432-4101-a152-c14790bac7b3", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867537, "uuid": "d0406a6f-7c6a-41fb-883c-ed1b7dafc7e9", "value": "m-6.8-k.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2961b187-7b9d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867547, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867547, "uuid": "9012fe23-713c-450d-85df-0d4120929ee9", "comment": "Malware payload (Mirai)", "value": "2410df50f0e0bec6880826a36f6e1e99", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867547, "uuid": "61930755-7313-477d-9f2b-3e6823d70d6f", "comment": "Malware payload (Mirai)", "value": "a751672a89bd58cf9c24838cf52126b0bafbc7f5f8ee329b5d858a54f1928e9b", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867547, "uuid": "b95b78d5-3be2-4540-8b35-9f520a0daaa3", "comment": "Malware payload (Mirai)", "value": "ed84dccb7b46d0f4e58e0e338629488e68f097fb", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867547, "uuid": "28f16416-b105-4c3f-a98f-ca2a8889fa07", "comment": "Malware payload (Mirai)", "value": "e259608a09ef5d2e788aab5a5771b0882856dd27baf47c07d1575af3d7c230a658ec3d6d108fa25c04c8e70ab77fab70", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867547, "uuid": "f73da672-9255-4e2d-9901-31be8248e71c", "value": "T1B5C39517BB618FB7D81FDE33059A8902108DE58A12D96F6BB2B4C92CE74B94F08D3D54", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867547, "uuid": "a092c598-78f2-467f-b873-5d0cd16ef722", "value": "1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Epj+DzUh8rmW+IFB1Df11hR/:/UyLqAmgMJM8EB+Dw8rmW+IFB1Dt1hR/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867547, "uuid": "b3bc5590-0e52-4ba4-a0a9-385d6376081d", "value": 126042, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867547, "uuid": "4ebf2277-9eb4-46e9-bf72-f46c8bb3c363", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867547, "uuid": "5243db21-435c-4ab3-bd45-6a5c14ed5ed1", "value": "m-p.s-l.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "61df5f8e-7b84-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642856904, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856904, "uuid": "5406dee8-e6a9-4904-bfd0-b2190673091c", "comment": "Malware payload", "value": "d5c9afdcae46e7395f3be7e68d205f7d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856904, "uuid": "defbce82-4e0f-4fe8-ac2e-67d4dd51ec50", "comment": "Malware payload", "value": "a7c8bb23fbc4a3b6ba015811a4b841e07616bfd674e982eb53d54f860634dc88", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856904, "uuid": "6ff3f4cf-fc6b-47f9-835f-39275015561e", "comment": "Malware payload", "value": "b03a2bfd3eb451d504f55ce6c936d4417d4e534e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856904, "uuid": "51c1fdf6-abaa-4ac8-80f0-6071b24c3d48", "comment": "Malware payload", "value": "25b7d73c220e5ca6f6a531f267e5a6d35186c8b53c47b5bfb47d51f0f7d98bce7e0d3309ae12c44391fdb7e50db63910", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856904, "uuid": "3b8c9410-6b09-41bf-ab5a-ce03666a7034", "value": "T130D3A40BAB61DEB3D85FDD7705AA860110CD945602A96F6F72BCDA2CE74B94F08E3C50", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856904, "uuid": "4bfc01dd-0e1e-47cc-8dcd-f4f9d6797668", "value": "3072:G2a7022NgEMxxqkCzMV6TrbXPGDmj4Lq/WoleA:G2922NgXxnCzMETrb/GDmj4Lq/WoleA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642856904, "uuid": "9dc821c6-b6c5-4b5b-8b0a-7b2984e02b3a", "value": 131692, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642856904, "uuid": "15423df8-739d-42b7-839b-a9183f7df3d8", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856904, "uuid": "30b2e1f9-1493-4c90-bd52-e145e353d93b", "value": "d5c9afdcae46e7395f3be7e68d205f7d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02864709-7b35-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1642822814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642822814, "uuid": "553b01dc-7961-4550-9d83-5febf46eba73", "comment": "Malware payload (AgentTesla)", "value": "6a7c2228fe0eb35bcbf8d7bcbee22caa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642822814, "uuid": "20fa3314-5c5c-4feb-8328-1b748851f3b6", "comment": "Malware payload (AgentTesla)", "value": "a8bb01acd5ad07a823a3319d806d4c8c43b5ba7ba32dc161ed8de9d89f0b28bf", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642822814, "uuid": "602a7ed7-999e-47a6-8561-ce27ccac1f39", "comment": "Malware payload (AgentTesla)", "value": "b8199204ada6c22fcd9eb5908db6014a6dbac698", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642822814, "uuid": "37a6f2a1-be29-48d8-aced-420775d05cb7", "comment": "Malware payload (AgentTesla)", "value": "648475097bf6bee2a71e31fd3e9043d02fe297e18b7511e32532f480c4c554b8b5299ba4354895665f393238216e3475", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642822814, "uuid": "ac2fdda1-e7d6-4f76-bdff-07b3054c7185", "value": "T13474229777ED9CBFD1DA46750A8F9469C3FD821026200D0B2FE05FEE1A26643096B397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642822814, "uuid": "c0f0656a-9b6f-47fd-8fd0-027965367889", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642822814, "uuid": "4bdb9456-d5c7-4d44-ac72-03825235ac4f", "value": "6144:owPCD8PjZF/nWH4DcUbrT0geWvOX/5wiLxJjUeUty6Yw9+6HzwIyi5xamZ:m0P+UtSWEWibUd/Yh6TwIyivHZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642822814, "uuid": "fc3a2853-2a76-45b5-9150-af22fd2b558c", "value": 358005, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642822814, "uuid": "7e9096ed-77ff-4fe0-a677-50c58f46aa3e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642822814, "uuid": "0eb1ff5f-66ae-4fa1-bebf-799435da2f8e", "value": "6a7c2228fe0eb35bcbf8d7bcbee22caa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "56395c2c-7b84-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642856885, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856885, "uuid": "9a7b83a1-8baa-42b0-8fd0-1b4430ca6b5f", "comment": "Malware payload", "value": "203b377bc3c58733baceeacbb61abd47", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856885, "uuid": "8181485b-7315-4f31-8f09-21a072d388f1", "comment": "Malware payload", "value": "aaa03b1810498597909ddb7756779921fd187df1baea91faafeee0e00ffdaccc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856885, "uuid": "6fbf87f5-ea25-4f5f-8f48-bd0e6b2979df", "comment": "Malware payload", "value": "6a704d489d11e3bb95a7a1f3dcea52506c0e5b28", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856885, "uuid": "840e2985-9560-40e9-921c-c459b42bc061", "comment": "Malware payload", "value": "56da82a82bb086264f9b48a910e61872c01b4de0c871198744c4877596878176dfe4695ad7a6e02776898204e24fe08c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856885, "uuid": "c4066bbc-b56c-4aa9-a7b2-3ab781e28b97", "value": "T10EA32A45F9118727C2D23BF7F75E879D3B355A68879733057A2C3EB02B82B492E29210", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856885, "uuid": "41ae7a0e-20ec-48ab-acaf-94c23665cc4f", "value": "3072:FMmTdcFa/+AzykCx/rNiL/1RQOn2fxHoA:FMkcFizBCx/rIL/1RQOn2fxHoA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642856885, "uuid": "8dbafc88-8a09-418c-9590-f37b58ef5c5b", "value": 107344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642856885, "uuid": "51aebfa7-324a-4d86-b9d2-ccba207c3ada", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856885, "uuid": "587268f9-a80e-47f3-8bdc-59b9855c4b9c", "value": "203b377bc3c58733baceeacbb61abd47", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34bd9069-7b9d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867566, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867566, "uuid": "b057599d-9955-4fb7-aab7-a5b84ff7c28c", "comment": "Malware payload (Mirai)", "value": "97214b4549c603b495af08955c3c5bca", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867566, "uuid": "c7952456-bb99-4092-a262-560408c92d1e", "comment": "Malware payload (Mirai)", "value": "aabe53e27ec5b901f16fed9242139d6b8e7a0de6e320b283dbe3a11cdd165521", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867566, "uuid": "be613865-bce0-4225-822a-724aea07be14", "comment": "Malware payload (Mirai)", "value": "ea95fe5fa51793f05d514e8c03e23f84e6ae90d3", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867566, "uuid": "2fb59ab2-f442-484e-a15c-c0ea333f0376", "comment": "Malware payload (Mirai)", "value": "30f9d24c707c91742324508b3595e5bcb3a183e85e68008a537b9eeb22cfe16946ed75f7aa3d1f98ef13922b15e89bdb", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867566, "uuid": "ebe568ad-8fe9-4c57-b3a5-97b6f1d55672", "value": "T149935D27B552C6BBC08752B42BDFEA615833B4BC0B32720B33D47DA52B259D91E6DB01", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867566, "uuid": "fb73c609-bf04-44aa-96ad-da0ae159a937", "value": "1536:W7uJtxNeVE8zV7aDlvhE1hmkJ0S36W6bWjK37yPXfH0mA+KWOXFseaZYxe:4SsVEeVMlpmXJ0O6WpjKrifUm/KWOXFE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867566, "uuid": "4772659c-2479-4519-9e3c-ff8fac687c2a", "value": 94679, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867566, "uuid": "bb471009-daf0-4790-85d0-0e756e16f30c", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867566, "uuid": "32d433d0-d403-4e74-83e8-2256125630bc", "value": "x-8.6-.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2efc993-7b85-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642857577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857577, "uuid": "32545ea3-b102-4677-b285-d1b6d6f5ae2e", "comment": "Malware payload (Heodo)", "value": "7753d6592a3391470407270d30d556b9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857577, "uuid": "2e2ca903-316d-499a-b724-87ab4a9e13c1", "comment": "Malware payload (Heodo)", "value": "ab5eb24c0d89f3d5eb0f223f0a366ca92e94e4c70db2c7c08586605189eb9d18", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857577, "uuid": "09958e1c-50d8-4a54-98ae-b24ea49e763f", "comment": "Malware payload (Heodo)", "value": "50710c44603919c406eef833f19b059fa4b65993", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857577, "uuid": "064439d5-8b48-4ad4-89ed-2aafe5f2d0a3", "comment": "Malware payload (Heodo)", "value": "224bdfb12a8a0bc406e7aeec25fb2327f0b6ffd613ebf677b302adb23dc4517f4925bf25d7eea22e8604a034e3eb0163", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857577, "uuid": "6def48e5-64f2-4fcb-a8e5-42f739d45288", "value": "T14FD49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857577, "uuid": "30b4e4d8-6083-4c78-a36e-8db2ffb8ea67", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857577, "uuid": "cbd060bc-59e2-49ad-b7c3-557bc463a6a9", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLckMZR+TTD7vgEPej:0hn7dA19ZCOyDaQAkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642857577, "uuid": "ae77842b-5f4d-4114-b2ee-065a2481608e", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642857577, "uuid": "c5a8d47a-35ba-4faa-914c-1a324d092a7b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857577, "uuid": "fef8f377-7c6c-4b79-b327-3970ef92cdde", "value": "7753d6592a3391470407270d30d556b9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49e9e494-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865454, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865454, "uuid": "274b16e4-219a-4d51-aaa9-d0df918c793f", "comment": "Malware payload (Gafgyt)", "value": "c160df3cdcb4119e31385b0c88a349b6", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865454, "uuid": "379dc65a-21e6-4490-8488-3bee865be4b1", "comment": "Malware payload (Gafgyt)", "value": "ac7d06dcb7888ca8d96d6236daf2625d8cc5753f5875a4c98e87dbb96ac810b6", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865454, "uuid": "0c85a6b4-7c70-47da-8ade-c16aa7677532", "comment": "Malware payload (Gafgyt)", "value": "c41711e3df0996cc6be399a8fda84c8327f70db7", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865454, "uuid": "cb77042d-0541-4670-bbe2-a4871bcab8ef", "comment": "Malware payload (Gafgyt)", "value": "d643422d0177b6551984b0b21b3be7effd3384299c94eabc8f8633497914314f1e72712935e2dc5dd2d8421716b8e429", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865454, "uuid": "4befa90f-439e-40f5-9e14-3422982c9a97", "value": "T136932C85F642CAB3C4831BB6029BAB6A0931FE6A1E165E49F32C7DF49F320C47116F55", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865454, "uuid": "f6452282-88ee-4564-b9b2-19c67320041e", "value": "1536:nFebuZ7jQzTPXIVjwWO71VTk0sumWdKQxsRXMx5/nZPnQSJihYI8mmiI1p3vCaL5:AbOQzTPXIVjwWO7XTkaoQxsRXMx5ZI3Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865454, "uuid": "49c1ea9a-6511-49a5-b38b-e1864a2229f6", "value": 91821, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865454, "uuid": "c347f35e-e533-4276-8286-64f71724ccec", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865454, "uuid": "a353af8b-0cb9-416f-b2a2-c656932737d8", "value": "nv.i686", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36110d45-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642837504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837504, "uuid": "cbb29d4b-4d00-4ae6-ab99-aed17d875562", "comment": "Malware payload", "value": "2c4cca26176737ee86aa6ff5c087e78e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837504, "uuid": "e3454f66-da23-4672-9cfc-a343371b63e2", "comment": "Malware payload", "value": "acb66ef7aff03d0975b3d78dcb07f661c255065f9e9dc03579d57e3a380a6463", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837504, "uuid": "1a666f3c-0824-4824-9205-76e3f9e42436", "comment": "Malware payload", "value": "916d8b77fb576237d07a7553b0d7041df494b18e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837504, "uuid": "1a6a8437-e4dd-4ffa-bbc7-d040ad324ca6", "comment": "Malware payload", "value": "9243bd44d92cd2b685cf8eec650482d22a483a81794a68f8550d7262abb2b1524e9e960b5e471c9f1652dd812dd07188", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837504, "uuid": "c3afe07d-0606-4db0-8ccf-9315b7a7484a", "value": "T11CF33A4F632941B5C1A6D1A9CF4B8647D7B278070231F6AF5BF11A421F2B7B06A3E721", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837504, "uuid": "213f90d8-7590-476c-9e6b-f3c9dfcfc9fb", "value": "3072:jduwb5wV1jUJbvkGorN/94qMaIhmclcwfVrPx1:Geu/94Yw9Tx1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837504, "uuid": "e98eb815-172b-4c62-a133-785d90205260", "value": 165391, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837504, "uuid": "bbfdc4af-cd32-43ab-9942-3b1c1ec46a93", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837504, "uuid": "b9f853dc-c8d5-45de-902f-342cce891f5d", "value": "2c4cca26176737ee86aa6ff5c087e78e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b61680b-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874610, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874610, "uuid": "16745861-51c9-4672-a2c3-8a080409ea70", "comment": "Malware payload (Heodo)", "value": "3f7f1f6050609317474b8f48efa00e88", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874610, "uuid": "a1fa97a5-484d-409a-8271-222a5102e091", "comment": "Malware payload (Heodo)", "value": "ade5c2c45c5bbae939364326ae43a74c8b0c93307b7c653b12b80cbe8e891b70", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874610, "uuid": "8bf1644f-2c46-4dd8-af35-931d13ad7126", "comment": "Malware payload (Heodo)", "value": "c95bfbc3794a4371d3b5a6702052d662dee19a15", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874610, "uuid": "c7a471ee-0b22-4465-b995-1368d3489ab0", "comment": "Malware payload (Heodo)", "value": "e06a3a525148c64e2457f74049821e9c4e33fa50043326e166bcc1d74aaa6d668a907a34aa5fb95ce114e6a4c9e13c6a", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874610, "uuid": "cee003f3-4ebb-45f3-a585-af7e85cb984a", "value": "T13D636CA7B78299EADA0483394DB643C5B717EC104F9A43C73694F7346EB49F08D9324A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874610, "uuid": "19ca5b0a-403c-4351-8aea-6107d1e5f5ca", "value": "1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874610, "uuid": "738ae1cf-eaf2-4ef0-bcb1-3736114fdca1", "value": 72336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874610, "uuid": "5eb40962-3c74-4bd1-8061-1cb6c0ef213f", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874610, "uuid": "70cebfd8-ad28-4944-8576-d1295a097de2", "value": "check_1.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0230be3-7b3a-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642825334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642825334, "uuid": "07d9004a-501a-4e2c-b7c3-d2e4d3a8f98e", "comment": "Malware payload (Mirai)", "value": "d7f05cf18119ad672e25918ce78f3b4f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642825334, "uuid": "c763da06-cef3-4d23-8755-f751622f5322", "comment": "Malware payload (Mirai)", "value": "b03909ec479bcdf050917181fc760a757c05d585478a7cde6f03e99f9ccaceef", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642825334, "uuid": "d9f4b629-8f0a-4676-b493-458e1e13aba4", "comment": "Malware payload (Mirai)", "value": "26b86d3fd9ce1f6165d2285c5e5d3d887933effc", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642825334, "uuid": "fbbedf4c-154e-4c23-9ad5-4a9a532b6917", "comment": "Malware payload (Mirai)", "value": "87ee8289f72115d04c1c8fee3058e1d2769d8e5a6c97d6cac2df97c8a3178f73f4250c0c8ae3cf2dcdeeac723d57fb39", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642825334, "uuid": "590feaf0-4616-4044-8109-a6d5db1123dd", "value": "T1BDE3A6693B11BF7ED26CC2710BFB6B71D39525D226E1A345E1ACC7485EA038C4C5EBA0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642825334, "uuid": "b8b2fbb0-4eab-422d-8d2b-e03bbbaaf4b4", "value": "3072:AmyBEGS5slppLj55PyCp5hKHOdZaW3rM0BRTFC5rjI:AtlS5sBRxDp5hKHO33rM0BRTFC5rjI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642825334, "uuid": "2c98deb3-acfa-41d1-b04f-4a85fa5f880d", "value": 153417, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642825334, "uuid": "156fe238-3351-4ba7-9a3d-7a773a0e9468", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642825334, "uuid": "b1ba3b08-8e75-4cac-bcdc-e92fdb9869ee", "value": "d7f05cf18119ad672e25918ce78f3b4f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9e66311-7b20-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642814102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814102, "uuid": "30467afc-1484-4b64-acb8-664a33d23062", "comment": "Malware payload (Mirai)", "value": "516a5d3bfe6b1ece8bfcde3e21d7a201", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814102, "uuid": "eedeedfb-7842-45cd-937e-032f6cd820b5", "comment": "Malware payload (Mirai)", "value": "b185659e3947394db30b3a4e3403a9adfb74e83f2acd451cb5574c202e80bef7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814102, "uuid": "efb34194-3fa1-4708-aecb-9152753362f6", "comment": "Malware payload (Mirai)", "value": "ba6a32d86040ca8c8fd149af073bcd7997061a02", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814102, "uuid": "33d3239f-e239-4a59-b708-c930e475951e", "comment": "Malware payload (Mirai)", "value": "62f2c459ae07d2025dbb23c854fff9b1a02329ea9ff8d898819b47bc334f78522887015b1c577efa46edea864542f2e6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814102, "uuid": "115cc336-e2b3-4e64-8f7f-6988487c03e2", "value": "T1F0B2E1D5D6FB27C3D2A1C336D0BC5A4DE2731AC00387451A1109729EA6AB64E4BFB3B5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814102, "uuid": "22320918-c71f-41e3-8a66-31738ff3ffa6", "value": "384:M8DKKQOcRpmYLdn6RBOFRFt5rUFW10iSelCo3AnupPFNqnrrd1NEZgO8UXWozPLM:R/QOC0Yhn6ROHWFGrcwNVFCnNBxcpcl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642814102, "uuid": "f90b5fe3-a70b-4002-a8ad-00b177b68b77", "value": 24728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642814102, "uuid": "e312ff59-7d3e-4a74-a3e4-fbcad57bf6b3", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814102, "uuid": "790b1b74-e612-4b32-bd14-adb4a99c556f", "value": "516a5d3bfe6b1ece8bfcde3e21d7a201", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6be6f4e8-7b81-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642855633, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855633, "uuid": "2fcb843f-556d-410a-9763-009ef4caf46a", "comment": "Malware payload (Mirai)", "value": "8a4038762c010ce3d0056630db0d4e88", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855633, "uuid": "39a3143f-1111-4757-9825-272ec962192d", "comment": "Malware payload (Mirai)", "value": "b19605ee914e167bfdfb3cfce15cad42cf7e89c74e9c2239541f231a8ffedecb", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855633, "uuid": "a41fb8e8-313f-4152-9ba0-2fb6b8bcda50", "comment": "Malware payload (Mirai)", "value": "22491582fac4b8e4ea72ee212bbff948091aed94", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855633, "uuid": "381a4f81-7a3d-4913-8bf0-9b1901adee4c", "comment": "Malware payload (Mirai)", "value": "08b8cb7d72493609126540b6af26531ff563ef70b730b233bec385a3006d115ec08d5d960d2dfd17bfa3b94eb64bcb65", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855633, "uuid": "68fc587f-9fda-464d-8a58-d108cc2b1cd4", "value": "T1F2332B8968121E2CD6D358FD50729F4E9E552321A0A3070FA7ABFDC33D33269EF55988", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855633, "uuid": "3508dfda-5408-4e04-bb11-6a446bbde9c0", "value": "768:mYuzcClmYrJfIGh6HHaihHHeIXXdauZj0CGeWx3ytvptM7edUo+f1prazrQePbL:mYqcCRrdIC6HHaiFu/eM7edJg1pmz5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642855633, "uuid": "e3770b1d-0bbc-4102-bb18-50dfb1ac622b", "value": 54336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642855633, "uuid": "7444c4cc-70cf-44a4-a05f-738dbd7c0ab3", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855633, "uuid": "d0f4a1c3-167b-4639-98f0-7d217e33e68c", "value": "8a4038762c010ce3d0056630db0d4e88", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcb19afc-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854587, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854587, "uuid": "86c8f63b-ab01-4450-be6d-520ce1bcf085", "comment": "Malware payload (Heodo)", "value": "d4b33fe5f76bbb3c013d5fac97bf9e79", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854587, "uuid": "68490582-aee2-49d6-803b-9dad57ab37cf", "comment": "Malware payload (Heodo)", "value": "b23ea235c9ebb10224f799b296d5c7f11fd7a5054c6c603af3dc56f2df6e9232", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854587, "uuid": "7873d5b5-f2d2-41e3-8ece-5868e2f74750", "comment": "Malware payload (Heodo)", "value": "9067ca78bfc94ee6794ce9d37d9d38ae09a6e4b5", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854587, "uuid": "f9455042-e302-43ef-a51d-06aedeed0df3", "comment": "Malware payload (Heodo)", "value": "55962106b56e715283078b6c156524e3df045aa10781429193d1d973a66a224d0f865083bd05788a73a8e6e384bba701", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854587, "uuid": "e6acc211-6c01-42ff-a321-553070f37cdf", "value": "T1B4D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854587, "uuid": "7911d8fb-82b7-48e2-88d7-d1fe9a2e54ff", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854587, "uuid": "139d1c56-6e51-4caf-8358-a40cf1caea7e", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLrkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQ/kqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854587, "uuid": "c19049a2-aad2-4b5d-940a-1dd271f90ae2", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854587, "uuid": "18e7755d-c33d-431b-b9ba-4c482551c15b", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854587, "uuid": "564a3f98-05f8-46ce-9887-92ae19f521dc", "value": "emotet_exe_e4_b23ea235c9ebb10224f799b296d5c7f11fd7a5054c6c603af3dc56f2df6e9232_2022-01-22__122939.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "415b57c9-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865440, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865440, "uuid": "9c19aeae-210b-4727-80b0-54033741b3f1", "comment": "Malware payload (Gafgyt)", "value": "86275d06f150e99be056d1afeff917ed", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865440, "uuid": "f3a3f437-3836-461c-a5b6-6b642421d0ac", "comment": "Malware payload (Gafgyt)", "value": "b31b463d89f667c6cd52bc87fddd058bab8f6e6346a41a06b60527a80de017d7", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865440, "uuid": "5d8b78a3-3a9a-4ae1-8a07-4a6cd946684c", "comment": "Malware payload (Gafgyt)", "value": "66e0abb5e56cf29b1e7c6b8b802f9bcf70b0b1dc", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865440, "uuid": "5623a48f-b70e-46ba-bece-aa15a6863b42", "comment": "Malware payload (Gafgyt)", "value": "4fd525192e19ea42197253d07db4b4653b16c8dbad7f501c98fae4d34652aa819a4512c8bb91207fa2ee444df6f8b47e", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865440, "uuid": "213826a9-908e-47c9-b3ea-279cfd7e92c0", "value": "T163B31A45FD14472BC2D327BBEB8E428D3B365E949797331266347EB02BF27982D29610", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865440, "uuid": "4f4cd625-c470-4cf8-8587-66b2734c534c", "value": "3072:Z8vT7KqKKjmVUKDjnBv3AmhTQwCugm7/H+QNibTfoaNn:+vT7HKVUSBv3AmvCugm7/H+QNibTfoa5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865440, "uuid": "c446f4b1-5d07-49b9-a4b6-7a18b75bbd3d", "value": 113197, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865440, "uuid": "4e930531-6385-472d-9919-952ef2d3a91b", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865440, "uuid": "c81d829d-4c3b-4f72-9d4a-220c252fb4b1", "value": "nv.arm5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57139277-7b6e-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642847437, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847437, "uuid": "5bf7e4d5-129b-4cfc-8a80-9852dfa65316", "comment": "Malware payload", "value": "5fcc8126c95069afaf6c742cabe3edcd", "object_relation": "md5", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847437, "uuid": "98fd9cec-6461-4d23-b8a2-21a1b481a18e", "comment": "Malware payload", "value": "b3f18ce0e5c895c1e3f166e4ce5870759c6fc9d9a7905ba159e2b18661ef49aa", "object_relation": "sha256", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847437, "uuid": "1449cef2-4d8b-4d48-a4da-f67ef3b633ac", "comment": "Malware payload", "value": "0c5f4520c3c92fbfb68701d085504a2f7786b13c", "object_relation": "sha1", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642847437, "uuid": "b6e4c6ae-59b1-4795-9fa3-0533631f86e9", "comment": "Malware payload", "value": "b7671e453e7152900d8fe0df770aa84cdc88657eceab5661a10e731c74b1c37c2c4fca2cfb26f0add6cb7c3779572943", "object_relation": "sha3-384", "Tag": [ { "name": "#MoonBounce", "colour": "#2A34F1", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847437, "uuid": "6e4be3e0-1c13-4040-b467-e4ebd075df58", "value": "T14DB2C1E8B37D45F2D3954D72AB5EE5B3F42E711D363D22D28A02F56F2928705FA80418", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847437, "uuid": "ba453fe1-949a-4f24-bf45-14a924f9e2ae", "value": "c4e6282ffd1ffa097fd4cb2b076f2dae", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847437, "uuid": "55e06d6c-94ed-423d-a435-320ead7c8338", "value": "384:erUSVz6wUnhJRFClV37ZNKy6K3x3KFXXDGCsYlH53LS25rCdqB7/O53vTalh:3Mj3SdK3McA5bb5rCdu/J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642847437, "uuid": "76d99d23-5306-4af8-bae7-053738ae3d96", "value": 23924, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642847437, "uuid": "bf02dd70-0cb6-4a7b-9bdd-5028ce8d0f37", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642847437, "uuid": "ba571e50-75ea-4014-8ba8-7211ab1da0eb", "value": "dll,B3F18CE0E5C895C1E3F166E4CE5870759C6FC9D9A7905BA159E2B18661EF49AA", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58c7ef75-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865479, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865479, "uuid": "3ab7636d-accb-4d8e-ba6a-f73b124182cc", "comment": "Malware payload (Gafgyt)", "value": "40656fe51f9cb53c6a92546ea9f10dd6", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865479, "uuid": "dbdbff13-2512-423a-9e9e-8b6c35768c99", "comment": "Malware payload (Gafgyt)", "value": "b517512334945d3af51a496af9018e0499575a7252274f7e30d1c000606f2536", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865479, "uuid": "e9e10f82-cb77-47a2-9464-93a515121bde", "comment": "Malware payload (Gafgyt)", "value": "0e05788097577804624754685fe4738294ab47bf", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865479, "uuid": "7fbf6d3e-8a03-4d92-978c-d6fd344f32a9", "comment": "Malware payload (Gafgyt)", "value": "7d77d218d9cd8e3ce2abdb129796e33eb5a94eb0c2f97c3b16e62188a218575bf6a5081418bb94464632b21801dedac3", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865479, "uuid": "702ed301-a955-42ec-a7e4-e0c6a426e548", "value": "T1DEA32A47A9625FB7C086AAB125EB59300757BC920F5B1A85713CBAF4033B5CEB40FB64", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865479, "uuid": "6494ac49-2b63-444f-a37a-f18bfa5136f8", "value": "3072:md4DHDD6kKXFQE3bquSjtZYmH9pbbjEnK6Nj:md4DjD6m+FSjtSmH9pbbjEnK6Nj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865479, "uuid": "817dddbc-1e01-4e15-bdc3-b24f851628be", "value": 100345, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865479, "uuid": "c068d4f8-244d-444d-85da-166638f94d1a", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865479, "uuid": "d7746f79-bc8d-4d5c-a745-f994e0306405", "value": "nv.sh4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82b36e5d-7b59-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1642838491, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838491, "uuid": "67d42bee-b51b-40aa-b1b1-b7d0c194c8c1", "comment": "Malware payload (AveMariaRAT)", "value": "5d47d5a8c263e5c411d9ac56577bf3af", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838491, "uuid": "284e0feb-f680-4f94-8d98-7b459f7340fe", "comment": "Malware payload (AveMariaRAT)", "value": "b7b6ea94f77d168308048fa2026c25cfb2337cf90b4722d445021c6f87ebef0a", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838491, "uuid": "23f9dc7b-e45a-4036-b5c1-abe2617385f4", "comment": "Malware payload (AveMariaRAT)", "value": "bede686a2f35fcc417d6f170db0b083b4ff98e57", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838491, "uuid": "8c5e7a72-b2ef-47f9-bdbc-8be7b20df2dc", "comment": "Malware payload (AveMariaRAT)", "value": "649e425ecd52e4191cfc325382d95ec40032915531ad1844891225c24126a471c8cee077b80950cd9313975ffd128426", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838491, "uuid": "0950833b-1d09-4c3a-af2d-bd1281b2414a", "value": "T185F4E79C325071DFC86BC972CEA81DA4EB61747B971B8207901311ADAE4DA97DF242F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838491, "uuid": "6a900b58-036d-499c-8728-de0d91978426", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838491, "uuid": "9ace6313-61e3-43ae-8504-dc534daf4b03", "value": "12288:ZkZbKXCemOmcwqVNmQbeFGsu6UTgDpQcq6+i9vYF0ul7z/sG5kiUNrgynmhE3kIq:ZkgmO+IeFGs2ipQH6+i9vYF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642838491, "uuid": "eb6e6a9c-f922-4026-bd5a-ef86455f9243", "value": 762368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642838491, "uuid": "a35caa7f-1208-4dc9-b217-1f767fc0ecd3", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838491, "uuid": "e1a3569f-ff59-429b-8fbb-20a058edd615", "value": "5d47d5a8c263e5c411d9ac56577bf3af.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9991d5e0-7b8b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642860004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860004, "uuid": "7c190584-4342-4316-8d56-c599aa2c0973", "comment": "Malware payload (Mirai)", "value": "9a48c651a7b68ea1811e8bb778580b9b", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860004, "uuid": "62382a2c-bcc8-49a3-bd29-095019fe25a0", "comment": "Malware payload (Mirai)", "value": "b8bbe0eb22f4d9166af0a8b44c461828b3201cf807d6fa9d4841089dadab5431", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860004, "uuid": "66cdc2fd-9882-4a17-8e83-206f62eed255", "comment": "Malware payload (Mirai)", "value": "b1f7a8ee21b32742030a347c19c26f3d8c5baaf2", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860004, "uuid": "775f1242-7e90-45ed-a74d-2eca6ac101f0", "comment": "Malware payload (Mirai)", "value": "9c6a5a02027c3bd128cd573b0c6c623c2f7b8125eb35d45dfefed32f3581a087609787837f1e4d414bced98648248990", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860004, "uuid": "87764960-58ed-49a1-8817-326e918f5da3", "value": "T16A33024DD76A9817D4B87E379F29C487DF3D90BAD14B921010E9227C08BEAD836F2153", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860004, "uuid": "09deea21-472d-4e24-aa59-b52f3afbd8c9", "value": "1536:HLRhONBD2awE/+spLSa9iDTCLkgnfOY4GAD2:HeL2E/RpLh9+TCLkgnFre2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642860004, "uuid": "6a03a294-98f1-4a3f-9d2e-5b1c42c7d237", "value": 54112, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642860004, "uuid": "1bee7b49-cc74-4d21-9de5-dc42bf6e4f8d", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860004, "uuid": "7f262bf6-9e06-46c9-84c2-038057038766", "value": "pop.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d1ee114-7b81-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642855662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855662, "uuid": "c7159bf8-2b84-4ed5-9508-cfc536ba6da8", "comment": "Malware payload (Mirai)", "value": "11c43e0a28ffdfc27abb43e84a490035", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855662, "uuid": "f6a80250-e3a3-4753-8460-8d0554203809", "comment": "Malware payload (Mirai)", "value": "ba034324485d4c840ef60a0e3ab3a4aaa69955bd64e137c092ff296b23b585aa", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855662, "uuid": "c104fbad-f211-4d33-b315-1157721f98a6", "comment": "Malware payload (Mirai)", "value": "9a47156e3dfbf1159b03763965c5a8411c16e422", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855662, "uuid": "6e58464f-1f8a-44c6-b452-9329ec7fde5f", "comment": "Malware payload (Mirai)", "value": "a662e14e3b8703796547a5a220b12fe9ee2a480e6b26b22fe25d78f58689c1021a63e03d72fb6f67f11d62436d2b35bb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855662, "uuid": "1016933f-be8a-4d2c-9e33-5b48260eef44", "value": "T10D539DA5C4AC9D98C6264678F614C839AB23A00C62A33DF6DA53C656941FDFCF01C7F2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855662, "uuid": "a1e3a2e0-7d9e-4415-9262-3fd4dc27c0ed", "value": "1536:K/ue90IlCalyZyuhx+vACs2U/SO/Sfs3zO/QSwtPlCX2i:KGejAGyZyuhxaU/Sjf+iYdtPlY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642855662, "uuid": "4dd5c3f6-2549-4cdf-8974-be954332fca3", "value": 66368, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642855662, "uuid": "d2a92788-7b34-4e46-96e8-6485fa887cf2", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855662, "uuid": "1bdcc21d-8250-42bb-bf44-8a80f735a723", "value": "11c43e0a28ffdfc27abb43e84a490035", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbd46e8c-7b7e-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642854586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "c4982fdc-871d-4c14-8104-efc9f6c781f3", "comment": "Malware payload (Heodo)", "value": "74eb4078b6ab23ddeea7a338fc037fd6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "e7a2a30b-49e8-4207-a8f9-b3311558d97c", "comment": "Malware payload (Heodo)", "value": "ba3c4ea133053f4da554d213ecf69ecfe615db8d71d706f279629e9c65d4f260", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "14c99d32-bf93-4ad3-93a0-c0b01f3b6ace", "comment": "Malware payload (Heodo)", "value": "36484c3601e36b682aacb4aea50ed9ad8c3a73df", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642854586, "uuid": "18f2bab7-a552-4de7-9b28-fad399cd3ebd", "comment": "Malware payload (Heodo)", "value": "41ba5cacd111b958cb7d8325c5f3ae213e22a945e4b77019af86be6b2181c08872d24f5cce66b5f011d42690babb97cb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch4", "colour": "#BDDEDB", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "d1935aa9-7f9d-4b7b-b69f-060487c39c3f", "value": "T117D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "9dbf7c89-5ee0-4ab6-9e3d-ec7816499de9", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "025f33a0-c62d-43c6-963e-7f71691d811e", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLmkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQikqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642854586, "uuid": "2a4ed3e4-52e6-49a5-9efb-e625f7284cef", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642854586, "uuid": "13d2682c-2b99-467d-943d-01a05087b260", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642854586, "uuid": "18ffa42b-3621-4695-84fd-acc18d6694ab", "value": "emotet_exe_e4_ba3c4ea133053f4da554d213ecf69ecfe615db8d71d706f279629e9c65d4f260_2022-01-22__122938.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab47a79d-7b92-11ec-9275-42010a9c0029", "comment": "Malware payload (AsyncRAT)", "timestamp": 1642863041, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863041, "uuid": "933064de-26d4-4af7-9881-56b48ef5ff9b", "comment": "Malware payload (AsyncRAT)", "value": "af1e6b53fc3e4679bedd29c25e057b10", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863041, "uuid": "1b34a00b-9070-49fc-8d69-60e6b8da9c65", "comment": "Malware payload (AsyncRAT)", "value": "bada7e61229d4c6bba936e8b163034b3421680c1f4ebbc69160fc96fc5bdb8ca", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863041, "uuid": "fac86c9b-5c23-4f18-b67e-5e295ae69f9e", "comment": "Malware payload (AsyncRAT)", "value": "f5a82edb61a2a0c896406b4cc48c9d1bd5bb082e", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863041, "uuid": "158990c3-e059-4a0e-bef7-c8a2481e0075", "comment": "Malware payload (AsyncRAT)", "value": "b64076a40abf340c626c9a3c92b98607a83e66eb294b6bc0a5d86e170697bbd0f538cbe77043167474bbcb697ad1a346", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863041, "uuid": "5600408e-bc40-4cc6-b935-4a27436ce432", "value": "T12E1623551BA9CEEDC4402B7C744E26863AE51EFA5C68E3CAC526D5B337B106BC07F482", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863041, "uuid": "ba92fbe0-bfa9-4489-8463-1574dc018c56", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863041, "uuid": "7a2b1db7-e2ed-40b7-afc4-392f24b96047", "value": "49152:RnvFY+1Fy8fWN5W6QgbTW+SaFYGM3ObHi6huv8Kj1oQBQTa+Ra:3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642863041, "uuid": "d20f2441-9a2b-4104-9ace-ddf6b5a0795e", "value": 4078848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642863041, "uuid": "568c9dee-03ab-47a5-8949-736ed020cd6f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863041, "uuid": "a5576800-949a-4e0f-811f-a344308bb091", "value": "af1e6b53fc3e4679bedd29c25e057b10.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8d6fb4a0-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642865997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865997, "uuid": "fd3eca83-8e40-4155-b273-d59c9983bed2", "comment": "Malware payload (Mirai)", "value": "a4e944e821be1b333f207d0dd2eea691", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865997, "uuid": "041ebfe7-1d8c-4083-92ba-1e093211e70f", "comment": "Malware payload (Mirai)", "value": "bbf5c5cfc334d4b70e985ff9dd521038a72cc6d7615f4171dd84edb448592fd6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865997, "uuid": "fafcbf0f-0a8d-4b94-83de-0b432f7d45a1", "comment": "Malware payload (Mirai)", "value": "70a3f33b9ee446f590262cfe5e8bab8642634332", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865997, "uuid": "9207cc60-4e7d-4496-9992-c127b4081538", "comment": "Malware payload (Mirai)", "value": "e47cb245f1ea5b28add5c7c7c3bdb11478ce4f1a0f11f8453db0d40da2a5f662aafe4405aa0f2fced37ff062df82590b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865997, "uuid": "b752c0b6-9f2f-4b60-a308-d10267aae4e5", "value": "T18C634C95F400DE7DF48BD9FA9122490AF62163408E930F27AA77FD93AC62054BE4BC47", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865997, "uuid": "2661a146-f911-4c67-a04c-c639e000a2c7", "value": "1536:H/f2i2AYmS4A3eSGR3nU5Ak+q9ZcIuwWpo28+3QCyyhgdwJ+:H/w3ZYU5AkTMaWqyuW+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865997, "uuid": "71758e81-e1b1-4aa9-b11a-8e6bf620c609", "value": 73088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865997, "uuid": "e24054e5-9300-4892-ab6d-509dd96fd377", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865997, "uuid": "a0d5656d-cdbc-4436-b3cf-cd603d96c520", "value": "a4e944e821be1b333f207d0dd2eea691", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09c040c5-7b80-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642855039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855039, "uuid": "6d2b5e6e-27b5-4a48-80da-6dae421d5afe", "comment": "Malware payload (Heodo)", "value": "3d52fdd41f1ba6e322464678fe67a7d3", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855039, "uuid": "e504a53b-30c0-40a0-9923-4c9c1ecdf453", "comment": "Malware payload (Heodo)", "value": "bcc48b2ab39687e5c2442b2b1b75b243da7e0b7c9cffa1c22512ce51f88396f8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855039, "uuid": "6a19446a-b658-4746-93ee-527eae1326f5", "comment": "Malware payload (Heodo)", "value": "b271d341d8947a28a6b0bb8d1f2f2abd1583e508", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642855039, "uuid": "bb0d3c9f-d173-4a18-b087-e51864034904", "comment": "Malware payload (Heodo)", "value": "4531139844b633f038dd1413763dbb079fe05b420d6f8c3d0c93b8ca85cfada1bf34976990fd72f15694c6dcaf69a6c9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855039, "uuid": "286fc852-1075-49f2-843d-774057a5a8e1", "value": "T1EAD49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855039, "uuid": "dc146314-ed6d-41db-8c5d-ab3efbe4bf76", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855039, "uuid": "3fa76a34-9007-413b-8206-d24ee32e05cf", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLXkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQjkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642855039, "uuid": "b61efc5b-cf28-42c5-af34-e448eeb07852", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642855039, "uuid": "dbe53a93-dc4a-4379-86e0-b8c33446d550", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642855039, "uuid": "61708f70-b041-4bda-8274-b24b577cb9e3", "value": "3d52fdd41f1ba6e322464678fe67a7d3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "de4d04f7-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866133, "uuid": "e86daf59-b35d-4cda-8af7-d63877f4c569", "comment": "Malware payload (Mirai)", "value": "1c8843490536a9fe0522a99e2fdafa7e", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866133, "uuid": "681c49f3-d3be-4420-83c3-980a736d1bb8", "comment": "Malware payload (Mirai)", "value": "bd1b110829e37c9b3e35cddf2e5e88742b4efa3d2fe3fc4c1e0c1c53c4ba7f61", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866133, "uuid": "a1903356-a011-4be0-9194-9a45db3cbaad", "comment": "Malware payload (Mirai)", "value": "ead0505da4d0fcccf6d50aa3364c938b06c18576", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866133, "uuid": "1d5be526-2215-43c5-a1ea-6e4cf8a5e17f", "comment": "Malware payload (Mirai)", "value": "d43f67d620ca96d36d35129398290d3819d480afcb6d4ef989fda65facb10123c54925b35e562fb19e0c9866c2b99584", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866133, "uuid": "73111131-00f5-444e-a41d-fe8b55065725", "value": "T186A3D8197F610FF7E8ABDC3759A92B05198C645F22A97B767A30C458B64B30F09E3C60", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866133, "uuid": "f12c0cb3-361f-4226-b297-b53e4ebef314", "value": "1536:k0H7ggTq/fSS0au2IjDu3nyio3Hf4mSU7KJN0iU2fFQhkZUDARtV:k0H7ggTq/fSSJuZjDenypf2FWkb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866133, "uuid": "cee04502-b705-4bb0-8fda-41df63e9840a", "value": 104676, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866133, "uuid": "ff86c818-1a0e-4619-b04f-161364c35ecc", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866133, "uuid": "1a020051-34cb-4189-a6dc-ef0e120ccf29", "value": "RSec.mpsl", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "220fb396-7b6b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642846060, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846060, "uuid": "4bc0c98d-2b66-4a03-90d3-9ab3d678ae5e", "comment": "Malware payload (Heodo)", "value": "46ab746756bd5f721cfa62baa43eebb6", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846060, "uuid": "28b2ec7f-d958-40c9-846f-7b21e5e2793b", "comment": "Malware payload (Heodo)", "value": "bd6d27b07cb41ec814a3dc4c42c89d59d573755358a9b59cbf63c480002bc7bc", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846060, "uuid": "8d127108-0820-4757-a43f-6d31d5ff17f1", "comment": "Malware payload (Heodo)", "value": "e4a06da035221382a25c6a2f7f9bda9c50c074cc", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846060, "uuid": "f5ce4a15-074b-4137-8890-028b63260e0b", "comment": "Malware payload (Heodo)", "value": "bfdbc980baa3660fbb187611b73ea9a428ad3b7c7f78f8435ee8e244135589b2b48aa9754473327933821c2fe11b5df6", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846060, "uuid": "4b813ca9-8288-447e-9fe9-c1f38313226c", "value": "T168C48E9EE105DC31DFBE63F451E5CBA3C15B9830275849AFEBFCA176193CA884638582", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846060, "uuid": "432e9ffd-efb8-4b71-b5cc-5b0c891c40c6", "value": "7f57698bb210fa88a6b01b1feaf20957", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846060, "uuid": "db38c063-b3d1-4a12-b5e8-db20eaf7a434", "value": "6144:cNU5LwA22222GgngDrDRVyYli/ci2tEGW78ODQiEDtvOSk5DKXOW14IkFxVFgY4E:x5w7YM/cYVV7EYOpOJyvnHtytFyQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642846060, "uuid": "f536d970-3724-4fd2-b018-6bf3d937cb3f", "value": 588288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642846060, "uuid": "8073bc7b-96e2-4b0f-b50d-b963e7967bfa", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846060, "uuid": "b805ea08-7df8-4de3-81e3-2d4b93c7a313", "value": "emotet_exe_e5_bd6d27b07cb41ec814a3dc4c42c89d59d573755358a9b59cbf63c480002bc7bc_2022-01-22__100734.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec2ac3a6-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1642837809, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837809, "uuid": "fd229e46-6eec-4856-a1d7-9c653304b514", "comment": "Malware payload (AgentTesla)", "value": "164731fa1305f4361d2b031b065a0bcd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837809, "uuid": "6830d0c9-639a-45d2-8e57-c731316a251e", "comment": "Malware payload (AgentTesla)", "value": "bf355b1a895bb65ab02c1b446ccb192b6d44dc337dd6bdfca97fdb0c2751f28c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837809, "uuid": "5d161ba9-0755-416f-91d8-e2e7f771c686", "comment": "Malware payload (AgentTesla)", "value": "11dbadd65ddb030a9810e7097e8bde8057fe9f04", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837809, "uuid": "3aed8bc2-339e-4b29-bf00-ef26cde4d329", "comment": "Malware payload (AgentTesla)", "value": "1bd187a53f68102ea88435e641cb7bcf9c0d123ec64afb5709204cb622d07fac38304ffb01f95630ce3d0f8a93e98097", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837809, "uuid": "27d5659c-9145-4f64-b0f4-a0552b85d657", "value": "T17E1508AD325071EFC867C972CEA81DA4EB61746B531BC207901312AEAE4DA97DF141F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837809, "uuid": "e75c6d54-031b-4052-bab2-80f56589a9d2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837809, "uuid": "a429ca7e-7ed1-4d65-bc4a-124245b19ab9", "value": "12288:ddCS5QyXMFpQ9vu50rfYAWP0rISOg0oq6+i9vYF+2IgYrcXM4AMp9aI4eIXYcpjo:d05pQRI0rwAVrK6+i9vYF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837809, "uuid": "c03df76c-97b9-4255-b3be-fcb6b62fbdee", "value": 894976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837809, "uuid": "b28fd97c-7fcd-424a-a5e6-1cb2edb7afbb", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837809, "uuid": "44934b4f-46d0-4c8f-abaa-1e814a80f5c0", "value": "164731fa1305f4361d2b031b065a0bcd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9a5205be-7b8b-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642860006, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860006, "uuid": "199c78ca-8489-490f-98e1-71a81774e4de", "comment": "Malware payload (Mirai)", "value": "036481830d1a2d29309604a0a2809244", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860006, "uuid": "5cda5d3c-73db-4bf0-b1d2-0302db0e9908", "comment": "Malware payload (Mirai)", "value": "c09c2d9f4a2ef0c6e33a4cad9fcfced28e952d3bf3964496ed3c8ab09b01f9ce", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860006, "uuid": "9652e514-3ccc-4d96-bee6-c7efb4ae0883", "comment": "Malware payload (Mirai)", "value": "20b90a4f45163ac2150f9ac67beceab859089e1b", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860006, "uuid": "7ab50895-a0f0-4039-926f-b4e88b65b043", "comment": "Malware payload (Mirai)", "value": "13f33fe90782a5ffeecfe32cc8edf360ffbaad37b0c281d894fff9281121e3c9d8ed1329cca6c8c88e2e3c80e22d6d29", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860006, "uuid": "ed69e3c0-19cb-4412-b04a-c5507f95cb0b", "value": "T148D2F198F5354F65DD5E913C4F21EBCF6294EDB383C9C3A920584CD2B03A5B2ACA0639", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860006, "uuid": "9825f9c4-22d6-4169-aced-931d9ac2447a", "value": "768:L69ClRvEN73fvjGPeH7wS50zZBFOq/BpR6oxGLJU:LrIDvLyzLp8S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642860006, "uuid": "77fe9e43-7b08-4007-bdbb-0413d9837bc5", "value": 28948, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642860006, "uuid": "a9d45ff3-5b18-412d-b817-757e2ccd2311", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860006, "uuid": "861687f9-6b82-4d64-bb96-4d14c926c24d", "value": "pop.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d490b228-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874706, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874706, "uuid": "0b5fb901-fed1-4052-bd2f-3adf1cd1091c", "comment": "Malware payload (Heodo)", "value": "723b72be888e5e07034c3ab7047ef46a", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874706, "uuid": "4ec4cfbb-8433-4124-b0e4-769f54df4262", "comment": "Malware payload (Heodo)", "value": "c50ff73171a44b630603da4098f2807aaba93b2d3ee5dcf6f50fae6357e46c5d", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874706, "uuid": "ff3e26fa-2a7d-4a71-8fcc-8c2608e8f259", "comment": "Malware payload (Heodo)", "value": "290bb9dbf9d39effe04eb44e4774fbf245a63bee", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874706, "uuid": "58a78ab9-ee9a-40bc-ad07-224d8abfbe9e", "comment": "Malware payload (Heodo)", "value": "b8d2af57c38eebf41f6bcf8051bf2a497e101988a82f4b18aef7d2f33c9001dee74a73c66e2b667e200a99cb97ee83fd", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874706, "uuid": "e1908d8c-96c9-43d9-a3ef-b94f9d942204", "value": "T1E0636CA7B78299EADA0483394DB643C5B717EC104F9A43C73694F7346EB49F08D9324A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874706, "uuid": "f5698c7c-c5d7-4913-9e26-8460ad24b2fa", "value": "1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874706, "uuid": "e96be179-8dd7-436c-bd99-3d302b848c7c", "value": 72877, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874706, "uuid": "3c54dda2-613d-4e10-9b9d-f83cd0dc32a5", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874706, "uuid": "c6606d6e-33bb-42f2-b066-9b456f7f6c94", "value": "PSZ590342140BU.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ce6361f-7b77-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642851259, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851259, "uuid": "da5216a7-4419-4fa1-9a82-7eaa2410253a", "comment": "Malware payload (Mirai)", "value": "4bca76fa65822853cb04bf90fae7e6aa", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851259, "uuid": "c7d6842c-3526-4a26-afb3-96f6aec3570a", "comment": "Malware payload (Mirai)", "value": "c9ea245467a092b5a6b9b9eff4d2d844db7a0b70bb9e17a4259e96ff5306b3c2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851259, "uuid": "98984d2c-a919-484a-a986-a6fcd98c2b0d", "comment": "Malware payload (Mirai)", "value": "4a68c7e63dd02f9d82df782d840e43cebeb06b45", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851259, "uuid": "4d1b0878-81e0-4933-87c4-a09494882d3e", "comment": "Malware payload (Mirai)", "value": "693fa754a6177763e479c6edcae27a92fb18266dac0750884c015559d2cc8386f181be4b93cebbc80eeaf8ac93d5228c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "intel", "colour": "#6F8ECA", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851259, "uuid": "132adc87-485b-4866-ae96-df8815c35e9a", "value": "T1ED5329C8A5D3F8F5DC140978306ABB66AEB3F13F7035E99BC3D86927A841702D10669D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851259, "uuid": "b2b2c987-b6f5-4e1e-a0eb-eecdc07ef5c0", "value": "1536:IEX9170vwHbQXZ5+qXDEuXi95TSW7V/DjObeFt6PuQ4Z/:d917iwHbQXZ5+qXA599SWZ/XObeb6GZZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642851259, "uuid": "d9ca14d4-5138-41ab-a25e-9c88046aa498", "value": 66136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642851259, "uuid": "e12b7da5-7dd9-4013-bc2a-445d62f367d1", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851259, "uuid": "47ff0b7a-a54e-4403-8501-aadb63ce8280", "value": "4bca76fa65822853cb04bf90fae7e6aa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ca35b0c-7b22-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642814724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814724, "uuid": "5f31552d-0b4f-41b5-8032-2abb675db7b6", "comment": "Malware payload (Mirai)", "value": "9eb4b08b78cc4a78cd89df47bb1dbf1b", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814724, "uuid": "a173af59-4308-4e18-9e14-148911b0dd20", "comment": "Malware payload (Mirai)", "value": "ca9794c47099691aeead7fbe227f6fdd71569ec66e8449f832a4cb137b637769", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814724, "uuid": "563cb37e-d475-4426-b698-c23aea1a807a", "comment": "Malware payload (Mirai)", "value": "21772a778e600b3779294ca7f4c0363bc4c9f59d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814724, "uuid": "7ed5c881-0ad2-4751-a2bd-7c30fc9c3b58", "comment": "Malware payload (Mirai)", "value": "2178e869f9c7a097daf51ed522a7835697f2bda3dfb878a36c406ee202b2b503d7ba47528e66ede2826af173d9c3b07f", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814724, "uuid": "702e8906-f27e-4ab3-b6db-cc20d12df090", "value": "T1C5432925AD792E26C0D8B57E11F78724F2E2620E25B8C65E3C721E4EEF04740A5537BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814724, "uuid": "8da81364-d374-4d7b-ba0c-1c0a8c923a75", "value": "768:eLobAxU6q9Hfymp0xginuYvCkLB6WsTwIC1DQdszoDaS0O+DCD3:eL0AxvSHfymp0xgunvCkV6vTMDaug", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642814724, "uuid": "daafc713-93c9-4945-a96b-bde63d2f005e", "value": 60412, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642814724, "uuid": "01869167-f0ce-4420-b250-60df0b2d13b6", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814724, "uuid": "29e2f65e-a2b4-41f3-a370-0205af0285b9", "value": "9eb4b08b78cc4a78cd89df47bb1dbf1b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06b1f6df-7b58-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1642837854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837854, "uuid": "fac06ab5-78b0-4eae-abdf-75c962e6e800", "comment": "Malware payload (AgentTesla)", "value": "7b3e9f425145f5ac1463c58ae6755b7b", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837854, "uuid": "47dcda1e-34b9-41f3-b936-4c58a9da2ca3", "comment": "Malware payload (AgentTesla)", "value": "cb1dae34785a591626f931d7208cf8743b17e975bbdd85ff242ced08f640a1a4", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837854, "uuid": "7a8f4e63-31ff-48ac-871c-d52ea75550c4", "comment": "Malware payload (AgentTesla)", "value": "f8db7de272ba587f3a56c9699a13212b2d44290a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837854, "uuid": "bc2cc3c4-0ea2-4f81-ac25-f007c686fc49", "comment": "Malware payload (AgentTesla)", "value": "b9b9c1209840939c6be82e0d61afcad36795edd0802a8d331572fdb5acb9b4f17c487f68d7e21e003af600d4ba4de105", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "INVOICE", "colour": "#75F0D5", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837854, "uuid": "bcff1a8e-0d8a-4bfb-a803-a8cc9db90106", "value": "T122B423ACB104D02D5097ABE03D34616685D72823F69EE479B6F3F95E413CFDE0E2A4A4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837854, "uuid": "c86358ab-7f17-4def-b5ae-de705255828c", "value": "12288:lcpm5lDr5tBR4YDAfIhbOfnzeVM2bORPyKz+d3yUQL8ZKIO:ldlDrXcfIhCqPb6yd3yUQL82", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837854, "uuid": "7d590ae6-862c-409e-84f4-7a27b8565fb2", "value": 516654, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837854, "uuid": "7f3ba365-be57-4f50-88f8-452adca287a4", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837854, "uuid": "baf89863-8284-42d1-a052-b39462f07e8c", "value": "BL. NO. AWSMUNDAR360621.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9fd5bfb8-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874618, "uuid": "66c11d64-fa05-4d02-87d2-59c5982a8c44", "comment": "Malware payload (Heodo)", "value": "1b8b135a69edc69de90e9afa72a373d8", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874618, "uuid": "ddfd110b-17d9-4acd-b25d-68f6696715b9", "comment": "Malware payload (Heodo)", "value": "cbbeb47f7b0343ffabb173ed0dbb38ae17477129c5dce9bf866814a4f42e3389", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874618, "uuid": "e9b416b2-aab2-4e64-8ea8-c48fba803ff9", "comment": "Malware payload (Heodo)", "value": "675caa7c5ebe2d35daf76d4ce91e982f5381c97d", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874618, "uuid": "85e1dbe2-68a8-421a-a340-c7f9af74b329", "comment": "Malware payload (Heodo)", "value": "0752073484e24dfa3310018af75d4730d55088a45021aa1b5a0ddec3a859815c38aae91aa95f9b135f72c268ffd76462", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874618, "uuid": "22516380-668f-4a7f-9a69-b007f9ff751f", "value": "T166B3ADE777DB4889EF25037A8DB606186763FC615BE313472345B3266E74AC09D03A17", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874618, "uuid": "fd169f2a-5017-45d6-ad58-8b0d52ceabc1", "value": "3072:+C+nBqmxk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIFxe53lGvFTQ3IzxgdrvxpU0O:R+nBqmxk3hbdlylKsgqopeJBWhZFVE+s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874618, "uuid": "a58d196d-6ca2-4ff1-9ab2-dec549178b2b", "value": 110676, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874618, "uuid": "bc6ec376-82c2-466a-b146-94cb99c55074", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874618, "uuid": "5422bdcb-fbe9-453c-a4ba-1f2d4574b4d0", "value": "Contact_2.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cacf2e8-7b84-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642856896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856896, "uuid": "868712da-7e26-4564-b768-e214cf813ab7", "comment": "Malware payload", "value": "7585abe7379c217e4917e2eeaf5dc6a9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856896, "uuid": "c99b5716-796a-4275-943c-a9edc15cfa46", "comment": "Malware payload", "value": "cda3353281915a9b589dda3ad6bf5e81c042f89991c42df9ea7875ae3dabbcfa", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856896, "uuid": "0a752d11-4179-43b2-9284-7bed8c77f724", "comment": "Malware payload", "value": "8535eabc8e3da1a8a4472073405400c08dc3e45c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642856896, "uuid": "c322273b-7cf0-43ab-b525-1905739c763e", "comment": "Malware payload", "value": "e1373eb4335baf6f79a5106f7bc84832fcdbd379df5ff1c45db53e09ea29c715906cd51c173a6c7310280b2698074425", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "Tsunami", "colour": "#BE6B05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856896, "uuid": "b5a4b8af-8929-4d91-9728-b0607f3870ee", "value": "T145C33A05E5628667C1E227BAB75F865D37221F68C38B33257A2C7FB42F81B9D1E39110", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856896, "uuid": "1a445920-7b2c-4c8f-80ab-5c8a4ed83089", "value": "3072:4vGq3DOjzBFaQe8a832VVUYkCDvOSXUbHoghl0my2QyESuunz:4p6jnaB8a1UXCDvOpbHpcmy2QyE3unz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642856896, "uuid": "3ca0c293-3a42-4425-8d77-b6e6a19a283f", "value": 128908, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642856896, "uuid": "b8f29321-b35f-4328-9703-8c724a94fd81", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642856896, "uuid": "b9723440-f4bf-40e6-8fe2-baa3d691cf86", "value": "7585abe7379c217e4917e2eeaf5dc6a9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2d61d1e-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload (Loki)", "timestamp": 1642837767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837767, "uuid": "5cc87663-631c-4679-be96-f5c534b03a0a", "comment": "Malware payload (Loki)", "value": "5ea24e32645a71f1ac5a0e122fdc9aff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837767, "uuid": "47c4ac51-009b-4281-8710-71085b6c9dec", "comment": "Malware payload (Loki)", "value": "cda4901e34db30dc7438f3e0a45715cc40b870ed0eb2f5f1e7b3dec7d0228a5e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837767, "uuid": "1fdc5d6f-161f-41db-8e57-0e1a2b5a1cd0", "comment": "Malware payload (Loki)", "value": "85dc06cbb3415fa759a43cca08f3a8d9d6738a64", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837767, "uuid": "506e6680-de3f-496d-b2ab-8448fef1f4a9", "comment": "Malware payload (Loki)", "value": "a1ca2225e645738cc71d35bc3065ba8e241444f24952608e1c0330d26fbfa86327c85d402eba56e553b07fd8c883c696", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837767, "uuid": "4d82a97e-18b8-45a7-8fc6-c45de62b8f71", "value": "T167F4D5AD325071EFC867C972CEA81D64EB60757A531BC207901312ADAE4DA97DF242F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837767, "uuid": "54986bb6-7ee9-410d-8b34-207c9e7de652", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837767, "uuid": "cabaf01c-2e51-445f-8f96-b444aa04c90e", "value": "12288:jhNNJbD7tuZALQjRpFoFe6RJNipQcq6+i9vYFUGh7W5on0fM+u3okTul7b3c9Jzl:rNbuKiRytlipQH6+i9vYF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837767, "uuid": "77de8566-464a-487e-b60e-21d90cb35c5c", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837767, "uuid": "c49f467a-a847-42c3-9db1-f992254cefd2", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837767, "uuid": "4814c1b4-abe4-469a-8dbf-df80d3201776", "value": "5ea24e32645a71f1ac5a0e122fdc9aff.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d8b6557-7b67-11ec-9275-42010a9c0029", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1642844469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642844469, "uuid": "1ff84241-34c1-4142-a710-becc5a18c3c4", "comment": "Malware payload (AveMariaRAT)", "value": "a957b1c1ac1ab07eb7d865101984e1a1", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642844469, "uuid": "d18bc7a6-95ea-42ee-8e68-b1bd358bd530", "comment": "Malware payload (AveMariaRAT)", "value": "cdd84a3b4062b53e0548a974b506d000b81d8204a02917d91fedc6b929801eaf", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642844469, "uuid": "db546d73-2123-4848-9034-767b5cf6cbc3", "comment": "Malware payload (AveMariaRAT)", "value": "57d72173d069f45f64b1993217474cc58d16006a", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642844469, "uuid": "2183b9f0-ee55-4343-822f-7c1ebb3973e5", "comment": "Malware payload (AveMariaRAT)", "value": "14eab218a45dab5a578ce261a74aeb561e782f1cbb1fb9497360d60f03a615bb95943fa2f9807f7e6fe1653dfb831d77", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642844469, "uuid": "01a9c7a3-7f1e-41a5-b80c-b9a2acef3f85", "value": "T1504412A120D7519EF2CBC0B50B13097EFBF6EA0801A306B75756DF1F87262C286847A6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642844469, "uuid": "aec32902-8940-4d17-bd85-84d561c3946d", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642844469, "uuid": "bcc73483-cabb-413c-a712-5c907bc59ae4", "value": "6144:RwqJ+0Gf1JecEaWFOSa/AetsSPt6nzb7utYb8th:50veFcSyF6znmYoth", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642844469, "uuid": "236a6062-5be9-4a63-8364-a9ba631a3d41", "value": 271048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642844469, "uuid": "93930579-8b51-4ec6-8a2e-e6f8f79c7424", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642844469, "uuid": "8ace44e8-bb0c-45bb-afde-e5ffc84c166d", "value": "a957b1c1ac1ab07eb7d865101984e1a1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3940634-7ba0-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642869121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869121, "uuid": "b4956a09-41bc-4d6e-a258-c5e354343f12", "comment": "Malware payload", "value": "1ff53cf43d2a19d096256563ac87157a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869121, "uuid": "330b47c1-99b9-4700-a798-c025b8d0ed36", "comment": "Malware payload", "value": "cdf3721e973a89f2e33ed9dbcaf0ecc2859e8977cef409f74fd962b7fb1fd2dc", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869121, "uuid": "d4e49f50-2a27-4436-9f94-718355227d16", "comment": "Malware payload", "value": "af6967281cd2a5fcd58eef9468e4980321ea6813", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869121, "uuid": "2b0da779-9c73-4a94-b671-5e4f2a94028b", "comment": "Malware payload", "value": "88b0531df001762853107d7bc0e3c82772247de8883b052127ebff18ac4d5d11020f3ff2b92902820325808b753a3b44", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869121, "uuid": "c30f8f87-3a7a-46ec-848e-0fdd454b551b", "value": "T1A213F27E06062D91C01AC0FAB136ABD25F5109FE58633C07694979AACE2B1BDF453F64", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869121, "uuid": "80f698e6-899a-4b23-82d6-6cd476790fae", "value": "768:b46cWxiNGPrYi6SBmnVFygpc/UklROhfGQhbJJgGlzDpxYs2qFokk+2u1Zxu:bAuiMPrk5nDyxPmhZb7VrY6oj+2uE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642869121, "uuid": "e1cb47fa-fa0d-4869-80a0-7a98b20dff85", "value": 44344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642869121, "uuid": "c108535a-dbde-4340-9662-32a9ce87ce74", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869121, "uuid": "319a5496-fac8-497a-a535-a3e52e07b9d9", "value": "1ff53cf43d2a19d096256563ac87157a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d74efe43-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874711, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874711, "uuid": "ae0b3e0e-83bf-4fea-8070-6ebeb11b14c6", "comment": "Malware payload (Heodo)", "value": "c31334980edaad47ac01d279ea05a278", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874711, "uuid": "02d16b51-68a9-4a22-925d-74df27157613", "comment": "Malware payload (Heodo)", "value": "cf14954bed171f8ef80867075b0270de01a7afbfdeeaefe720a4136652bcbccc", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874711, "uuid": "a32c897d-849b-425d-94b7-bb098ec998a6", "comment": "Malware payload (Heodo)", "value": "c90e4aca7a27825c23c49bfa950091ed8f50a426", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874711, "uuid": "678147fb-ecf2-468e-ae5a-41d2f5530eb9", "comment": "Malware payload (Heodo)", "value": "b380bae6b2decd1508ef1ed5e5eac368880a33d68d2a6b8087b4d06747924431eb3b47d456c83370bc054f7fce606b55", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874711, "uuid": "9a0bd0db-74cb-4935-ab9d-b3105608ffe8", "value": "T1E4636CA7B78299EADA0483394DB643C5B717EC104F9A43C73694F7346EB49F08D9324A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874711, "uuid": "301bb278-6a39-4a94-8cc4-a96fa7d8de8c", "value": "1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874711, "uuid": "3bb97ecb-dba8-4d5f-a5cf-e80fddf7e6a2", "value": 72080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874711, "uuid": "0eecc62d-07c3-4ab6-993d-87941fa2c514", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874711, "uuid": "98fddb80-ff77-4d05-9e28-191bc4d04dc5", "value": "report 01 21 2022_2.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3da8f5fd-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865434, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865434, "uuid": "602f09ab-7590-4858-bcce-abd1bf7606dc", "comment": "Malware payload (Gafgyt)", "value": "aadb57275b100400ccee1d27ef0a1b26", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865434, "uuid": "21567af2-8d52-4711-a38e-63932452dd85", "comment": "Malware payload (Gafgyt)", "value": "cfc39c09eda3f441f4f83172cb77b2d6428e6019faeda936b6d8e84d20f62d77", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865434, "uuid": "aa5226e4-6741-42b9-b73a-1b0f44153171", "comment": "Malware payload (Gafgyt)", "value": "07354f5db2d30bcd486a8f908fe2ad7795474cfa", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865434, "uuid": "12be977a-dc85-42fb-a688-719996b626d0", "comment": "Malware payload (Gafgyt)", "value": "58b8962118fa1439bfc93314eacd14b8e6da49bd40fc29fe05c955b64e04e5b235a0e2bb5f7469873ed2c865acc51730", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865434, "uuid": "bc364714-ca7e-4b16-afc8-f2113f7ad8fb", "value": "T151C32A45FD04872BC2C227BAF79E428D3B365E9497D7331266357AB02BF27981D39620", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865434, "uuid": "2f7b7c1c-46d5-487f-87b5-36b3e5bb2670", "value": "3072:WVvBM/BmJYPxkQFmqEmWN92fmP4qZQ1SoSfuyNn:WvB8mJ/QcqEm9fmP4qZQ1SoSfuyNn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865434, "uuid": "786151dc-a055-4af4-a910-417931429be3", "value": 120319, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865434, "uuid": "d4d2e36a-9be4-4fba-95b0-244921512caf", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865434, "uuid": "9961ee84-5a9a-44e0-a5a7-c32df8609edc", "value": "nv.arm4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdc20ff9-7b93-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642863608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863608, "uuid": "3dfda6bf-e6be-4176-96c8-0ee9ac257411", "comment": "Malware payload (Mirai)", "value": "fa99ff7cb9b626d846850259b7e2d597", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863608, "uuid": "ab9c86d3-4b65-42f7-a34a-06d4d6e85a7f", "comment": "Malware payload (Mirai)", "value": "d053a8bb39d9abb2de4ea8be2404eee03a2aa5c0199ca8f9da750832919c5845", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863608, "uuid": "bb0f06ec-998e-4d75-995f-c25d1b0cdf82", "comment": "Malware payload (Mirai)", "value": "f6ba1ca0cf8df72745b2fd98fe4495062cd474e6", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642863608, "uuid": "bb7a7771-2f88-4f57-88a6-2d0a20e79443", "comment": "Malware payload (Mirai)", "value": "bff1dae3e6d3b1142690360ba576a281801671d92aee3437b414a76ec8f2f9ad52bcf5f29a65e4b092aca294bb427bd2", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863608, "uuid": "08a7404b-4efc-438f-87d1-2633ac8ce5c1", "value": "T16A733B42BC91DA12CAD4227ABA6E61DE331123D9E2DE32039D216F6437CBD1F1E7B145", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863608, "uuid": "1f7e5c64-edfc-4c8a-8962-ec28a4757c6d", "value": "1536:k/p4AfgZBY92cWBh7SnkYuDa8Y0oAwqvpRfXFRS6D/:k/p4EUyYh0hsYNRkvXFRS6r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642863608, "uuid": "b5180d84-5026-4a1d-93be-565b27ffcbfc", "value": 74792, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642863608, "uuid": "96757fd4-ef01-4b48-be22-416ba672edab", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642863608, "uuid": "ed60ff87-9892-47af-bcde-e52089b6f1c6", "value": "arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83338a2e-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642865980, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865980, "uuid": "d9b40e36-652a-4e77-98ed-563ae5deeadb", "comment": "Malware payload (Mirai)", "value": "90cba1b668d24ab9714c54c974462145", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865980, "uuid": "7b880dd1-67f1-48c9-a255-28eb01655c09", "comment": "Malware payload (Mirai)", "value": "d38a26a62f116538ba3052febeb8ffe1f49fe595b294053c3041c835ff5f397a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865980, "uuid": "af163a17-693d-456b-a483-660b3ca95bdc", "comment": "Malware payload (Mirai)", "value": "df9300f4346daee4afadc26d727302e3103ce5da", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865980, "uuid": "931af196-9fb7-4ad9-9f31-85d8e60fb211", "comment": "Malware payload (Mirai)", "value": "95f7f51517ab8d93a3ab8bb56beb39fe27cb604424b047e793822145d2f1d2d861e0350e292a4a6c81d6dea53ba13733", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865980, "uuid": "3c24f317-9e91-4332-b81a-5bc0cb0b8454", "value": "T122832A46BC918E15C5C9227AFA2E108E33036768E3DEB263DE145F2467CB92F0E7B455", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865980, "uuid": "32e83e97-14b5-4502-9ff6-389009f57a7c", "value": "1536:ZAn7hpYe10NMSjE95qEjQI7wnUtbrz62iVMXnuMwisGFmEVdi7:wpYjMz0I2Ct8GFmEVdw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865980, "uuid": "535c4275-0a3c-458d-815b-7fc9b56df6e3", "value": 83292, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865980, "uuid": "27661021-802c-4bc8-8173-9e5c38293c60", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865980, "uuid": "d9d75316-2ed1-4388-9f03-83d76c849801", "value": "90cba1b668d24ab9714c54c974462145", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5bbfc135-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865484, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865484, "uuid": "796d07ce-1305-4acc-a7be-5766db1be31a", "comment": "Malware payload (Gafgyt)", "value": "5ed6f5fb07aea9f1fdd7e7e15d6ce8ea", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865484, "uuid": "2e07edb3-215d-4287-823b-424d6f6df2c9", "comment": "Malware payload (Gafgyt)", "value": "d60a5000a7dc47594e145ed5244a845835b5c5972d96ee9cf26f3c32bf1c3493", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865484, "uuid": "696bf4cf-0a68-4ac9-9238-9852a8f0c127", "comment": "Malware payload (Gafgyt)", "value": "265a3e56747a62490e16545f20fb37bd67a8c51a", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865484, "uuid": "0d00ef95-d3d0-4835-be64-6a8c0fd388af", "comment": "Malware payload (Gafgyt)", "value": "594b45c208cd84e5b45bc451375c20438cdbd7dd9af7fbbde6fb5a02c0781d0c16cea75e992a06e7ff6c4166d9c2e85d", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865484, "uuid": "bb38ca4c-292c-4980-aad1-bd06f8e702d8", "value": "T1C4C3F93B77170E73C0CA107151E30332AAB5DF9934B95397A9E07DA86F36A843816BD9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865484, "uuid": "e0158159-29ab-4217-a091-c53cec4bef04", "value": "1536:k0MLDB41FAOTN95euULta7it1Us0unoQmmi405bUC3CnSyNn:RvHTNPeuUkGft0uhmm/05bUWCnSyNn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865484, "uuid": "cb01fe1c-14c0-4576-9300-b652fe09b33b", "value": 119631, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865484, "uuid": "61baa66d-50d8-4f5a-ab41-b101b70b0f2c", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865484, "uuid": "691ba69a-869c-4c6f-a94a-b23d8e858f2c", "value": "nv.sparc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe2a80f9-7b16-11ec-9275-42010a9c0029", "comment": "Malware payload (Formbook)", "timestamp": 1642809922, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809922, "uuid": "b83fe77a-54ef-40be-931b-82f7be1c9bf2", "comment": "Malware payload (Formbook)", "value": "49fd93fb9699d57c47b6c1ae98282170", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809922, "uuid": "e2e74999-5f93-4993-99c9-8b3b075509ee", "comment": "Malware payload (Formbook)", "value": "d6fce7f4f6a8c7c7ec013bd177f42ab0a9ef8d8ce6f505245ea09e41d33201e0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809922, "uuid": "4898cedd-43c2-4105-985c-ec293a3cba95", "comment": "Malware payload (Formbook)", "value": "2ceb5be3f5cc5f91862d866c2b6b695b144cfa56", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642809922, "uuid": "e110ef5c-a759-496e-a33b-e2e462e1d93f", "comment": "Malware payload (Formbook)", "value": "785a2c28c50cfb4d4ee58ff0ec8f213b745b61471209262195f2f67160ac9a81a478c54c6653159c040b0a615464a905", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809922, "uuid": "da175582-c30f-41b1-8059-c88002740bcd", "value": "T15664122761EBD1BFC52A4B7496DBD735DBF1A3143059052F6BE02F3B05220D3AA0A263", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809922, "uuid": "0b447fad-7706-41ba-8be1-c4de8e31f3f1", "value": "099c0646ea7282d232219f8807883be0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809922, "uuid": "4c87a6b5-e9e6-44c0-a4cb-a600e27f163e", "value": "6144:ow+hv2ygg0KzY5PCP/bGTsHl8T83NFs+cSEGO8Ad6/dkMY8DfjBh:yheZMzZXSg6T83Opz/slh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642809922, "uuid": "39bb07cb-b6d7-4e74-aae5-9e62e2383063", "value": 329880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642809922, "uuid": "7457c7c3-5e38-4be6-ac2e-bfb15b7e1ad3", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642809922, "uuid": "18ffff14-5d2c-42f0-9d9d-90901eba066c", "value": "SKM-97116373-PDF.pif", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d328d13-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865460, "uuid": "27e1339f-e9ac-479b-bebc-e59a0841c50e", "comment": "Malware payload (Gafgyt)", "value": "f5fd714e99543fc8ca081a733477e86f", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865460, "uuid": "91ecb302-79ee-4edc-a7ed-6efc1a241ce8", "comment": "Malware payload (Gafgyt)", "value": "dbe0863e046c829d2bc2317c15b86848017f74a263c70d9ca044eb081e99e3cc", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865460, "uuid": "38c76d1f-4abf-46c5-bd87-713bb08575c4", "comment": "Malware payload (Gafgyt)", "value": "9b881c7a19d485a751a874ec511c25d551c4f8d4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865460, "uuid": "441f71b5-8a50-4a83-8e9f-eb0cf877db8d", "comment": "Malware payload (Gafgyt)", "value": "7d888d2482b06ecf43e9f8a3b593a4f6c2d17253a11e3cfadc2e7f8ed6a7ca60dd9d5065b67897b944a2f8955ea449c0", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865460, "uuid": "ee07172d-7bbc-4c82-8c9c-a7d45e061aec", "value": "T120B31893F900DEA7F40AE67608D74B257670BFA20F93162273177976AA322D43827F45", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865460, "uuid": "286ed1c1-b187-42d5-80df-347359b75d0e", "value": "3072:1rb8GpU0Y0hUZSf1Fkydbs+DilUmm/0pbOWCnKTNn:1XpU0Y02ZSIydA+nmm/0pbOWCnKTNn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865460, "uuid": "26f1cc9b-2b20-49f6-9809-bc0e8e45f533", "value": 109244, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865460, "uuid": "63417974-7106-4001-afcb-e67ce3c4c57c", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865460, "uuid": "25238080-b3d7-477d-901b-0f507e13d8f2", "value": "nv.m68k", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb28ecfb-7b99-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642866154, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866154, "uuid": "78ecc827-c625-45bd-8316-757aefb6fb75", "comment": "Malware payload (Mirai)", "value": "9d93a158eceb9a99a0fc9995bdf014ea", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866154, "uuid": "3d62c406-250c-4712-8b46-0fa57d8966bc", "comment": "Malware payload (Mirai)", "value": "dc37675332ba32fdec09cb17e868d80021f5b0eb74527082e35acca03e88e14b", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866154, "uuid": "14bb35be-c845-4f62-ae4c-3d718d630079", "comment": "Malware payload (Mirai)", "value": "9f3daeedd96420a3ce6d0adc3a8c7c3681410806", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642866154, "uuid": "f250abc2-c7b4-416e-a907-17188ef1ab0c", "comment": "Malware payload (Mirai)", "value": "fc22f44fef4c49ae27a37ae07934e8dda44fc2fbed7b540b211e034ab63275c52bbe461214d87dfdf302e073e18267be", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866154, "uuid": "0168e697-af9d-4c91-8346-6e90e539b29d", "value": "T1A5735CC5F483E9FAED1F063830BAEF326D76E1FB6118DE83E3965623A851612D50214D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866154, "uuid": "08fdac58-1aca-4e33-89e8-a7dda8b4ef29", "value": "1536:MvRIa5xZNuJ0SkSegVkDMEI9RlHI5jwKAA:1oZNuJ0SkSjVkDMZ3HIFLAA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642866154, "uuid": "174566c3-8a70-434d-9681-53130e8c723b", "value": 74544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642866154, "uuid": "d29c07c6-0604-4643-93ca-be2c8e9790de", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642866154, "uuid": "3febe76f-b832-4933-a71c-68267053e52d", "value": "RSec.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "31fc5c8a-7b9d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867562, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867562, "uuid": "1682ce8d-cdb4-47a3-86fa-116ce4da9843", "comment": "Malware payload (Mirai)", "value": "bdd5b9b4bfd367bf7265a9996a24dc6f", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867562, "uuid": "34bdae75-7a52-4360-917c-14fc389771a8", "comment": "Malware payload (Mirai)", "value": "dc9477f1515659d107914209a73f71f066d6d66300afafb3ff98ba7b53bf8e84", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867562, "uuid": "dba0136d-1780-4423-a239-5d53437956fc", "comment": "Malware payload (Mirai)", "value": "966c85830599ea5ccb7f5241bbd1a4dce65ccad4", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867562, "uuid": "1dd84e68-6bd8-492d-8afe-9b0066c41cbe", "comment": "Malware payload (Mirai)", "value": "a76058eae517c63c54be8d780cf2e424cbdfb5113534c6605b4456ea280f6c8a0fd63817b08110ea4fd2cc6b804fcce6", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867562, "uuid": "fa8922db-3666-4ef7-987d-b38cdcd9ca87", "value": "T1C7833C02E743C6B3CC830BB2029BAA665931BDAA1E269F49F31D7DF45B128C47116F56", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867562, "uuid": "391ad618-69c8-41c3-8cba-cf89c3266431", "value": "1536:W35b9Vc4N3J6lreu5r4hWj8LoWDloRmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0YM2oRmEwVOz+ucfW7k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867562, "uuid": "7e81cdc3-6f39-44a3-8d32-bb865b09aa95", "value": 84999, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867562, "uuid": "1f40b852-d371-4289-b696-62edc60c871e", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867562, "uuid": "804bc8f3-7d83-4640-9970-b4eec5650bb1", "value": "x-3.2-.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "65fd65a1-7b5f-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642841020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841020, "uuid": "b9479433-a345-47a3-b50c-e49e0180e693", "comment": "Malware payload", "value": "4382b580d709adb4b5d2c55920e8a89f", "object_relation": "md5", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841020, "uuid": "af4a360a-4a21-447c-b129-b284abd7eefa", "comment": "Malware payload", "value": "e2ddecc596180a56840baffcfc8494342c8ab8f4770344a1bb5f2186a323d860", "object_relation": "sha256", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841020, "uuid": "a1ed3aab-dcc4-4db6-9519-5f6bb90c5661", "comment": "Malware payload", "value": "7335f7fc14bc415e34cf4442f0bebeff7f82a20c", "object_relation": "sha1", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642841020, "uuid": "8082dc3e-8aaa-470e-8eb4-08fb77eae2bd", "comment": "Malware payload", "value": "35d3edaeffc67eae8acc1bff21df7cb0afd5465a5e2f1dbecdb95f1e8417f432cf79acb9f30132e295fd13df5b00c7cc", "object_relation": "sha3-384", "Tag": [ { "name": "hta", "colour": "#0DC599", "exportable": true, "hide_tag": false }, { "name": "mailjet", "colour": "#C5C98A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841020, "uuid": "a754bedd-aebb-4a8a-ba12-32bfd840af56", "value": "T199811999074FCAFDA553BCC8D8C91A47EFA58626462CE6C0CF60BEF6341553CD4E1858", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841020, "uuid": "f0082d24-265d-4a19-ab50-ac3358f86bcf", "value": "96:Sx1fEaTC0VfZkGzz5tFknVA8AY1O6Rie1hX4F1ipvrwQrJ:CXVfZkazbaVA8LOWhIFcpvrFrJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642841020, "uuid": "c285e668-55da-4463-bdfa-c2f5f1f69256", "value": 3927, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642841020, "uuid": "30e2fecc-38be-45a3-b23b-cbec1df89637", "value": "text/html", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642841020, "uuid": "0e417412-66fe-4025-9ba7-9cc98349f1a8", "value": "23530AU23530_23530.hta", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d604787a-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874709, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874709, "uuid": "a595a421-ad8f-4071-a8fa-3eb84d7b33d1", "comment": "Malware payload (Heodo)", "value": "e47664864ce4d964d95000a681257381", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874709, "uuid": "29434c01-c931-4ec5-87c9-c24ae35ed40a", "comment": "Malware payload (Heodo)", "value": "e33811b4dab432d10d50a8357ec88ab255590ac412e6a386ae3cee55c40df20e", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874709, "uuid": "01da467c-ad17-48f6-aca0-9ee2b3e8872a", "comment": "Malware payload (Heodo)", "value": "943d5e3c929c736adc6632d5804c79c00938365f", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874709, "uuid": "f5badffd-5b3f-4bf0-a661-060712ac0e41", "comment": "Malware payload (Heodo)", "value": "e55deea583dcd8e0044369a8565fa3c862ab7218cb3386ad5bb00d841749eaa88c9b7453ac83d9f3521eaf306189c829", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874709, "uuid": "5a13ef63-c247-477a-8806-6e605091cf33", "value": "T1FB636CA7B78299EADA0483394DB643C5B717EC104F9A43C73694F7346EB49F08D9324A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874709, "uuid": "b8fe882e-cae8-44a1-8555-19d562d6fd49", "value": "1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874709, "uuid": "538886bb-df49-45b5-8f19-1d9f33649b75", "value": 71236, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874709, "uuid": "99bd51da-a6d3-4c80-a65f-55cb8c37e472", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874709, "uuid": "4791600b-a41b-4fe7-893b-4e3f8ba39bf1", "value": "Rechnung_21_01_2022_7159329289.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb076fdb-7bab-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642873804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642873804, "uuid": "c500f095-2bd5-418b-8d8a-7daba6853c6a", "comment": "Malware payload", "value": "7859ac8a902f6598100fefd286dfc3b6", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642873804, "uuid": "093667f0-2403-4602-88d6-8d40ec4b0c6a", "comment": "Malware payload", "value": "e38bb8f4edeb42ac23fd84308b9a6c9d504a2b63f9edc242c2a191d1d7132e5f", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642873804, "uuid": "10377863-21c6-4c67-99a0-de020f8ef1e5", "comment": "Malware payload", "value": "33923f44cd88c20e3733b0430555e2d22e31f0a4", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642873804, "uuid": "6fcd6977-6732-4bb2-8a36-24ab3ef8eb23", "comment": "Malware payload", "value": "be527d0bdf11b4fef0c7996ab4b825a5749a87817e83dea53715443eaa74189d5f796ce3d0ae9031d590def0d530272f", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642873804, "uuid": "b9531ed7-45e7-4356-9a7f-a88d41bf1743", "value": "T16E433B375692CA7BC0D747F517D796218133B8391F236209B3D8BDAA3F269C82E59302", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642873804, "uuid": "23badce2-b03c-46e7-943d-fb2d537ce0e1", "value": "768:UzmQ1KeSZaLGjuL3GoxVbsVFWnyVZSgHo3Gk7IfuXYYYnC8439qS/DDrWMCLsZ:R6/HGSDjbsVFWmSg+7QClKNsZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642873804, "uuid": "d906fa0e-83a4-4c32-b89a-fa5bf2c90e06", "value": 60197, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642873804, "uuid": "4bca88a2-b849-42cf-b078-5889969e8461", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642873804, "uuid": "36b5008f-2a88-4dca-b6fe-daf462eab92f", "value": "x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55f3090c-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Gafgyt)", "timestamp": 1642865474, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865474, "uuid": "f93385d2-1597-42d5-ba32-e6dc8501aa92", "comment": "Malware payload (Gafgyt)", "value": "b60899ce65602f207bde2545854d5319", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865474, "uuid": "991eff2c-510c-45fa-a54e-63467c7e1191", "comment": "Malware payload (Gafgyt)", "value": "e3ee2b397d410a7aa4cb53b56abc60c2fa31587cf8160391cd07265c5bdf0c1d", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865474, "uuid": "4bc2d018-5576-46ed-bc62-9602c2da66ef", "comment": "Malware payload (Gafgyt)", "value": "9f13e14eeb7e92fb683674987a604364e20f8d29", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865474, "uuid": "7963002a-ef41-44ff-9f35-20ef415fdfcf", "comment": "Malware payload (Gafgyt)", "value": "3a392e9e30f03c13f9b726eb07643a6d5004bdf4599f3e6fc18ed3b4a67101b2f3fb9f08d26e9abc3585127d6a5c732d", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865474, "uuid": "d7dd708c-7985-46e7-bac3-1baacdde275a", "value": "T1F8B34A57BB2C0B43C49B5AF03DF727F08769BDA113A66180A119FFD017B26B02526F99", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865474, "uuid": "7b020159-3ed2-47c9-956e-bbd5a17c3f8b", "value": "3072:9tGzps90eGgER3wfXS2cOmm/0pbObsnKfNn:9tGzS90eRER3qi2cOmm/0pbObsnKfNn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865474, "uuid": "749779ea-113a-46c3-a048-e6abd73b645d", "value": 108243, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865474, "uuid": "93ad9d73-6465-4531-aa9e-631c13d116e8", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865474, "uuid": "ed672590-81b7-4ce5-a7f1-656bf8be03a2", "value": "nv.ppc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "284434e0-7b8c-11ec-9275-42010a9c0029", "comment": "Malware payload (RaccoonStealer)", "timestamp": 1642860244, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860244, "uuid": "901622bc-c4f4-4aaa-8e94-c832b40e241b", "comment": "Malware payload (RaccoonStealer)", "value": "1f0b449499b8811d74e99726d337fb91", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860244, "uuid": "4a0c40d5-26d9-447d-9b7a-59ee10dfc14e", "comment": "Malware payload (RaccoonStealer)", "value": "e438f74e71aa80712289eaac851a59a481b24e46ba5d607e3cd42aeea6129bd8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860244, "uuid": "c7d65779-a54d-427c-aeba-22b15198e806", "comment": "Malware payload (RaccoonStealer)", "value": "b8e6bbbfcff72b0e0fadc2f15504590b1c46afe9", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860244, "uuid": "8b5f7069-1a1d-46fe-84c2-eacacaf9c90b", "comment": "Malware payload (RaccoonStealer)", "value": "ac1a0df9ea3ad8b1dde64a70d8b35a9af4a19d033d07597e9fbbaf69152e587b0096e5931490942d90acdba056d5a39c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RaccoonStealer", "colour": "#C0516A", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860244, "uuid": "2bbcbefc-f6b2-4c37-800c-426b8ac0bfd6", "value": "T119D412353B81D43AC48D06B119258FF41A7FFC7848984686F3AD3F2E6A73291A61635F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860244, "uuid": "8e3b8883-e796-4889-b639-bcf77ca58b33", "value": "1c3e601327e38fd1865e47bf98f54632", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860244, "uuid": "b1276fc1-0185-4553-b4e0-bae33f101cbc", "value": "12288:xLF9cPbIqSDV788wpGu/R2Cpe0LgoL1BH4bu5BySdKsV2J8h30y9cZNJN:Z0jYD58bGu/JU0LgovHJBywVqHy9cZPN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642860244, "uuid": "2b794068-812d-4d78-9cb8-12492b7b5ca7", "value": 629248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642860244, "uuid": "5f350c24-f58b-4f26-8b5a-a9a47f5a7bee", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860244, "uuid": "a37bc087-e513-42d9-986e-fd064ec52f8f", "value": "1f0b449499b8811d74e99726d337fb91", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1e5cca2-7b58-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1642838141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838141, "uuid": "07661d4a-d648-4e22-a20e-8f9e01d3dd42", "comment": "Malware payload (AgentTesla)", "value": "d75823a0f16ffe95f0e889591f2532e7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838141, "uuid": "65ff46b7-689a-4375-b818-d821f5783b3a", "comment": "Malware payload (AgentTesla)", "value": "e4bcf8ffa4d8818a6df5d192523959ed75297534f5a5efe64ca41fb95b2f8859", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838141, "uuid": "e6848afd-5ab2-4e55-8055-a2266a5b52d5", "comment": "Malware payload (AgentTesla)", "value": "74c2bd7492fd7932975dfbc11f462d2bdca5a8ac", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838141, "uuid": "0fb418e6-90ff-4aa4-ae9e-57e857f8a74a", "comment": "Malware payload (AgentTesla)", "value": "7193de1fecf114636f5c2a01a7a265e052ba55385b97cefd2594239d65fa16ff2e21c570b1da10a157ee360336089b43", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838141, "uuid": "8cf2db26-cc78-4bc7-be2d-56db3b9b5ce2", "value": "T191B423ACB104D02D50976BE03D34616685D72823F69EE4B9B6F3F95E413CFDE0E2A4A4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838141, "uuid": "cea87236-fdbc-418d-94b7-bcedbc7d4e0c", "value": "12288:2cpm5lDr5tBR4YDAfIhbOfnzeVM2bORPyKz+d3yUQL8ZKIl:2dlDrXcfIhCqPb6yd3yUQL8d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642838141, "uuid": "00517d1c-9fdd-4df1-b7f9-30c85b40ac3a", "value": 516644, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642838141, "uuid": "adb3825f-9fd3-46fc-8621-0a16d0816b96", "value": "application/zip", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838141, "uuid": "ab31d7c3-3a6a-4690-a48f-7174b8eb0be5", "value": "BL-SHIPPING ADVICE.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e248254c-7bc4-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642884608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642884608, "uuid": "619998c5-a4bd-416a-9305-bf5573960835", "comment": "Malware payload", "value": "d07d3bb92a0be136f7c75b64d9311262", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hazard", "colour": "#F6970A", "exportable": true, "hide_tag": false }, { "name": "HazardTokenGrabber", "colour": "#5FDE9B", "exportable": true, "hide_tag": false }, { "name": "Hazardv2", "colour": "#3DC2B0", "exportable": true, "hide_tag": false }, { "name": "Python.Disco", "colour": "#846383", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642884608, "uuid": "48481197-d876-46d2-9fa3-f8e8380c0a38", "comment": "Malware payload", "value": "e74f6abf23ee6046cc936892f137e906fbd08eb76ba0c16bd85f01a84604636d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hazard", "colour": "#F6970A", "exportable": true, "hide_tag": false }, { "name": "HazardTokenGrabber", "colour": "#5FDE9B", "exportable": true, "hide_tag": false }, { "name": "Hazardv2", "colour": "#3DC2B0", "exportable": true, "hide_tag": false }, { "name": "Python.Disco", "colour": "#846383", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642884608, "uuid": "9ea8011a-6543-4990-b832-92a1175c39d1", "comment": "Malware payload", "value": "1da1ee33f128bcbe191595a08d91cee231e2b6e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hazard", "colour": "#F6970A", "exportable": true, "hide_tag": false }, { "name": "HazardTokenGrabber", "colour": "#5FDE9B", "exportable": true, "hide_tag": false }, { "name": "Hazardv2", "colour": "#3DC2B0", "exportable": true, "hide_tag": false }, { "name": "Python.Disco", "colour": "#846383", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642884608, "uuid": "6dc1cc18-43ab-4ff1-8375-1c17b687d506", "comment": "Malware payload", "value": "345c295f34172aa25db66a142eef1a48335de639925b23e8d292c204849db72d685754778cdee72d7429c5eba84db8bb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Hazard", "colour": "#F6970A", "exportable": true, "hide_tag": false }, { "name": "HazardTokenGrabber", "colour": "#5FDE9B", "exportable": true, "hide_tag": false }, { "name": "Hazardv2", "colour": "#3DC2B0", "exportable": true, "hide_tag": false }, { "name": "Python.Disco", "colour": "#846383", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642884608, "uuid": "8f428f49-f02e-46de-9b03-6daaaae45714", "value": "T12F773350A2E004DCF8DBD33B95E6D3712971BC4DC192E84F4A9D19D94FA72D2AEB2B40", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642884608, "uuid": "a7a8d9bf-f6a1-467d-b4e8-75ae3707a277", "value": "5324ac1e1bceff69ec8d4435c50bfe0e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642884608, "uuid": "30379152-bf1f-4ed5-8237-ece49dc96ac1", "value": "786432:5TtAqdqVBsErUtNp5VYX6XCZg3w+5Qpws0oMQA3/Od9WXW86+Fmgp44i:5iqdqVBsEENpDYqO+5Fvv3vXWcQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642884608, "uuid": "7d81587b-86e9-47c7-b4b7-97425eb059a1", "value": 34050505, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642884608, "uuid": "74eec59e-3741-46b2-bef6-1a7d109d417a", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642884608, "uuid": "bf0e7abb-be01-4a6d-a94f-105d65269ee9", "value": "MAIN.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed437018-7bc9-11ec-9275-42010a9c0029", "comment": "Malware payload (AsyncRAT)", "timestamp": 1642886774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642886774, "uuid": "e174a3e6-21f0-4aa1-ac79-5815b6a90001", "comment": "Malware payload (AsyncRAT)", "value": "4f689ad2542e385c696d18df256e474e", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642886774, "uuid": "652be8df-7787-4552-bc95-86677223cb7e", "comment": "Malware payload (AsyncRAT)", "value": "e7e4f472ffb41d0c2678ceac5a5c236242d46a6c781cf8431b661a3493a05eae", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642886774, "uuid": "9ba6b7c3-698d-43b5-94e1-355271da7c20", "comment": "Malware payload (AsyncRAT)", "value": "719a2ff49e7f8d5ac4a7b0f7dc2256f8ed45a541", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642886774, "uuid": "a478ed4b-75c6-4f07-86c7-590d006ec3a5", "comment": "Malware payload (AsyncRAT)", "value": "cb2d14a48f0ef6890fd3d0f7a8ba4d6985fbd6b8f277a96a0a6c2352d39dc9788854d60b6c507cf5195104630b4e872a", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642886774, "uuid": "a4679b85-8604-4a33-a2f9-d590d5b6be9d", "value": "T15B05F10B624D027FE4D5FAB51810788453B8AC2BE115F31CDA59B0FEDDB3F247262A92", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642886774, "uuid": "7000b0e8-20b0-4ad2-8587-ecbb6731d043", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642886774, "uuid": "f75de279-336e-4cf5-815d-1230a33c3861", "value": "12288:qyMeiWOtORmo//B6wJfbBDOQ0Vb46n625rKkGeq02V3MyJy:qQiAJ6wJfbBDOQ6c/25rKwXOBk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642886774, "uuid": "0ebf42ac-df81-415b-9bec-8848a125ef4d", "value": 854016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642886774, "uuid": "5eeeae8e-47b0-4aa4-8630-ea7475b2f3ff", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642886774, "uuid": "0d40b7a0-64b3-42f4-a9df-ed057448160a", "value": "4f689ad2542e385c696d18df256e474e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b4c3945-7b19-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642810884, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642810884, "uuid": "d4bed849-c007-4f34-be3c-0963bf168b6a", "comment": "Malware payload", "value": "b4ee5a7a67fc34e14ab2aa47a7178d5e", "object_relation": "md5", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Lamberts", "colour": "#97DAA0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642810884, "uuid": "fc2f76ec-6680-4f31-8d0c-e94abaa66243", "comment": "Malware payload", "value": "e806c60999997757c1e2d62fc7d9683df03b2cb08da407d0466d9feb4eb5e457", "object_relation": "sha256", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Lamberts", "colour": "#97DAA0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642810884, "uuid": "9b2d5fa2-1c24-4cdd-a2af-7525aec231d4", "comment": "Malware payload", "value": "2a2e32ba999fb81cee5f638c0723d18103f1b7aa", "object_relation": "sha1", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Lamberts", "colour": "#97DAA0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642810884, "uuid": "c3630214-210d-4fd7-8a1f-ee24f61facc0", "comment": "Malware payload", "value": "0ca2bdeb48804cb23fe1dc1e247595eb780481440f3588aed9dab3624330a7cfbda23e84183cd0a2eb39586570cb85b7", "object_relation": "sha3-384", "Tag": [ { "name": "apt", "colour": "#BB716D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Lamberts", "colour": "#97DAA0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642810884, "uuid": "5730a1c3-1e56-43ea-b78c-6a80b3292d9c", "value": "T1BB941561A4A08232CCE621F4D6AEB234A2BEC6D2076597C347443BF6DD547C2DB346DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642810884, "uuid": "6d7f5779-4cec-400b-a74b-3666797e5812", "value": "0753e4caf43ea9b3195fb91520a02930", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642810884, "uuid": "765ee1c9-a0b1-4f77-990b-b74dd17a5106", "value": "3072:ogXkA1CudLrFYhNS9rTMLwK3zrn/MCF8tH5cMulSb+arQZC:pXkIvXhK3z1BSCUQZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642810884, "uuid": "14668af4-3602-40bc-9973-c9f67745bdde", "value": 414976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642810884, "uuid": "e246843c-1738-4cdd-8b13-97d7155504d8", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642810884, "uuid": "e9bee6e6-8c32-4913-a155-57f125c85465", "value": "e806c60999997757c1e2d62fc7d9683df03b2cb08da407d0466d9feb4eb5e457.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "77ffd613-7ba3-11ec-9275-42010a9c0029", "comment": "Malware payload (CoinMiner.XMRig)", "timestamp": 1642870256, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642870256, "uuid": "dbea4348-67bf-4134-a09f-265cecc4977c", "comment": "Malware payload (CoinMiner.XMRig)", "value": "b002c0162a0a0c83be1ebdb21c14c580", "object_relation": "md5", "Tag": [ { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642870256, "uuid": "b79c43f9-d805-4b64-ade3-a2d02b84a963", "comment": "Malware payload (CoinMiner.XMRig)", "value": "ea2aba1a17de28fee1a6097e91c4ceb0f3887f6bbcce46dfe4d2e342b87bef9e", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642870256, "uuid": "def640ea-a77d-4f32-b10b-bbf36a53a55d", "comment": "Malware payload (CoinMiner.XMRig)", "value": "96d424d27ead82288ef68fb02e7a7205a4254068", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642870256, "uuid": "ea460a35-c662-4dd5-b7d7-44b5b7c887b8", "comment": "Malware payload (CoinMiner.XMRig)", "value": "d8785babed77afed37210326dae08bd696bee0d943493dcf828dba84693d4acd824c9580b15b5af99ddb7292217514b6", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner.XMRig", "colour": "#C10C3E", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642870256, "uuid": "11201ab6-7fa2-4ca4-a8fe-e0ea1ed506da", "value": "T1C76633662BD8C4DCC8AA9B710F10B74CB2E45D208BD5CF0BABD8A514372770AD57A3D9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642870256, "uuid": "f15d2992-6e50-41db-9619-b1528df9606e", "value": "c05041e01f84e1ccca9c4451f3b6a383", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642870256, "uuid": "4135b8f9-6cb6-4e00-9aec-0df8e8192eb8", "value": "196608:JSFwXb+FXhQLTBSpcz3MilKYAgQwjzwmhtrM:JSOXuS085KYDjPh5M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642870256, "uuid": "7672a0c4-321b-43f1-aecc-43a173a03a3a", "value": 6914341, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642870256, "uuid": "6fd984ca-7b14-4ff5-b2b0-7704855d401e", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642870256, "uuid": "07f36298-9f60-46d2-8411-bf7ebbf6590d", "value": "b002c0162a0a0c83be1ebdb21c14c580.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68d7c09a-7b23-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642815255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642815255, "uuid": "1979398a-f3d5-49f7-816d-3886bd2f2067", "comment": "Malware payload (Mirai)", "value": "888922da0e10d0d9f95eef8f1907c367", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642815255, "uuid": "eb220c23-5b92-486b-a667-072a85b04b63", "comment": "Malware payload (Mirai)", "value": "eaa55e62392abd471651ce615c6de380ca494a90e228f7a71091d68e0ac48e3c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642815255, "uuid": "6b686bb3-b116-4ef0-9926-641e73341f70", "comment": "Malware payload (Mirai)", "value": "32e98b1cc441d595ca7821a6e7987c64a647ed69", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642815255, "uuid": "1fde3647-7577-4c85-8d1f-b90df91ccc4e", "comment": "Malware payload (Mirai)", "value": "3a47b1c5d698e62310ec4c169a50b7ec2da8acd778e0166ee3944a3161b7a00366447c6171e04f745e9d7ffc3b513ff4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642815255, "uuid": "f6303ea1-91e8-47f9-b91a-38d17e9d91ef", "value": "T1F6337CB5C579EDE8D1144A78BE248E749723E100C6932EFADA44C6A99083EFCF5583F4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642815255, "uuid": "267fbbeb-be1d-47b5-a44f-e717c5db80a1", "value": "768:jaixFwtLSYAagMo0ebH4/ZvQX3hyWfs3INgCJUU/qMCqKomQRCvr:jaQFwtOGBvQXxfs3kgCJt/qMF/RCvr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642815255, "uuid": "1561c4c2-7c77-46d6-8cee-3f4e80113e93", "value": 51584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642815255, "uuid": "f543c605-0e40-4773-aefe-60ca3d73edef", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642815255, "uuid": "0c18103c-9e4d-4956-9998-361883aa145f", "value": "888922da0e10d0d9f95eef8f1907c367", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4002dfc-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1642837822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837822, "uuid": "600fbff6-caa5-417b-9f5a-8aeb348b8684", "comment": "Malware payload (AgentTesla)", "value": "06c237f3712e2d7f464ac8e32322282d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837822, "uuid": "b2bedf03-1e08-4f19-b140-f229464a77bf", "comment": "Malware payload (AgentTesla)", "value": "eac9e85d242b73ffc2a6b71334b222c1d214b3c3d2372534f7323aeecc3b1006", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837822, "uuid": "80400078-820a-4016-ab7d-2745f0f71ed1", "comment": "Malware payload (AgentTesla)", "value": "cffc023ed885b620db0e964046911a4a71d624a3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837822, "uuid": "6fdb5948-f03c-4c6a-b8cf-450d4565b2a5", "comment": "Malware payload (AgentTesla)", "value": "fe4a9d00c0fa05320bf244d096d35d7fd239de041fd66b4a4cf269ac716bfbdfd279a959e4aad594720ca1035512cb59", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837822, "uuid": "c079f5e7-55dc-4a6e-865c-e2165392e768", "value": "T1FE15299C325071EFC867C972CEA81CA4EB61757A531BC207901316ADAE4DA97DF242F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837822, "uuid": "26e22e42-e2c0-4f8a-81f2-1d3a76661903", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837822, "uuid": "59f90e90-809a-4aec-a86e-55bc611886b3", "value": "24576:POpQGYnIsr/OzBSLi9z1Qrxgb6E6+i9vYFVZ:Wp8nILUi9pwg0+i6F", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837822, "uuid": "25c1533b-453e-4d1d-81e4-e2f93817f214", "value": 895488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837822, "uuid": "bc92c8ba-af3d-4f97-b240-fad40b8f2483", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837822, "uuid": "399dc425-2da4-4f4f-b5ae-d14a68953b62", "value": "06c237f3712e2d7f464ac8e32322282d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0dd28a6a-7b22-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642814673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814673, "uuid": "33aef0c7-e2e0-4fa0-90b0-cdc61a85d853", "comment": "Malware payload (Mirai)", "value": "1ecc52c046319bd218918131d2248831", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814673, "uuid": "8ee616ad-79a9-48f3-802a-798ebdd419ba", "comment": "Malware payload (Mirai)", "value": "eb30724893bb98ac2db5003b0b16f805ee20e3feaea8e155f1b10446900820a7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814673, "uuid": "a987cf23-3959-4754-ac03-e62bedfc3451", "comment": "Malware payload (Mirai)", "value": "edd571821eaabafc1cd4c2fb1e47ca1eaf1874af", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642814673, "uuid": "9b0ef934-9dbd-4fbc-93b8-356eb5aced5f", "comment": "Malware payload (Mirai)", "value": "c13d748d0480f5b34194034f6d9fb145a2485b6d725b50508fe5bc481a3d603ddb0310a512349b394963d02e6a176cd4", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814673, "uuid": "6fe26097-341f-4a5c-a772-0d9f84213d47", "value": "T1B3333BD6B902AD7CF98BE67E80270E0AB53123541053073777EBFC937E321949956E4A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814673, "uuid": "4e194e00-9e6c-44e3-90ee-cf756b867f75", "value": "768:8CeKEfhe5Xdrben4I1fN5KQnaodgFHx+iPuvWeffpqmUJT6r6Lu380DU:dsfIBZeXl5nKFx+imvppqmUJQ6Lc89", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642814673, "uuid": "2e66de69-b94f-4d65-9e07-86a99ae0245f", "value": 53052, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642814673, "uuid": "29f1b9da-7ab5-414b-9567-562c1b600fdc", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642814673, "uuid": "19e587ec-879d-407f-8a79-193eb465d544", "value": "1ecc52c046319bd218918131d2248831", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "774ecacc-7b17-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642810125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642810125, "uuid": "08fcebb3-4985-44b7-b822-aa687b04ea3d", "comment": "Malware payload (Heodo)", "value": "b7d93340b9c4ca9a1957238f7af1df8c", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642810125, "uuid": "27e09947-0f31-42ba-ac08-c80c8d8e571a", "comment": "Malware payload (Heodo)", "value": "eb9995bc762a0bc4c722db65fb83a9c8b8f9e40b3ed876940aa8e6dd374adb45", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642810125, "uuid": "36330212-3653-4fd7-b4cc-3210eba00bbd", "comment": "Malware payload (Heodo)", "value": "9657e7a6bfea7d383a859c42cd8a8cce05b451c3", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642810125, "uuid": "ac0b1203-89f4-49fc-8167-a910dedb29da", "comment": "Malware payload (Heodo)", "value": "2838dc3794f673f57666b3b48a65bd207171cd7ff8ec830258798f0f1e61d100c801e800df3e4ec8e1385f3ce5c0ac82", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642810125, "uuid": "5080afa2-7417-44fb-82c6-1791e5735194", "value": "T161D4BF11B2D2C07AC1AF1674596393A463F9BE90DAF9C257FFC06A4F1E315828B39712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642810125, "uuid": "e2ed8708-1f79-429a-a053-68345b03f65b", "value": "24b46ffcf60dc8d39e8124f411ebd08e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642810125, "uuid": "b4688e0f-4386-42a1-b783-34ff5655a76d", "value": "12288:kqdJaxkOWFornPmGZqnTFWbD7UYVubhesslBvQqEPO7:kOOsornPTwFWb8YVohevBoi7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642810125, "uuid": "b8e5fecc-2fd0-48dc-bab2-3ee4cf570ada", "value": 626688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642810125, "uuid": "cc80d098-3540-454f-9391-97859af519e4", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642810125, "uuid": "f90a2f77-8c2a-4115-8fa8-1d549aabfde3", "value": "b7d93340b9c4ca9a1957238f7af1df8c", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34ae22d7-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642837501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837501, "uuid": "3edd0375-e256-4f68-ac89-1bc5b12530e5", "comment": "Malware payload", "value": "b82fe53b9b7da54f40eaab4c5af20a44", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837501, "uuid": "962c101f-286a-4a4f-984b-bbf303a50816", "comment": "Malware payload", "value": "ebb7e35cdfff0e7b5eda5f496aa90cef28500f8d7507033b6459c408b63f0f43", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837501, "uuid": "9a7234c1-fc79-4d51-8955-075d16c997f9", "comment": "Malware payload", "value": "80e1b58c80d25a70750c51648a7484e4e7596080", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837501, "uuid": "0ffe8c3e-c0b8-4a70-84cc-64ff42936933", "comment": "Malware payload", "value": "a9950d23ae58fcbae0082ecdc91976a2affba7c4ec944cc06eb13825baae9f4cabdc912f8d624e59d96bb3a8ea2307c8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837501, "uuid": "9c0d9474-301c-457e-85c7-44a08e7fb827", "value": "T1CB559C089543E27BFCFD18B3055091D0C29C7FAA3B128DCEEA7AD19A151F142B7B2D96", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837501, "uuid": "a4b633cc-66fe-4a76-b998-7c12f12eaf36", "value": "ae9f6a32bb8b03dce37903edbc855ba1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837501, "uuid": "29161719-ff48-4c5a-a00e-d8a7561d37da", "value": "24576:08qXhDyUY86L1xqRMjgEo5QfBU7HfLGLhBExe6KY/LJ6Wjv74x0:084cxSyFpULadBa/dbjv74x0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837501, "uuid": "78f19cf2-22e2-43df-829e-be33fdba71fe", "value": 1382756, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837501, "uuid": "a1d2b025-a1ae-4faf-8dee-69ee41241af5", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837501, "uuid": "0b3cfcb6-b397-454f-a3b0-9f5e9da2847b", "value": "b82fe53b9b7da54f40eaab4c5af20a44.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd119647-7b85-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642857541, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857541, "uuid": "30f5b0e2-4e1b-4a0b-9428-49a82d1ab7a9", "comment": "Malware payload (Heodo)", "value": "d6fcd643bee002b7e06a06a0f33f73c9", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857541, "uuid": "fcb13bc3-6617-49e1-9e06-b3cd4a772bc9", "comment": "Malware payload (Heodo)", "value": "ebf8353a5133e4e352218613f4bcfff7b11d76a01afa8a53e26e778d6dfdfdd2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857541, "uuid": "3d4170dd-9c2f-46ea-9da0-b70d721a5a85", "comment": "Malware payload (Heodo)", "value": "c28ad7d69e1534012539ae7d80b6761bf7bcd442", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642857541, "uuid": "91b5f30f-f069-4884-895a-0133cd789ecf", "comment": "Malware payload (Heodo)", "value": "fabcfdc6d298ef7415424abd020be35e5a0e4ffa725045f2ae00ffd4658022dcc61789f28eed29ba2d976313ceb083ab", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857541, "uuid": "65d14fcf-c159-40e9-ba11-479ebc7f1008", "value": "T1E2D49D11B3D0C036C26E31704516E77466E9BDB09DF9920BEFD46A3F6F746828A1CB1A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857541, "uuid": "97412827-dc45-4334-98a9-f70bab986aed", "value": "d7550206da3051d1cc941927ae3a1f09", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857541, "uuid": "4a04cd2c-e83a-45b9-a1f1-36e7ded37e7b", "value": "12288:dOzFuk7dA19ZCOo6AI/2NLaQLOkMZR+TTD7vgEPej:0hn7dA19ZCOyDaQqkqkXa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642857541, "uuid": "8d6ce1c4-abdf-4fd7-8560-58bee6f2c173", "value": 630272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642857541, "uuid": "c45f260a-0889-487c-9fb4-666039979b23", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642857541, "uuid": "49c273e5-96d0-468c-9838-b0e4978bf429", "value": "d6fcd643bee002b7e06a06a0f33f73c9", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4a6c6340-7b78-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642851711, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851711, "uuid": "fa0fd42b-e509-4afc-a9b4-ff61a2160bcb", "comment": "Malware payload (Mirai)", "value": "de6dad6ae1e2145ebde66f30257d1593", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851711, "uuid": "27c00fbf-ab09-4a07-9092-890357cec358", "comment": "Malware payload (Mirai)", "value": "ec617511fc759b307ff02faa7ec4abc8519199935e43fa628f145ae682fbb481", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851711, "uuid": "9583bee9-b6bc-48b4-a878-6bdbd8b7e904", "comment": "Malware payload (Mirai)", "value": "fb6ce6f6e39a8c0456cc14f3d4e86fb6472560a2", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851711, "uuid": "33d16f60-2532-4528-a49f-584fdcda31de", "comment": "Malware payload (Mirai)", "value": "653341b62c19e439dffe0b170e4c75c4e07727a94ffd4e5270dfb6769eab0ca17430c5f682d74176c8ed790691fed52b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851711, "uuid": "c6286262-fc17-4863-a456-f00ca4b07bb4", "value": "T15E93734D3E219F7DFFAC823887B75A21A64823DA66E1C585D05CFA021E7034E741FBA5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851711, "uuid": "b408cc82-f411-4188-badc-aa056aa9c390", "value": "1536:1YRdsnDd6C6gb/ZVyDYjMbwqZ9f0vfwW9ufY1C+KBtyRirfXDOiO33J:CHsnD8/gb/zyDv9f0HD9FC+KBtyR6/DA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642851711, "uuid": "a77d5b82-230a-4203-bba1-e9edd3af09c2", "value": 89332, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642851711, "uuid": "3fa66e67-f5ae-4897-8499-515de0d0d6b1", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851711, "uuid": "678d63f8-93fd-4dc4-8363-e298f6d8bb8c", "value": "de6dad6ae1e2145ebde66f30257d1593", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a794ec62-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (SilentBuilder)", "timestamp": 1642874631, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874631, "uuid": "dae7718b-0c7b-4d8a-bc9e-9ea166e13d34", "comment": "Malware payload (SilentBuilder)", "value": "2e3e9b8786edd8d43f7812ba2af30ba0", "object_relation": "md5", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874631, "uuid": "f7269594-5cd6-45cb-a5c6-623749142fae", "comment": "Malware payload (SilentBuilder)", "value": "eee3d70ef0eb418264c10075b901845b097297613637892efb77aecb236c5e11", "object_relation": "sha256", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874631, "uuid": "233caef6-d2f3-4cdb-8b1d-d5259687149f", "comment": "Malware payload (SilentBuilder)", "value": "54be68af2b4b0afcbba6e2212f4dc797b68e67bf", "object_relation": "sha1", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874631, "uuid": "7ddcb483-9d21-4fcc-93e0-1f02b979605e", "comment": "Malware payload (SilentBuilder)", "value": "ddef993d1c4fc232ad1acf349f07d2fa4850f39d791ff6a11b79f5d48cf9b8ed7a2fc50a76fbeb1f0882cf3d15b5d742", "object_relation": "sha3-384", "Tag": [ { "name": "SilentBuilder", "colour": "#D83986", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874631, "uuid": "5b1669c2-4403-41cf-afe8-e337268df812", "value": "T1B6A3B0527BC6CA59EA4547710DBB024AA723FC105B7A63473285F3783FB89E08D13A1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874631, "uuid": "b712734e-507f-4128-8259-10d1676d80ca", "value": "3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874631, "uuid": "c80ce300-53ed-4703-9a90-eed381dace72", "value": 103733, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874631, "uuid": "4ecaf8f2-b733-493c-bc84-806f0f225de1", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874631, "uuid": "7f1c2c48-182f-47fc-bcc8-f5ed8572d2a5", "value": "FQ18717278796.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44e9fdd0-7b78-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642851702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851702, "uuid": "357ee16e-ae73-4af3-83c6-b3b2c1f93c10", "comment": "Malware payload (Mirai)", "value": "9cfe3564e991bf2f1dea2c51dc975115", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851702, "uuid": "8c80311c-389e-4b3f-9a8b-e7beb628c28a", "comment": "Malware payload (Mirai)", "value": "ef393a00461e6c95cc746383d46b12829539eda96e3de8dfeb405cd6247f0f51", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851702, "uuid": "5c439445-b6a1-4265-b878-dae51428d3ac", "comment": "Malware payload (Mirai)", "value": "834c0b985f8d900f4fba0e67677b1ac5e56719c8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642851702, "uuid": "33093ef2-e4d2-40b7-a555-7a637431bef7", "comment": "Malware payload (Mirai)", "value": "a7cfd48031648b0d0e8766e78d715c3e1f3361f4af5b8f91dbbdfffbde7077e687c36083526c69d65ad4d581fe32c240", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851702, "uuid": "b701006e-48f5-4440-961a-790d6a6db8a8", "value": "T11993800AAF611FF7E89EDC374AD92B0524DD511A20AD7B39B930D818F25B30F19E3865", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851702, "uuid": "fe5d2005-2249-449d-958e-6dfb91e7c3d8", "value": "1536:NYCYxrXP40ODyPwHRQ9PlzTRfyToNoZqRi:qCYxrKDy46NW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642851702, "uuid": "72dc26d2-a7b2-4dde-ac87-09bef664bb29", "value": 92100, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642851702, "uuid": "9e0db984-b5bf-456e-8987-634a37ce2e07", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642851702, "uuid": "46703d7a-a4ea-4406-bb12-af051e27fefa", "value": "9cfe3564e991bf2f1dea2c51dc975115", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93040f24-7ba5-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1642871160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642871160, "uuid": "6f84e701-9a68-44fb-ad63-92d7089f5f3f", "comment": "Malware payload (RedLineStealer)", "value": "95b4da50bdcf98569998f02bf2391f25", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642871160, "uuid": "8cf72f54-7370-499b-b3c5-5b1eb8388014", "comment": "Malware payload (RedLineStealer)", "value": "f04284c48276af9850bc4123e255b1eb8f6c146114ace5ff76ed38bba059ebe8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642871160, "uuid": "b8215154-3f0c-4c2c-b5ce-7fb1594a9dcb", "comment": "Malware payload (RedLineStealer)", "value": "229b1f2b44118e936b3c89d70f2ef6f1a9d28a5c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642871160, "uuid": "8a9feb1e-3bb1-4755-a9d3-a5a2893481f5", "comment": "Malware payload (RedLineStealer)", "value": "ac2869657e3b3adf9715e76020a53f7c4823f1a8de4fd8c56f43f1d4e6e05e9804dfe516e842b77f1b6f4d1f2d9baf90", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642871160, "uuid": "576d37bc-142a-4167-91bb-fccdee55c52c", "value": "T151F533B406C0E408F95073747525AB1E5E9C8DFB53B3E50B4E68FA4E6BCA2837F161A4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642871160, "uuid": "3fa09048-4f83-4cfe-a733-97f6c8bcd985", "value": "41304e4befbbd8a63ad6ec59f252160b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642871160, "uuid": "bedbc68e-e40c-4131-8474-2ae1a4a10d36", "value": "98304:oy6FUd+CVDhyJy2EaxfRvz1DmKZS+fqZS:e21L2EaxfRvEKZffqZS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642871160, "uuid": "ac77bf5c-a12e-491a-b525-940126bee66f", "value": 3590608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642871160, "uuid": "d94de621-e140-4b9e-b045-2f1b71f41886", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642871160, "uuid": "d49173e9-eed4-437d-a7e5-518f6554b2b8", "value": "f04284c48276af9850bc4123e255b1eb8f6c146114ace.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75478062-7b59-11ec-9275-42010a9c0029", "comment": "Malware payload (AgentTesla)", "timestamp": 1642838469, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838469, "uuid": "2ec46a97-b4f0-476d-bbee-376ab7a27edc", "comment": "Malware payload (AgentTesla)", "value": "b124d1ec1dc488b693350327ddf72c60", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838469, "uuid": "9fec2087-5d7d-440d-b8ca-7e67a8f773c6", "comment": "Malware payload (AgentTesla)", "value": "f11ab395547ecacdcc66bd98f1006c3f9fd1ae42272ec5c9c9376a0657b58947", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838469, "uuid": "2616c9bc-55d8-4647-8964-257f32d8045d", "comment": "Malware payload (AgentTesla)", "value": "802f4e73b3d492e9933159f9043a38252dd51790", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642838469, "uuid": "de925658-80e2-4991-b347-3b0c367bdb41", "comment": "Malware payload (AgentTesla)", "value": "46acfccb53a9ac61e929b941cee18a1f96724d040b0424d9d9b9f645bb2a03f980d09f74c9fae9e6ce88d952424d4a17", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838469, "uuid": "46f1074d-e800-4844-882b-fb7068b3d6b3", "value": "T1481518AC325071DFC867C972CEA81DA4EB61757B531B8207A01311ADAE0DA97DF246F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838469, "uuid": "6ef8dea2-ed21-4de6-b446-3795c8da9b0d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838469, "uuid": "2fa2ddaa-bb58-48d5-be8b-8463f25b0af7", "value": "12288:G+BJwY59pQNjV3IQjY6e9pQoXYaH1NaKnGd6TBTq6+i9vYFC28WV1MPfMkJ6KlLn:GEpQN53IaYHBYm1NVGdf6+i9vYF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642838469, "uuid": "47939729-c1a4-4e1e-a9ff-2b2ddd24a4c0", "value": 894464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642838469, "uuid": "aa18d647-2a81-4cec-8e75-b02bb0c16b12", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642838469, "uuid": "46fff10f-1291-4dd6-9025-afb1b5758e2e", "value": "b124d1ec1dc488b693350327ddf72c60.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "232706f6-7b6b-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642846062, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846062, "uuid": "e37ddeb9-9c3a-49d0-8f38-f7a2ae2ae423", "comment": "Malware payload (Heodo)", "value": "176d147ef7f8599da36651f764a8e42b", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846062, "uuid": "e755892c-c7c6-439a-a103-e195f63fbf9b", "comment": "Malware payload (Heodo)", "value": "f13f487a31e99fc60fd2abb5dd4203959f93b210686bcf47ba7ec7fb85a13b83", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846062, "uuid": "29de3070-6416-41d1-9627-b101dede428f", "comment": "Malware payload (Heodo)", "value": "e558005307aab844bfd7a9fcf823c8f3761ce583", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642846062, "uuid": "cd855f46-02ae-4ef4-9360-abec6626c6a1", "comment": "Malware payload (Heodo)", "value": "8aa93a31217e38faa1593c7920a46a27153e370e6a4568561e0c4be497b5d191e4bae9cd4dcae9be2e5c6eb6ff1af76b", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "epoch5", "colour": "#A241CE", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846062, "uuid": "729421d1-d233-4938-ae92-989e290064ee", "value": "T1A6F44B6DA0647D64EFF76AF259F2DBA3C09B2C304B94055B47FE229B083CE90B614953", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846062, "uuid": "5b22c545-197a-4462-baa0-d195b1173351", "value": "e0b212b7297ba670a70b9e2f60c79ee7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846062, "uuid": "7a51e3d9-5cc4-4c75-bbf6-d105925af309", "value": "12288:XIr+M3Le8qksFZWmf+OELGjU2Nj2ZlsmZ9hKth4M0Ra:XIr+1LkkZp+OSpFZlPKthOE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642846062, "uuid": "df14befd-8604-4a37-aee5-6e314d194453", "value": 753664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642846062, "uuid": "1f027f83-4630-4cb4-b719-626dcb1c51d7", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642846062, "uuid": "04cbb22a-dd62-47b8-a9a6-32edfc509941", "value": "emotet_exe_e5_f13f487a31e99fc60fd2abb5dd4203959f93b210686bcf47ba7ec7fb85a13b83_2022-01-22__100736.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e32daff-7bad-11ec-9275-42010a9c0029", "comment": "Malware payload (Heodo)", "timestamp": 1642874615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874615, "uuid": "90aac091-f950-4982-b2b6-82de99e784b7", "comment": "Malware payload (Heodo)", "value": "d3751cde2596ad1ab70a9cec5f240d16", "object_relation": "md5", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874615, "uuid": "ee21f8eb-54b4-476b-b2b3-4850241f4ff4", "comment": "Malware payload (Heodo)", "value": "f9d0374e24d3915c8d3fb15780a2c8bcab25cdee19e998af945e38ad50a33665", "object_relation": "sha256", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874615, "uuid": "f46d0e53-3793-4fe9-afc8-052249ee1dae", "comment": "Malware payload (Heodo)", "value": "855d4eafa1f788d4b7148bddc06528a42ad2d338", "object_relation": "sha1", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642874615, "uuid": "8d273ba1-09b6-49e1-ab92-ba7836363708", "comment": "Malware payload (Heodo)", "value": "f6277f36a9fafa01ab98722d2593efcc5d59c3b80e4dbaf26bedb7f0f374e5604b64305c9628b568079988a893712d22", "object_relation": "sha3-384", "Tag": [ { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874615, "uuid": "2d2f831b-8609-4b6d-969a-8dcd5578a730", "value": "T176A3B0527BC6CA59EA4547710DBB024AA723FC105B7A63473285F3783FB89E08D13A1B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874615, "uuid": "3a9012fe-5382-41c2-8cb7-4ab150ef7a20", "value": "3072:n/k3hbdlylKsgqopeJBWhZFGkE+cL2NdAFxe53lGvFTQ3IzxgdrvxpU0OKvMB:/k3hbdlylKsgqopeJBWhZFVE+W2NdAOK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642874615, "uuid": "510bb84e-9de1-47ae-baee-dbe8abb0ed84", "value": 103992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642874615, "uuid": "e5db7c09-8c74-41b7-85f0-b3fa2289aba6", "value": "application/vnd.ms-excel", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642874615, "uuid": "a27fece1-6276-4ca1-971d-448071d2f637", "value": "check copy.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16e4a908-7b57-11ec-9275-42010a9c0029", "comment": "Malware payload (RedLineStealer)", "timestamp": 1642837451, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837451, "uuid": "75a6d868-27f0-462e-b612-36862276844d", "comment": "Malware payload (RedLineStealer)", "value": "5021a1d7836e30601fe280c92543725f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837451, "uuid": "01af76a8-8c3f-4ecd-87b6-504a3584c16a", "comment": "Malware payload (RedLineStealer)", "value": "faeb663eb56fef968c77e87434e841a1c91ba570704f24757964c7a933667794", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837451, "uuid": "f0918b55-b4b9-4fc4-8876-00b4f00fda0a", "comment": "Malware payload (RedLineStealer)", "value": "af1455ba6281027fbbd621076016024a490d667f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642837451, "uuid": "d300195e-2dfb-4e2a-925b-8b225314b4c3", "comment": "Malware payload (RedLineStealer)", "value": "3965ddeae0e103488b6ffc1d7451f671d8156f029dfe5f6c0392ea54ecc2fca818cb51f67a635d420f682633e2129992", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837451, "uuid": "6b10a2ee-d17c-436c-b156-704baf79d779", "value": "T13E84E0713590E032D486123C8829CFB17A7DFC716BA5964373953BAFAE323C1666225F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837451, "uuid": "e6f33fec-4194-4587-861b-7e3f882ea594", "value": "7dcbbe9c7ee048ad6c29be29a72766de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837451, "uuid": "8a36c8e4-1da4-4c9d-8a9c-308673a11193", "value": "6144:FKDLLtImb8Mq1hNV7UgBD5hNWkjvcAjDs1A36GOR4sF7FxSe:FKfJI4Lq37UCDLskrcpy2R4eB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642837451, "uuid": "6ca3e71c-fe7e-468a-84c3-4d050b6e30cb", "value": 385024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642837451, "uuid": "cdb17caf-0d22-412e-a0a2-faca40d3d8be", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642837451, "uuid": "da22bef5-2bf3-40d8-96d2-a7aeb1c8f6e3", "value": "5021a1d7836e30601fe280c92543725f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0bd731d6-7b98-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642865350, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865350, "uuid": "4d8ec676-21b2-45d8-9c8a-becd60de6035", "comment": "Malware payload (Mirai)", "value": "c1d46244ccdfebaf6ac6e54c302b883e", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865350, "uuid": "8a55e970-1e3a-44ae-99a5-426198771594", "comment": "Malware payload (Mirai)", "value": "fc328f4372363d0f5c7b61e2148cc7538e5a97fc3f98eb114c080dfacfc9c602", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865350, "uuid": "6d2d1064-2a57-4bc4-80c6-1929e19216e9", "comment": "Malware payload (Mirai)", "value": "671f393003c94d9d571547510f33807c8c7f1c72", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642865350, "uuid": "9df3282c-19d6-47d1-a22a-044761b98b82", "comment": "Malware payload (Mirai)", "value": "e801fa16df0a0506e58f3a1ba971422b0f85f07853ff903b5abdd04b539f312923b3309fe09f8584d440686d27cb9625", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865350, "uuid": "56bf5869-e1eb-4227-849b-57a30f9f5d61", "value": "T18953B74A2E719FFCFF99863497B38A205248379226E2C9C5D59CEA010D7030F745FBA9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865350, "uuid": "2da7dc13-17bf-494b-b710-e7708cf698e2", "value": "1536:Og/8Kv9X+ykHb44ZyaRUwUyvAAa27oKwlI:iKvB+NU25Uyv5a275w6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642865350, "uuid": "152a0106-7542-4ea0-922b-0f264fa98566", "value": 64560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642865350, "uuid": "93adb4c7-d565-4864-aa44-cb6a2eb5b1db", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642865350, "uuid": "cd1bf758-6e1e-4441-bb2a-c001d7eb4af5", "value": "c1d46244ccdfebaf6ac6e54c302b883e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c723ad9-7b8d-11ec-9275-42010a9c0029", "comment": "Malware payload (njrat)", "timestamp": 1642860653, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860653, "uuid": "040557b3-a486-4b49-8412-2fc7cd1cd8df", "comment": "Malware payload (njrat)", "value": "aecee89ac383e028e843f29aebbb191d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860653, "uuid": "943df191-0aff-4d1d-8f4c-0ffd80cbcd1f", "comment": "Malware payload (njrat)", "value": "fc4fc64aa60cab72de617368e5dfdd772f99f7b2881947193e36f0adc169776a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860653, "uuid": "6acaa4f4-cd40-4644-b1c8-d6bbadcae90b", "comment": "Malware payload (njrat)", "value": "fb228c1a12415c6f301a76774c28ac602dafde44", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642860653, "uuid": "faafb897-2a12-4acf-a69d-d7374599a8a8", "comment": "Malware payload (njrat)", "value": "f95b17910c6554ab9f09ff4a49296d5fa876479bfd4928ab3ea758d73089ebfe4aa75b36b038cf77d81aa9ab5dd8a00d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860653, "uuid": "8a0ecbb4-7dd9-40e3-88b4-8565ef5e526d", "value": "T119033B4D7FE181A8C4FD067B05B2D412077AE04B6E23D90E8EF564EA37636C58B54AF2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860653, "uuid": "515428b6-cf7b-4efe-b3ed-0ce79602c96f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860653, "uuid": "400513c1-acbf-4801-9c9a-66b2231bfaa3", "value": "384:0qW6WIiejtCVLO309Qmykrt4QdqMjC+vWEWYrAF+rMRTyN/0L+EcoinblneHQM3+:GHdGdkrOGG+eE7rM+rMRa8Nua8t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642860653, "uuid": "9efff5f7-fafd-44ed-861b-c37150c50f2b", "value": 37888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642860653, "uuid": "3ec18155-33b4-47e6-aa69-296370cf530f", "value": "application/x-dosexec", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642860653, "uuid": "14fd833d-8a75-42aa-ad3e-b7d63974e0db", "value": "aecee89ac383e028e843f29aebbb191d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f02a7096-7ba0-11ec-9275-42010a9c0029", "comment": "Malware payload", "timestamp": 1642869169, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869169, "uuid": "7517ae41-3ec5-40c0-b9f1-289d07b2fe59", "comment": "Malware payload", "value": "c53f71e3b846c0cadcf55582309fda25", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869169, "uuid": "0bcea820-2b96-41b1-900a-e52f40109731", "comment": "Malware payload", "value": "fcbe1504a73aba79a863376d91c5586196f664278d5c1194ea7d85985417d16f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869169, "uuid": "e97180e9-b208-45d9-afcb-13c00274465e", "comment": "Malware payload", "value": "d9f843cf3bf62190a951b2299e7ef268b5556c3c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642869169, "uuid": "ab65743c-4a1b-4401-9543-fe91c14a9cff", "comment": "Malware payload", "value": "049b411a80066f6c5543d8333ba611c0adae353392c777aaa7ca115af10ccf1f88892a7a82dc3efbc8f87b718f6e6359", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869169, "uuid": "40d0a7d4-8b2b-477b-ae17-824bc4d82fc7", "value": "T1F113E1B8D4647EAFD81F1D36F5DE09206894A093A63B17CD1765CC08A6BC68B71DF8A0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869169, "uuid": "570f0732-7926-4523-84d4-f2bdbfbee86b", "value": "768:TsjYbx86rXTxnc4Ry+9jX7Q0eXTaslxsmZk0a8WR4svsZ5UWax858:Tr/r9c4RywjrQ0kasHjOZYsvsZ5o858", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642869169, "uuid": "606a9870-5880-4baf-80e3-b7f87ac0b54a", "value": 44812, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642869169, "uuid": "41c34498-bb6a-4989-98d3-566b4a490d04", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642869169, "uuid": "fe1bb779-1127-43c3-8806-a1200c172a37", "value": "c53f71e3b846c0cadcf55582309fda25", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "266dc132-7b9d-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642867542, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867542, "uuid": "85b09e65-af5f-4eb2-b8b4-ce3800f92410", "comment": "Malware payload (Mirai)", "value": "8b314245ab08baa614302b6677e8c963", "object_relation": "md5", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867542, "uuid": "b1862ede-2509-43ed-9b89-32591c0a0ae1", "comment": "Malware payload (Mirai)", "value": "fdb6d6e845e01e6d2a92666fde880eb51e6b78a73faea5e5a9c457145cc8b07e", "object_relation": "sha256", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867542, "uuid": "32f23024-2956-49cd-a748-70d75495b220", "comment": "Malware payload (Mirai)", "value": "faf798e18e36cee54d847bf8bee722f9e83e943e", "object_relation": "sha1", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642867542, "uuid": "3c9993c9-6af3-4ee7-bffb-61ab8aa62f7d", "comment": "Malware payload (Mirai)", "value": "62bd651163e8a5d1f18701ac767cf8ed1d8b6b09ad476d8e9a481b134d02ba201cd8ae8e7b2eb29faa26eee0a4e57e89", "object_relation": "sha3-384", "Tag": [ { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "gafgyt", "colour": "#8C9C05", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867542, "uuid": "c134e859-e5c5-4b6d-93c7-35cf44e919c7", "value": "T1AEC3842E7E12BFBEE668863107F35F70879521D227A19382F26CD6181E7128D1C5FB64", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867542, "uuid": "85b812c1-9df0-4a55-8315-8076867ebc06", "value": "1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+u60GAzQj1l72HBeeEdWfRZrmW+IFj:Ted0W0MZQHAd6RZrmW+IFB1Dt1hR/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642867542, "uuid": "1e58e02e-32d0-4d48-a244-5c405be1d434", "value": 125962, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642867542, "uuid": "d08e907e-ae9e-4dfb-9199-7bde97ccdaaa", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642867542, "uuid": "630a66a2-6ce7-4432-87ee-7528be1f35b2", "value": "m-i.p-s.Sakura", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55a4bf65-7b23-11ec-9275-42010a9c0029", "comment": "Malware payload (Mirai)", "timestamp": 1642815223, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1642815223, "uuid": "9e4b125f-3373-4e72-86a7-a82c526f5044", "comment": "Malware payload (Mirai)", "value": "3ac1986a93d4eca0cfca123e64938b81", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1642815223, "uuid": "e8c8e2d6-406e-4a8e-9659-a5023285ee08", "comment": "Malware payload (Mirai)", "value": "fecc7b05bd8fba92194844bb5b9d919664f9788c55a90e07dd1cb4848a968973", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1642815223, "uuid": "73c8a36d-17e0-4e1f-98b9-accd21d5e849", "comment": "Malware payload (Mirai)", "value": "6d1aab4571bf27c482536944d22c1809d140979d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1642815223, "uuid": "87e4d943-90b3-43e6-a398-c941d27bf9ee", "comment": "Malware payload (Mirai)", "value": "7ed240a86fea2b0ce0486de2fb404f8d7ca823340757922f4d09c4d1a0f26e0323c4d33a0530fd1f7b74d504362223d5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1642815223, "uuid": "de797d61-8f3c-48f2-947b-b0a801a9f764", "value": "T144D2E1026641FEE1D4700231EC678A9B72263D79D1D134FB963D0EF8A6E961D47F8A43", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1642815223, "uuid": "83365358-23f0-422e-9cf4-c07a5a3e9c1d", "value": "768:EusHfRavjynNKnjFcZIhQzhKMXgH9q3UEL7t:WRwynNIOQQ1KMwWLp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1642815223, "uuid": "78eb9e0b-080d-4665-a7a1-5327eef7ad43", "value": 29464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1642815223, "uuid": "d981443f-db11-409c-9cd3-be2fa877ecf2", "value": "application/x-executable", "object_relation": "mime-type", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1642815223, "uuid": "9eddc552-bd49-494d-b3ef-48153db827ee", "value": "3ac1986a93d4eca0cfca123e64938b81", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }