{ "Event": { "published": true, "date": "2023-10-11", "threat_level_id": 2, "info": "MalwareBazaar malware samples for 2023-10-11", "timestamp": 1697068982, "analysis": 1, "event_creator_email": "bazaar@abuse.ch", "distribution": 3, "uuid": "706f334c-fb6c-4336-ba77-6fe429354c0f", "Orgc": { "name": "abuse.ch", "uuid": "9b086132-8588-49ed-97fd-8578a777822c" }, "Tag": [ { "colour": "#004646", "name": "type:OSINT" }, { "colour": "#fffff", "name": "tlp:white" } ], "Object": [ { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "041ea258-686e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697053221, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053221, "uuid": "6b135aeb-baec-4072-85cb-7ad3313f968c", "comment": "Malware payload (RedLineStealer)", "value": "f86831fd2b6db2c6d5db7ee663489d46", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053221, "uuid": "a13a1361-8343-4e40-8bd1-c3ddce08556d", "comment": "Malware payload (RedLineStealer)", "value": "001bffcdd170c8328601006ad54a221d1073ba04fbdca556749cf1b041cfad97", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053221, "uuid": "5790ac37-a1f4-4ee1-ab19-bf6bb5942af9", "comment": "Malware payload (RedLineStealer)", "value": "17b8a673b4c193da7868560ddd84d968088ad87a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053221, "uuid": "4381b651-2838-462c-a5a7-c70e1d15dd50", "comment": "Malware payload (RedLineStealer)", "value": "ccc400db3bf5957e5b478bc35d850816f5586bd6d2fcb4e13abe371699d181e2d7947400a5a3095c4e65a4c9a769dc8c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053221, "uuid": "ee533f0c-5e33-4089-b058-7a50491664ad", "value": "T179257D213CC09176EEE320B646ECFA3A46ADD0B0072912DF16D897EEE7106D17F36596", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053221, "uuid": "2a54d161-bca0-4c47-a55c-7402626d65c9", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053221, "uuid": "593e50a3-aa75-4ba8-81ed-775b3da53edd", "value": "12288:/iXyWAVpsx7UgJCSkZZ7gFsRfIByCZeEAQ+ni5SZYzu99D3LSzRnI:k2psxIgJCSkjwQCyCse+ncQonI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697053221, "uuid": "7d99da7f-d77c-4462-9d14-86e32f5d8f8f", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697053221, "uuid": "0852b31e-9aa8-483f-8142-d0e679d3b0e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053221, "uuid": "3b1d7415-e94d-4808-b658-6067e11761db", "value": "f86831fd2b6db2c6d5db7ee663489d46.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07b3d9a8-683c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697031753, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031753, "uuid": "99806a11-2361-45ce-b93f-83ccbdceb33a", "comment": "Malware payload (AgentTesla)", "value": "fcbbe720928e4b5f3a30f9b407fa6874", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031753, "uuid": "5d4b75ac-b3f2-4914-a659-369639cd8ade", "comment": "Malware payload (AgentTesla)", "value": "0045fed5ccd3160d994bcf092af98d0e24e26fe1a05ab3a126881e032d1f938f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031753, "uuid": "899711f5-5ffc-47a4-80f5-fb39c0d8702c", "comment": "Malware payload (AgentTesla)", "value": "2ffd5a3a8feb1d28c6e527646cd91e8dd97e9f75", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031753, "uuid": "3cdcd906-5044-4821-a2f5-40e72fa0bc4b", "comment": "Malware payload (AgentTesla)", "value": "b7342680de055d2621b33702f921cce308d2eff17a5b9fa652d3d674828470864f0bb21faf33dade7aba0563ac34e199", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031753, "uuid": "b869056c-0ee1-43e0-8496-0c746368b2f7", "value": "T1A59412045EF09375D4CB1A3D9EF496B182B27293EB23E69CDC84E05278293E58BC165F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031753, "uuid": "ff5c7fd2-1854-4be1-83a5-41a3312b76b9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031753, "uuid": "3f1474b4-9a10-4395-aebe-28c5000c793e", "value": "6144:SDAqFtOMBJN41P8LLH3p7n+K7Om2cNm7V3Fnm9HaOspiE:S1FtdBJW10HXpTZ7Omzm7Vm6OspX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031753, "uuid": "4ce5b168-1a3a-44b8-8b22-0924b80915ca", "value": 410008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031753, "uuid": "6381394f-2f01-45c5-86f0-2adb312b0430", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031753, "uuid": "58eb65c3-f2c5-4d2b-8dfd-369d40cb2099", "value": "SecuriteInfo.com.Win32.CrypterX-gen.501.22916", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d7457f3-6820-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697019897, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019897, "uuid": "82e26cd2-cac3-4a25-bfec-9991b294082b", "comment": "Malware payload (GuLoader)", "value": "c19c036115453415ca99a8abe548ce94", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019897, "uuid": "da487b53-d142-4529-a2d7-807edb7f7ca2", "comment": "Malware payload (GuLoader)", "value": "0211ae1648be05ff561c867aca8f4a3603eba6ddf3b516bb3f537cebfeccba14", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019897, "uuid": "52884cb0-ab56-4d5b-87d1-4c5633d188d6", "comment": "Malware payload (GuLoader)", "value": "668e4dc8e970c2d55a8cfe9f91c6223366785b14", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019897, "uuid": "e6367b20-3051-47c2-97f2-54f83d450925", "comment": "Malware payload (GuLoader)", "value": "b9791af38e4651a224d49593229633539e53e10a731fb023202b1b88d29d23f981c53c389b96c5f4002beafbefe0bf53", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019897, "uuid": "6c8e5f2e-aeed-4ad7-ba56-cac57ef8082b", "value": "T1369401503BD8CC1BE3D1447098A4E76A9D69FA2C2EA75903FEBA779C75343948C2D312", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019897, "uuid": "2d601134-cea0-4535-bcb6-fbfadb8df2ba", "value": "4ea4df5d94204fc550be1874e1b77ea7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019897, "uuid": "2fd0d397-af1c-478c-bdf2-ba094924fcfd", "value": "6144:xB+pgUvsgje7ILOx8QIqvNqFSVabYjGDMOD11wzC3nfhfA5tU1aLFiVfaGZC5I8s:xgnN+4OxFZUbzIub3nWYZZC5VUOIdd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697019897, "uuid": "c81848cc-ed85-4b99-a943-0777b5d5587c", "value": 437079, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697019897, "uuid": "351b3d05-5e41-4af7-8981-00cc499d3655", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019897, "uuid": "71d95331-d30f-43fa-b074-1491409e79be", "value": "0211ae1648be05ff561c867aca8f4a3603eba6ddf3b516bb3f537cebfeccba14", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "604416e4-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051658, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051658, "uuid": "215efbc4-1aea-4664-93b4-ab7e85539aa6", "comment": "Malware payload", "value": "f6677fc734f71b2996ec8a53387617f3", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051658, "uuid": "6b11b9bd-fc7a-4e44-bd68-f58ceb22b32d", "comment": "Malware payload", "value": "026f740db65c8ef7c4f59d1a7dd7b1a8950fef19238470c7c8a37389940ba234", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051658, "uuid": "a0c23de1-c786-463d-b91c-79a6bc9f82af", "comment": "Malware payload", "value": "0778f1d5bbae9abbde57b46be76d1d40e98d45ca", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051658, "uuid": "44ed7376-1017-4268-b5ad-49acdb04eeef", "comment": "Malware payload", "value": "53aeff4989520b45d3d5506cfc1c57b1af285f477c2f6e1bffc11f0a3cfade7e0b32d51f6b3d15b4cb42a115e39b2a62", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051658, "uuid": "a95ea1c9-e234-4f3e-9aff-d7b644e92642", "value": "T11FD423D93E3D3332B270883E1D0BFCF7665A39EA727CAA223186983D21721855A53745", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051658, "uuid": "7f15ad82-6111-4c9c-aca4-22d8b742e1a5", "value": "12288:NNlOOJbsXpuodD0Yk2uwhwYnlW/l4BhJ8DQa3+uSTqJuN:NNt5KldD0UXluUL8l+uEN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051658, "uuid": "39e59ba3-8cec-4a55-b924-4de4818529c0", "value": 621350, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051658, "uuid": "12761f4d-8321-43c9-aa5c-f4b1f69bf0d1", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051658, "uuid": "b8a680d3-1dd4-42bc-8f76-7179fc40b6f3", "value": "PO-4501336858_WJO-TR-009.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e57618cd-6879-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697058324, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058324, "uuid": "1ddd945c-c3ee-4d1f-8837-c295d970c756", "comment": "Malware payload (RedLineStealer)", "value": "2ec4dfdd354b3e7b190a1f3508e979f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058324, "uuid": "e1e0ccdf-53cf-460b-a332-588a15c91b36", "comment": "Malware payload (RedLineStealer)", "value": "045b56aeef5b7f2c15defb51012f550ca68838fc78f63b908cb16f9a2f6199df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058324, "uuid": "4323c277-533e-4395-bba5-0a2c37fd7d87", "comment": "Malware payload (RedLineStealer)", "value": "d389f6914fb90f2ae3c264a6a1c90b5d898305e2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058324, "uuid": "c5ca8316-a7f7-4937-9002-ed9569e1db12", "comment": "Malware payload (RedLineStealer)", "value": "526a073c902f22a3ad3538ce86917e6727ddcdbf8e00e4bfa58ca6da28e44ec31b4338f4788f178f2c15dccd95eec89d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058324, "uuid": "90549a34-8d91-4c52-b330-9e643b4fa13f", "value": "T153258D2138C09176EEF310B646ECFA3A86ADD0B0072912DF16D857EEE7106D17B37996", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058324, "uuid": "c1a247c3-9c71-4018-9e79-3393d1bbb32f", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058324, "uuid": "44bf2fdd-ff5e-46f8-929d-4dbfcb4fc3e0", "value": "12288:d6KhSUN6Fpsx18xz/lhUzWgMYU4dX6eGeQ/y3QZizaoByu99kuwepR7nI:dmpsx18xz/lhUyXeX7GJ/PZi0uHR7nI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697058324, "uuid": "ca51f41b-d12f-4a14-a5eb-e9764b141d50", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697058324, "uuid": "0b435f9d-9111-4f08-8ac4-9cb74ed51255", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058324, "uuid": "737dcc1a-1e42-42a8-9048-45d3db61ce31", "value": "2ec4dfdd354b3e7b190a1f3508e979f3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c26532ec-680d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697011880, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011880, "uuid": "97558775-8f04-4179-a4a2-aa6692151e08", "comment": "Malware payload (Smoke Loader)", "value": "d0e970b4851190d1813254ab4ed4b0a9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011880, "uuid": "91fc9426-def0-4930-8c35-1de9554a8cc8", "comment": "Malware payload (Smoke Loader)", "value": "0486513745242721cdf676e334e204a890f4235b58d66402c43e2f90666b6181", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011880, "uuid": "61bf1ef2-2660-4660-bc2b-1278aba2c853", "comment": "Malware payload (Smoke Loader)", "value": "bcbd60c28bc5244971f70ea0b59035b2d439e0c3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011880, "uuid": "90f21552-ce09-4d6d-a001-5c06f92336e4", "comment": "Malware payload (Smoke Loader)", "value": "63c5938fc99352da88b33b36ca53b0dff04809e737ec7eb4c80ade6680ee9b8d61b8c4f9183ca911e069b06162eb7591", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011880, "uuid": "5e5e58bf-8a38-46c5-ba49-a630ae299471", "value": "T12E352367BFD14533EAB923F09DF507971B32BC61E83186AB2660E9471CE2590D1307AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011880, "uuid": "46d5968d-12bc-4449-ba1b-58e8964977d9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011880, "uuid": "f4818225-88c8-424c-b880-b52988e911c7", "value": "24576:pyG9MfKDKpY0/A2UqmST3TOuZ+xdXkhWsnvkd/MeuDtb:cG9R+pYyAmF3TOuMrXsvUkxDt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697011880, "uuid": "bfdb827b-df68-4035-a271-2178a1ec2940", "value": 1074688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697011880, "uuid": "974dfe74-88e9-4cb9-9a9f-3944e0e51583", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011880, "uuid": "bc26af8f-10f4-43d0-a096-d34343c98bf7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7ff1bcba-6812-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697013916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013916, "uuid": "77a28b2e-6363-4919-bb87-6bc01589cac2", "comment": "Malware payload (RedLineStealer)", "value": "881eb140d503a417f9dd8a4e8382bfa3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013916, "uuid": "6c5f9500-c85e-41b7-95f8-b8dfd294b509", "comment": "Malware payload (RedLineStealer)", "value": "04edc8669856f78c88c9fd9697fb5f8ba5250054da2f133fbf67c3ac15b806ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013916, "uuid": "e9632836-3267-462f-8e05-896341487679", "comment": "Malware payload (RedLineStealer)", "value": "06c756e61758544c880c14480c1ba0a378999138", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013916, "uuid": "4ddfd046-d80d-473a-aa9e-ca3fce31b976", "comment": "Malware payload (RedLineStealer)", "value": "6dc607a21df061389bff967d37913f404107da109922dc5ca4f94312f5e0f9c18e793b2b314c997466e3b6de0154e5e1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013916, "uuid": "661baa4d-bba3-4cbc-83d8-6109b4ee9174", "value": "T185352346A7D49423DC71277288FA25830935FDA52AAD97A327868C5F0C73BD0963273F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013916, "uuid": "1ead7937-be74-4f00-b1f1-1c4fbb523857", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013916, "uuid": "e2187135-983b-417a-816c-d79e403f66a9", "value": "12288:yMrSy90+QBicNC0j/a8x01BOwPq3w65OE5vTkwkpOeekMNr8BBiTDrnf3zIzn36a:QyLQ9/OCAfcEO9zVQgLIznOwnSov", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697013916, "uuid": "eaf8e4a9-6782-4d84-bed3-49650f97bb01", "value": 1079296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697013916, "uuid": "4836ce16-9c7c-4784-a0a3-789a02813d88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013916, "uuid": "dfbe69f6-e6e9-4a74-bc03-d44b3c309cca", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b53f247-6873-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697055623, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055623, "uuid": "cd37f20e-79f0-4054-8da7-87529072ac8d", "comment": "Malware payload (RedLineStealer)", "value": "e176f61f24bc4d5978bb1af3e535451d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055623, "uuid": "0575e4b2-a988-4d54-8b68-06e4d150f0f7", "comment": "Malware payload (RedLineStealer)", "value": "051a4676d6ad7d8eabf68ac394d60c8149bf9a4645cb84d003ec8c90fd86b4fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055623, "uuid": "eee8888b-3084-4dbd-b1dd-880005d1daf6", "comment": "Malware payload (RedLineStealer)", "value": "0bc46a2014b2c0bc6407305cc9cfd8a6716ec954", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055623, "uuid": "474cc449-337c-49a8-9d04-5cc1dfafafa7", "comment": "Malware payload (RedLineStealer)", "value": "c764d12f7b31abeeaadeb95c56ccf3ee65388d3975a5beb139211cbc5200d48acd3520a64be92928a43620d9742f3fc9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055623, "uuid": "e0039e79-5565-43f4-8ee5-b55fabf45061", "value": "T13B258D2139C09176EEF320B646ECFA3A46ADD0B0072912DF52D857EEE7206C17F36596", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055623, "uuid": "1a74d7ab-96ff-405b-a377-de172a8776d2", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055623, "uuid": "4d03a4ea-9b74-46e0-88e0-fdebe0c102eb", "value": "12288:WiPzWAVpsx7UgJCSkZZ7gFsRfIByCZeEAQ+ni5SZYzu99DnrdeRnI:u2psxIgJCSkjwQCyCse+ncqpanI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697055623, "uuid": "e0194aff-3f58-437d-8786-5a0c03925b39", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697055623, "uuid": "fb08f842-9615-4349-823a-34db9527eaa8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055623, "uuid": "ab525994-ec2e-4c64-abc9-af530a82e7b1", "value": "e176f61f24bc4d5978bb1af3e535451d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69578ee0-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051673, "uuid": "54f9cbd9-2c6f-4fc1-9997-f328ead36093", "comment": "Malware payload", "value": "8ac740cbe0f121153b4f1bfd6868ebd5", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051673, "uuid": "ae124099-f45f-4572-9430-b391d46cb2dc", "comment": "Malware payload", "value": "0552fee8b3190964dd1bb3a8331a7cfe675828b8a24e838ea7827bd652e3ed5d", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051673, "uuid": "80935253-7ddc-4dd6-9402-f913603ccf59", "comment": "Malware payload", "value": "73062759f8a947cce60b8fbf953581cc45af5dde", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051673, "uuid": "18d49dd9-db47-40ac-9f16-5e6073466d36", "comment": "Malware payload", "value": "6b4639b6f425ab4b8581f7ef3f26e7de2f9f85649d22c044ca1d42177289c996e7d044bdab02da0517741065d125cc24", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051673, "uuid": "4e770c79-78a5-44f4-82f7-dc3474145e8b", "value": "T173D423B6DA1E093DF5BEB276457EE3721BD0C83D1AC13D19132182DE1A8FEE06075992", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051673, "uuid": "a5694d95-2351-4a1c-aea3-87fd7293e395", "value": "12288:EePm2vU0nvVYf74nhy2l9kIz0vBiCQwjCHfk8OrBS:RmknvdnlXScCQw2HfoBS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051673, "uuid": "1870621e-0cfd-4ec6-b423-76085d2fd829", "value": 613955, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051673, "uuid": "23d4ca1f-ee18-4657-8e3c-8d02e5fc95ab", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051673, "uuid": "22a3042c-5af6-4939-903c-70ace42f3936", "value": "INQUIRY.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fa6bf5b-683e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697032786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032786, "uuid": "2c1caaa6-3bd3-43e1-ac5a-de6a135ab598", "comment": "Malware payload (AgentTesla)", "value": "788ba1bced783a05f796d59e83b2559e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032786, "uuid": "3159a719-80e5-4f60-b118-541bee17288d", "comment": "Malware payload (AgentTesla)", "value": "05d6073212301c89a351c072dbd748a58bb24374a8d14a908a27cbc2edc4d2f5", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032786, "uuid": "ffe35d90-eebc-4919-bcdb-7ff712eb3827", "comment": "Malware payload (AgentTesla)", "value": "3ff4aee641969a95f767bc87c3a700447959d18c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032786, "uuid": "9d88ceb9-02a6-4c94-add8-d759b09cf4d2", "comment": "Malware payload (AgentTesla)", "value": "f20c1cf5ae9e9513c3224628bf0b692b77e9eda69bf4df0bd676d4bbb0ef54a9e1d45ee6ed7475a31ed1e6a4a60528d1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032786, "uuid": "ffc3eff2-6bd4-4eeb-bb2b-6c3e91a39fe3", "value": "T18CC4BF2531EA2716F036E7B303A7F88487FEF6E1632FF9157D9606C782E2C019A52525", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032786, "uuid": "0edb81e2-24ff-41a7-aa2a-ad7232403c72", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032786, "uuid": "d1c8b6f5-5c13-414c-a1de-ee15f4243acb", "value": "12288:Awa+UwfvMMMDMMMAWjp1CtnDXNPeFhdKw/8+ZPMy96EBN+CU:7vMMMDMMMAGCtbdeFhk+ZPNxGC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032786, "uuid": "c92ec62c-9ce6-4536-8a54-c6d6440021f2", "value": 563200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032786, "uuid": "34ab39a9-3428-4ae6-8f0b-f0da9ceb1e07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032786, "uuid": "e344c4c7-29ae-4179-87e2-6866319dabf6", "value": "05d6073212301c89a351c072dbd748a58bb24374a8d14a908a27cbc2edc4d2f5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e4bff0c4-685c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697045867, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045867, "uuid": "abe10d21-bab7-4039-bb52-d1f33e9de99c", "comment": "Malware payload (RedLineStealer)", "value": "fba9e8676c661d1d36cb168f97e9e600", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045867, "uuid": "3fc648fb-ef5e-4c2e-bf0d-a48a1acdfd7f", "comment": "Malware payload (RedLineStealer)", "value": "060b372c95563eeb8a232ba22449855f32cc928a1dfd10e340b6ebe56ea07f60", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045867, "uuid": "57d059b0-6386-4062-adc3-20f56b67807f", "comment": "Malware payload (RedLineStealer)", "value": "a19e0b6de3795837be7feac5447dfbf3060407ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045867, "uuid": "92b912d5-62ab-4f20-92a8-98a317fabfbe", "comment": "Malware payload (RedLineStealer)", "value": "4b70a00df5273b37ad703eb64e9191f4f54cac9695615cf8261a19ae8d1e4b2751e7694d25f2fe3901bb30e9dce0329e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045867, "uuid": "07b846f5-fa65-4c54-8dc0-73395da30b20", "value": "T161652303F5E86526E171077044F10AD30F34B45A683A62BE3B656C2AAF7355AB8B533F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045867, "uuid": "603a127f-d25a-41bc-9fc3-d352bea7c623", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045867, "uuid": "ffe04673-551c-42c3-ab2d-577befb9de77", "value": "24576:QycydQQzdxNzowRKWGJ7o60ACXDcrWk2ywaCllr5UoIyOsmHQeqQK+IJnNi:XjdBzdx6phoBACFk2yIr5xIyOxU+wn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697045867, "uuid": "153b4d32-ad0e-402f-8b4e-28936d677861", "value": 1548800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697045867, "uuid": "f345ffcd-9762-4f59-b039-27ba1b0861cb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045867, "uuid": "551d81f2-4477-46b7-a6c8-48108ce8dbca", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bdfda61b-6841-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1697034206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034206, "uuid": "bb46de49-0a85-426e-ad37-d4d713697f6f", "comment": "Malware payload (AsyncRAT)", "value": "6c85da810cde457326e00361cdccf3a6", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "documentacionrav", "colour": "#D0E491", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034206, "uuid": "3e8117ee-7e76-4cb8-b3a3-fa6ca29187bf", "comment": "Malware payload (AsyncRAT)", "value": "06a49c8c45b247982a5ed55d6adebdb2a36417a8d1c924367a8e4d281499b73a", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "documentacionrav", "colour": "#D0E491", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034206, "uuid": "e13e5d1d-8805-4fb0-9a75-551f12b7b204", "comment": "Malware payload (AsyncRAT)", "value": "4240ed33ca1e6dd1bfbca78f75e297ff63a8012d", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "documentacionrav", "colour": "#D0E491", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034206, "uuid": "75fc19a8-1ce1-4255-8c38-def3e2b52bd3", "comment": "Malware payload (AsyncRAT)", "value": "afe36d68f64744aa079a6a6c1d9db9623d326977e8d0c97e5cf8008c5a55193ec975da9385a45a16988b3ad00c3db286", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "documentacionrav", "colour": "#D0E491", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034206, "uuid": "14b66f5f-cc12-4004-a9ba-a796143312f8", "value": "T17AF345B998D85B8BD4337B881B344AD8C7A0CE6790BDCAA381CD79F2AD4CD748771845", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034206, "uuid": "fe8264c8-fb84-42d3-b084-2bef3ed8dfbb", "value": "768:AaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaY:5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697034206, "uuid": "fca85cc3-8606-46d9-b55b-849c0f0516b8", "value": 165775, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697034206, "uuid": "b1e102d3-adbb-49a8-9f93-961a33981f3f", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034206, "uuid": "906064d9-7f3a-4c89-8a2c-bcfefa49fb67", "value": "Comprobante de transferencia bancaria.pdf .bAt", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "756aed49-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697067585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067585, "uuid": "de311687-8f5d-4477-bcb4-8ec100c2d8c4", "comment": "Malware payload (Mirai)", "value": "239aebb0c6775e0febe369de859c4cd7", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067585, "uuid": "4bcb8a7f-68e4-4443-82a9-48b2102aafc9", "comment": "Malware payload (Mirai)", "value": "072fe3cc44c6f1ac65fe49b7e3ae310ee1c5f5a1e5f45f8a2876d508c2d6e3a6", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067585, "uuid": "33867414-98d0-4049-ba73-ba7aa6e5d0e6", "comment": "Malware payload (Mirai)", "value": "2ac4d612fb965738d9b04d47d95029bbe88d5215", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067585, "uuid": "47cc60e8-52e9-405a-b1b1-73caf577dff7", "comment": "Malware payload (Mirai)", "value": "244964192c321d999756c6b7a2a73edb3189da8d1ff4a9811debbffc7a3114f060b7459593f9538ca8319c6d00440682", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067585, "uuid": "3714c699-7469-4288-9be8-ef06286984e7", "value": "T13DD2E06813041779CA6A90FD136607A43CB98F25A1D3DEAFB1C1FAC5ED405E839A3AC4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067585, "uuid": "930ee405-f470-45b1-afd8-a3847af8f2e3", "value": "768:vyvYLznDEB2iC+sDqC6NtxsfzxPnNsGbE/XwJgGlzDpbuR1Ja:WYnnDEBI+smATfEYVJuM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067585, "uuid": "dd9f2e04-09f4-4be6-a412-8d11b2989f03", "value": 30840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067585, "uuid": "e63915eb-b073-4798-8632-2019f51020b8", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067585, "uuid": "43842596-6e1f-44d2-94f0-8d1916957ef2", "value": "239aebb0c6775e0febe369de859c4cd7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3ac3416-6825-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697022216, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022216, "uuid": "ace8c05d-6044-4142-996b-6e8e23adf3c1", "comment": "Malware payload (AgentTesla)", "value": "ee95ea980b1659386da768a64b210418", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022216, "uuid": "5d1f71f4-d6a4-403e-98d2-67b24cea1d95", "comment": "Malware payload (AgentTesla)", "value": "086318e86f7f050da5f04c178358aa0de21d5876742c320615f9834f12388fe6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022216, "uuid": "8bcc66c6-5258-437d-8a91-8389b5e7b61a", "comment": "Malware payload (AgentTesla)", "value": "af8f8d9a249c94030aa15941917670e70e61d838", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022216, "uuid": "5349cf70-e323-46ad-b8ec-edfbff67e744", "comment": "Malware payload (AgentTesla)", "value": "c5cdc9ec35d25edd05ace20cafed79430fe43802dd61f54c8c582c174fd915751e1d959e7081019b958da61c94e61f44", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022216, "uuid": "14e78a66-54ea-4ec1-89ed-4e4271188aec", "value": "T1EE15CFCAB789AC64C53DB733F122E2739B7E8FD05A91C11F08C6B1E5B772189B942811", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022216, "uuid": "3a4d0467-07e0-4efa-9690-458544c8a01c", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022216, "uuid": "f9d7d13a-8d58-4c0d-b64c-6cad79428760", "value": "12288:gk3owES4noPCwfUufssC8g2r+Fsc6xzXHtce6kn8wYngH1uUgOxwr:gHvfnoYufssVn+FszxDHtzRn881T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697022216, "uuid": "9202deae-bc59-4fc0-867c-76475697795d", "value": 951296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697022216, "uuid": "9ca06249-c31f-44d5-a2ac-4da1a1493641", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022216, "uuid": "dda9528d-c740-4e00-9bbf-098cf889e8d0", "value": "086318e86f7f050da5f04c178358aa0de21d5876742c320615f9834f12388fe6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a5a18f5-67d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696986687, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986687, "uuid": "a62a397e-e3d2-4408-9a43-779f4c4163e9", "comment": "Malware payload (RedLineStealer)", "value": "e684649cbd1cc94758839f0d12a873bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986687, "uuid": "0bb55e91-c2a8-408c-ac8e-89058a77a133", "comment": "Malware payload (RedLineStealer)", "value": "08c0d32c5801467454e923599e74fc5c10ff0db6d152d9e5f67a303203e33db4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986687, "uuid": "ed9d7b20-58f4-42f0-9f00-613cc7b74acb", "comment": "Malware payload (RedLineStealer)", "value": "7883e5007b4207bb70c1e8b90ce4b8b4ff8092f1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986687, "uuid": "6fe6a752-ab87-48ae-a15b-94aa56aa95ae", "comment": "Malware payload (RedLineStealer)", "value": "f74942659c5355efab3879849b518938a79b16df5e7285e74f3d24152a82e711e0b55c9824e9a712ab5fad4097eb2d63", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986687, "uuid": "d05667f6-5f61-4833-bcd0-efc44d1d3837", "value": "T17E352322E7E90131DDF927B16DFA438306363C81A8B483676F45484A0D732D5A67AB7F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986687, "uuid": "f944a45f-dfbc-44d1-8eaa-8d7a62a3bccf", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986687, "uuid": "abfeb6ce-c231-4083-99be-0f62e545cde2", "value": "24576:+yDkDKopRBxSN9WcQ3eaVFD2fAY3YtP3V9/h74dC9Qo0mdo:NMKENjafAyCVtmdCh0C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696986687, "uuid": "9c4c5637-e756-428e-a949-1c51221864f7", "value": 1127424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696986687, "uuid": "b36294ee-0d3a-41c0-a4dd-b3bdaa1ff5c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986687, "uuid": "de2a4f9c-7bf2-48b1-b11e-41e83930ce20", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a2366cda-6806-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697008819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697008819, "uuid": "05418397-80df-4b73-b99a-14ecaee71135", "comment": "Malware payload (RedLineStealer)", "value": "8adeeef2ad5c9d4bb6dd08b6bb71958d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697008819, "uuid": "14c95795-744f-478c-a304-f04757383a79", "comment": "Malware payload (RedLineStealer)", "value": "09302d71c49df65ef6de4c17276033d0eeff8820b97eb7e7899f3873767f4c5e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697008819, "uuid": "4ca18861-8b9d-4e5e-8bfe-4b1527bb5a6c", "comment": "Malware payload (RedLineStealer)", "value": "e7c11fdad015c2e73fb7416f3ce8e70dd36a66c3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697008819, "uuid": "9c7bfcc8-5997-42d6-afdd-53a45e6efb03", "comment": "Malware payload (RedLineStealer)", "value": "8e27523718c4fcbd829eb43e5e329f5f2951a280d2bed9720b2ae18514e24674b5120237778ee0ee3e43d69ecd5212c2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697008819, "uuid": "2fd9cdab-2b56-44f7-a2d9-5f1ce19a828c", "value": "T19A352316B7C88037ECB157B099F922830A38BCB2DD3443571795886E1DB2BD8667277B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697008819, "uuid": "88f58548-dd64-4d05-bc06-07faf6a9d038", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697008819, "uuid": "48e9f0a5-8124-4aa0-8979-3913d52880ce", "value": "12288:hMrky90+YkOX4zzmYhyrh6NwAnOZAgIzaUYWnyfZJOaP70zDfRd5BefkAlOjL17Q:ly8k36YIrh4wcOePmP7ErefkXLu8pC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697008819, "uuid": "79cb2c0d-9dc3-4315-858c-2ad6fc742407", "value": 1080320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697008819, "uuid": "53e57932-a51e-46ac-b02b-77171b2a276e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697008819, "uuid": "7d81a494-5200-4fa2-a22e-831e7c77d424", "value": "8adeeef2ad5c9d4bb6dd08b6bb71958d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4e23b100-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051628, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051628, "uuid": "e43b58df-ef79-41de-aace-94b5fa299436", "comment": "Malware payload", "value": "294b7f3f1dc719d4d06a8723b5fb0846", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051628, "uuid": "879691e7-78ed-4808-a916-039b4f186a8d", "comment": "Malware payload", "value": "093c05dc55d28daff34e1990684ead4cd4b1e2fc10e59142fcfd30721c9d0ebe", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051628, "uuid": "0461af82-604c-4adc-8ff4-585cbdd8137a", "comment": "Malware payload", "value": "f2c3085a1bdf872e54795eec252c923a9534ebf2", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051628, "uuid": "1c441336-2b5a-4fca-8a92-59ba00f7fdad", "comment": "Malware payload", "value": "75cb42a13b285165bf3f086555295aa0916e13190b8fdb85f1e745d538228b0dad76937282c8cb2c38061068057635a5", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051628, "uuid": "eefbc7bb-6466-4186-8673-b14378a5626e", "value": "T19DE423BF059B14A1153F03A51672837CF943BE8E689E127C6474D8D708EB4F8D98ABC9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051628, "uuid": "33924b48-f95e-4f0d-a5fb-21418eb5ac38", "value": "12288:0DK3+5yOSDaKBZagP468d5zmkBpOwwWA4FLuQEKVaCQIugcq9/Mp:kK/7TA68dBPnJtFqQjAvgFg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051628, "uuid": "2dbf30ba-dacb-47f2-bb5a-831cf70a1893", "value": 657856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051628, "uuid": "1e1aeb9c-a720-4363-9880-e90a012b9132", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051628, "uuid": "dda88786-8d79-4848-b91d-17ac875d5da9", "value": "ORDEN DE COMPRA 088562.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4a4a958-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067798, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067798, "uuid": "07a964ba-8055-4909-a510-63f76263aff6", "comment": "Malware payload", "value": "9eaa1622ab48ad3e59135969f0da985e", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067798, "uuid": "884c5175-5b26-4c23-a401-8099ea3b407f", "comment": "Malware payload", "value": "09f7e968376ea4a0ec8a8edc1281ad3d884f34b251c225e0cae5fa10cb7b2707", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067798, "uuid": "d6f3a58c-381c-4e8d-a2a9-4c931fc0eae4", "comment": "Malware payload", "value": "1532cd774d5bc0150a85e211eb95729a972c90f8", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067798, "uuid": "6310609d-2195-4b10-bc2a-dc4625f917cd", "comment": "Malware payload", "value": "f4a724445c3a9a279cc2677476ba6efedf2f57475a97cdf1fa3ca5854eca975477d952d863f41a5ce1f01d1ff86897d4", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067798, "uuid": "98aa70a2-95ff-4fdc-b117-50b8f58a5723", "value": "T14825893223B22F3CA678FBF600DD15479E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067798, "uuid": "6bac8c0c-d924-40aa-881b-7060a9321fd1", "value": "6144:CrbQo8oMwqz+YRrGfxsvzoi257gMYgzRlq5+mCxSp15NYxY3LCCExcnH8CoikfWT:t/P7W1kNgSz9zVGq1cqGW8cR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067798, "uuid": "f62f3abe-da09-4303-b485-fb5fe01f7c01", "value": 1036563, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067798, "uuid": "b8cfb125-7c76-4461-959c-176e14a1992b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067798, "uuid": "f977aa03-a7c3-4f67-afba-40c39b1e58ee", "value": "New_Offer[2023.10.11_08-07]_2.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f8f188c-6800-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697006023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006023, "uuid": "e263d995-4560-40eb-813a-93f945b56506", "comment": "Malware payload (RedLineStealer)", "value": "1fc4d3ec7d08ed938a35f2c8d12b636b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006023, "uuid": "e9fe9529-0c79-41b7-9959-175a03639e9d", "comment": "Malware payload (RedLineStealer)", "value": "0a5e2b14dcf776e9677e1f6fc5848658bf480a60e7dbb5e3050b2ac6b71f0456", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006023, "uuid": "05aa0dd6-030e-4e73-8aed-4cb0b808d218", "comment": "Malware payload (RedLineStealer)", "value": "d4615dbe44fe85deeaf5fe4e8786c999f215c415", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006023, "uuid": "c177a07a-5818-46d1-8e03-b2ae78b7d443", "comment": "Malware payload (RedLineStealer)", "value": "6c9e3ac07cd3dbb85a9061ffe1cefa10db7694f897e6dde01489bd483777dc0d2a43c32664c687b467fabf53dbf842be", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006023, "uuid": "0e5cc002-edf2-47cb-b26d-5927431091c9", "value": "T17D352353B6E04532D4B12BF050FB03E35A3A7DE45E385A6B233A5A5E4D726C6393432E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006023, "uuid": "0a3cbf42-55af-49c1-8d76-b61adc5835a3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006023, "uuid": "34f8ebbd-079d-4b5a-a316-ab65c1367797", "value": "12288:aMrxy90k9TgZgCkRxBFiaP/gt2y02cgosE7NqiRuxReG35C1v/UmGoFMAioisWJ8:zypKFYc028rzu3Rkv/Uf1oi+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697006023, "uuid": "2e74253a-1d3b-4ca8-b1fc-58942ce48ec8", "value": 1069568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697006023, "uuid": "ee9fb8b1-7874-4ee0-aa22-b5adafcf923c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006023, "uuid": "3a97226b-6459-4566-bb00-9e84d30bbb3d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec64374c-6860-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IcedID)", "timestamp": 1697047598, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047598, "uuid": "ed700f21-1fe4-42c2-aede-d65b5b9bd14c", "comment": "Malware payload (IcedID)", "value": "d1a959dad577d838505e6edca6255c0b", "object_relation": "md5", "Tag": [ { "name": "404tds", "colour": "#C36DA6", "exportable": true, "hide_tag": false }, { "name": "Forked", "colour": "#36B140", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047598, "uuid": "ba6a8e11-5f25-4400-b571-a3732d47842d", "comment": "Malware payload (IcedID)", "value": "0a61d734db49fdf92f018532b2d5e512e90ae0b1657c277634aa06e7b71833c4", "object_relation": "sha256", "Tag": [ { "name": "404tds", "colour": "#C36DA6", "exportable": true, "hide_tag": false }, { "name": "Forked", "colour": "#36B140", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047598, "uuid": "b5856da7-02f9-4968-b22f-953a52c35988", "comment": "Malware payload (IcedID)", "value": "9159cc10479a91d38bc9554fb374077842cb2a84", "object_relation": "sha1", "Tag": [ { "name": "404tds", "colour": "#C36DA6", "exportable": true, "hide_tag": false }, { "name": "Forked", "colour": "#36B140", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047598, "uuid": "dfb0e87f-5b49-4ed5-b34e-33ece2beddb9", "comment": "Malware payload (IcedID)", "value": "dfb0b9386c30f38017fd6841143dd22720dbe1ab06fe08f4bf7e0ebaae767eab80c8c6c2bd91c1cad8e03e1dc42f25e2", "object_relation": "sha3-384", "Tag": [ { "name": "404tds", "colour": "#C36DA6", "exportable": true, "hide_tag": false }, { "name": "Forked", "colour": "#36B140", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047598, "uuid": "776284fb-2ea8-4bde-8f1f-8e2582923e8f", "value": "T1D8259A3263B22F3CA278FBF600DD15479E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047598, "uuid": "324c5321-85f3-44bb-aa95-d820e698fee9", "value": "6144:lOEkG1k1BPyLBSoOVsjIJhsAQfDsfTY87sxuC2n+h7prMqQcqMKhtTL9Xv4dIJ+U:KQzYhanuOuCUmy9JPw8IUE7Mq0n7MK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697047598, "uuid": "ef46e1b6-fd5d-403d-b626-579325cf2300", "value": 1036510, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697047598, "uuid": "4ef7c52b-3d7c-435b-a007-9d7d2552c5c1", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047598, "uuid": "b511d283-7ccd-4349-a16f-eb926b0de43b", "value": "OFFER[2023.10.11_08-07].vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b106d571-6817-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697016145, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016145, "uuid": "3b22f55d-03cd-459a-983d-2901fd90c5ad", "comment": "Malware payload (DBatLoader)", "value": "c1104bf1eeef2d45cb381143af8d12b9", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016145, "uuid": "3509ad73-f6cc-498f-93a8-08311e48e8cc", "comment": "Malware payload (DBatLoader)", "value": "0a9f903951a7b3c79927c4348e1f3a935ca51793bacf28ef7694ab2c89631b39", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016145, "uuid": "328e9775-3fd3-4e59-9754-a7c31ce1458a", "comment": "Malware payload (DBatLoader)", "value": "083c13f4b1fe3e8c448b1497061d4cd4dbccecbd", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016145, "uuid": "fb3473e7-0ba7-443a-a323-c57573c9a1a8", "comment": "Malware payload (DBatLoader)", "value": "8a5408b3d2593c96ac8b97da19c909f770b8dfc99839b6ecc2cb62fb5ccc8f39b1bfa60109e1bc4aadfe770557f74b7d", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016145, "uuid": "248487e3-1a69-41c5-929e-0929f0f4aee6", "value": "T1B8557DF592858C22E02A797CCC5AE39504357EDD2D168CCD5E50D9CF6A3AAE0B9FC063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016145, "uuid": "97a71dcf-c7d4-4e7f-83f0-8e256e349f62", "value": "ecf100ecbbefecadd734c79df4bc63f2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016145, "uuid": "dd474376-6ab0-401a-8f28-c506354f1a54", "value": "24576:vUrkF9ZT6xy9M7HCZmFq/wbgKcQrE/k2+AL5:vUwVk27L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697016145, "uuid": "e3f5d7df-2aba-48dc-bdea-9c56e5392afd", "value": 1311744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697016145, "uuid": "b5dc458b-5cac-4673-b495-3a54d338a9f4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016145, "uuid": "3813273d-bb71-4012-a506-d5f86c6f64b6", "value": "Bank_acc_Verify_doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b9dfa04-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067837, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067837, "uuid": "39d96c95-30e1-4b2a-a800-3792a7554637", "comment": "Malware payload", "value": "b067d01ed850c7ab59e9c5ff8d62f30e", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067837, "uuid": "eebfa549-7f5c-4eb1-b8d6-5b4bb1758df2", "comment": "Malware payload", "value": "0aac9c2f0650d572c11b03ac3ad1a3abc981fc9eef3682ebdc17d0a2bb9e2c7e", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067837, "uuid": "61e824e4-8173-4d4e-9413-c6a93358afd5", "comment": "Malware payload", "value": "e529df02ce5c37176a5befe9f52d5f2b880510e9", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067837, "uuid": "7ab68d6a-2d87-4e9c-8b8e-88cde5764eeb", "comment": "Malware payload", "value": "162bba1733feb1d4053ed01351e1f4a95e29ef5f1f65fb82486d08c7d84b91f592363b2681029219fce76899f11e8948", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067837, "uuid": "1b3ae75a-d83d-4288-9726-b9af876f82e6", "value": "T151258B3223B22F3CA278FBF600DD15579E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067837, "uuid": "a2ccb6af-6d90-46f2-9c67-9470dc2c8dc3", "value": "6144:Fs9phl54PN1TsOeXfR+D06ucjJ6MJOu/P5XUbMhj2xppOVi7tYZmiOkag187u04F:saxpZhkbMxMKUlHRmouOGUkTg21", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067837, "uuid": "1c0d2443-b09f-409b-8c63-6ed78304c98b", "value": 1037182, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067837, "uuid": "11fda4d9-0d11-4cd2-a9c8-2f3865c55cd9", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067837, "uuid": "bd63646c-ac4f-493f-9e6c-6c142e305034", "value": "Inquiry[2023.10.11_08-07]_2.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa2718c5-6824-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697021717, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021717, "uuid": "267b2fb0-41f8-48e8-a08f-2e3e9b76992d", "comment": "Malware payload (Formbook)", "value": "c61d33ba4f8f84155d50064206c37050", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021717, "uuid": "bb0c83cf-1f47-42ce-876b-ebd4ef882fbb", "comment": "Malware payload (Formbook)", "value": "0bad435ef682e5eb34126719a3684ac718fbace8742df2b088c0284d14117fa3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021717, "uuid": "4f951bcb-e059-491b-8d57-2be0264188b6", "comment": "Malware payload (Formbook)", "value": "4a38b1deb28b261306f45d6825f33e9e5346a96b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021717, "uuid": "ec6ff546-36b6-45cc-a0c1-4375992284c3", "comment": "Malware payload (Formbook)", "value": "a6a4315f8c8654c458c5cd62e46e9d76e717592909a741c5d4fec71a119ea46a4e9e54d79c9c2c1880f23aacdf0fdb7a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021717, "uuid": "2741bbf5-f3f3-4268-bb07-07167bd63a16", "value": "T122B41203F6599AF8CB489732CC1703810370DF866197E289E9C636573A7B7ED5806A7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021717, "uuid": "1afb74a9-54be-41c7-bac7-6e8503ca46a1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021717, "uuid": "74ed2c2a-2493-4821-b056-b4d3abec75af", "value": "12288:VlQJsGnZkCSUSWwvBbomlSzvIdhaU98RvgohhDy90t75E:wsA/SFD5vUzvIdp8RY4hDy9C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697021717, "uuid": "6903e1f6-2ff1-4001-adad-731710a6664e", "value": 539648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697021717, "uuid": "1122c39f-618a-480a-9fb1-0dc74cccc7cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021717, "uuid": "68bf0f3a-99b1-4ddf-a49a-cda4da5d20d9", "value": "0bad435ef682e5eb34126719a3684ac718fbace8742df2b088c0284d14117fa3", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "37b26526-6833-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697027968, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027968, "uuid": "4bb629a5-385e-46e8-a56d-443939080c2a", "comment": "Malware payload (AgentTesla)", "value": "f92eaaebdcc76a27697ebd441fee2964", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027968, "uuid": "ddd2f1f0-8afb-4e56-ba4c-6e46efb28c42", "comment": "Malware payload (AgentTesla)", "value": "0da7dff9f04449e5982ea8496f7ba27651a655578ac19e991ad5e397c005b956", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027968, "uuid": "2ebbe068-e2de-4c9c-a93a-d7ec82ee2be7", "comment": "Malware payload (AgentTesla)", "value": "5b98cc1e57239651f39ffb2953189b59f441fb57", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027968, "uuid": "84d76889-adc7-4b80-b7ef-22d239dbc7b3", "comment": "Malware payload (AgentTesla)", "value": "a5271fb55698a68a9c810e6972f221e10cfb71996c8b63bf87093e78dbf62de79c512349aebd363f05fe7ed3baeb2627", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027968, "uuid": "db99d73a-f146-4b67-b148-1c037af1c9ae", "value": "T1EB75E002F7CDF932D33845F620A5B1ABC2A1DBF0756A81466880BDD3B3A5645B9F053B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027968, "uuid": "8889645d-fdca-4cbd-9325-f635c8ead6db", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027968, "uuid": "08ee0fc1-d1b4-4957-b2a3-0dd01ff783e0", "value": "24576:y8j6J3zEPqmGymEQnMgAudGaHc999yQ+gLhAIdDGzO46qDcwVni9mKP0cAWbfs6:B+BzoqaDuEa8jyQzNAIBucwVnSVP/ZX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027968, "uuid": "6795845a-efd5-46a1-acaa-2173ef379a66", "value": 1569280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027968, "uuid": "0a305b8f-6b81-48f7-a19d-0dcfc258a0ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027968, "uuid": "5a2b10aa-359d-4772-a8f0-7e136e88bd7c", "value": "1011237466763.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72607888-67d9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696989411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696989411, "uuid": "637c0ebc-7355-4bff-bdff-37f8b3f6a8f6", "comment": "Malware payload (RedLineStealer)", "value": "667c16f5ed28a4f92843c40abb9d23b0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696989411, "uuid": "73d5c8f7-7e7a-4bb1-9a14-d26624eff1fa", "comment": "Malware payload (RedLineStealer)", "value": "0de0583faf85697a5fd45b1c88eae3c061fd833b4703f63b362336fe0928f86d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696989411, "uuid": "a196faae-2926-4feb-b40c-f660273a723c", "comment": "Malware payload (RedLineStealer)", "value": "d3d5bcf1e4b168f3a5034095324af7ce6e2e9f4c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696989411, "uuid": "c0c7c370-755d-47be-9449-6fdf75497ef1", "comment": "Malware payload (RedLineStealer)", "value": "39b19394b6fe0cae5a49472843c5969fb6046106112a690c0ec4ab6890198036edacb36eca5eff19b371dd638ba90eca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696989411, "uuid": "ffa14bb2-412c-4b51-b67b-417340dae071", "value": "T11F35231AA2E5A036E8F117F068FB13D30B327CA24EB047B727949C665D71A4464367BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696989411, "uuid": "1e2ef0ed-edc7-465a-baa0-87dcd40e631c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696989411, "uuid": "630ef5ef-3d59-4b63-b054-e1bdb9917a8a", "value": "24576:3yeJa1TvlqJSlHQBRWsq0fFrq7lc+D6l2zmnTj99qtqAB99QY5QqHi6:C0a1TCSt0Bd+7lc+G2KnvCpVC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696989411, "uuid": "70df9583-ff50-4d7b-b19b-73a8fe491019", "value": 1127424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696989411, "uuid": "67489d2b-d645-47da-b115-5aed2cea04c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696989411, "uuid": "455df358-4274-452a-8b84-2aafb398a024", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c646196-6844-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697035277, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035277, "uuid": "ca524089-8994-4475-b235-5e9c25e669b6", "comment": "Malware payload (RedLineStealer)", "value": "472c915f245d7d45a76b5d6d8f1d9941", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035277, "uuid": "72dd6eec-7c52-4e8d-9e65-dfcb9ecdf389", "comment": "Malware payload (RedLineStealer)", "value": "0de770dab4a494bb3d513673e0abd54e0981c59e34d3598937bb69c1ea51c90f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035277, "uuid": "c0c57b41-131e-48ea-80e8-4c92478ab9d4", "comment": "Malware payload (RedLineStealer)", "value": "51144cd60b315a7ecf9bbaa6c7fceafc1076cfde", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035277, "uuid": "2466b6d7-b82b-4ecf-a2aa-224b763ec593", "comment": "Malware payload (RedLineStealer)", "value": "a5f66df28b86051e19492d17426a72efac1f24171252b6fa532c468ecd96682e8717ca85e50107d7b1c370be32e6ea77", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035277, "uuid": "cf4052a9-afd0-4dd7-be12-958dbb189839", "value": "T10C456D213990D072FFF360FBCFBCB51566AD91A0073926EB12AC0EFE96145C26B31A55", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035277, "uuid": "f8942078-38a3-47f8-9002-08eebdaf76d0", "value": "c1ee9f7a29663582c8910ff5a792e9b9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035277, "uuid": "292c3bad-5b6e-47d5-85f6-cee841f23110", "value": "24576:QgVadW9gzUMp6IQcoiGfhSKin7d1t5Az7tC0:QsEUMp6IQcPLKLR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697035277, "uuid": "756834f7-8c46-4c5f-8c83-009ab0bc9033", "value": 1185032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697035277, "uuid": "2835d2eb-2f4c-4862-9bd0-7c3346623ec3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035277, "uuid": "f9ae93a9-a729-42fd-8a45-2984f395c3af", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "773373b0-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050838, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050838, "uuid": "d81a27f5-876d-4cce-99bf-5b46ef5f6655", "comment": "Malware payload (DBatLoader)", "value": "271701f53e7cd9ef09cd6b857125d974", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050838, "uuid": "3e31cea9-c1c2-425e-9c3d-209042994297", "comment": "Malware payload (DBatLoader)", "value": "0f60fc14fbbcb3edc807f91686c3818cddd8fe5dc1a3ce736c8d7c37c9f71a17", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050838, "uuid": "7cca9148-9055-4fa5-ae42-95330bf22160", "comment": "Malware payload (DBatLoader)", "value": "8e3732a267ec2feccbfa515d62eb10133ecc8c26", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050838, "uuid": "fba06483-ab99-4d64-a4a4-f8dd3a7fed66", "comment": "Malware payload (DBatLoader)", "value": "9d2fbcc18b6de2033dde3bab4bcae48c2c498dc0ed53444ef0e8c7d1b54188682685dfa1c02178dd5b13ec8500e59e58", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050838, "uuid": "3ca01976-8133-47b8-8f65-b22c4ee1fbb4", "value": "T169355B34B3B608B1F5B976B5DB0667F41DFF27AAA904288982743D1B1CB27916F1102F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050838, "uuid": "1264255b-d75b-42e0-a690-66d7b4b9e6bb", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050838, "uuid": "35685ec2-6a00-46e5-a142-d3db835670ca", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5+:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050838, "uuid": "21e11b30-01f3-4534-a15a-51b494f69431", "value": 1124352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050838, "uuid": "9206b9ed-6b02-4b59-8b53-ab77dc979ff1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050838, "uuid": "d11fa203-e515-4ff9-b4ad-a8737674b89e", "value": "Vacuum filter RFQ.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4b6283b-6875-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697056524, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056524, "uuid": "5ef76ea3-3f5f-4d27-8d3d-876b4136470d", "comment": "Malware payload (RedLineStealer)", "value": "e6573fcf1872a1927fce12abdbecfd5b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056524, "uuid": "c520637b-acea-44c1-894b-b1db8c28586f", "comment": "Malware payload (RedLineStealer)", "value": "0f80624be300e0d7c76510bd52715ea96bdebae1b7222606b9c9a3d132f591e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056524, "uuid": "987bb0a4-fc46-4c24-9ceb-32f22ae36c8d", "comment": "Malware payload (RedLineStealer)", "value": "93aaea21310a10bd25def68a5d7a52c96b01d917", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056524, "uuid": "017ed8ca-dbf3-470a-8817-3b44e0271faf", "comment": "Malware payload (RedLineStealer)", "value": "9482f022d130a538c1ec4a4fcbbe72e99167c031d1283a16995dc070af7105b7ee35986b611498e2e5c856e101b6cbf5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056524, "uuid": "155bbbe6-de1b-44fd-bce3-7a5e18c9c859", "value": "T12B258D2138C09176EEF320B646ECFA3A46ADD0B0072912DF16D857EEE7206D17F36596", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056524, "uuid": "0683af87-ca0b-46ab-962b-7cd7edbf6b9f", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056524, "uuid": "05ce2bd2-9fc4-40d4-ae2d-e66447604606", "value": "12288:3iH2WAVpsx7UgJCSkZZ7gFMRfIByCZeEAQ+ni5SZYzu99D4aqRnI:I2psxIgJCSkjwwCyCse+ncRnI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697056524, "uuid": "d0c91f06-7125-4344-9879-fd659b2cf244", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697056524, "uuid": "ee4cad17-3c70-484b-9efc-1b775d1dac4e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056524, "uuid": "c1189623-1f50-4afe-bcf0-f2574f8da10e", "value": "e6573fcf1872a1927fce12abdbecfd5b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "686427ec-681a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1697017312, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017312, "uuid": "8fd11b9b-7d01-4a9c-a3a5-e56dc2f06162", "comment": "Malware payload (CoinMiner)", "value": "4c5cec0d2f870359d1ac147ee2df2eb2", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017312, "uuid": "dd166046-1961-4d92-b777-b1fb6b601c14", "comment": "Malware payload (CoinMiner)", "value": "103b0dbafd45f84c7f6cf377fea5a0250b7c2b141b0b468dd5e95a554349c799", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017312, "uuid": "878675b4-5d69-41b9-9b51-e936da06407e", "comment": "Malware payload (CoinMiner)", "value": "97d14a283a5ed76843a12a244441a1d8b36d5c4b", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017312, "uuid": "9427742f-084f-430a-8eb0-6a6ae8bd3b25", "comment": "Malware payload (CoinMiner)", "value": "21cd0454e732df7af0e59261e2f9ca954b620ee86556c7eaaeace6d73be87deb86953bae43076260db751b84d4ca2d27", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017312, "uuid": "adab2a7e-165f-4ba4-ae42-c196a12eaee2", "value": "T1A624CF113A82D4B2C447C175D829C6F4797EBC739A7849DF37A83FAF3931282A766214", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017312, "uuid": "d597ea02-124a-4ad9-828a-795b5b13477c", "value": "8cacf442a096d56f8e956cabce20dddd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017312, "uuid": "c623f895-3610-4878-ac8d-05f19bd99254", "value": "3072:HXpXQOwa2/WTqFyRZAETEEsF1fFdY6WEzp7mtp36v5SkGT4Tyi:31TwHWxwDPY0IXYTb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017312, "uuid": "b8c008b2-ea2f-4af2-a717-aba85883010a", "value": 228864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017312, "uuid": "8c57c77a-700b-41b4-841a-ac86e730438f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017312, "uuid": "a77ee5f5-b941-476b-83a1-ddf67d5af1e0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d19e290-6859-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697044298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044298, "uuid": "70062be9-125d-4013-b5b6-b0cd591621d8", "comment": "Malware payload (RedLineStealer)", "value": "3006cc77b096aa36abb1267afcd66411", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044298, "uuid": "030b559e-0a87-4af9-8f4f-449539bf3154", "comment": "Malware payload (RedLineStealer)", "value": "10a6a0eaaf5ece8ffa3463136cc3fb24e1dcb75e5696b097ba169c1fa75bd5d5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044298, "uuid": "fbabc0a7-db43-4865-90d9-b40e1ea996f0", "comment": "Malware payload (RedLineStealer)", "value": "a3bc9fe011e48cdcde23e73cbebf36f0e276c689", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044298, "uuid": "4296b00d-c521-4664-bcbd-862eddaf1c97", "comment": "Malware payload (RedLineStealer)", "value": "ff8bb223b8a4cd3574b36f3cee83edca1b2abde0fa57a28b526ed274b0e087e638176c72de90e760b63c89970180efb4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044298, "uuid": "7ab8b18c-99db-4083-b753-72f5d9231a26", "value": "T1BD652326ABD8A2B3CAB4173144F30B870675FDE29E38565F339E1E2B1930A849531777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044298, "uuid": "cc6a2b69-f44f-4f24-a001-4acc41be64ad", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044298, "uuid": "9c8725bd-838f-42b5-9da2-bbcde059ea41", "value": "24576:Yy8L2Zxk4WBNE2hf77MWyiDhyRG99+0dViYX/7wtidNKjBGJBkNqBTR4xi:flTHH0ffMBxE9w0DX/cRjUz4z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697044298, "uuid": "c38a24aa-2db6-4fe5-bf62-e66fa5ab91fc", "value": 1546240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697044298, "uuid": "2dd2d52b-8d57-4cbd-9d4b-870c41645758", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044298, "uuid": "29016000-ec54-45d1-a15d-598e3992dfdd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "664eb850-6831-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697027187, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027187, "uuid": "7ae2d6bd-29b7-4395-8469-a1bc4493ce3b", "comment": "Malware payload (Smoke Loader)", "value": "ccb043244502c135416782d35b7c278b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027187, "uuid": "75c8b4e2-459a-4b6a-9284-a61bd815832b", "comment": "Malware payload (Smoke Loader)", "value": "10b56f5c2d18a7daf80bdbd3054fffc33b4344180c7c56b1df50cba8b5361f6f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027187, "uuid": "ee3c7765-910e-4bf7-8125-d59c256f05e7", "comment": "Malware payload (Smoke Loader)", "value": "f6b0360be24c872c19e762a683466f7e888598c0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027187, "uuid": "025b0c5f-50f8-47fb-b3e8-c83d28e1775b", "comment": "Malware payload (Smoke Loader)", "value": "688a0fbe9032a9204286523af563ae55e03ce455aceffd90e56eacd7d68cf93369ea5b26c7df2904145b3a797d18417d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027187, "uuid": "24532454-bdac-4f51-b102-f6806632cfb7", "value": "T1343523877BE58531C8B52B32E4FA16D31F30BCA5AA7883276B856D1E4DB2391153073B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027187, "uuid": "e93fdbf8-6509-48fd-ac53-a6f7bb009428", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027187, "uuid": "cfbed06e-f1ea-4b31-ba63-b139567e63dc", "value": "24576:Dyz748cvCmOTkh0rHoxpZNOsjHl5HDecgJJyxqb:WbIulQVJ5jXgfyxq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027187, "uuid": "06c94fd3-557f-4713-8bdf-7c71eee454d0", "value": 1061376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027187, "uuid": "f551dc0a-074b-409f-bb45-be2d252336e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027187, "uuid": "c00ba2a8-8c8e-4abc-9bda-6f23b7aeba85", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bccc52a-6840-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697033639, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033639, "uuid": "afc30f78-f93e-4465-9e4d-fd05d36b2853", "comment": "Malware payload", "value": "eb1614b8aa7e277b934c33889e6fe758", "object_relation": "md5", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "inattv", "colour": "#C75298", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033639, "uuid": "e015d2af-5e68-4d83-945a-8eb9e72148fc", "comment": "Malware payload", "value": "1127824498725bf2a688bef75ec3fb56e7dd658295f79017c9ca268b75c96079", "object_relation": "sha256", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "inattv", "colour": "#C75298", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033639, "uuid": "8f127f79-2099-491d-9ef4-ed807f563406", "comment": "Malware payload", "value": "0b6f1fbbf0fe18d017cee9908c9476c704caa856", "object_relation": "sha1", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "inattv", "colour": "#C75298", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033639, "uuid": "d778bd61-2814-483c-8f9d-1968766139fb", "comment": "Malware payload", "value": "539dc7240ee6064f7fd34c33521d5985585b3d608635b7d40e81decca1a4f7e65885dbcb3fc0b78fa17328f2a18788c6", "object_relation": "sha3-384", "Tag": [ { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "inattv", "colour": "#C75298", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033639, "uuid": "f7c5592d-eca7-4ebd-997d-01dbba14dcdc", "value": "T1B4B61296F729ED2FC87771720D6A4231266A4D168A839747694C3F2C38B75E80F4DBC8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033639, "uuid": "42882340-3c8a-4822-9a7d-ecc436eae229", "value": "196608:LraxZVFeCS7QKdsqi09LaTmRKk1SYRhKg2qAkONdgFs9KrkRkaEtXZ:C6ZsX0gTMKkMYRhKv9kONdcXrLp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697033639, "uuid": "58a0e535-7b26-4134-a480-1865ce02174b", "value": 11261058, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697033639, "uuid": "37e88ca6-aba4-4fc9-8937-e1a083904a7d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033639, "uuid": "9f4d7a1f-a7d2-4bde-b4dd-d83576f8c8e3", "value": "inat-box-v13 (1).apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed358023-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066927, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066927, "uuid": "8f705567-b837-4733-b9bc-4fbcd4c7094e", "comment": "Malware payload", "value": "1d7ca389734050df5cafe5e8d9b08e2e", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066927, "uuid": "98caeba8-dc7a-43f6-b20d-4137076ec309", "comment": "Malware payload", "value": "1192d36db6ee18c2b4ef546202fdbad91ece2939a216be5c2cd0863260dd5452", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066927, "uuid": "152bb877-0e1f-4db9-b056-349ae4cb2ce2", "comment": "Malware payload", "value": "8f41bb0c1a0710988cfbdbe04b0ccd86e4afb554", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066927, "uuid": "2bbc3cd6-1dd9-4cf2-b7ba-2487de3162f5", "comment": "Malware payload", "value": "1670a8f3c011168406c7b52402154983d1d327807a73a7501e93aef5bc67ce8eaff9ceefaffb79b24058d9067ed774e5", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066927, "uuid": "a6737b42-1688-4cb8-8254-dfcbe76305ce", "value": "T1FD7423C643D718262A241137EB597E08BE25F162B92FD9F75432BD230B256C16EF8E12", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066927, "uuid": "6c681e02-c6e5-4ed6-90e7-e69205ac9b33", "value": "6144:LOnE2KoaC2F7YUPOrXT5C6OSOfEoHYEs0RNPgnCt3Up3AyNotXvY7Z6iEm/ch/q3:yEjCkYPrXTc6QsYr8gfl/EYNmEhCiUYM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066927, "uuid": "995d8db7-e44e-4fe7-962a-f5e573284ac8", "value": 366522, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066927, "uuid": "c813bea0-9d49-4339-9faf-8793cabbfad6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066927, "uuid": "be79f28e-e304-4233-9bdf-cc5ef3bf287c", "value": "BFGJ1268_2933836.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "babe102e-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697052239, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052239, "uuid": "d81dd4b2-9848-4a50-8c19-268d0a9ba44d", "comment": "Malware payload (Formbook)", "value": "4909933227ef0666ccbf6f6b712bee74", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052239, "uuid": "fe2f2364-c66f-43c8-9b28-6e4e3a4f827b", "comment": "Malware payload (Formbook)", "value": "125795e7202c3c893931f96948ab5841d6abd6ad381fec028a173c46b84775d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052239, "uuid": "154971e0-683a-41d7-ad79-a3b15a626b5d", "comment": "Malware payload (Formbook)", "value": "b625d1e1feead0a459110f7d8725a3f265d89ad7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052239, "uuid": "d0bb182d-bb7a-4ca8-baa5-eeed8725a24c", "comment": "Malware payload (Formbook)", "value": "c997f5c14ba463b948148f6ced53b0704f9ca628b26395246e72883bc5a487759d488baf4bf4f23c2453970852cb6a6c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052239, "uuid": "9a7901a1-0bd8-468f-9d2b-129d327ad8de", "value": "T16115DF082144C54CC6BA3575DB44A3F80BA76D3DE931D20BAABD3D6FB733516E900B6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052239, "uuid": "b708ffd7-0579-4db3-9f96-8a9d60db17e3", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052239, "uuid": "3b01d260-810c-4000-8711-4cfb16ded8f0", "value": "24576:88fik1YB07p7+7hm2BmCa3ecfH43Vwt6ym:88fikqBmS7hmjR3ecwKt7m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052239, "uuid": "21649a8a-f38d-4938-b73b-92ab9b02097e", "value": 914432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052239, "uuid": "320cbf43-9661-4f76-b78b-cd4d7ee353ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052239, "uuid": "690f3a35-3799-4a7e-addc-f5ef7ea0c983", "value": "POLYAK EYNEZ ENERJ\u0130 \u00dcRET\u0130M MADENC\u0130L\u0130K SAN.VE T\u0130C.A.\u015e_company_profile_request for quotation.xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62a9391f-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050803, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050803, "uuid": "a25f725d-aa1f-404b-861b-9898cea1b626", "comment": "Malware payload (DBatLoader)", "value": "a7e12db266c8cbfb83097948ddd0ba8d", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050803, "uuid": "8f364866-169a-49e3-b7a0-962b5d52a711", "comment": "Malware payload (DBatLoader)", "value": "127e920304ce4f148d95d1b2522623262a85b804d682d33df89f1238eac1ffc9", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050803, "uuid": "4d94ad3b-2f25-4836-b886-7cf9d3d3073d", "comment": "Malware payload (DBatLoader)", "value": "3c4da9c8af80d458798e3376e47120845d0ac6b5", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050803, "uuid": "d9007938-2f35-487a-aaed-df558e02c543", "comment": "Malware payload (DBatLoader)", "value": "22135b138f6b7c8754e4f1a1b9b3e069386f87c2a2e34b3bb1b2a13aca172a2e05eff3fa27813181cf84c3ee84edfe34", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050803, "uuid": "b11bc96b-f05d-413f-a0f8-4c2877653df9", "value": "T184357C34B3B608B0F5AA76B5D90667F01DFF37EEAA4428998275391B1CB27816F1101F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050803, "uuid": "4c690cf7-3596-435a-8a12-bc1e0ced70ba", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050803, "uuid": "d37bfa8e-7bac-49ec-ad93-ac0cf1ac1505", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5R:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050803, "uuid": "798cdd12-5634-4f08-8bf3-a25ab739e358", "value": 1124864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050803, "uuid": "a9120ca5-d8ad-4cfa-94ec-38f3fd46bf45", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050803, "uuid": "e5e0c31f-9f98-48fc-829e-54f0f2ae686d", "value": "a7e12db266c8cbfb83097948ddd0ba8d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f832c299-6834-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697028720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028720, "uuid": "347e4c25-2d40-4520-8771-9d59f54adea7", "comment": "Malware payload (GuLoader)", "value": "84a9763aec611fca976d24cd0c349778", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028720, "uuid": "54153266-efc8-4066-8d9d-870373fc8b09", "comment": "Malware payload (GuLoader)", "value": "1355ac86b6ed7fef8676841a7cf0d9ec0c450cb8f6cbaeaa4644021577463f9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028720, "uuid": "b8cfeb43-7e44-41f1-95da-5e9bdea06d6e", "comment": "Malware payload (GuLoader)", "value": "565a0d4ba1d378baf695ca3d9a42a48054cd30e2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028720, "uuid": "38b5411d-16fa-4bac-965e-6f03d32d5762", "comment": "Malware payload (GuLoader)", "value": "56ab9ac2288c2f22d384a5a40b89e1837c719fc8bdac9f7160c163d8118762b6cb50d64e4fe27b0b67627276798f1278", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028720, "uuid": "07819128-ad1f-411e-93c7-ffb35ed1aac5", "value": "T1B045015AB629D14AE9BD6E72DC1EC0F1A6B9BC67D810130B3194FF2E35F2301181BA5D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028720, "uuid": "8025aad6-fa68-45e3-b376-4bc73b21517c", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028720, "uuid": "b84af456-838d-47e4-9200-85e04b92414d", "value": "24576:pexcktJzt/s3S5OoP6Dwk95ACjKC4onl8Q3wlRjMPybTJmUn:scktTki5O46MIACjKCxl13ojMPyblJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028720, "uuid": "165a4fe6-0752-478b-8e0a-bfef14e7fc5e", "value": 1239416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028720, "uuid": "2ca21e0c-0379-48ba-9631-33d1147b4664", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028720, "uuid": "f78e44c0-2442-40b9-82f8-de898cdf8499", "value": "1355ac86b6ed7fef8676841a7cf0d9ec0c450cb8f6cbaeaa4644021577463f9b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "43b2ea7a-683e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697032712, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032712, "uuid": "1076b45b-bcbe-41e5-ac18-9b181ecdb6f0", "comment": "Malware payload", "value": "fcc3490a584b5971e791fb4bef6840f7", "object_relation": "md5", "Tag": [ { "name": "5-252-117-214", "colour": "#C775B4", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032712, "uuid": "207c53b8-bd74-495d-bf68-5474c536eb7c", "comment": "Malware payload", "value": "13690a8e5683889c42b4dd66537d3d56af16c5cc25da3bff3b9b68046c6be8be", "object_relation": "sha256", "Tag": [ { "name": "5-252-117-214", "colour": "#C775B4", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032712, "uuid": "a107c952-ad4f-4d5a-ab23-3db82244c689", "comment": "Malware payload", "value": "f1c733f894d2fb83766353667cf988051663bada", "object_relation": "sha1", "Tag": [ { "name": "5-252-117-214", "colour": "#C775B4", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032712, "uuid": "548fd6e6-b752-46bc-ab6d-bb200660ed88", "comment": "Malware payload", "value": "667a86c0374c4eddab9948e463cec219370e13c0453fde3c1e94696ec62ad991418bc9f8a68a0ba2ab88e6a12a9003b5", "object_relation": "sha3-384", "Tag": [ { "name": "5-252-117-214", "colour": "#C775B4", "exportable": true, "hide_tag": false }, { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032712, "uuid": "a0064efe-0cda-4f3f-a2a6-19ca5115d786", "value": "T19801768616CFFC6E14A7F3C2B63802802BC39512A05C74326A804D2E5D328B64ADEDE8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032712, "uuid": "ad4e7117-d227-4756-84f3-39e2187e608e", "value": "12:sYxS2hz7YU+Sj8ZGShR8kkivlnxOZ7+DP981E7GXXfDWQCYnmSuhBxAH:sYI2hzEPI8ZNR8pivlnxOoG1fXXfD/GW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032712, "uuid": "63b4d557-06ec-478b-90af-628046aba8fd", "value": 700, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032712, "uuid": "d1991b64-0194-4e02-a7c1-310bce30e738", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032712, "uuid": "f6f3004c-7cd0-4b5c-a757-c490c6e911e7", "value": "Client32_5-252-177-214.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "62efb3c4-683e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1697032765, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032765, "uuid": "8032d449-884e-48d1-8704-27583042e6b0", "comment": "Malware payload (AZORult)", "value": "b568a136877d2896ae556de0b6478630", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032765, "uuid": "4e76073d-d79a-4543-8c70-6210149e4961", "comment": "Malware payload (AZORult)", "value": "13929681511c7970913fe3da2052dc8cc5201de9012a42e131a554e594552366", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032765, "uuid": "6d44a0c8-fd9e-4d22-ac4c-b252c33e249a", "comment": "Malware payload (AZORult)", "value": "e67cac21efbd34d862d75a08ad2dea7091f1aedc", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032765, "uuid": "e1ee1423-ea08-4920-bb7d-843f4c7fd404", "comment": "Malware payload (AZORult)", "value": "b2d9383dc51054b4fa3a0be553aeda94df455d551fb229d705a3b91ce9e51e666a685cde7b98e50084c2efa26e0c5f47", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032765, "uuid": "1bfba5ac-1fe9-4a73-a8a9-25cbc60beba9", "value": "T1EAB422A72EC0C91DF5035A7818F04E79E6BAFF039572490FB3653B553A02A23475B26B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032765, "uuid": "223b4f4a-477f-4d97-bc82-f1d08debd347", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032765, "uuid": "154e8103-588f-45dc-9042-330d659796a1", "value": "6144:1z2yP2JNy12VISgxmEk011DnXsUrk2fUJaZqicB3o3JfW4uMuuei9QrRXdL:YU12CVY01xQvJE3j0UQPL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032765, "uuid": "62bfc4cc-4fb4-4b23-af01-95519f4f177d", "value": 517199, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032765, "uuid": "a7ebfac7-fa5e-42eb-94f2-ed41a2231797", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032765, "uuid": "456610c3-465c-46e1-afcd-8f6f6028416c", "value": "13929681511c7970913fe3da2052dc8cc5201de9012a42e131a554e594552366", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ee0668e8-682d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697025697, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025697, "uuid": "60aaf63e-53b9-49c0-9476-3cf8c8460738", "comment": "Malware payload", "value": "57a22000489eec343bd556b883df4238", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025697, "uuid": "51faa16d-1192-4415-9f20-43f4530d58c4", "comment": "Malware payload", "value": "13fd816b66d889eaeae5e0d0a44b008851697e5ae9246c3fd95fc3cfcb157582", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025697, "uuid": "909e042a-fd58-4f23-81a8-07eef613534e", "comment": "Malware payload", "value": "227fe4ef7d7d73546efe19451cfb8ecda0cb76f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025697, "uuid": "e3d8567c-0bfc-42e7-b334-a90eeb198767", "comment": "Malware payload", "value": "03ee5d4049b5cf27f44ffd991ecb81b254b73c8e84764a8d9f84b5c0d126f5ed2ef4e7f2b4dee9b5b2c3f0ee2c7962ee", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025697, "uuid": "6bf67854-f045-4b63-9db0-1b76230c5d77", "value": "T1DCC7333B7299623ED8BE7A39417A71B4173F5864A909CC2A37F0748DDF3E4610A36C46", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025697, "uuid": "6d498a9d-dd73-4695-a160-69fa3d1f7cc0", "value": "e569e6f445d32ba23766ad67d1e3787f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025697, "uuid": "f65f9aa0-df47-4ffe-8305-90a42b441803", "value": "786432:k+B4TA4Qu/oAaRqO445zfgeQSnXC9KJ/x58RZe6RsI27fjKaol37lvxvg559AxaQ:k3Qu/QKqgIXrJ/x5eZQWJJvg58xNxgI9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025697, "uuid": "c2cf7f3c-b048-45ec-bc7f-9bc14f2d896e", "value": 53225448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025697, "uuid": "c185a957-f96e-4b7f-b5a4-490174aab7a6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025697, "uuid": "53be1639-471c-4d62-b4a5-4fbce92fef62", "value": "idm download with crack 64 bit 2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "685d72cf-67ef-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696998844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998844, "uuid": "23ce2ff0-69a6-46ca-9010-3d0569c44679", "comment": "Malware payload (RedLineStealer)", "value": "ba8aa599a7b57f8b7bd935a471b21b86", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998844, "uuid": "4c48b7d4-7a8e-488b-b3ce-3b39017d69b4", "comment": "Malware payload (RedLineStealer)", "value": "148b06879b0d52f2c9a42e45ced9a99fa62bc4fcc0634257a72abcd5148b6104", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998844, "uuid": "9d5254b8-882a-468c-8386-add27a02ff3b", "comment": "Malware payload (RedLineStealer)", "value": "f337411ad1e0e55811d79e44e7468681502a7838", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998844, "uuid": "625277d5-14f2-4694-a9a4-b4dfe572311e", "comment": "Malware payload (RedLineStealer)", "value": "77e82b89f340393f62dad6c54fd6c25cd6a37c90b05e34de554dad28755225a7818ad7bcfc181377fb792ce91c21b958", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998844, "uuid": "e4fc7280-81c7-4787-8621-610b31de7dfd", "value": "T108352352D3EC8135C4F11B7008FE46434E3ABC91AE7953BBAB996E195CB1688983335F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998844, "uuid": "94ec734b-7a20-4490-8668-d4956b3d0fa3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998844, "uuid": "52c899c9-73bd-470a-9263-a10a6c828aa5", "value": "24576:Ay3Oz1Vq05o78/FKkTQvwMOGmyjzTuyaqk:H3O5V9S85Sw4zTuy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696998844, "uuid": "30794649-51bf-46d7-a585-f74899c20c13", "value": 1131520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696998844, "uuid": "f5ebb0ec-8f66-4ca4-91ae-18a1adfd41da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998844, "uuid": "6ffbba5c-b973-43f1-83ed-d8f83c992cbe", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f37a5b0c-6859-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1697044604, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044604, "uuid": "c5ca38de-2889-4684-86a5-99ec1357c6c8", "comment": "Malware payload (Tofsee)", "value": "d8b3af1c13a5ba64861ac5f8d73f0d2c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044604, "uuid": "a80bdcc1-4f8c-4cdd-8942-a26c74d9b444", "comment": "Malware payload (Tofsee)", "value": "14d7e42e703149fcfa162a77cb0e8fb72cf25509ec59f4e6e7b53621d35d3fa9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044604, "uuid": "577fbe09-9ac9-4b51-a3b0-587c4fb24561", "comment": "Malware payload (Tofsee)", "value": "b0b14e0da462b6cfec93dbb2d0956914df6334b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044604, "uuid": "22f2634b-4859-43ca-917b-60ccebd0a6ea", "comment": "Malware payload (Tofsee)", "value": "ac008afa399ea67811c238bce3810dc472075fa1720e9b2d0823d5b31ca272ddb914c4f71ce838b12ce06f62cbea248f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044604, "uuid": "24743a37-ed05-475c-8f97-7707aa3aeb86", "value": "T18034CF11B9B2D7B2C80740348825CAF46AFE7C728A8C4993376B3F6F7D313926666255", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044604, "uuid": "f83399f3-2268-4363-b239-06793417ce47", "value": "8ec09d3136044a4244b7ef67b1effa25", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044604, "uuid": "0504e55c-359e-4abe-9be0-a428cee8ecac", "value": "3072:cX5UYgwF8JRsqc9K7muJiECEKmm46Y7Vn41vPPe5ne/TyA:YZWrsB9KlJe6rxVn41v0+T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697044604, "uuid": "b2877a1c-9010-4027-a44c-461ea2edee26", "value": 230400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697044604, "uuid": "31dd88d8-7ce5-4c34-853b-25b9d5d6e374", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044604, "uuid": "84e6dd8a-d3a7-4658-9fe8-50d900cfba85", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "36628b63-685d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1697046004, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046004, "uuid": "2fc95f2c-dcf4-46e5-9384-66e6ed44fe88", "comment": "Malware payload (LummaStealer)", "value": "a845bd1e034f900dd21ee0023e23f4cf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046004, "uuid": "8ef390ac-a8ad-4aea-b56d-4e61449aeeb0", "comment": "Malware payload (LummaStealer)", "value": "14e38e65a442ad099ceb65460504c5f9b7b311f9fb6f5440e2ce9f2f7cbfed31", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046004, "uuid": "6ed63cdb-0914-457e-b881-895543e879fa", "comment": "Malware payload (LummaStealer)", "value": "626ea50c1bd1741cecc5f09b83c8d08e556c0498", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046004, "uuid": "3b81e25c-5185-4901-8fd7-5c67665194be", "comment": "Malware payload (LummaStealer)", "value": "09f437cda23596f8ffee7eeb1a77411f98e678912cff1a8634e3eea3b568c892adad7f5379eccf6c3dd23dca4f4eec21", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046004, "uuid": "ccee33fa-0ef6-4931-92f0-73b7d18fd785", "value": "T154D5F93C4C228777D269C239D0C8981BF1A14597F6319F8B21CB8B8AA9432977CD5F9D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046004, "uuid": "5041a657-93ef-4c5b-b472-6f7347ff2375", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046004, "uuid": "f159eba1-f95f-4e6a-82bd-541081e8a159", "value": "24576:SVRdNifUR/h8KtfwSoiMW2hnCdOOhxh22Rm/QDa4RDg7BKkrysU4E1uA1xDeaPS:S5gcR9tDd0y8KkhoBxDe1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697046004, "uuid": "1118757a-a9b6-46bc-a4ed-9603cbe33f58", "value": 2747392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697046004, "uuid": "4d7b68f1-5537-4aff-b2e6-639b43d9022c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046004, "uuid": "b689ddad-8a2d-44a2-8258-b0a8e7e35b24", "value": "a845bd1e034f900dd21ee0023e23f4cf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06227d83-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697051507, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051507, "uuid": "a76ffc58-3830-4431-9baa-647a7bce6d11", "comment": "Malware payload (AgentTesla)", "value": "dfdf4b8cadad41fe0c3ff38cac4fe413", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051507, "uuid": "0be45254-60f3-4d40-ac0f-a44d9bf57da6", "comment": "Malware payload (AgentTesla)", "value": "14f100230bc521ead7393cd8f727bea1f79b9787e3b4000e18a6b8c9a0114438", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051507, "uuid": "e8587850-c054-4485-9609-b93dc63cf316", "comment": "Malware payload (AgentTesla)", "value": "1b1a5b915273e0544c5b9d531b60690660ac8f1e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051507, "uuid": "ffde23c6-a6ae-448e-9c4b-893283322bfa", "comment": "Malware payload (AgentTesla)", "value": "dd49aea6b6011eec6d9bbb95ca8fecfba050ca03da080bac945a8d732239b18e582a8d4f70adda391fb816d2ae92b98d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051507, "uuid": "cc1ca00b-f139-45d3-ac61-f69cfcf7a7d4", "value": "T19C042A0035FFA45CB233BE635BF4BBE98E2BFBB1562A615D2514430B8B62E408D95731", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051507, "uuid": "4ac70b5f-3e71-43de-a751-dfcc80c189d7", "value": "768:lpNhnciHpxyBCL1pmeGeG1+DoiiiiiziiiiideNfffTpr/hiiiiiLiiiiiOiiiiL:bjBJH+51+4eNfffTVsp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051507, "uuid": "0a0f643d-3a3d-4955-ac22-e662c08803ff", "value": 182602, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051507, "uuid": "4ecef862-b77e-46fa-999e-4ace2c34dab4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051507, "uuid": "12a7cfd9-71a5-4507-b0a0-94f622d97dc3", "value": "2nd Hire Payment confirmation PDF.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "901f20ef-6809-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697010077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010077, "uuid": "8b77151e-1002-463c-b8a3-97ce8e630741", "comment": "Malware payload (RedLineStealer)", "value": "ce4397978685f0b61fcd99b96a1740f0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010077, "uuid": "9a4b20f3-43e0-49fe-b519-ea3b98c8f110", "comment": "Malware payload (RedLineStealer)", "value": "14fbf0fe77ba40524b71257012c5175320c5b19c8e1871b03ed0cf24994efeb2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010077, "uuid": "b16e9719-e011-4a2a-9d5b-814a9ad565ec", "comment": "Malware payload (RedLineStealer)", "value": "4b54c7ba5a43f81765407609675f300947704fae", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010077, "uuid": "430994c2-3b30-4da6-9fcf-c928fa514d42", "comment": "Malware payload (RedLineStealer)", "value": "bd8e73071301c304f0e642e2b354f7b2282ed518014802fac567d08dc79d6569c25499eaf93e98530b5ff19d5c835bc9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010077, "uuid": "1e5abc39-636f-438a-9a27-e9505331281f", "value": "T14C24CFD1BA42D8B1C84B8077C824CEF8667DBCB29A59899377583F6F7C312D23766250", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010077, "uuid": "2dfc3ebd-1b59-4c6d-afaf-09ff41997402", "value": "1779cddf5976b55ff16f4e4d4c8ed385", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010077, "uuid": "d9d6e669-714d-47d5-aa25-b6119811f49c", "value": "3072:JXpyfL8g8nQTsE0lSWulDT5KF5jRtzFZ5N5pUTyh:toz8PQwE0st5UPz/5+T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697010077, "uuid": "ccc83d0e-1051-46c3-89ec-ed711e242ce6", "value": 228864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697010077, "uuid": "e2edbbbd-3aec-421b-a987-fa2c13bb8de5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010077, "uuid": "df1a425a-5c92-4c63-b320-2b75a4866638", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3a547df4-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052453, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052453, "uuid": "55ff0624-89e0-493d-b942-acc13a2df55d", "comment": "Malware payload", "value": "dfe7be7baf26c45dc91d36dbe002a060", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052453, "uuid": "2a49198b-2392-412c-81ec-762abc7db687", "comment": "Malware payload", "value": "15c42c970437e8de1f37667c0b7733b864cfdec904db0aa2a6ec77e9f2b2f69d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052453, "uuid": "34630957-a787-4992-a547-54e31eae6e53", "comment": "Malware payload", "value": "cd6253c7b28ce3b9dd173b3bc14091c747e4c957", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052453, "uuid": "27d28286-9768-48e0-9f76-824baabda9a8", "comment": "Malware payload", "value": "64f9721ac410f33e5ed962219026fec04dd4e951909b72472d484870950b7140fd8fe1e1734fb9c093d59176b53a8623", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052453, "uuid": "40195975-4fe9-49a1-ab0c-fbde2221013a", "value": "T1A1332984E78482A7CB5C15787CEB851837B4AE9B989AF74A1FC5B1A528837C0E4095F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052453, "uuid": "d6430cfb-3875-41f8-ad6e-96488090c4e7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052453, "uuid": "75904b81-51eb-4289-94d9-e2ec9fa75ce6", "value": "1536:xbTCHXqkl/RycGU6kpX135/8CY606BbCHPYx9JlBl2q+KmSSDtfX3/CKoqV:1G3N8JXkG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052453, "uuid": "b0c1bdb8-31c0-416a-b8db-2db7ecb27c1a", "value": 53760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052453, "uuid": "d8c738aa-e241-4927-b7d1-2734322e96a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052453, "uuid": "3c96be81-e1d9-4273-b04c-0ea00b50b17a", "value": "dfe7be7baf26c45dc91d36dbe002a060.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "122ddf02-685c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697045514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045514, "uuid": "453fb498-f9ed-4c3f-be52-286d591b5612", "comment": "Malware payload", "value": "690718d64ec135d3fe22f381b8246124", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Large MBR", "colour": "#97C556", "exportable": true, "hide_tag": false }, { "name": "Upgrade builder", "colour": "#AC52BF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045514, "uuid": "ad4457b3-8d82-4c57-b0e3-ba76d06ce2ae", "comment": "Malware payload", "value": "15d9f248ee852047b99f3e6199e8dfffdf970a7597438d02bfb2842f32ff31f7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Large MBR", "colour": "#97C556", "exportable": true, "hide_tag": false }, { "name": "Upgrade builder", "colour": "#AC52BF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045514, "uuid": "30e4b357-2ccc-4bc7-9bd0-67335e589ff6", "comment": "Malware payload", "value": "445b8c78a8cd07541c3fc4738c39cb2a1d7ad843", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Large MBR", "colour": "#97C556", "exportable": true, "hide_tag": false }, { "name": "Upgrade builder", "colour": "#AC52BF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045514, "uuid": "2ed16b77-6fa1-4abb-9790-a8418946b661", "comment": "Malware payload", "value": "f23e8e76381675dcdee37e7e060821f693d91a7f280c49fbab1a613ee0ed676cce713402859033545810c2a9156fba7f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Large MBR", "colour": "#97C556", "exportable": true, "hide_tag": false }, { "name": "Upgrade builder", "colour": "#AC52BF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045514, "uuid": "a613a7d1-b5b8-4226-97b8-56836d64aca5", "value": "T186548DDC726071EEC86BC472CE986D68FA51747B931F4117A02B15AAEE4D88BDF140F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045514, "uuid": "01b2eff7-0834-4f42-88e3-d68b844daeb0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045514, "uuid": "23054043-d7ba-4213-af06-53323664c0d6", "value": "6144:Q1t/UcsQg41M75+rt3urA81ad+GM01r+1a3v/VCN79DXd9:HQg41M74mAh9V++v/VCN79DXd9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697045514, "uuid": "80a3d335-3e0b-4a33-a825-e5e1ceeba8d3", "value": 295424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697045514, "uuid": "fc17091d-7875-4ba1-840e-06813365ea54", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045514, "uuid": "90947bb7-cb2b-4e59-9eca-ae2407722e81", "value": "StringMbrBuilder.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a48b9cf7-688c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066376, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066376, "uuid": "8cca0700-be8f-43f8-808d-de6bcfc1cdf9", "comment": "Malware payload", "value": "59f5d0fc66c9b1e38636f5f98a17730c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066376, "uuid": "c11438dd-3993-4a2c-ab86-a54cd99d11ee", "comment": "Malware payload", "value": "15f48257a81c6aa01f1b226e9c41e7df1f4a7edcfea31c59935535423908beb6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066376, "uuid": "abbbd025-aa46-42aa-9a48-1f548ca7730c", "comment": "Malware payload", "value": "07700d6a08d889ef0b250c32186bb0ad468c50d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066376, "uuid": "4105cff5-22d3-4264-9a31-5cbe5dd986de", "comment": "Malware payload", "value": "c2a687c7c94291a347e319441d2e80caf72b7abf75fedaa1b62bda3c6f3c3790095d2a3e48110cd7e6d5839081055bd9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066376, "uuid": "f1f3f00c-65b7-45ca-af6a-bb612e5bb289", "value": "T1C5459E20B5944A36EEE631B64AECBB25455DD0A00BB510CF8DDE46DBF6203F37A32D85", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066376, "uuid": "e8225077-570d-44f2-8b98-71588c637370", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066376, "uuid": "9659065c-0f04-46d8-88ff-eff412246ebb", "value": "24576:CgryJRfw5G143SeVjGL1+ptZ8tJqLC+iNQnE:IRfw5G1+jy1WfnE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066376, "uuid": "3c929630-1c51-4726-8a87-29ae1e53d4ff", "value": 1225480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066376, "uuid": "5ec95484-a40e-4526-b210-839501561680", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066376, "uuid": "c8528a71-6488-4526-ab67-b0e5f6e1f8a1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "495c1ffd-67f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697000080, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000080, "uuid": "c200a3a3-e52c-4b75-8a78-00d2bafb39a4", "comment": "Malware payload (RedLineStealer)", "value": "19a9ce312c50848a69ab8fa1aed5a9e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000080, "uuid": "40ced23a-a277-4d47-84e8-7d85eb6df584", "comment": "Malware payload (RedLineStealer)", "value": "16c749bd31b89bd8ba0a20bbbd4884f5385c8071090bf9817348f31304191a78", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000080, "uuid": "16630967-13cb-456a-9307-744f3138f6c5", "comment": "Malware payload (RedLineStealer)", "value": "a84f7ee87eb89fcd833a2a2ebc406fdbe849d60b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000080, "uuid": "648fb76b-d2a1-4604-a307-81e279ca8f29", "comment": "Malware payload (RedLineStealer)", "value": "327ae70294c0118afea93f7ecbf2778449034e23086d228ec88c4e313109ac32775a58dafecc12ff4498d08baebfd044", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000080, "uuid": "5ddf2877-e81a-4a02-b92e-6e4b042b619f", "value": "T1C8352317ABECC9B1E97A27F06CF603870F707CA55C34561B5797DA1928B16A0B1B032B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000080, "uuid": "6f5f24a6-8d3a-456d-b1ab-508623f28d8b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000080, "uuid": "1a5c4236-c747-4b73-81f7-462e5447ae1b", "value": "24576:/y0rz2aogTtf90h9jKKNr1POogyLqFTi1l:K0ragO9jKKNpDgF8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697000080, "uuid": "22a8ae7f-026d-4497-82c2-996da546e345", "value": 1131520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697000080, "uuid": "d169ff90-3c6d-43b0-8065-c975dc87ea4d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000080, "uuid": "8ac9fea0-047d-481e-9503-b4b3ce0e2c0c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da9e0cc7-6856-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697043273, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043273, "uuid": "cfb8b921-cdae-41cc-85e5-5c3df67c4a46", "comment": "Malware payload (RedLineStealer)", "value": "bc4b50d4851ca092b226827feb73e9ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043273, "uuid": "df547bca-72ee-40c8-ac78-72f18954c0af", "comment": "Malware payload (RedLineStealer)", "value": "16e034f369cea0933ce432a8ede67046da37513682aead9de0eb1c42d1cad731", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043273, "uuid": "37c76f5b-e7db-4f97-bedd-593242d4eaba", "comment": "Malware payload (RedLineStealer)", "value": "d40825fe79c4fb584c86e8122fdde9543b24d744", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043273, "uuid": "6f29bc5e-5572-4547-9da2-cb703bcbe341", "comment": "Malware payload (RedLineStealer)", "value": "8c207f50067b829a9af46f48d0d2244228eb32c1b9bbb0a2c506c94db3e12a3a5d2139c979de496f60b684d8d3714886", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043273, "uuid": "7a912ccb-c8ba-490c-967d-555db8588ac8", "value": "T113652343B7FD1532EDB92B781CF646530F3ABC71086886AB3B86745D0CB2688D532766", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043273, "uuid": "d8921915-f5cb-4c98-a089-7801e7239f7f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043273, "uuid": "665f0baf-a2e7-4d11-b228-1b91b0646ea1", "value": "24576:zyjoOjQzO1BmzIsNWr7bdJiXuu+SU++c+o7CNfkO/G5eTZg3s7OjLZoA97RYVP:GjdjQ61R2WvbDA+SUho2NfkO/3gpj1oN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697043273, "uuid": "0394e3f2-508f-4e8d-bc67-ce52006db2a2", "value": 1546240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697043273, "uuid": "bfed1b51-5cbd-496e-8ba7-926e916305cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043273, "uuid": "7974fee8-1b31-4897-bba0-9f73e9e264ca", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c69354eb-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066862, "uuid": "8632c57b-112f-4b5c-853d-d4918b5544c8", "comment": "Malware payload", "value": "b22205e5b01f60a888bf8b93b9850ebd", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066862, "uuid": "fcb82ef9-3d28-4c2c-a654-61ad32477193", "comment": "Malware payload", "value": "16f1970dfdc7f278fe3d69e067834b8816ec3e1317f47cbeb9a2586fab7d50a9", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066862, "uuid": "93636c58-8fd3-40ac-82b7-06ebf8dd73d8", "comment": "Malware payload", "value": "693e0afba9f4818baa22ca4c86fadd33385b72e4", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066862, "uuid": "0e8395fd-1dc4-475f-bf80-117bdae8ccba", "comment": "Malware payload", "value": "470ac90c52cf331481a2cc122a1f9070f80e0518d2f40c7088174dad247dbeed3b7b8b4f8a242dd7a772f8f83a2f26df", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066862, "uuid": "c0c7bb60-5166-477e-a110-99a36e1dafef", "value": "T19874230A0572B3790E7654E0A94317C67AB2B65E57FB97F95C102BE3A07202336F05BE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066862, "uuid": "7bb2bd1e-3ffb-47ec-bcf2-89c8918067e1", "value": "6144:lxXDfIXmmEIUnEV1XlWh5vU3kTB3fd9wlixUp9xajGbYeMxBEyce8ti4xxNaREB:lJMWnR21XlYTBvd9wliiAB98bxxNaREB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066862, "uuid": "7869705a-a0d2-41b3-973c-7752f77ddaf6", "value": 366104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066862, "uuid": "b9123061-8a61-4bea-afe9-2653bcaeb49e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066862, "uuid": "e5b1d7c5-d33b-4711-9fa9-d7ccddec9a6f", "value": "ADLR1578_5867690.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f840790b-6824-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697021848, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021848, "uuid": "e2815ea0-bd46-4a36-87e0-4fb9241a4c51", "comment": "Malware payload (RedLineStealer)", "value": "1acb9515cfd316a47948aa053fb4fabb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021848, "uuid": "27dc586c-6e2a-432c-bfff-fbe9a669a6ed", "comment": "Malware payload (RedLineStealer)", "value": "1718b32ad546434a5ec14f2f4c7f2c68b1102b20618cd09b3936a90f82527c4d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021848, "uuid": "50b9cda8-84ef-4787-8ef3-9310b7e25180", "comment": "Malware payload (RedLineStealer)", "value": "52e8e69cfb7c49c93e19aa24250386d544276cfa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021848, "uuid": "592e07b2-2591-46e9-893c-afb762c2b3b1", "comment": "Malware payload (RedLineStealer)", "value": "37031aa7910392ff4b2834a5fcee27cdd7ac650a9c68e8f20817c4a4dc201776c3616d7dfcec3a8fc8446761bffe440f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021848, "uuid": "e5d7bcfb-61e3-44ec-abc8-3781faeb5b30", "value": "T1BC352312BBC9C573E9F517F0ADF702832731BCA188389B9A2B94D95F18716D4A07173A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021848, "uuid": "a8385fa0-dcec-40aa-8bb9-cbe6fc0c341c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021848, "uuid": "704684df-ecf2-40e7-bbdb-1779477b871f", "value": "24576:9y1X3Kn/T7CBG3ZS+K3vU/6FLLwFjU985uvWHaGIfITGp:YBKb7QG3ZS+QvowLLyjq1vkaGI/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697021848, "uuid": "9692b72c-51f2-40fa-bee6-9269840abdd9", "value": 1061888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697021848, "uuid": "158f8459-5463-49d0-9623-5d9004b1aaf0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021848, "uuid": "3ca2a76c-5eab-48d2-841e-1667767ed24c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb10f8c9-6820-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697020055, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020055, "uuid": "84c6ad6b-7718-49e8-960f-a9f722afa83c", "comment": "Malware payload (GuLoader)", "value": "6a8efbcb9d92ac09b5f998e35fe4ddb7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020055, "uuid": "839da536-cb50-4a43-abc9-886a61154ea0", "comment": "Malware payload (GuLoader)", "value": "1775cfd2058f222ce542f96997e00096f2fdce86ee1923f8383c70633e956dd2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020055, "uuid": "5eae3f5e-22ad-462c-a50c-07f5b4a04171", "comment": "Malware payload (GuLoader)", "value": "14953b19cf5051c6a8b6c1c09bda9bbc9437ae25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020055, "uuid": "2e12fafc-6c4d-4860-bf3c-18d8f7568b35", "comment": "Malware payload (GuLoader)", "value": "f53be46216c0cc1651ac928290eb00f4f725b6eacca32912e7c0992809e4e064ff529d4aa2f3529520e5eb07cbfa1dbd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020055, "uuid": "e1db63bd-a6f0-4ddf-bf0d-4291b65855d4", "value": "T19CD423B061B2967FE4C2337141BA4E3E87F4DD7140A6AA3707627EED0E31147AA3B546", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020055, "uuid": "7a488eea-a41b-480e-a369-acdc660af3d0", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020055, "uuid": "d39569aa-793e-4c87-ae0d-e28e36a32e5c", "value": "12288:2ZplhHbpi6cBuQTWjEdJ7h0kiREitk8vyvQTXCTRDer3:YDh7pifxTZTatkEy4Tykr3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697020055, "uuid": "d52f1d7e-0807-488d-9ded-3ad9e08329d7", "value": 648532, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697020055, "uuid": "478e71ea-0700-469f-ae36-b176ff44ab87", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020055, "uuid": "c4505d05-90d8-4b9c-a483-15ec825a6229", "value": "1775cfd2058f222ce542f96997e00096f2fdce86ee1923f8383c70633e956dd2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e9e9998-67f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1697000492, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000492, "uuid": "8d8030de-664a-4675-9448-37437a6184e2", "comment": "Malware payload (RecordBreaker)", "value": "b46600cbd6bd74beecc6f17794822c1a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000492, "uuid": "144ad346-5f83-4076-b88f-5d0d5a2c46a5", "comment": "Malware payload (RecordBreaker)", "value": "17ba75bcbbc244b204a9f2d3981df4c3161f53b47f167a1b953eba08e7a4a394", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000492, "uuid": "bf4229d1-7913-4d1c-9897-693f3362fde2", "comment": "Malware payload (RecordBreaker)", "value": "787d3c60a541142c1791ca33f903e7c0870304e9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000492, "uuid": "2ed1bad6-5901-4a9b-b81e-21050bd00f1d", "comment": "Malware payload (RecordBreaker)", "value": "748e4dcd6e7a465824d29d60310bf182de3f64779eab4f55b05abf93b45e19684ad9729042cdd6413965bdce63fd7c8c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000492, "uuid": "ae151918-7cbf-42cc-a4df-3e05a4ea32b0", "value": "T1FC547D0373A0BC67E5224B324E2DC6A43A2EFD91CF29679632546F7F0D711A1D662B13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000492, "uuid": "c82e0b8d-c309-4d9d-847f-0954a08fa6ba", "value": "20edda4679262ae05d191b490c616035", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000492, "uuid": "9347bf15-43ed-4efd-8cf8-353cd1e6f053", "value": "3072:ONc/UyQnm5lsTen3MZmAJlwpl+cz9Itdr50Tc2XRKj330:Zwnm5lsas9lwjZItj0Tc2XS3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697000492, "uuid": "4837b44c-e82b-4e61-b97c-60e2110f365f", "value": 300544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697000492, "uuid": "f21cb1e9-7fb9-436a-bc87-865b80a12075", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000492, "uuid": "c3f8048a-1e44-4acf-9f3d-8690b0936d79", "value": "b46600cbd6bd74beecc6f17794822c1a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "38453a3b-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051591, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051591, "uuid": "57dcbe98-fb3d-45a9-b53d-1694a4a2fe5c", "comment": "Malware payload", "value": "b9ed20c0d625e851d7aca517f9a9c963", "object_relation": "md5", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051591, "uuid": "5fed9adc-10da-4a6e-ab8d-b8236c488236", "comment": "Malware payload", "value": "186b482c750196792f0156300c1b1457b74fe2659429c760a21f03df6d7ebf7e", "object_relation": "sha256", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051591, "uuid": "5f31d669-50b5-4118-9422-7101474bd32b", "comment": "Malware payload", "value": "58ce970e8690d84d9fcadb230091b41a19daec9b", "object_relation": "sha1", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051591, "uuid": "106b11d8-10dd-4d31-b97d-daa3e82e23c6", "comment": "Malware payload", "value": "3c3b37544ba1960a6799291fafc6864d347dc1d8a5c7933e40072f99e0528b056e8fab0118121423f1e303e25592dbe5", "object_relation": "sha3-384", "Tag": [ { "name": "ppam", "colour": "#050D9B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051591, "uuid": "2f1271c5-b6b9-4f96-9067-5d8e4ce3b741", "value": "T11602AE637B081C0FEBB1C83E7339967E7B469021A4527CA224F672418FD041F6F494BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051591, "uuid": "befcc944-d9e5-41e2-827b-a76712d060d9", "value": "192:xrXP/yqykWKQ6COp7QmFtEQvj2IB76qimlCfm4OPFeq:dXP3Wnb07XFtEQvjLB+FmcWR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051591, "uuid": "83f50aa1-a509-410b-b948-34b3b6a0aecc", "value": 8227, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051591, "uuid": "de4e02ef-7230-4f56-9610-2a6aec91f63f", "value": "application/vnd.openxmlformats-officedocument.presentationml.presentation", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051591, "uuid": "53e20f4f-bdc5-443c-a25b-2fcfe48681b5", "value": "Reserva Detalhes.ppam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96f3d413-6856-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697043160, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043160, "uuid": "b5617cf5-c1db-4240-b5f6-8273c8b24ee7", "comment": "Malware payload (AgentTesla)", "value": "5472bdb4a19f4aeb9a21f8d29e007a4d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043160, "uuid": "3e9d46fe-6130-47ec-b327-e4a5bfe92bb8", "comment": "Malware payload (AgentTesla)", "value": "1890dfadf428c5c686f1166c360cf2a49c15ee73d32a35af1e76dff9efc155d3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043160, "uuid": "31df65ae-83e0-41ae-8ad7-005d10d62fb5", "comment": "Malware payload (AgentTesla)", "value": "e62603099d80858b883e03bcb382d6ebc7c1b465", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043160, "uuid": "ca4c4e05-191c-4270-9dcb-20c360011be5", "comment": "Malware payload (AgentTesla)", "value": "080515c8377bf9bb424f90a92b2c53396de47400b01010168cc2c021373ab707fe30c609b2e4ecfedf59634050d4d84d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043160, "uuid": "08927ece-a7ff-4301-acfb-f7d006f3c1cd", "value": "T1AC15187C11689A8DF3A482BEB1728CFF17923D1F40B7B5F7A16CB4970EA97D24402661", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043160, "uuid": "35dbe8f5-a2c9-4749-aaac-c9b9767dce22", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043160, "uuid": "17a7cb5b-d771-4126-a19a-8aaece4f9442", "value": "24576:QztUdbCkAEca3MW6PiAItmndz7JELoiRBlRpE:Q5IMW6WtSB1E0iRB7pE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697043160, "uuid": "ab031a16-f684-4c2c-bc77-84442b842a10", "value": 913408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697043160, "uuid": "f26c3275-aa02-4c22-9301-84bcad153f20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043160, "uuid": "8f5a9528-2dee-4f03-9079-5853f832c2c8", "value": "COTIZACION.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9345734-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052666, "uuid": "342da1ec-c541-4ef9-a014-35fd53019113", "comment": "Malware payload", "value": "b57e2fa677ff88cf9b350a43f1330847", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052666, "uuid": "6e37b8a0-1285-4ccb-862a-ea49379f7fbd", "comment": "Malware payload", "value": "19119a6c77015d4648fb38250614b86fd3f6ffd5e1b4ebc457eef2f90db46e6a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052666, "uuid": "e5702263-3a0d-43d2-91be-453dbef6ec5c", "comment": "Malware payload", "value": "968e30f7aa75a6a2f46be9c75601e43d99be7d3a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052666, "uuid": "db8ed948-f575-4d83-b373-2d21f8e5d603", "comment": "Malware payload", "value": "823a89438c6a5ab8daba211ff9316e6f5c7d240f0d45dc6f016b9424a68aff25ec9c5790c8782bfc99b4604e974dafaa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052666, "uuid": "cfe7081b-4093-41df-ba88-097c6740d0cd", "value": "T11B24CF117A52D871C84641308837C6F47ABABC76DA5C998337A83FBF7D31392A36B254", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052666, "uuid": "05ff8331-2b6c-4a80-8c10-fe469869c235", "value": "1779cddf5976b55ff16f4e4d4c8ed385", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052666, "uuid": "6d2ef052-6eac-4a7c-a5d3-d8cd2b9130d6", "value": "3072:8Xpp80LY/zfYaPZa1ObZtlYvwjm8nk4Ae15WdTyh:4TNLQfYaPZAObZoQ64hedT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052666, "uuid": "54ed88af-21ea-4d18-89f3-fdb9540eeaba", "value": 229888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052666, "uuid": "bb4b0f7a-c563-49ec-8949-dda442a3db0f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052666, "uuid": "40839971-595b-4197-ac14-20583de12e9a", "value": "b57e2fa677ff88cf9b350a43f1330847.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d63fd4b0-6862-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697048420, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048420, "uuid": "4d4599be-82a0-440d-b326-8946374bb324", "comment": "Malware payload (RedLineStealer)", "value": "819472cc5a36287af9b3d41b9e558417", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048420, "uuid": "38225465-859f-46cb-82c9-6cdf7f269ab1", "comment": "Malware payload (RedLineStealer)", "value": "193788fd0c4ff48f1b771a33f41bf01714616b0dc9ac23473954d70edf0c0856", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048420, "uuid": "b65af351-e663-4930-be3c-f32ae5afad11", "comment": "Malware payload (RedLineStealer)", "value": "f4eceb8916e9b955b6b1dac7aab2fe3969d04442", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048420, "uuid": "63563947-9ab7-4a9f-a6f5-2acf3a17e3b7", "comment": "Malware payload (RedLineStealer)", "value": "abc947c3e7b7bbb205d6d46cd5f67128b31b518b2b68507a0c73b9db3a83ec8bf3c757efdb9180326b960882c3339465", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048420, "uuid": "b55bf599-24a9-419a-a362-80bcd244c03e", "value": "T1A9652303E7E44873E5B03B7454FB06B31B7ABC708A30531E2729EA6E15B298E5D707A5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048420, "uuid": "73efd2b3-0d0a-43e4-904c-adabc6c28785", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048420, "uuid": "a3ae195c-54c8-4489-b837-f7f6b2225b60", "value": "24576:aydmEUaF6IXOQRif7jV9irbpFOGb+Jnkj2zuMisG3G0DRhPzXOTtik5ml5pBFA9W:hdnUjIXjizjnCfR+JnkazDDCGWRZXOsS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697048420, "uuid": "bd6737d5-00ae-4fb7-948d-c8d65bd3f1a4", "value": 1536000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697048420, "uuid": "d0a968e0-f3a3-4653-825b-976a403e8274", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048420, "uuid": "a877374d-e429-415c-97f8-1afab88b8243", "value": "819472cc5a36287af9b3d41b9e558417.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e6d5d83-67e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1696992331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992331, "uuid": "c632f579-ad84-4d5c-a6e7-8d0f2feb602f", "comment": "Malware payload (LummaStealer)", "value": "75c3f1e0cf0362c72acca0115891ad6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992331, "uuid": "be985eb4-e71b-4bbc-a420-b9f426defa50", "comment": "Malware payload (LummaStealer)", "value": "19e9f408f31b2b2a152eb5861bfab30964dd5c177e7f010e422df96c4f5df527", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992331, "uuid": "34a4f19e-1ed8-43c1-8189-65a3e1ae1f07", "comment": "Malware payload (LummaStealer)", "value": "924889a4ef75894659989c6944fccb6714a6eb1a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992331, "uuid": "73ce5dd0-3b18-40e7-8a78-ddf2a07cf678", "comment": "Malware payload (LummaStealer)", "value": "5a0b6d6a0d01b9268310a38637a032a2bd8008665b7c04f33cd145401b11bca69250ad981f83bfb7d0aec475d2da8918", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992331, "uuid": "ca8fc1d5-5232-4984-9fb5-d6d87e287233", "value": "T18F352316B7E48132DCB5277049F703931B36BD556F34922E23E8E81A2DF268059377BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992331, "uuid": "1ab61103-44fe-4a50-9285-a934638a4350", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992331, "uuid": "7e2a0789-e44e-49b8-a6e2-914152ad9cbc", "value": "12288:3Mrby90VMpKvMlJT6YPTJyOIhvJ8UFR39s98GxT0KnKjaM4q0t7B6IB7ERMCzZle:syEMM0lJVPdyOUvJ8U93MfKWTLED/YD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696992331, "uuid": "085abab7-a6c1-418d-ab72-bc86c4005fc4", "value": 1120256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696992331, "uuid": "8b98ed11-3f23-4965-926b-831e18aba2d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992331, "uuid": "4eb6b83b-be70-49c1-a8b6-592fb166d609", "value": "75c3f1e0cf0362c72acca0115891ad6b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0760d72d-67d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1696986655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986655, "uuid": "407a1f34-e83a-453f-afb8-98cd58d9cc90", "comment": "Malware payload (LummaStealer)", "value": "d49bad0a1313e70b84ce2a7ac7331f7b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986655, "uuid": "627f333b-be16-4d66-9872-40443417aaff", "comment": "Malware payload (LummaStealer)", "value": "19f10abcce764df27ea3a0d23ea17c37edb55772ebe097f73112ebc4ddb2eab6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986655, "uuid": "edd47138-7289-4d24-9fae-ec71d719f460", "comment": "Malware payload (LummaStealer)", "value": "cce779508ddde07c63191e70910c3b27766219ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986655, "uuid": "9cb7a9cd-cec9-49fc-ae3c-3519435790f9", "comment": "Malware payload (LummaStealer)", "value": "a5c108035dcbac7d8e3970e4359e213a0910f8c6dfa21a0d143da307c2208ef51f7103b1abbac3e030d360bbdb221569", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986655, "uuid": "a250ef14-0d3f-4dc2-bd35-da4e3428f0e6", "value": "T1FE352297F7E48431D8F213706CF602C71B37BCA19AB5812F67569CA649B3384A5313B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986655, "uuid": "98d33c6e-e19e-4c47-a07a-ca339898e716", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986655, "uuid": "811d3f9f-51ad-4884-b0ac-9157014fefe3", "value": "24576:+yUTYR1wn9kiEHM8+IGS1iBVmUj2jaobp00c:NUTUPirK1iBVmUj2jbT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696986655, "uuid": "67a9d338-a56a-4891-b5ff-4ef87c1f5856", "value": 1134592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696986655, "uuid": "6bb6e518-ebbb-4a5e-b82b-72d0b71e1005", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986655, "uuid": "abd091a0-f2b0-48d5-ae87-ed037b7bbc4b", "value": "d49bad0a1313e70b84ce2a7ac7331f7b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c34225a2-67dc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696990836, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696990836, "uuid": "1f122dfe-6626-4165-bc1b-5f77ea9db82d", "comment": "Malware payload (RedLineStealer)", "value": "5167d8ffa0a386885738ff5410308888", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696990836, "uuid": "8a0d1e6a-537e-4e69-9a7d-f8907e236358", "comment": "Malware payload (RedLineStealer)", "value": "1a1a1daa83faa838314a8922ed3eeea445396e3108d39287b1c772603d880341", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696990836, "uuid": "d7549fe5-b75e-4dcb-b501-b016d51995a4", "comment": "Malware payload (RedLineStealer)", "value": "6075b7627417840599344ef1fb78d3e9d1e0b099", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696990836, "uuid": "760fc8b5-d665-4065-8965-d8bfc8ce7682", "comment": "Malware payload (RedLineStealer)", "value": "d2fc4789ae59761977ea63ddf8afbabdc625cfb8f8b38ad070381fbd1b2e13223100c45d5813996822769f681825594d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696990836, "uuid": "841bfd88-dfa4-4456-86c1-304d9a2155c6", "value": "T1333523116AE8D536CDF42BB05CFA066B4731FC6385B88A1B22B19D4E48736C0AD7176F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696990836, "uuid": "f00bd277-bd04-4549-a110-333ef8d43c62", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696990836, "uuid": "b6ba9f9c-d38e-4bd0-a7dd-2a212f593c68", "value": "24576:/yTRlY8fpjDRTKrLmi+h/UHLJaYUjQN3xL3nuN:KVlYUKrLKiL8YU8NBL3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696990836, "uuid": "a9611333-489e-4faf-803e-64f7d9645172", "value": 1132032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696990836, "uuid": "c521f284-e518-487b-a7d0-e233ae11d078", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696990836, "uuid": "a78c667f-391f-4ecf-8ee2-c6fdb9efefb0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa1bcc4b-683b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1697031596, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031596, "uuid": "67fc9cf1-4a1f-4404-b3a9-17df7b88d10d", "comment": "Malware payload (AZORult)", "value": "24967937a465c7e1ea8b384c9d92f5d3", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031596, "uuid": "2aa6f389-55ca-48a7-b2dc-f28f51349385", "comment": "Malware payload (AZORult)", "value": "1a3de142e6c356e50bb0e69a134a71a4fe8361488d3ce9a83dd807c0aca55659", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031596, "uuid": "f4133122-7986-48b7-9346-a6c23013fbcd", "comment": "Malware payload (AZORult)", "value": "17009956bf34e34d262676f19e3ff726d27c3b55", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031596, "uuid": "7bb98a14-7b71-4516-b360-718937d598ff", "comment": "Malware payload (AZORult)", "value": "8a20ee88476416182b8f46e751a102e6c73ff5f9f9cb0311e7b074e300fe1081ad534d48ea9770697f5a33f32fdb046c", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031596, "uuid": "798fe0dd-e57b-4aac-8af0-170b2879929f", "value": "T170B423D92AE19C59FE03A63024F19F3A957DFE52D6328D0FB34926123953926032B35F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031596, "uuid": "5aa9bdab-a172-4385-b2ba-da54d13dc858", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031596, "uuid": "ec4feb4b-3ea5-4bda-9b6d-9e845fb18d28", "value": "6144:1z2yP2Jpa7kvjWV/s7MXT8DtEn95Vo3sarOrTZJNynXsUrk2fUJaZqicB3oUJfWr:YskvJ8TStcAswOXEQvJEUj0UQPr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031596, "uuid": "df56138e-e014-4de1-bb3e-59a622385f72", "value": 519030, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031596, "uuid": "91b115fb-eeeb-4feb-a5cb-85a8f748144e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031596, "uuid": "0d4ca91d-a7af-4218-b44d-9da587fcac10", "value": "1a3de142e6c356e50bb0e69a134a71a4fe8361488d3ce9a83dd807c0aca55659", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c0150503-6801-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697006722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006722, "uuid": "726d7c10-0515-4cc4-a8b7-ad21c8e6b13c", "comment": "Malware payload (Amadey)", "value": "248a34f1ca11e601c65436a291ecd855", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006722, "uuid": "2ba8afb3-d0b1-4705-ab32-e659bdf860df", "comment": "Malware payload (Amadey)", "value": "1a5a56d69f9bdf9f5e7f46b16480609f60585fd500dd2ff263934c49b4df914f", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006722, "uuid": "d2e55db4-6082-4c2f-bdf5-bc9a7f7532ed", "comment": "Malware payload (Amadey)", "value": "151dbfd46be41f6517810a9f5112b109cf075770", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006722, "uuid": "87dcd1fd-fded-4c40-bfed-ecdef18f61e5", "comment": "Malware payload (Amadey)", "value": "e9344a1bbb02424540c665a6990696fd9724cab4f4a11a922d64d6caff2d6ffd9052179413f65a43c1e83b2d6826c7a5", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006722, "uuid": "fde371ad-85a8-431b-ab52-1f39fccaad4e", "value": "T10544BF01B4E1C033D972253609E4DBB55E3EB8310EA59DAF63E8CF7E5F20681D721A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006722, "uuid": "7aa0d18a-ec13-4516-8434-7e467d1e85a7", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006722, "uuid": "ba978f0c-b01d-4981-a40d-81b6aa8f2bbc", "value": "6144:7CXmaK0Gm8XTX/lbXat6ULk+j5cNAOsvAt2bAqIan5:GWaxGm8DX/8CmvA3s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697006722, "uuid": "842fcb24-8e0a-4a47-9758-a2af042754f2", "value": 261896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697006722, "uuid": "d4c56147-efa9-47f1-80e8-e5534ab9c0a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006722, "uuid": "c5120f38-f832-4d99-89c2-1fca1dbd8b12", "value": "248a34f1ca11e601c65436a291ecd855.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "244b0954-6849-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697037384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037384, "uuid": "07398b8e-dd4c-464c-b5e4-09366b191f6f", "comment": "Malware payload (RedLineStealer)", "value": "a23335dbc92a33f37f4c2d7216fc4b02", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037384, "uuid": "ac87a58e-445f-4c5b-85fe-376bf399b9eb", "comment": "Malware payload (RedLineStealer)", "value": "1a6a7bee8576151acf9130ee52eb90939018bb9910ac5d8cbac30fba81062d24", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037384, "uuid": "a106ae27-fe42-4f04-8df8-c9d01a31ea68", "comment": "Malware payload (RedLineStealer)", "value": "44c0a2d45680b63f4de549ae152501366054d286", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037384, "uuid": "c85a8747-230c-4156-9d93-88b0ac81d9c6", "comment": "Malware payload (RedLineStealer)", "value": "84981607b9cf47967df32725ba20c9b2fa776a27eb73e1f3a01e80dea6989cfa5107185faaa6c33c00b956d728d9ad01", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037384, "uuid": "d41ff412-ddb5-430b-936d-f7eec37fb94a", "value": "T15344AE11B0E1C232D53215360AE4EBB65A7EBD300BB199EF67A40FBE4F303C19675666", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037384, "uuid": "41e6098f-5999-497c-833e-4edd99b17588", "value": "9854fe208003549216f1ebd6ea57c6a1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037384, "uuid": "b00504d8-dd1f-4d8a-bbeb-4ee42f464d2b", "value": "6144:PDmaELENbffhzJ8uuJ3f6NkI+p9AOxbpG7FXsw8Gn5:PaaBbffkLj9P1G7FXsdw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697037384, "uuid": "7b7ce379-3c4b-42f7-a08c-1d25788b9006", "value": 264456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697037384, "uuid": "7bee83d5-8254-47c6-ba28-86a6da9a98dd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037384, "uuid": "0b9444ff-b9fd-4b82-84b9-328244ca11f8", "value": "a23335dbc92a33f37f4c2d7216fc4b02.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82db3fba-683e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1697032818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032818, "uuid": "e788d2bc-4a5d-4edb-a20e-b2a03c02fc1e", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "ccd361319685d17e363ad586b010995c", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032818, "uuid": "2029fb37-5c9f-4c6d-98e7-d2fcf92933b1", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "1a7ef37024ded4ffd1a1e2fbf0eb0f8d17833aad72ee326fac80be614536bd16", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032818, "uuid": "04c50882-8171-4143-bc34-b39567ea26ef", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "d71331eda82ac466be317427446ad4fa58e79b76", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032818, "uuid": "5d42e006-ad9f-4942-985f-89a5c08708c2", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "db708058f955b039cf683e4c02024e04112bfdd60c619847474a07998fa33590deabed0e2877145f834b48733ccadf17", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032818, "uuid": "c0222661-48b1-4439-9464-c58c9c2136d4", "value": "T11C44BF11B4E1C072CA72253209E4DBB55A3EB8310BA599BF57E80F7E4F343C1D76166A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032818, "uuid": "ec490d6a-5445-461b-a18e-20dacaccaf8d", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032818, "uuid": "0779bcaf-fe75-4e76-a9f9-bced241a9836", "value": "6144:CCUmal0Gm8XTX/lbXat6ULk+j5cNAOnFB+BaIan5:nta2Gm8DX/8CdFms", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032818, "uuid": "afd5cadb-ee36-4f85-afa7-81b33b3b1b81", "value": 261896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032818, "uuid": "64de7d30-3ed4-4448-b901-6c3c386cfa1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032818, "uuid": "507d2897-5cff-4a7b-949a-8e74552d2f7d", "value": "ccd361319685d17e363ad586b010995c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b51866f4-67ef-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696998972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998972, "uuid": "6310add2-8a7d-4ab3-b472-b493ac629a0c", "comment": "Malware payload (AgentTesla)", "value": "eb05d45ff60a5fd5ea43ed782e967600", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998972, "uuid": "35b487f2-ffbb-4456-891b-f06b5464faec", "comment": "Malware payload (AgentTesla)", "value": "1a859811fdfba33b98896584e62d68fc6c265bbd9b533ef54683d86f9d0e0996", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998972, "uuid": "ddafa5ab-0248-43cd-840e-61192933ae10", "comment": "Malware payload (AgentTesla)", "value": "898906e2dc376ab566ddaed035f56949fa01bdbd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998972, "uuid": "8cdf1674-2ed4-4369-9c60-20fca1027eee", "comment": "Malware payload (AgentTesla)", "value": "017f69565d9a4b172918ca19162aa9eb51cbd3f46b161d07cf0750b763edfe7e18ac6fed6e28c89abbd6f2e36e42afeb", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998972, "uuid": "579ebb10-d53f-4bda-8165-677cc3d2a7d3", "value": "T1F5A23915BBF89732C5BD277559B3914103B2BAB79892DB5C6CCA20EE2A237800111BA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998972, "uuid": "fdbd884e-5b68-47a2-9124-c4ebb6caa086", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998972, "uuid": "8386797d-1283-4690-ab5c-5ddd897b5dbe", "value": "384:9kKZI50qoIs/sLnhjHHy+NDwPEdjR3m9B1vlfzh3ulh7Ju:mlyqjs/sbYkWHBthkHu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696998972, "uuid": "c0b841c0-55d8-46e1-8935-809788bf07d5", "value": 23040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696998972, "uuid": "071f462b-0147-49e1-9598-7946be906675", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998972, "uuid": "e222f2c2-b5cb-470d-8790-7c62f549af1f", "value": "eb05d45ff60a5fd5ea43ed782e967600", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12b10008-6820-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1697019745, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019745, "uuid": "2a3ef0b6-901a-4558-b39f-24b59d05eab3", "comment": "Malware payload (DarkGate)", "value": "41df43e56e01f43933de04bb60fc1a92", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019745, "uuid": "d9670075-fa5e-4f96-935f-abada2894057", "comment": "Malware payload (DarkGate)", "value": "1adf8384033acd54b0cb29d623812c492cf5e60dd8d8caea368fd426f3105f23", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019745, "uuid": "2695fecd-21bc-4c2c-aa0a-39ad8831e96c", "comment": "Malware payload (DarkGate)", "value": "dadf7147af3422f00d7877ee3ccd51d0fffa4f8d", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019745, "uuid": "d7e0f41b-4c80-466f-9d90-4afdbf042770", "comment": "Malware payload (DarkGate)", "value": "119ad1403a828964fb2b4bef86b56a951ef550f0bed2470ccc0b92e3171221a18ce8e7baa9fbc9645bf6ce4661deac43", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019745, "uuid": "e1f0bb67-6ca4-4d07-8df9-ada060033a86", "value": "T10AA4D0613BC9C13AD2AE063785BA8B6626367D751B30D0CBB7903D6C5E316D3E939312", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019745, "uuid": "c8d4665e-6b5b-4ef6-bf07-f33851ea1aa1", "value": "12288:StvRQ+gjpjegGpo8gAQHmCVAaIxUh6osx:StncpVGb9wqUM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697019745, "uuid": "25dc2d27-4ed9-4933-9e8e-198653e72b3f", "value": 491520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697019745, "uuid": "35634f17-917a-456a-abb3-97a7d73e0083", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019745, "uuid": "9168681a-9438-40cc-b23f-f6b0a6d5dad9", "value": "Report-103.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9cbff85c-684c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697038875, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038875, "uuid": "18f21384-3606-451c-b3c3-942294478fcb", "comment": "Malware payload", "value": "98cb499bf0262e7cca3f9cb6dde6dc55", "object_relation": "md5", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "strontia", "colour": "#7ACB24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038875, "uuid": "608cb3f5-c9e8-4313-ba44-9ba1105c932f", "comment": "Malware payload", "value": "1b07405df7bbbc74be528743bc8b51ce35b2f202bd49cdce6f38d16a10058c3b", "object_relation": "sha256", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "strontia", "colour": "#7ACB24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038875, "uuid": "01de6b65-70a6-486f-83e1-dfc59453a555", "comment": "Malware payload", "value": "e3a5c9fef08ecf2fa58f60b3a909032e2cc075b3", "object_relation": "sha1", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "strontia", "colour": "#7ACB24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038875, "uuid": "da767e4d-18c3-4226-98bb-4beb85b00287", "comment": "Malware payload", "value": "f8f23b0facb6baed7c88dd66b3bf9055cf3c17d1afbdeecd998595660d85528231950a6409e51e1ff8e1b9fe4e0f2c5c", "object_relation": "sha3-384", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "strontia", "colour": "#7ACB24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038875, "uuid": "df652b4f-73f5-47a6-9941-b0f25185f10a", "value": "T110252350DA6DD60EDD8FA4B3812A6F5BD4E38D1859D19A08E3C0F96C9374F0CEB72621", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038875, "uuid": "f15ed268-18a7-4de2-aacf-2facd6ec010f", "value": "24576:V7KQCnuCKZ6dv0uNYFN3Zbb4vqprFWuV4v2pym0auc4lX5Y:NKQE/MuSn3ZgKUlj9RlX5Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697038875, "uuid": "87dd4d93-cc49-45d5-812c-e8c0a7939aff", "value": 1028849, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697038875, "uuid": "77720719-cb44-4f95-b908-5f70c4099b29", "value": "image/png", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038875, "uuid": "d5626b1d-263f-4a83-9bbc-cc2440c42a37", "value": "strontia.vhd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f081f2a6-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (404Keylogger)", "timestamp": 1697052330, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052330, "uuid": "d430c4b6-2d90-43d6-b8f0-984711ae5665", "comment": "Malware payload (404Keylogger)", "value": "d0353793c1b34f03e2c31d73c56f3abe", "object_relation": "md5", "Tag": [ { "name": "404Keylogger", "colour": "#252FF9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052330, "uuid": "72faaff1-0390-4de2-a722-b7147bbea7a3", "comment": "Malware payload (404Keylogger)", "value": "1b5fd1069eddccb6aa751575d2e241dcaa5b2f4969d97dd6854950a8de2a8794", "object_relation": "sha256", "Tag": [ { "name": "404Keylogger", "colour": "#252FF9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052330, "uuid": "d91906d4-fa23-4f3c-9961-8708478a8e7d", "comment": "Malware payload (404Keylogger)", "value": "a472241443a2968faf768e5c75e495b490b6538f", "object_relation": "sha1", "Tag": [ { "name": "404Keylogger", "colour": "#252FF9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052330, "uuid": "2e8d68c3-7b57-43a8-aeba-b35ef6d0ae51", "comment": "Malware payload (404Keylogger)", "value": "12e0af75155ccd8bc1143105a764c79fb10eaad85fd224466618a3b976043cca3ee7bd2db9540a533b92653bffa1531b", "object_relation": "sha3-384", "Tag": [ { "name": "404Keylogger", "colour": "#252FF9", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052330, "uuid": "48b40c12-7c5e-4fc2-9222-5b5ba56a1ed9", "value": "T171F40128336C8B62D13D8BFB15B4025217F5751B397AE3AC9ED118CB6F60F428465BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052330, "uuid": "5e0c6445-ecf0-40ed-af88-f4d700769477", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052330, "uuid": "07dd96a0-5ff4-4f6f-9603-a9f859165440", "value": "12288:dDX9KFs2+PUmRD2lnXbJzeK62p1dVdGsGZ5kg6py8S7CYsTmdcrVe:dDt2dwUWgbMB2hmsGHLF8S7C/TmOV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052330, "uuid": "1496cb55-8d7f-4c4b-bccf-c448e1090b98", "value": 738304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052330, "uuid": "9320d332-2aca-4b59-a9a2-7b98338d9dff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052330, "uuid": "3cfddaa3-effb-49a5-8f79-08289b2cd3ac", "value": "\u06a9\u067e\u06cc \u0641\u0627\u06a9\u062a\u0648\u0631 \u067e\u0631\u062f\u0627\u062e\u062a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcca04bb-6831-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697027332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027332, "uuid": "1bfa4288-49d3-4fe2-8a39-f1074c93899e", "comment": "Malware payload (RemcosRAT)", "value": "0ede6a9e975bbc0f20629ccfac7db0d1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027332, "uuid": "051b296b-92d4-4549-8e33-891763faad92", "comment": "Malware payload (RemcosRAT)", "value": "1c6b0eb5c224c46a65fb5022852905a1293a148bd97bb81593b813e8ed814ba8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027332, "uuid": "f04efc42-d0fa-4e26-81f3-0f5ea2ea59f7", "comment": "Malware payload (RemcosRAT)", "value": "a04d34a30d85ad10c2c1a42a2dbc83553df781d3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027332, "uuid": "f10f20cb-0672-4a5f-b366-28274268962d", "comment": "Malware payload (RemcosRAT)", "value": "c27e2edbf9c5b85d5d2ff68a49fd7e00c1d52b9aad0a3e2bab9c4122d26054ec937a4dcb79b2900a32c8b4089feab19b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027332, "uuid": "c93bdd12-8e3d-4a06-bedd-59fbf4836189", "value": "T19425123823BC4BA6E23E9BF655A0025113F6B527317EE35C9EE518CF2E20B428555F63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027332, "uuid": "65bff5c3-de1d-44cb-aa1e-9d296fdc03d4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027332, "uuid": "3f399987-6574-4ec5-a45a-7cee9f82bf70", "value": "24576:wPtnW86UK7tqiLOzwTikEVCNgVn/NQOw:onWFkivhngd/2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027332, "uuid": "f40d17d2-8282-4cfb-ad26-12442e6f46bb", "value": 998912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027332, "uuid": "ac100e2a-08ed-43e9-9f1e-1ae92fa066f9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027332, "uuid": "b18683fe-4bda-47e7-b533-b549a3f4b833", "value": "PAYMENT COPY PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48663c57-6871-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697054625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054625, "uuid": "14b8aa3b-8946-4791-b0b0-1012bd6bd86b", "comment": "Malware payload (Smoke Loader)", "value": "d54ef37e91e2c93ca20af378d1b9b492", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054625, "uuid": "5035881b-1399-4f44-92fd-bfb8f014baad", "comment": "Malware payload (Smoke Loader)", "value": "1ccc9eb2cbf1784e6156b1dc0cf3ba7537eef4edf3feb72c3ddeac4e0f7bf5e8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054625, "uuid": "1ded038d-1697-4f92-80d2-d2cb2406a245", "comment": "Malware payload (Smoke Loader)", "value": "ebee659706326b86c2ee6b23d9130999b36200aa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054625, "uuid": "8cef8b97-e049-442b-bd8f-06ec84cd3530", "comment": "Malware payload (Smoke Loader)", "value": "bd44c3f787f2af7489e8db40cafbc0c618167be6105fc5342435a2c80232e7aa40bb4ce80b4c66e74a0c4b4374d6ef8f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054625, "uuid": "8b88a441-5d68-4974-9482-7ce7362c6c54", "value": "T1C424CF117942D7B2C7474074B828CAF47A7ABCF69B58498377A83F6F7831382676B250", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054625, "uuid": "edf79239-d334-4d26-b3fd-49f8fdcda95f", "value": "b2f8285ab6e05f63bbd54e786f8fa286", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054625, "uuid": "c4e37c7a-521a-41cc-91b9-bd3349adf5cd", "value": "3072:lX5Q6XuCHkgB2tPMPQbzeRdinVKwFXcKn225jXIqTG3t:hSoHk+2tPMob7nIEXIqTat", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697054625, "uuid": "a0d4d30d-ef5c-4d52-9418-3819401dea0a", "value": 229888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697054625, "uuid": "315526bf-2a73-4784-9c3c-7db48ae36b16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054625, "uuid": "4bdf7311-4889-4977-9ab3-649b7c23014e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "544e2840-682a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Heodo)", "timestamp": 1697024150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024150, "uuid": "a7b2b3a3-e1ba-435b-b530-4fa45f5ef0cf", "comment": "Malware payload (Heodo)", "value": "3464d1af70e8ff74525e87c6cebd0e6d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024150, "uuid": "bd9a1b0c-fd73-4245-8338-63d1436b049c", "comment": "Malware payload (Heodo)", "value": "1cd57050ed9c6654ffe89a96596dbf4e295b1ee3ec00609ef682adf6fba8601f", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024150, "uuid": "668b7b4d-c81e-4f1e-90f7-2cb9ca623942", "comment": "Malware payload (Heodo)", "value": "f6df5ab3d5a064ecce91e1e0ae39821f346ff53a", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024150, "uuid": "12dee0b4-1bb1-4c3b-a0b5-c0a71d92eabc", "comment": "Malware payload (Heodo)", "value": "197e4f7bca032896c856d45a140a8a78efcfa5d44c4607ed18b63351791ac4c0b0c86d69a644e86be1927c79230c5856", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024150, "uuid": "1eb6731a-1b34-4abe-84cc-22127a862ce1", "value": "T137C33A00F39381F3DCA30DF225B6B22ECB791E077064DE9A83981F57ADB5245A669C1D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024150, "uuid": "5890edac-9afa-4cc4-a503-93f470c18748", "value": "1536:WuYPPzq3ZTRgSOrPTjy8sRgXhSJufpUL/P9jl00Ieoll/l6x3I4PipaMPtlVI3ui:WtPPusjfjy8suUlpAv0x+76+v8T5XDH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697024150, "uuid": "05601268-b272-4b1b-baca-043e9e47e9a3", "value": 120320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697024150, "uuid": "4bd3f67c-0640-4d66-b48c-c419a56dc99a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024150, "uuid": "3c668c86-178b-4bec-afcf-58cca29c3625", "value": "19b0124f2e4f223113bb11a84765a6c3_payload.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d2c3fc1-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697052029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052029, "uuid": "e8e8c390-8399-40e6-ab8b-10981fc316fb", "comment": "Malware payload (AgentTesla)", "value": "90f9c41874f1e74550b8c0b0b5662659", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052029, "uuid": "7162af56-8261-4505-a7b8-08ac54cbaf59", "comment": "Malware payload (AgentTesla)", "value": "1d7ba87ef098e682fe446aff99666187825ea04db1b8d04ba5f9fa26af14fa9a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052029, "uuid": "fb1cdd3d-8d3f-4ff0-a717-adbbdc37a63b", "comment": "Malware payload (AgentTesla)", "value": "0c525ed5e332590bab5593cde084628e0d5796d8", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052029, "uuid": "30132a54-e96c-4790-bac5-a4e2aaee9f6b", "comment": "Malware payload (AgentTesla)", "value": "bc43ad9c1ee448c97611da76fc1fc09dab009a11b89575bb7e4e5080fcae93a7c994323d0038d6c0e7696eee3f3a2ab3", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052029, "uuid": "cb11e9bb-9918-4056-8214-95b714b76aae", "value": "T1C8257DD1F1A08D9AED6B06F1AD2A643011E77E9D54B4C10C1E99BB9B65F3302209FE1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052029, "uuid": "757ed402-11d3-4846-992e-bf95df84b913", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052029, "uuid": "cc96a5d0-eb2a-478d-b241-d7ee284b26c2", "value": "12288:6PYX9KRblk91UhMOdzyYw/tl7WNr9p7+kuYo7uMpR8XpZ:xtse91G1d+Y8tQLCrppR8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052029, "uuid": "020f43eb-136a-4581-bb05-c4d2e6029c4f", "value": 1017344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052029, "uuid": "cf0f66c4-37c0-4c07-a1f1-dab8595b6c98", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052029, "uuid": "72d23738-e174-4b4b-98b4-3ca35eabf219", "value": "\u00d6DEME ONAYI KOPYASI.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74bb637c-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050833, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050833, "uuid": "942cc03d-63cd-419f-aa0c-ba3ed9e33495", "comment": "Malware payload (DBatLoader)", "value": "c9bec437d3dedc954b1a0f84591225f0", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050833, "uuid": "ec640a93-2a5f-4c72-ad05-c64f7b2f6d08", "comment": "Malware payload (DBatLoader)", "value": "1e991070923ebc777c64777b1a9be7caf9b33286d73b66fb661e0d846298f1ca", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050833, "uuid": "cfc8f7ad-30bc-4652-8205-75dfd4918b14", "comment": "Malware payload (DBatLoader)", "value": "11501c5370afd4a436ca9a5ee0ae4ecd73f4ccaa", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050833, "uuid": "39ddd4a9-b750-4eae-86c6-d47fcd0ce530", "comment": "Malware payload (DBatLoader)", "value": "4bcba41351b40fae3a4d93ec5a95f8758d856f843bd2a1459878af8a5f092b3091e5b004b31b50c998b748405a324ae9", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050833, "uuid": "16530796-04f0-425e-9226-8b1521b3ee7d", "value": "T180355B34B3B608B1F5697675D90AA7F41DFF27AEA9042899C2793D1B1CB27816F1002F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050833, "uuid": "fc081b13-b429-4a5c-a5ee-1d5c7b9af511", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050833, "uuid": "d34e0ce6-aaf9-4e5b-98d9-faca3c01d488", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g50:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050833, "uuid": "6b956482-4efe-4c14-bc3b-191c252b8517", "value": 1124352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050833, "uuid": "8406c213-c7ff-4132-928b-c49a9e2cff81", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050833, "uuid": "f5e9a411-2315-408b-98be-605fb24b1e36", "value": "Wcxhjpxgmpnjez.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f7eb836-6829-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697023632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023632, "uuid": "09417bef-fb3e-4968-b8ef-4ab80eef4dd7", "comment": "Malware payload (AgentTesla)", "value": "3571b3ddd04a5570e24dbadb2df4a4cf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023632, "uuid": "3eae1939-597a-4190-93b3-0c8319d10619", "comment": "Malware payload (AgentTesla)", "value": "1edae6f6414c58eda19ed6eb959faf9abc05748f1e9ec3b33716e824f2b86fd7", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023632, "uuid": "eee4978d-6c37-4628-814f-45a73742c2ff", "comment": "Malware payload (AgentTesla)", "value": "5efb5f5b7bd0dc1054661c9c942b91c0e616867d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023632, "uuid": "105d3576-b59f-4b2b-8997-be9eee33a61d", "comment": "Malware payload (AgentTesla)", "value": "8699e1155b6d42bdc1ce84017577947022205351fcb7e17de489eaff291ff722e88dc4bb0a312645190502808391728d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023632, "uuid": "8916f842-1c9c-4d06-ac28-47c0cef1f268", "value": "T121C4235EF5C533D85068A84AC36254D5C73E2C38C7594F82A6E6EC9B0EE395C4ABC4BC", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023632, "uuid": "1fd25443-eda5-4e3b-8239-bcdaa86f74c1", "value": "12288:FUip+IxICYl+4J5jM2z8fGug5vpzgPC2ExWhndQT5jtiP3:Fvp+IiBl+b2zNP5ZgBr0u/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697023632, "uuid": "aa1fa890-d539-4549-b373-6b64dcc43573", "value": 584527, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697023632, "uuid": "2302bde5-add6-4a3e-97ff-2be8f267187c", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023632, "uuid": "c032c223-14b3-417f-b843-4c1618ce3822", "value": "Scan_Docs_SKMBT Filled CompletedPDF.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "30a9ded2-683c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697031821, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031821, "uuid": "25185efa-cdae-47f1-ad0b-38c6bc8c21c4", "comment": "Malware payload (GuLoader)", "value": "e0e523c11c9633506225aa2b1f87c255", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031821, "uuid": "de349ab8-3588-468b-9aef-ce36b5d79d56", "comment": "Malware payload (GuLoader)", "value": "211f2511979570b429ef692921847c1b4ac9b34c06fede21115fb4db214ea82a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031821, "uuid": "cd475bfb-48d0-4002-b8f0-a8746eec6df2", "comment": "Malware payload (GuLoader)", "value": "d67f9445a32f2c8c4057b69b929b6b9a63ec0673", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031821, "uuid": "1ff6e3a6-adc6-4cae-a47a-ecd8ab5e6f8e", "comment": "Malware payload (GuLoader)", "value": "15f3cb5186bbe80ed920e2f169c4240e9141d213107087e48815e4b88fe177ed764045a1efbfd3c427f8056b27dfeda1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031821, "uuid": "55987dcf-63c6-4f4b-b81d-7273c5d72d07", "value": "T1BC45016AB669D15AE5BE6E76DC1EC0F0A5B8BD67D820130B3194FF2E35F2301140BA5C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031821, "uuid": "dff9b82f-82ce-4e9a-851d-58ecd7f36b7e", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031821, "uuid": "00922788-6039-4da0-abdf-3acbc8b3f3d6", "value": "24576:8CVIPeJg4nk95ACjKC4onl8Q3wlRjMPybTJmU:rmPb4nIACjKCxl13ojMPybl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031821, "uuid": "de9b2973-e6eb-459e-981f-9814d1e307fc", "value": 1248776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031821, "uuid": "2f1afa33-a548-4f2b-a360-f8576836d036", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031821, "uuid": "5abd15d8-b2f2-4617-b7ba-f1bc6afb116b", "value": "211f2511979570b429ef692921847c1b4ac9b34c06fede21115fb4db214ea82a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b010ba1e-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050933, "uuid": "23b83166-1e93-40b8-a5c4-435bdc31fb83", "comment": "Malware payload (DBatLoader)", "value": "1ccc1a99aa87634edaba7468f7ee54e9", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050933, "uuid": "74587034-ded1-4218-b404-a561e6095c33", "comment": "Malware payload (DBatLoader)", "value": "218b06f1a24c05c5fa1480a3c0153957800fb882d977acd28eb4d853c976fb7a", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050933, "uuid": "cadc602a-86ad-45b5-aa34-795dfcc14a63", "comment": "Malware payload (DBatLoader)", "value": "7ec3392e3cebc4913f12f6a5f8c40202c8befe28", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050933, "uuid": "ea65f25f-89a8-4ec0-a60f-cef6367a94ff", "comment": "Malware payload (DBatLoader)", "value": "0633fc0d26c984e4421216d846afcee6a711119e6e0ab25034b80d3b32375b4188769889f284129e663f024f353e103d", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050933, "uuid": "c3212166-c90b-4297-9443-4dcc90983cd6", "value": "T160356B34B3B208F0F5A97675D90AA7F41DFF27AEA9042889C275391B1CB27917B1106F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050933, "uuid": "6bb3e938-583c-49af-83fc-45169229616e", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050933, "uuid": "ac64173c-d459-436b-a2cb-6f0a5ab58622", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5g:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050933, "uuid": "653fa494-0f07-4e44-a40c-4e63a9af2aa5", "value": 1124864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050933, "uuid": "1de9390e-a409-47a3-a6f3-6e4cbd54809c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050933, "uuid": "9a6d1012-edf6-42bc-add7-1be1418330df", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "160474f6-6851-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697040796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697040796, "uuid": "c4754865-57b6-4fd0-acea-b80d960f47de", "comment": "Malware payload (RedLineStealer)", "value": "b643092ceef03b3bcd88a57dcb3adc61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697040796, "uuid": "95fa722f-4fa1-4138-8ead-a65e2e4f4dda", "comment": "Malware payload (RedLineStealer)", "value": "225c491acaaa62f2c094236542314952772fc1095030dd866c4a227ba6a8fd33", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697040796, "uuid": "dd353f49-f664-4153-bcc1-082fca9790a8", "comment": "Malware payload (RedLineStealer)", "value": "120829b6bac5e4c7f4a2624ac3ec02662a173a0f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697040796, "uuid": "e038aca0-a6a2-4fad-8fd7-9076351daa18", "comment": "Malware payload (RedLineStealer)", "value": "e6d99e01008b38183aa6db743a92daa9be9a22e36b4550df5aeb60e18a4153ce2947393e63fac109e021da5036610d9b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697040796, "uuid": "f46f8e6c-9338-4933-ba02-422093f4082a", "value": "T14B352313A7E8592AD9F0377098F70B935E367CA28DB4134F33896C691DB2A915931B32", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697040796, "uuid": "d582a9fd-b0c1-4306-8693-ce837c72dbd4", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697040796, "uuid": "a618d63c-70d9-40d4-8231-7e0c84bc2c18", "value": "24576:OyVaXKnIBWZ9PWOSY7DKaiZwra/990hQ/bwgOzG4aD:dVaXKIEPWWD/AGXhQ/8g/4a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697040796, "uuid": "eac9dc0e-f650-427f-9926-ac093308dab2", "value": 1089024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697040796, "uuid": "0f2654c7-db71-4ea6-8195-2d7d3bbdb75f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697040796, "uuid": "97a58f77-3f32-4ef8-8ca8-616e9ffa0517", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd2d8270-682e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697026098, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026098, "uuid": "242bc953-676b-4b25-9d4e-9b368b67f4c0", "comment": "Malware payload", "value": "d7f0311003d27c35ec90b34e158c9031", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026098, "uuid": "bd310272-1cf2-44ea-b707-aac937ebf0bb", "comment": "Malware payload", "value": "22607bdfc69f2cc2b38f3915d49a9e7eb65812b8a1ceac418d6a33ddfe2e845d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026098, "uuid": "34e1fe53-8916-4a74-871c-d18de62f07cc", "comment": "Malware payload", "value": "0b42aabbbe839dbe357fe29d818fcdfd687f8d9a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026098, "uuid": "0643124e-f289-49d8-a624-fc396b9ad92d", "comment": "Malware payload", "value": "05e718b6ef66e84f4dcf0f7a1abae900f1d19f1dd6ef1189a60a930c295525181895d98fead8e66de6577dd40f28383c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026098, "uuid": "7e48f7be-20a1-433c-bc89-5838a259a6b2", "value": "T1C4659307BA4789B2C1491B37C6DF049403A5FBA17723D60A798F236E59433BB9B49327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026098, "uuid": "27c93f02-c5f7-45bd-b197-44a6c346e426", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026098, "uuid": "cd44e69c-5325-49f5-b393-69491477b73c", "value": "24576:SSiKoaUTl9KrA0yx2OcxjfL3DURWVdquLrcquiQLHNC:qKoGyr2dbcquiQQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697026098, "uuid": "7e9c4901-8bb7-4046-9dff-f49fde8645de", "value": 1526272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697026098, "uuid": "c01cb776-bac8-4f99-80cb-cfeb35554330", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026098, "uuid": "856aa2a2-3fac-4c0c-8857-6834cc03fbb9", "value": "22607bdfc69f2cc2b38f3915d49a9e7eb65812b8a1ceac418d6a33ddfe2e845d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48973aed-6839-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697030573, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030573, "uuid": "e2a3fe06-383e-492f-9001-e3d30ae9835c", "comment": "Malware payload (AgentTesla)", "value": "0f7ed2a31d75ee9ea6c970f45c4feed7", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030573, "uuid": "73298cca-eea1-4aa8-b976-a9227d1c77b8", "comment": "Malware payload (AgentTesla)", "value": "236fea80d391c6d642ec10a7710c6cf220610377441fc3ee5f2c1bfff0c01ecd", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030573, "uuid": "e56da40e-3743-464e-b954-e79dc5c1db2f", "comment": "Malware payload (AgentTesla)", "value": "c950aefb79249bde816b5a2cdbc68a2558d03a8d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030573, "uuid": "7e34ed3d-c7dd-41f1-9493-6894942e471d", "comment": "Malware payload (AgentTesla)", "value": "7e9091f5dd26875ba23edb84f64b71e42405318e0cc846bd08518f40dcf55f454a95a593b387b27d78c9dc03edf902f2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030573, "uuid": "797e7ab5-5ded-4351-aefb-c948e8abaf49", "value": "T152F40224239C8F66E23D9BFB56A4021107F57527343EE3AC8ED159CB6E60F428465FA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030573, "uuid": "1b1b621a-08f5-4398-800c-a94f65e78746", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030573, "uuid": "0f8aae35-bb1c-4cc8-9a11-3ef4a726841f", "value": "12288:i8X9KYFeLcF2hJ6ekHzBfETABa46iHx/Jy00XmvlT5iVwJ3ERh:i8t7FEcF2h8rusBaypJyRmvF0wJ3w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697030573, "uuid": "9325bbcb-2dd4-4ec3-b3d6-22acac425274", "value": 744448, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697030573, "uuid": "122820a9-294b-444e-b675-3bd00bdf5757", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030573, "uuid": "6e5acfec-c97c-404a-994b-0df98fae5bb6", "value": "New Order.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b6d7d6a-6817-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1697016055, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016055, "uuid": "2b0bde09-602f-4467-88e8-5227f52a4401", "comment": "Malware payload (LummaStealer)", "value": "7330bb88f58fbd331df76764ae3fbcd4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016055, "uuid": "353e71a1-50ab-478d-9a17-77b5e3771faa", "comment": "Malware payload (LummaStealer)", "value": "23c48b68e8d9cddab0091ed28492be97dd80aee0773f83314c05b3528ce60691", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016055, "uuid": "be2a2bd4-6c63-4b1e-b1aa-cf7e66e82ed9", "comment": "Malware payload (LummaStealer)", "value": "18fbde7faa611c735cf63b94915d47a87cbd2c7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016055, "uuid": "0323aa7a-62d5-4f24-9e4d-506ec800f831", "comment": "Malware payload (LummaStealer)", "value": "74d3cd02d9876c60e8a709239c6cd03aba1d29412fb17465fb8a6794246c8ae6426f190a28453a6ca653d616a06f8905", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016055, "uuid": "311e941b-238a-4cbe-bbe4-747d83d6b204", "value": "T17144BF11B0E1C432C972253609E4DBB55E3EB8310EA59DAF67E80FBE5F34381D721A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016055, "uuid": "d527fd7d-626c-4b3b-872c-3bf4f7f06273", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016055, "uuid": "a37f63e4-db27-445b-878e-5802546d7109", "value": "6144:vClmab0Gm8XTX/lbXat6ULk+j5cNAOs4dmDFIan5:qgaoGm8DX/8C2Ebs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697016055, "uuid": "84c20217-29ac-45ce-9c45-cfeaad961b09", "value": 261896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697016055, "uuid": "79eea68c-e01b-4a30-8c72-6ee0c2a1a95e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016055, "uuid": "5abf25f0-36fe-465a-9a6d-4808684f2a1f", "value": "7330bb88f58fbd331df76764ae3fbcd4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "acdd8605-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050928, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050928, "uuid": "04e96f5d-3f51-453a-8aa1-9aa9d4337c27", "comment": "Malware payload (DBatLoader)", "value": "6bbb51fdeca813e781b6f9f54b438a44", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050928, "uuid": "56d2042f-1939-49d8-84f1-d7a07c57e298", "comment": "Malware payload (DBatLoader)", "value": "240faad2172324c119d325a9396e55f0e635bac9ddf9442340439fc49fdd8bab", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050928, "uuid": "ec314013-afef-49ee-979e-015ea93f9f04", "comment": "Malware payload (DBatLoader)", "value": "d2d51a63e544a7fc7a30af95505c79984f8256cd", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050928, "uuid": "267c9aae-f7c3-418c-8a74-3904fe5d45d9", "comment": "Malware payload (DBatLoader)", "value": "c9fd649d35ac672b0c262ce4c43326658fbdae68b56ffa41374377041520c8d914b758c57cc990263e20d4b0be76afec", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050928, "uuid": "7c7ae198-3c32-4a92-97f3-978a19d68c2b", "value": "T13B356C34B3B518B0F5A976B5C90667F41EFF27AE6A04288982743D1B2CB27917F1106F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050928, "uuid": "a71d25f0-f05c-43df-b718-5cd2e40f4d5b", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050928, "uuid": "ec4df0d0-a664-455f-8cf6-bc1c20a30645", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5D:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050928, "uuid": "992a755a-ea93-4135-9c72-5a1be42b6a9d", "value": 1124352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050928, "uuid": "11c4f2ae-371e-4691-b646-d32650584ca8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050928, "uuid": "c5700965-f9c2-497c-b1a8-9391d366b8ce", "value": "PO#4321105_W08__Pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "652700d9-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050807, "uuid": "3d388a48-d267-40e4-abbf-9e1f028fb942", "comment": "Malware payload (DBatLoader)", "value": "e05a761fb65f761a004b439b7b47d453", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050807, "uuid": "caf63f19-0352-4903-9ba7-6f1e6b3a976e", "comment": "Malware payload (DBatLoader)", "value": "24203f6ff9c3a37b83435aba2835c30d59a502a2238d5ee988d06a5042e23b19", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050807, "uuid": "a1c3452e-bcb9-4327-8ca5-c7e58a566118", "comment": "Malware payload (DBatLoader)", "value": "b037aa5f053ecfc6a307eebaaf2bdf8708c71eb4", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050807, "uuid": "b892dafd-4d3f-465b-a7fb-5d541a1e8ab4", "comment": "Malware payload (DBatLoader)", "value": "a3f99c8dd921ddcffbbfc2707a92253694e52ae53585e98ae9a710e88ec55eb5f37e91893426e1bb4218cf80a4d3bd15", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050807, "uuid": "b57aa4ba-c0ae-4f9d-a823-3d777e284e64", "value": "T14E356B70B3B208B1F56976B5CD0A67F41EFF27A9A9442899C278391B1CB77812F1102F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050807, "uuid": "48770d8e-cee0-40cf-8dda-97bfc13f9ea9", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050807, "uuid": "f111d925-1a01-42a7-949a-36ba95ae1035", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5P:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050807, "uuid": "a1a8c753-37f8-44d9-b0c7-45d66d97faed", "value": 1124864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050807, "uuid": "c5b1ac5f-843c-41fc-8570-fa55e3a31028", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050807, "uuid": "fa2d1a71-2e57-4514-aa76-c724227d92a5", "value": "Bhzmsxipmehkjo.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae16f034-682e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697026019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026019, "uuid": "adf87eea-9191-465a-930e-21130f9feeed", "comment": "Malware payload (Formbook)", "value": "794bfe93bc0529fd625c13d64a86181d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026019, "uuid": "4a795f33-75dc-460c-a9af-9c8dcfd5c7f3", "comment": "Malware payload (Formbook)", "value": "24fda6f39c15cfbb830c40a7634af592ef5a5cfc1bcb8facc0876f8638a24b1f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026019, "uuid": "a4bf7cec-e8aa-483e-aa85-1d5535024057", "comment": "Malware payload (Formbook)", "value": "48983ac672a82052d4809237ee81a53f6cdff6c7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026019, "uuid": "4ca6e81f-5709-4739-91bb-75ca552ad338", "comment": "Malware payload (Formbook)", "value": "23711053ae7b33c8e9b459c250edbf542793fd7b6a0a27f507b7fcb258c02c991103a7ed8eeaeca15aca24db665f54db", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026019, "uuid": "65ffa84b-a76e-44ed-becb-9d77295caa69", "value": "T11C74120463F0C55BD99324F218776B255AF6FC2A14B0EB6B1760FB19F932582C61F722", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026019, "uuid": "3b7c2e9e-1955-4ef1-abe1-23a9ca5b3693", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026019, "uuid": "6224af2f-92d0-42c7-ab86-9d225ca34962", "value": "6144:lYa6If4H5gcKWxM2K83RAaYFvGFl1aUaJMpH9h6XQfslhOcWbB:lYefgycQ2K8B3YFvGFvwMd2Afs2x", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697026019, "uuid": "246501f9-2036-4b81-96d2-f025ffd34479", "value": 347544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697026019, "uuid": "6ba61bd7-f342-48f1-b26d-bfcb00c4228e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026019, "uuid": "07c094e7-9831-4bd2-a086-db4ec56f84bb", "value": "24fda6f39c15cfbb830c40a7634af592ef5a5cfc1bcb8facc0876f8638a24b1f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e85b10a-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697052031, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052031, "uuid": "7e2fe4bd-5d6f-47b8-94e2-efe9c908d29b", "comment": "Malware payload (AgentTesla)", "value": "5f7cb94f4ab08ee714d801d8cdb10342", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052031, "uuid": "e93423cc-b5e7-420a-91b1-0f4a56d5300f", "comment": "Malware payload (AgentTesla)", "value": "25a1ed4595e074cf8f898b5a0e505809372991f805aec43f205c254e8d1ec91d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052031, "uuid": "dddcd076-e613-4376-8bc1-480f7386ee8b", "comment": "Malware payload (AgentTesla)", "value": "1eee64e698b780a13ab21d1dfb31a4dbeb43901b", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052031, "uuid": "34227c82-d737-4ced-b669-5a064683c995", "comment": "Malware payload (AgentTesla)", "value": "8b31e606e9d2e2590b42789cc928e55d2c3f5cd3e369b727cf62e5b161abbcf11c04bc1db23f986a316327dad8774a5d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052031, "uuid": "e46ed630-cc96-4767-8bc0-e99ccc48ada5", "value": "T1A264020DFEA8956AFA3B4E77922B37E49A7D47EEB059A707050C9D3D3B064830D092C5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052031, "uuid": "505af443-ead5-430b-8811-6d6ca1896850", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052031, "uuid": "64999774-08e7-4556-b6aa-881a1ae73c22", "value": "6144:rbJyFMhIorW0wFndl3Swqk6/d1FPCiDPXcEfiu+kPHZnT:rUF4I0w4wqk6/d1FPVP/6TkPZn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052031, "uuid": "c1565615-7479-4194-a0d6-5ec5694caeb2", "value": 322560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052031, "uuid": "c6d559c1-6d86-4cf2-8484-ea57d9651bf7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052031, "uuid": "251c8cff-8100-486d-adcb-9e185e58243e", "value": "odeme.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2b41616-6843-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1697035073, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035073, "uuid": "94cf05ab-eba7-4959-9af1-b13766e751ef", "comment": "Malware payload (DarkGate)", "value": "7f3625037599ece29d4e984ee7550443", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035073, "uuid": "2f754a6b-6fef-4a15-b30f-1010746c09cc", "comment": "Malware payload (DarkGate)", "value": "25abc3b189e2cee6320fc691730a150250b1a8831a5fc126f5665fb963beb8ff", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035073, "uuid": "660d6062-a1b2-47c6-bc7e-a7b16344599e", "comment": "Malware payload (DarkGate)", "value": "b257d9c6cd8a75058800441f4a73da2259ef0601", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035073, "uuid": "97ebe0d0-26f5-4e10-82fa-bbc72fd0ff6c", "comment": "Malware payload (DarkGate)", "value": "459d9522f4c6234266691bf026a2036a9467e38b15018c36d6aabdb01299cb4244a29a612111d673f9e26a1589c06a37", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "pdf", "colour": "#255549", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035073, "uuid": "e7848560-d330-4622-9216-251a6974c3eb", "value": "T12F92C06868B075CFEA9A0401B50539E7068CB373F3CAB4D52259BE984609B78F213AD7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035073, "uuid": "c1ae9152-e747-4f6b-a9de-a506622eb924", "value": "384:u1a2O2F3YUPSwWuwYDGpH6E0crlXwy0imbWipOFp3M0rRSWnr:u1a72F3DqHuwaGpt0crZTiwFxM0r7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697035073, "uuid": "3794b648-1bbb-4fca-9b20-00e7ddf0c221", "value": 19387, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697035073, "uuid": "50d0cf51-3df8-4d91-9678-e78519647fea", "value": "application/pdf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035073, "uuid": "40fd0864-5502-4b12-9885-0fddd8f44add", "value": "j.pdf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d872687d-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066892, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066892, "uuid": "9322975e-fc42-4f66-812d-fc98a365574e", "comment": "Malware payload", "value": "f9ec1fc81f764b17cd4e6080453b954e", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066892, "uuid": "a7d96173-3884-437a-88f5-d951fc9c4a6f", "comment": "Malware payload", "value": "25f08a4ac03b997068072ea4b477b337757d5d26d717245f6599a12412426b06", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066892, "uuid": "3dffe51b-ad13-4fb0-8564-79d1787ec756", "comment": "Malware payload", "value": "45a0a9e0c4e8d2ad32c373440f0b09ca1518ca8f", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066892, "uuid": "fb45fff0-673d-4c8a-9c31-056a54c9fb0f", "comment": "Malware payload", "value": "f607ce658dbfacef37b4ad9d604f72283860a28957d5ac3777ab056890bf70846a908cc9e84be04e7b4721ece239e187", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066892, "uuid": "1b06e313-5ac9-436d-967f-795c82cd7306", "value": "T1BD74232BE478A177456ED81B4F922801EA33C0905EF79346F532724BEE16BCC676894F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066892, "uuid": "341b383d-8220-4d4a-8bbe-05a4e7cc0fac", "value": "6144:EgvFBaA4foqisHVlK4NDN5Dg5ms5Ug1/2yDX6fM5QRDEoyhB2SILa1DHzXEu5SRq:hPCfoqisDK4xDs5UG//D6fM2JE5h1lz1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066892, "uuid": "ed3c58d7-8cfa-4441-a0ed-de23e9e4ada8", "value": 365844, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066892, "uuid": "cc45a056-a1ee-4725-bf99-e0d18150ae81", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066892, "uuid": "40558ef7-81e5-42b2-972c-f7993e0a54d0", "value": "NORT0167_4893908.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2466ddbe-681d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697018486, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018486, "uuid": "10c72c9e-2d88-44dc-892f-f5404885f203", "comment": "Malware payload (Smoke Loader)", "value": "a6fbc73e25c735d0c33287e530311795", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018486, "uuid": "b0d44c4e-4a5a-45cc-abbf-cc522719ba3c", "comment": "Malware payload (Smoke Loader)", "value": "26293e0ccda76f0ee39b65e7d3538b0df51e1eec2680be05bfe566f94e8cc564", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018486, "uuid": "2dd823f6-aac1-4982-8c3d-860e5455b416", "comment": "Malware payload (Smoke Loader)", "value": "2758ce410b9b136e405f776a69483b0abf5b5969", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018486, "uuid": "a760b284-f84b-4e67-9ef6-b1445671b641", "comment": "Malware payload (Smoke Loader)", "value": "fd34a17256f06a5fbaa74d900178913587e46a5ca5a720e28e6ed0dd8e206492639aa02db2735d1307439f285659519d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018486, "uuid": "98e7df3a-dc20-41d1-a57a-1561496c05d6", "value": "T14A24CF117942D4B1C84640338824D6F9653ABF6EBA58DE833B983FFF7E312526766213", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018486, "uuid": "675c601a-6a2d-4767-8419-eecfd7c47d78", "value": "8cacf442a096d56f8e956cabce20dddd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018486, "uuid": "5238a5fc-f086-4632-9bf5-39b512929e35", "value": "3072:nXp/iAi24jqU7jfM83pZrvzOl8CLu13I5BITy:XpriVqUnfL5Y8CKUIT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697018486, "uuid": "c32dd8ea-4f51-456c-9fe6-ab43a934cb12", "value": 229376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697018486, "uuid": "22b952cd-2e6f-4bdc-8107-81b16bf82885", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018486, "uuid": "00612932-9cb5-4742-b33e-014aab0a1fa5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4e9e04c-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066832, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066832, "uuid": "bf6c253f-9fe9-406c-ba3a-7698a90f9367", "comment": "Malware payload", "value": "75e983b6b07169cf8d3eb855d87a3611", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066832, "uuid": "67a7b9fd-3df5-42fe-83d5-918ac4a5f453", "comment": "Malware payload", "value": "270e22521904e3ec2612a61cbc0ca8c2ac6285b0d82c7ae1b3f0dcda43b0a5b1", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066832, "uuid": "387a9038-b048-442f-8401-5f0afb52316c", "comment": "Malware payload", "value": "5ce76489e3117bc303895481eb19f2fc1ceb2edb", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066832, "uuid": "53b359aa-48c6-4c54-8607-50a23d921d6e", "comment": "Malware payload", "value": "d3cc19cf8efbfda75bed5171c173001b96a0ee6e534404a740c2ac8e60a28c0d462eb1dce9075b5bcc2d99dd51341701", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066832, "uuid": "3600bfdf-ca6b-47ab-bcca-5f2c25a138c5", "value": "T194742379A996075DAA00FBF03C7C96B4CE3CBC978775B2FCCB218E0A59E6850152ED44", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066832, "uuid": "885e181c-4ea0-42c7-80bc-e242027bf651", "value": "6144:+XgXnZPH/gpzqOONH/xI1d74Popyd4++Jzg7e+XynrOh24RT/3mt8lLQL:+QXn55OOlx4d74g0d4JMeJITI8JQL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066832, "uuid": "394e23c1-f845-4fe1-8ba4-faf0f3d52b3f", "value": 366041, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066832, "uuid": "dc4e3653-e669-4fba-ab4b-b45f78d5462c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066832, "uuid": "a607a492-afb4-46cb-954e-18fe291e7312", "value": "EFMQ3469_2691164.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c6fe1f9-682c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697025023, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025023, "uuid": "43c2fb88-955c-4514-931c-32db2bee8a44", "comment": "Malware payload (RedLineStealer)", "value": "372683b8df600b0bc3af961c3d66e727", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025023, "uuid": "b7076335-be00-46aa-b23c-6d918ca2c891", "comment": "Malware payload (RedLineStealer)", "value": "27251f8eda6ebe75fd64f71a29f82c5931718cc3279e930bf9433fc1341e598e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025023, "uuid": "53fb499a-75f6-4ac8-a88f-3872b496ce4f", "comment": "Malware payload (RedLineStealer)", "value": "679e7ca5137347f041c129bdaeffbc23d574be18", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025023, "uuid": "8f789f84-6751-4b2f-8320-03917be8f194", "comment": "Malware payload (RedLineStealer)", "value": "d1615eb31261ad0409f98012215e9ab5fa3522ba6ba973f389ffe8cc8906c1487024f31f4ed27aa7f94526be30e43b79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025023, "uuid": "a63c1277-8432-45a3-98e5-ef5159cf488e", "value": "T1792523536BC4D0A7DABA133045F603C31F397CA1A5B5A76B2A4AFD6A0DB3944A171333", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025023, "uuid": "4ae75d59-05c1-4a94-b7c1-e514fbc226b6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025023, "uuid": "2b9f1cb3-b90f-4dce-aaca-65a170374c15", "value": "24576:Py67s6K+LkkcDG3LQXE28i5m7HpvIDA0/suk3toIAE:a67s6K+wkcDG3mEDxHpsALV3e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025023, "uuid": "b1715938-e744-4a8d-bdbe-4af6bb905546", "value": 1046016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025023, "uuid": "be1608a3-437f-48da-b4f4-9097137e033e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025023, "uuid": "f459430c-9e13-4516-a326-ca16a4f7e50a", "value": "372683b8df600b0bc3af961c3d66e727.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fecca17f-686d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697053213, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053213, "uuid": "c7df17a6-17f6-4a0f-a583-21bd25831398", "comment": "Malware payload", "value": "e5b4b71e643c0022918981055568ef24", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053213, "uuid": "51d151d5-83e5-493c-8d2a-ad70fff1c111", "comment": "Malware payload", "value": "278037dbc6fbb6556da9a994887e72647e5b912fb62f175d84dd3c40cceba910", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053213, "uuid": "e8509a32-efcf-420c-9aa9-88b3f3aa4609", "comment": "Malware payload", "value": "b3a2c29b9e484f0b193cb06dd85180fd79e0034b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053213, "uuid": "95cc02f9-2047-4c85-86b5-d60cda2c791d", "comment": "Malware payload", "value": "2c448f67c3f275d2477704ee1ab0f38cbb4e3bbe5c1fcc4680beb9110141c052a198c978e3ee7f453fa27a38d6bcf0da", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053213, "uuid": "196f12f2-d065-4745-81ba-96d9fb05b7e0", "value": "T1EA34CF257582DA72C44770308825CAF47A7EBC72D6894A83375B3FAFBC312D2A767254", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053213, "uuid": "165ce81d-add6-4b9f-aa8c-194df69461a3", "value": "b2f8285ab6e05f63bbd54e786f8fa286", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053213, "uuid": "08eb62df-6a4d-4a4c-80b8-2f1ea70b09ab", "value": "3072:6X5gwlgcv7L3snweziqmPP/kJb3kL911lL5uNz6TG3t:aaA7LcnwuUMJSV8Nz6Tat", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697053213, "uuid": "64fa35a0-31dd-43b3-9d60-77502e343c52", "value": 230912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697053213, "uuid": "2b97a5c9-ffeb-4049-8d10-591e210dfd59", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053213, "uuid": "dcce0191-c0db-405c-a0d1-446ecf16889b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "355ce3c4-6837-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697029682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029682, "uuid": "79b19e34-6e67-4fee-af20-2b1dbab74f57", "comment": "Malware payload (RedLineStealer)", "value": "b2f180eae64c9bb156415af8df3cb7a5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029682, "uuid": "944f456e-cf17-4430-ad07-a00f2768799a", "comment": "Malware payload (RedLineStealer)", "value": "2781d82c9e3393e5b8a6fb1815e9a07372eb96b2afa749c9068a666f6fab8186", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029682, "uuid": "6d762614-3e8f-4549-a5d1-ceb72d083138", "comment": "Malware payload (RedLineStealer)", "value": "f3131863be3c7ff615ef429998337a2027128216", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029682, "uuid": "a03dc3b5-5182-4b4b-afe5-4a00de38275e", "comment": "Malware payload (RedLineStealer)", "value": "974383eb0369601bf315cecb77989071426b76b9e39e482ae0f15fa32cc18507efd8e4211394b59e953c2c1ef9e1a01a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029682, "uuid": "f9f02f93-f421-4eaf-a6dd-813269b8238b", "value": "T153352342A6EC5573DE721BB1EAF712430B323CD10A65EA573746EDA92C739809932337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029682, "uuid": "a6a72e5c-0d28-43a4-a2f5-a1d1e2623fe7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029682, "uuid": "61bac2f5-9e7b-4132-aca5-4f1b0a31ba10", "value": "24576:gyh0xw/oxl7FUKci67+j9iA7Y1R4BEz3gyNFCicIuHeWClOHf:nh6q+Fjk+ZKaBcJyW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697029682, "uuid": "b97da00b-0ef7-45a3-8d01-0e93c32d9dfc", "value": 1092096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697029682, "uuid": "ef08ef3e-7294-42df-9411-288f3da25ace", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029682, "uuid": "6f0acc6d-063e-4e61-9ebd-ce0037b6da94", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "773cbd6f-6806-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697008747, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697008747, "uuid": "a16ed64a-a2d6-4460-9efc-14e82f579128", "comment": "Malware payload (RedLineStealer)", "value": "b5d80d5030a54b3a706f1bb652703afa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697008747, "uuid": "4cb5e20d-b741-4a64-b5d8-02b4a27eccf6", "comment": "Malware payload (RedLineStealer)", "value": "27a47245082a440db35670871859b73ae51e364019887c2018bcc6fb0ae60910", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697008747, "uuid": "95d44d03-7805-43dc-abf4-46c92aab43f6", "comment": "Malware payload (RedLineStealer)", "value": "9ab741673eebccd9016f14a7d3aabf27bbdecae0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697008747, "uuid": "956752f7-3f99-4cd2-afee-0b8a80de1e0e", "comment": "Malware payload (RedLineStealer)", "value": "0f01ed927c35b3597eb79c4f0e7f3e92acac6ad209e93e1310eb9517f9a6e42e2cf52f4bba71003ea223a6523d619a38", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697008747, "uuid": "4d8ec324-a57d-457d-b6ca-5e0cc2fb3db6", "value": "T132352353EBD48412D8B6533098F706930B36BDA55C39932F3729656D0EE3B94A4323BE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697008747, "uuid": "3af88512-11e1-4859-8517-839b908a8455", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697008747, "uuid": "d31b79af-20c2-4eb5-a44a-593ac738387c", "value": "24576:my/L86ZZQCtVDxFoyPmvUj5Ry+IpRV6e220ezD7oRBd8:1/L8ChHNFoyOwLIppbzHoR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697008747, "uuid": "e2057301-da18-4dd2-a9d4-c2c80de34d14", "value": 1074688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697008747, "uuid": "19b2ffcf-fc7a-42a1-8bde-10ee0692ba04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697008747, "uuid": "89d58876-2ca2-4d78-babe-16b36fd7c8d5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab8aea0e-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050925, "uuid": "4cb54f45-22d8-494c-a783-c8dfed117ccf", "comment": "Malware payload (DBatLoader)", "value": "05decb2dd9fdf2e69709e1a37382845b", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050925, "uuid": "9c2ab619-ab4f-41bc-939b-2efa92bbd2b8", "comment": "Malware payload (DBatLoader)", "value": "27c3f876bb12269c818bc4c2efc8c741ca3b6b1b618f631d951e59fa62be90d5", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050925, "uuid": "68a02371-011e-4c9e-a9cb-f78b480cadde", "comment": "Malware payload (DBatLoader)", "value": "ca897d95692e2ff37340c7aca4c0ca85ed8e7c5d", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050925, "uuid": "32c670b9-c719-4865-b9b2-6adcbf88d40c", "comment": "Malware payload (DBatLoader)", "value": "58561dd1302beb0a5d2896af570dfe13abbd1126dad4657aac0a172d31842599415cd25450c3755b3606c7ef6002b2e4", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050925, "uuid": "71dcf03f-ec74-4740-93ff-9b5103d7c18f", "value": "T1A8356B34B3B10CB0F5A576B5D90AA7F81DFF27EDAA4428999274391B1CB27817E1102F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050925, "uuid": "74549633-6379-4697-9ef9-8cde81196e4f", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050925, "uuid": "51e7b916-e356-4575-95ee-f53da11c7c29", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5J:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050925, "uuid": "8493779c-deb7-440a-9a20-5f0efb46b6f2", "value": 1124352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050925, "uuid": "95824007-6906-4b72-8e98-4824a35d7e40", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050925, "uuid": "207ab2a7-2852-4da2-9254-681f53cc24cb", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ce6fb7f-6878-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697057612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697057612, "uuid": "13a2dc81-6865-43da-bff6-f0ccdd07225c", "comment": "Malware payload (RedLineStealer)", "value": "c7ad8c11b80fed6617dbb327c5c0e553", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697057612, "uuid": "b099fbb8-d849-44ff-8d71-81ecb436b981", "comment": "Malware payload (RedLineStealer)", "value": "27eb072209dacfc153cb3202cb0ee3befce4cacf204c384b1489edc37b669b39", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697057612, "uuid": "ade1f3de-1f73-44bf-881e-a4ef3bb2d4a6", "comment": "Malware payload (RedLineStealer)", "value": "ba50ea1a5e4572aea339d58c21d25f6bf8adde61", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697057612, "uuid": "6b2a03d4-6a77-424b-b2fb-97f9c2196b2c", "comment": "Malware payload (RedLineStealer)", "value": "a1a2153cd89b012cc114b9f223bee4344f916dff06468890ccb3e5ddd4f90ba19b1d277238650b17cde0982a800aa5bc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697057612, "uuid": "a8a0fb64-e957-44ad-a66d-d7961316b3e6", "value": "T1CB652326FBED8093E8B53BB208F64B532E71BC734998D2172B469F0B6CB28854531775", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697057612, "uuid": "d40c9024-7db3-428f-ae1f-c30d3662a013", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697057612, "uuid": "4212b68d-0f8b-472a-ba69-19e5691929e4", "value": "24576:Jyn0iaooA9gJybYe1+QSKS7fiTiGI4BzM/gapgEjSHtYpRRnnzv5yT4suaDvrh4t:8ba/ACItIK8fUVBgVyNQDm4s3vO/c1rj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697057612, "uuid": "99ed4bf6-12fe-4854-99a1-6ee953f9d982", "value": 1547776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697057612, "uuid": "085f1ad1-ac54-4aa1-aa51-35df4b754b27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697057612, "uuid": "1398f00e-050c-416e-99f0-7481b6f0cab2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4096508e-683e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697032707, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032707, "uuid": "630d6c4f-bb23-453b-82ae-3be39b84d494", "comment": "Malware payload", "value": "62bc1d0e287775a59307179aa05310b0", "object_relation": "md5", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "sdjfnvnbbz-pw", "colour": "#D40A84", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032707, "uuid": "1c887542-dcc8-4648-85c8-936d05790d0d", "comment": "Malware payload", "value": "28208baa507b260c2df6637427de82ad0423c20e2bceceb92ba5d76074dcd347", "object_relation": "sha256", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "sdjfnvnbbz-pw", "colour": "#D40A84", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032707, "uuid": "08758b67-6ee1-4694-af2f-7d97fb66cd0e", "comment": "Malware payload", "value": "7de12e91dda37e569dfc9e52e0087aafd3a6456d", "object_relation": "sha1", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "sdjfnvnbbz-pw", "colour": "#D40A84", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032707, "uuid": "4c9767da-6db0-4af5-a552-1ee44768a85b", "comment": "Malware payload", "value": "7a0f97df22268f2c57966e2809689b61e526a40021512a8961f083e300ad0b5fafc7387c057d496eb24bdb8c4f5193af", "object_relation": "sha3-384", "Tag": [ { "name": "config", "colour": "#747DBB", "exportable": true, "hide_tag": false }, { "name": "ini", "colour": "#995D98", "exportable": true, "hide_tag": false }, { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "sdjfnvnbbz-pw", "colour": "#D40A84", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032707, "uuid": "9bb05b0a-febd-4148-9a00-2c95cdf39873", "value": "T1690176016E8EBDBE1147F2D3B67401E82BC34410F4887A317B845C0F5D72CA940EE8A4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032707, "uuid": "aae9bd9b-c4b1-425d-b38a-263a6935e32d", "value": "12:+AxS2hz7YU+Sj8ZGShR8kkivlnxOZ7+DP981E7GXXfDWQCYnmSuQzQ9DA+zQdhzf:XI2hzEPI8ZNR8pivlnxOoG1fXXfD/zsw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032707, "uuid": "9cfa7563-b156-4695-a6b0-ee2441ea9df1", "value": 700, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032707, "uuid": "b52e889e-d120-4ca4-bd56-9bc5b0fc0af5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032707, "uuid": "6a4a1642-a7fa-4dbe-b18b-ef8f5e7455cc", "value": "Client32_sdjfnvnbbz-pw.ini", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "14568ce8-6883-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697062268, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062268, "uuid": "31674e5b-16b8-447c-8673-4de706b1af9b", "comment": "Malware payload (RedLineStealer)", "value": "7cc036a59ef509fe357bb7130f3b71d3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062268, "uuid": "5f05ff40-d0ee-4120-825c-584083fac4ca", "comment": "Malware payload (RedLineStealer)", "value": "2890172bc26afbcd4055951ded8ea37d50b52b92eb910c158c5d10fdb4abe75f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062268, "uuid": "dd1a2e41-27ec-4012-9c8b-68f735464aad", "comment": "Malware payload (RedLineStealer)", "value": "06f89cfb5c3f2b3b3bd78cb8f1462094eeda15a0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062268, "uuid": "b69ec393-01fe-4d8b-bd25-b889b8d8354e", "comment": "Malware payload (RedLineStealer)", "value": "42151e55c340406919f6a4c2054066cd8af66887a26d2c01a349daf83806f73f1434468b13f4e24df108e2d699e87924", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062268, "uuid": "e04b1974-4491-4e23-9552-ed758ee96e6d", "value": "T166652393A6DC5577FAF6537048FA179B0F723CA18D3193660BC9992D2872580B232B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062268, "uuid": "9920df6b-f4a5-41a8-86b5-d099733b9dd2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062268, "uuid": "5f46548f-82d4-482b-8b74-20945c12eeff", "value": "24576:SyP8U16aWNHNrOA67El2iQcHxwN+74E5lSm+2Df2O01MG4hjys0MaNRK38C0b:5EUTe2E8/cHxhTlSZKG4hGssKN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697062268, "uuid": "8e9742b4-32da-4070-9f98-758f948e0a91", "value": 1546240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697062268, "uuid": "fa846cdd-bd10-4ef1-a9af-d53d25d99435", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062268, "uuid": "700a8a42-6e22-4ad0-8b61-0ee627780dca", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b964f9d-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697067568, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067568, "uuid": "4035d21e-35d1-4b3d-a7e2-0c19781bf03c", "comment": "Malware payload (Mirai)", "value": "7d51ad4eac89b2f15a90f82acc32b099", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067568, "uuid": "ac7f6a2b-ab2c-461b-a356-0ec0c2461055", "comment": "Malware payload (Mirai)", "value": "2890c0f325df79f28cc73489b7030d7a42991a14bb7ceea8a4bd99f6103da2ea", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067568, "uuid": "74c7ef19-72ac-487c-afa8-ae11f18da11f", "comment": "Malware payload (Mirai)", "value": "1c197749f4ba55f95166576fa56190d19043712d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067568, "uuid": "f1d7260c-204c-41cd-a705-0b726b0d7012", "comment": "Malware payload (Mirai)", "value": "3e36689ba95a5ca979428d16bba5d65062a7e4beb1854cd6f133daf767291453c164c9cc65acfa4792d474768f679f70", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mips", "colour": "#CE983B", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067568, "uuid": "d88155ba-a0af-4e6c-8ba1-819c546926c6", "value": "T1D3E2E19FA6F43EAADF8C4C3E128C0979ABD7684713659B85272104C5A76E498F49C03D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067568, "uuid": "a7f7061f-067b-4722-9a4f-5986dfdb7dbf", "value": "384:A3fpCLrsjHIX69URc+hmnulY1qHprFKt6zhS45vDajssVwf8hlHtga3FRWGVCz04:4fpWcehzJFYKgULAssKfklNga3zWr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067568, "uuid": "8085ad65-090b-4eec-831b-56bbb70c2bc3", "value": 31960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067568, "uuid": "d248041c-fa50-4f90-808b-f8e1166489fa", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067568, "uuid": "ee9edb08-dd25-4a7b-81fd-634a75141e0e", "value": "7d51ad4eac89b2f15a90f82acc32b099", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cedf3421-687c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697059575, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697059575, "uuid": "afafe82f-09a4-420e-9724-7c47da467145", "comment": "Malware payload (RedLineStealer)", "value": "9bcbcd9aa104a33628d8846f5507d3f9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697059575, "uuid": "77e12e5d-903b-4592-8cc8-e8ec6fb465b4", "comment": "Malware payload (RedLineStealer)", "value": "2893970c65ab7dde6ed7b27a669cd0c8171e4a2718c466185a9d0e8d2544242d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697059575, "uuid": "cc187e26-8e28-4152-bd08-2ed50ebb80fe", "comment": "Malware payload (RedLineStealer)", "value": "153d95655b8b20fb24ac0aad3a4c70708f70c8ac", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697059575, "uuid": "0ce4a6ac-979a-4010-901b-dbd416c86f3f", "comment": "Malware payload (RedLineStealer)", "value": "c345d1e920533516dc1f24e94181751ca9edf56ffa33a84091b9654713b4644ff19c496b84f2b53e72ee7f583172ebd4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697059575, "uuid": "27927cec-5cef-4931-85b5-e88ca9680756", "value": "T121652306AFECA977CC79173034FA47970E29BD815C6057AB6B54A10F2E72B04A532737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697059575, "uuid": "046c6b08-0b26-42e8-94db-5db8ce737612", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697059575, "uuid": "3f619391-a4db-4cb3-a42d-f7d91f74584c", "value": "24576:MyNeEyHeYoReCrXt7jP9iYD5rvke/ai+p+bVKFIj+4sz0bJ1T4HT2ygbE15dSpQM:75RrX1j1J5jmlp7Ij+Fw0z2546l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697059575, "uuid": "b4db88ce-6544-450f-bd71-99c08df99f9d", "value": 1542144, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697059575, "uuid": "9408684a-b86a-4e84-b99f-ed39c6e7f3a5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697059575, "uuid": "5f7c701c-707d-48a1-9bae-a09fac1f1d89", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9872928b-6876-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697056906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056906, "uuid": "31142593-b6bd-4f98-8bee-ffe136d91769", "comment": "Malware payload (RedLineStealer)", "value": "c8a6080a5ce943a0bbfdd476d614d751", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056906, "uuid": "a2d542a5-ee3c-4ab8-98cc-dfa001a84148", "comment": "Malware payload (RedLineStealer)", "value": "28c5b38c238cf336d38f03efc1977bbf903bd2dcd432e05e2f9bbbd5ee2ddc95", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056906, "uuid": "88848611-53f5-4df1-a9a7-c01124939a96", "comment": "Malware payload (RedLineStealer)", "value": "0433a92d83e65909c91200b98f496c706522fd29", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056906, "uuid": "2c1035aa-51fb-4820-8532-63e09aac7b07", "comment": "Malware payload (RedLineStealer)", "value": "747641c311e47ebd566dcbfd6156fc96b19053d76ec1a3bd8f68bd7bf0bf4d2e233e366dcb40bd695a97da05a97a28d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056906, "uuid": "e97a70fe-533e-4b01-b5a5-2922a6a5ef9c", "value": "T1DB652313D6E48037E6A16B717CF306EF19367DE1AE38C26962C5994E1873DD42422B3E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056906, "uuid": "0a5c3feb-cc10-4958-b98a-2a2ed4493624", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056906, "uuid": "e140bdb1-8dd5-483c-bc50-053d6778a1eb", "value": "24576:HygOAwhDXzI6HZONRUxTKj7bIIioSgQr8Y8LQLwMVsLP/xqGniudNvEZsiu5B87N:SgOnhDTENCxYbbgLp8LQcmg8GniCl5BS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697056906, "uuid": "d0545055-90b0-4ed5-8e5c-f61b3e23cd9c", "value": 1547776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697056906, "uuid": "bcb9a9b0-832b-4a51-9532-22ae7043965e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056906, "uuid": "262ed13d-419c-4e6b-8736-d13d0957e5b0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9efeb511-684c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1697038878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038878, "uuid": "126d1eff-c7f8-4b01-8fce-64fe0a010d59", "comment": "Malware payload (Tofsee)", "value": "30efbd5334ea7afa7a57d17dbd0a8a4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038878, "uuid": "59ef17f2-bde9-45f7-80e0-937bd3ae0171", "comment": "Malware payload (Tofsee)", "value": "295df54f737d2d41921144a3de0fc12b130ed271674e6792044c112fcedf466e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038878, "uuid": "0886f58e-fafc-44f3-9beb-89c4bf170894", "comment": "Malware payload (Tofsee)", "value": "1e7a93bc5f4aad34fc9fd9b21507415c30dedfa3", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038878, "uuid": "129a1d46-79fb-4865-b4e1-cdbca43c5840", "comment": "Malware payload (Tofsee)", "value": "fecaef90804395c6c2d38a0b723bb2e8412f25c23c70a925795fa55fc1ed5c3e849eb7c4e5b5a3c1980742711eed2323", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038878, "uuid": "d316230b-84ea-4b3e-a908-7b6c74f7ced8", "value": "T12C34CF16B582D8B2CC4680708835CAF9B77DBC769A89898373583F6F7C313927B76254", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038878, "uuid": "c2759007-c4a3-4927-a2ca-b769103078f4", "value": "987d26efaba6f21b1152f94099a2d2b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038878, "uuid": "71262500-5da0-48d1-aa0a-6fc5e6f7870a", "value": "3072:uX5d4IcA4tKZoaDdr+jZRH3/Bzz5u+84JSte5ySCTy:2T4tkoaZCD5X5IWgdT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697038878, "uuid": "78bca44f-6a70-487d-9966-2d76d4af3b65", "value": 230400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697038878, "uuid": "7637e31c-e306-4708-89e4-c1cf9667beda", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038878, "uuid": "27590535-e902-4d6c-85e1-30eb078e05cd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcd71f95-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697050579, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050579, "uuid": "9b59b7a5-812f-4b77-ba25-27a5f749f380", "comment": "Malware payload (GuLoader)", "value": "125d3db64486af87cdcfa00381045e43", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050579, "uuid": "0ebdef51-f759-4388-9e41-74a32d82e912", "comment": "Malware payload (GuLoader)", "value": "2a0d76eed9ec0debd2432ba23d45c0f9f92f0db27378e581e1175f076f9107bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050579, "uuid": "97d40c98-79a1-4a73-9e1d-655c33635bce", "comment": "Malware payload (GuLoader)", "value": "9e7cfd58692418f2573f97dddeed0200ec2c96e0", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050579, "uuid": "dc5e49bb-c03d-4a80-8edd-173ae25b3e38", "comment": "Malware payload (GuLoader)", "value": "15f960bc5191607e15b40f2f13e7775824db043190b370de89ddae1cd4437d60211f28479346931107a1e9fd3491f236", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050579, "uuid": "ab329a02-aca3-46ad-be3b-7d8d8ccba924", "value": "T198E4011D7F94EC86C5701975BEAABFE6722E3D01DF85528B31883BC9AD322901D71287", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050579, "uuid": "ce59cb29-b73e-4003-9854-a86ee1ebc33e", "value": "7fd61eafe142870d6d0380163804a642", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050579, "uuid": "c91ee9d5-aa2f-4196-bb0d-297943700295", "value": "12288:kt1WVZR8Klypk2gVve2X/kVYhC6+5Meyp7nZ02N2+XKWN9+SpHe7ZF4U:41WVUKlyIGpb07nO2NlXN0SpHeNFH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050579, "uuid": "502770e0-cfb3-498a-9fda-fdbc8504e93e", "value": 721808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050579, "uuid": "e96115e5-c606-45d1-8cfe-bfac150bc1e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050579, "uuid": "dd98b721-0de7-4719-b9b7-2a3ac019ee86", "value": "Oxalate.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42c576d6-681f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697019396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019396, "uuid": "dfbfb739-a4a7-4c86-92a3-637b5b403c35", "comment": "Malware payload (Formbook)", "value": "ec97a086359377950ece923200561335", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019396, "uuid": "92d550a3-9fe2-427e-8def-5e8006a22851", "comment": "Malware payload (Formbook)", "value": "2b2ed2623c8b0e1867fe816928be401f482453d8e6e7922660fa4fe9695127c0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019396, "uuid": "918d2be9-2aa1-43d2-9ba1-1134b387e881", "comment": "Malware payload (Formbook)", "value": "9858ab01ce7ec88f122047d87b9f2c9641ed1c39", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019396, "uuid": "d07c7f50-0736-41a3-bea0-5deb624929c2", "comment": "Malware payload (Formbook)", "value": "7cd6c0b9c307bc77009a0ab27baaa3570bbc0449537d8e0fc12f0c7ddfbc882b748660fe696094d61d07e1a49926e1c3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019396, "uuid": "f02423a8-b698-4650-b03f-8961ea2ea549", "value": "T12874124836F1C562F4A38FB08E3ED599ACF4EA2310F0560E17D05D177E67A86DA1E3A4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019396, "uuid": "571a4418-5a65-40fb-aa62-43d284b29fc9", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019396, "uuid": "46ce3031-3fac-401e-a36e-6ba6901b8f9e", "value": "6144:/Ya6XXSMCq0Tz5viavbc6HGw7+Rea7aSNpbGBQmP2jYuiA1DxQ/srUH4jLREvIxX:/YFCMCq0Bvfz397s7DNErbIdQ/stjlE+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697019396, "uuid": "c2ea6ab4-1a97-4210-a10d-571c39fdbdd7", "value": 369074, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697019396, "uuid": "a056d0e8-5c56-4fb3-bd34-0b2a61fdad5f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019396, "uuid": "8bd7b341-e4ca-4978-a5ac-c92eaa248e32", "value": "2b2ed2623c8b0e1867fe816928be401f482453d8e6e7922660fa4fe9695127c0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5714ff69-6820-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697019860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019860, "uuid": "c887f217-792b-4afe-9010-b62203cb6d89", "comment": "Malware payload", "value": "afe6afa62e59c2fa1f95b4a5977e8317", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019860, "uuid": "aa2603df-c775-4566-8fa4-cb03910095f8", "comment": "Malware payload", "value": "2c67526809550835e934535c1a8a45e40553407c02ea67e394726cc46e5345c7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019860, "uuid": "c880100a-e5b6-401d-9a01-9c314cb5971f", "comment": "Malware payload", "value": "fbe9e42899c5828c72d72e42f4bdc1b9d8b5f8f7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019860, "uuid": "e60a62b9-68bf-4822-ae2f-d045ff6e278a", "comment": "Malware payload", "value": "afe574aaa884955804a82cb56e7c141c1ead82cf967b9263ca92423bf41e48ac2d41f8ebfd084743132306d8622588c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019860, "uuid": "1ba90522-a03e-48a0-b288-114ed739bfdd", "value": "T16C33F847B61F85F2CAD89B3AC597142403ACD79AB2F3D70A74CE538619433E99B1428F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019860, "uuid": "bcd0ab38-7e37-4c35-9080-4c0864468ad5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019860, "uuid": "1660428f-facf-4899-b522-21667e41a2e3", "value": "1536:DFhi3WhqpGMtsOA+sq/oSDvbj4Q034rl:DWmQzv/lA3Ql", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697019860, "uuid": "252e535f-9a9c-4784-915c-5c6bf326eb68", "value": 53248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697019860, "uuid": "4463938f-976a-4fda-b05e-1a6e34d3e3d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019860, "uuid": "d14f91fd-4c61-4a36-8969-20a2408733e2", "value": "2c67526809550835e934535c1a8a45e40553407c02ea67e394726cc46e5345c7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51d39755-687b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1697058935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058935, "uuid": "9217e2bc-1fa1-4934-970e-337de0ec709f", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "4bb9d34c5f861798b83a544bea781cf9", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058935, "uuid": "7751bdd4-c50e-4732-bd00-77924a286839", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "2cf8ca0a1593e5ef380c8d8e9207f4257bbc4ef1ad2a5a5315f321ffecdc70ec", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058935, "uuid": "95d1aba5-3fa3-41a6-b23f-44f2f958d961", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "75661751817fac73ed35d0c0975bd728e8477f9d", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058935, "uuid": "4995c6f1-bbcf-4f10-b98e-ace46a9eb7c3", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "42c1734ade26dbd7a42b20a503c82b924582f294c2c3b3c3795b39c40c007cffa0522557dfe7be8794a7b323a5bac9a1", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058935, "uuid": "49b88bb5-4568-4c92-a8c8-1000234d44f2", "value": "T1E3C6223B76A51C4B6BF5985C97F964C2C63F35E31717882412368ABC64010F6EAF1AEC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058935, "uuid": "a75bc5f1-15d9-458b-9785-f22548b72e38", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058935, "uuid": "3eb73e07-e8ae-479d-9a7d-c299a979ff14", "value": "196608:RDlrr/qgG1+8e2adSlMwl/k+SckwmpBM53f3oHeSqFyXD1RrpDH:RdrU1+8YdSlMwlsekNps3f4LoI1/D", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697058935, "uuid": "952faa81-9358-488c-927e-a58fa9f53948", "value": 11917824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697058935, "uuid": "ffd59df8-fc7b-4777-b1f8-842a4e6b51b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058935, "uuid": "cd2bfd2b-9cb9-4921-8f8e-afdd4edbddc6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "06b6cdc5-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052367, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052367, "uuid": "99ea5c66-cbd9-48c5-851e-3ced2722eca6", "comment": "Malware payload", "value": "5c75eed1bece69744953526fc0294f71", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052367, "uuid": "ffb6e541-0d72-4353-b55b-606aea0f186a", "comment": "Malware payload", "value": "2d2389badeb5f8d3a58b3a80242a23055e9c0c8afe1962ffcbb30895016d86b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052367, "uuid": "f57452a6-4fdc-454d-a14e-672a27c53ce4", "comment": "Malware payload", "value": "4769cd89229f588917ebf7618a33a4edd5b9878d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052367, "uuid": "105683f6-7a09-4767-be1b-072323dff662", "comment": "Malware payload", "value": "7b4b9779fe8ba7e18c5efa1a951cdeab0b7d1c6a65baed1cc78cbf245ce3336c04c6a5947c64bdcd653e980023362471", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052367, "uuid": "0a50a507-bcad-458a-83b2-1c23a9345622", "value": "T15B657203BA4789A2C5485FBEC5974C3407A4D5A36333F61E798A235D1843FBA6A6CD0F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052367, "uuid": "83c8c000-b0fa-45f5-ba9c-9370d2dc2295", "value": "24576:LN95Oa4GcN2Uz/Get4v7UIGWdEOewVV48wta3MfJD8olInGDq9uR2vQEBLVSv:cF2Uz/GV7UIGWdEOewVV4VS3p0q9uR2r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052367, "uuid": "99d1e4c8-7d86-4540-ad2e-e40c20981cd8", "value": 1516544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052367, "uuid": "0cd611f3-024b-4f96-b9c2-a37a5f560eea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052367, "uuid": "b3b595b1-186a-4e80-acac-21bd018070ad", "value": "Hdppgo.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "406a3c7a-67e8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Healer)", "timestamp": 1696995770, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696995770, "uuid": "60dbae3c-d77a-432b-b4f1-21c28c216e76", "comment": "Malware payload (Healer)", "value": "a82226aa52c0be50b8485764558466c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696995770, "uuid": "432f6228-98f2-4256-9dd0-52827594b1bf", "comment": "Malware payload (Healer)", "value": "2e3a55006d972b0b509781a017d1749c5b32c436d96e1943478a79e444645067", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696995770, "uuid": "ff6a1ab8-ae5f-482a-aaba-e393349cf9e3", "comment": "Malware payload (Healer)", "value": "6f63ef7d0db073e6882129bafd39be00564f2ee6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696995770, "uuid": "04b25cd4-0c13-49c1-b0c0-944886047434", "comment": "Malware payload (Healer)", "value": "2e0536e6664b31cb63c36abbdebe1db6858f6b180fa1f75de122d1cf39dc4294b91fe65e44c3c30123bb93096fb87644", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696995770, "uuid": "164d04f4-22ed-4a98-94a0-9d7ce0981087", "value": "T173352346BAD58072E9F093B069FB03871B29BDD12D78476B1B42B91E4CF3AC1D57432A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696995770, "uuid": "e6f56484-f986-452e-9686-7c45cd2dbc83", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696995770, "uuid": "4133995a-bfcf-4cef-9401-84751a3110a5", "value": "24576:VyaxS8wEIVWpO7tP9fRpS5xFKWz4a51pLlChmht4Gj/ri7o4VV:waAyIw07tPtaFPzFle0tX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696995770, "uuid": "ba464cd0-453c-4588-8512-30d74e2fafa2", "value": 1129472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696995770, "uuid": "2794e84b-ed26-41c3-aef7-b70c59cfc466", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696995770, "uuid": "12c649a4-7b4e-4759-ab4a-fee84206d120", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2eadefb7-67f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697000465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000465, "uuid": "5988975b-283d-4d1c-a114-af6118aeca85", "comment": "Malware payload (RedLineStealer)", "value": "15b918721cb7f0bcf45e811d815ac4d8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000465, "uuid": "3e9fd906-ddf9-46c7-b1c3-b018e504d966", "comment": "Malware payload (RedLineStealer)", "value": "2e91a227974a065cd6d46794bf8d8c4ccc04a3260cc28ddbb80352be1e72ddd9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000465, "uuid": "c6815b41-c585-404a-8849-91195e59c41f", "comment": "Malware payload (RedLineStealer)", "value": "e0ceccaf1b0f66f8f5480087bd1585216f1353e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000465, "uuid": "8f242386-b05e-4c4d-8ed1-6c2a767d5703", "comment": "Malware payload (RedLineStealer)", "value": "de524d7d13f5b3f1af3a52712b81c4a0804ef057a4e314df15c12a3e9f3a77d0c3c89107fc1578e8184015109f61cc71", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000465, "uuid": "e329755e-112d-4d13-89f3-a3fdd0b53ac9", "value": "T147449E1175E1C472C573113209E4D7BADA3DB9700BA68AFF67A40B7E8F703C19631AA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000465, "uuid": "f0f8d8ad-05c1-4af1-9645-8a67bceddc1e", "value": "06ede52fcc31e4900f4f1a7060fce645", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000465, "uuid": "6f50561b-7e25-4fa7-aeb4-8c3b19822e1c", "value": "6144:urAnaSpfiocte/Xc44W9wL5IAOADlP+etNq:urJSdioCaa6uDB5q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697000465, "uuid": "9fab4ee7-9bec-46ad-a21c-2a2b19ac4e11", "value": 274808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697000465, "uuid": "48877b3c-f7cf-4fe7-975a-fa678d50c060", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000465, "uuid": "935cafb7-ac0f-4b3d-9a66-303a163dbc06", "value": "15b918721cb7f0bcf45e811d815ac4d8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2e931da-67e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Healer)", "timestamp": 1696994754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994754, "uuid": "7f0c48ca-fc08-4c39-b232-b2fe49e8defd", "comment": "Malware payload (Healer)", "value": "f5c4e387fa2668c0d3696e99fdda0bcb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994754, "uuid": "10871012-167d-4c0b-bcbf-5b9ac49dcfad", "comment": "Malware payload (Healer)", "value": "2ecc669a7f5e4db05bd4c07c459784a9e2f8b1f957189ef51c4166dc4975ac7e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994754, "uuid": "51dd99db-7957-4430-9ac5-6c434d1a5159", "comment": "Malware payload (Healer)", "value": "f7ab275ac642386f9363894fe142b59ea76b62cb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994754, "uuid": "a2c6e9b8-5778-43fc-a91f-cf698df4e3d8", "comment": "Malware payload (Healer)", "value": "4a67f9062b1f183e2a92b9c1e03110a873dd863c054794efbdd8d6a8b73426c37cb2cbc7da14c62874dbcc01c397fec8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994754, "uuid": "95344d4d-6d02-42b5-bc1b-cacbd3a563ca", "value": "T1AB83E703B6875312C4085575C1FB182403FAB7CB2777D6453E4416EA2E927EAEE4EBCA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994754, "uuid": "1063f076-dae2-4a29-bed2-7510faa3074b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994754, "uuid": "be994a09-93d7-4909-bf78-85adca3b0712", "value": "1536:VzKGlOe/zPrgqtkAmNqxAt0jw2J+Xz9nZYaXXXcH+kSKmaT9GjrhySp:VPOKzPEA/mSJwnXz9ZkSOTsjty0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696994754, "uuid": "c4eb5806-7e77-4952-928c-9cd1d0ef6bc7", "value": 88576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696994754, "uuid": "399a5a29-d636-42ac-924e-0a83fa739768", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994754, "uuid": "67be9c35-13f1-43df-b145-ff10e92ab9c7", "value": "2ecc669a7f5e4db05bd4c07c459784a9e2f8b1f957189ef51c4166dc4975ac7e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "250f19fd-6831-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ParallaxRAT)", "timestamp": 1697027077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027077, "uuid": "9e09625e-ae94-4851-bd22-267b18a45eb3", "comment": "Malware payload (ParallaxRAT)", "value": "93ebd2582b92bda84dd7a781c9ccb087", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027077, "uuid": "d7d635e2-af81-46b7-a441-21baf40e07e3", "comment": "Malware payload (ParallaxRAT)", "value": "2ee076dac5df5fe560093b56afe32431838e041e275b378b69198860cd290d11", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027077, "uuid": "4352323b-d0dc-4c52-acf7-572d568e6c41", "comment": "Malware payload (ParallaxRAT)", "value": "4f343fea4961e054ca980c38ec0ba31d235912fb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027077, "uuid": "6268a2ce-5de1-4163-be2f-877f65130686", "comment": "Malware payload (ParallaxRAT)", "value": "c577c0d56a19d537530956d08486d6719bc1ad0a53282ce54a366c75c7406eccde1d27ab294e5231547a6d432078eb95", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027077, "uuid": "7af43884-a02b-4dc7-87aa-307208a4a56f", "value": "T159E59D227FF09577D16303359A9EF27930AEE9300B35C19763891F1D7E301A396296AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027077, "uuid": "4ef733af-5318-41c8-848a-4d7ae4a48d4c", "value": "94dd02744fcb699e42c8cab9862521cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027077, "uuid": "87f313a5-3fb0-47d2-b663-30c1f32fc988", "value": "49152:Nq3QscuJsVPCYc80pixEXY2QpvH8n7f9GioB08341OPc9:N0nJsVPBcexz2QpvHqD9Giod4OPc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027077, "uuid": "673d5b1b-9b83-49e7-8d11-0ad52e7a3552", "value": 3232768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027077, "uuid": "950c7e8e-019b-4c9b-a84c-9364a364ac12", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027077, "uuid": "519ac5e2-7a5f-4cda-8630-9098e101b4d0", "value": "payload.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c18dcbb-6889-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697065019, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065019, "uuid": "9e34b17b-f452-4e53-86ff-f2a76bb1cabb", "comment": "Malware payload", "value": "14a7b5fbb6ecf550072fbab1917ccfda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065019, "uuid": "22ffa5c7-ff42-44d8-b160-72b2767be5d2", "comment": "Malware payload", "value": "2f5aa6f7ed6f5155d8e1e65f995ea4233d767c90556ca8741240ecae3fcf1ca1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065019, "uuid": "b5ecd2dc-eecd-4830-b6ac-d73b0cc9303c", "comment": "Malware payload", "value": "9eaeace304f29701aa144c14ab34311247326201", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065019, "uuid": "ca580394-bfaf-48b7-93db-08e78fef58e9", "comment": "Malware payload", "value": "91f2e7067959b66bb5b8429343946323e3f67bb83bfdf89bc2da6039e9c8f2ca092c49b9c1a89e03d2e24bb293cc7df4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065019, "uuid": "afde03c3-7e95-468b-a5fc-e2d36ad40faf", "value": "T1F2653383EEFC61A1E7716F7159F723636A397EB0BC30429BA752826C1BB254065B1303", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065019, "uuid": "24a822b3-9f07-4fa4-a386-030b7fc71cf9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065019, "uuid": "669a264d-8b2a-40f1-8217-0f5c13c5272e", "value": "24576:1ylOhaMgqMtZ/GA7jfmiwKowdQrRKSx0PZKDoYhnwTrBVoYNfnr55l7RFdz4PVjE:Q/1hpGejOMowdQtNx0ZK8Mnwprnr5Xby", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697065019, "uuid": "2ac34c48-57e6-420f-9505-206652010726", "value": 1544192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697065019, "uuid": "2e02fd1d-fa6d-40da-91f4-f3720c1dbb7d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065019, "uuid": "98be8edf-dfc4-461b-8ee1-9d36718e2f35", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8a8db4f-6891-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697068530, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068530, "uuid": "9f80edb8-ce0f-4d0c-b999-24c3cf5526f0", "comment": "Malware payload (RedLineStealer)", "value": "029e13881d8d72bb0f1e844e08c60c3f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068530, "uuid": "a28ee602-d7d5-49fc-abc9-d2a05cdb1aae", "comment": "Malware payload (RedLineStealer)", "value": "3082c29b6667eacabcea63fe5aa55f4a16ea0c5ae6c06b261c4e4d25bd21d6a5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068530, "uuid": "610d40fc-1823-42ca-99fe-6d24bde0ffb6", "comment": "Malware payload (RedLineStealer)", "value": "6b833c9f337ff1f921da938ae0c70aa9c5b9c99e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068530, "uuid": "2d926934-c953-4edd-a201-25a291ef0064", "comment": "Malware payload (RedLineStealer)", "value": "fe1f2d42804a51b274fcc8189a7dea50d6480bafc31175f19e06a45ac765406fd4dea1dda03982728b074c83919b1ec8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068530, "uuid": "8e67790f-ed4a-49f6-a90f-ac2a6c9c5024", "value": "T14D75E91176F95B59F9F30FB85ABAA611087AFC6A9F11C2DF1251908E0D31BD08970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068530, "uuid": "79e4a370-5e42-4f66-a340-9b7bf0fc1151", "value": "ae450531cb5f9358db13baf813ed0098", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068530, "uuid": "604de1c7-3f79-412a-8b7c-f6016e2e2eb0", "value": "12288:ReEjLcQviYIYu14tBDtjk/olM2Uew2/UQ2Ni9L97uTaD9X6a9DhvhE627Z8:6QviYo14tBDtjnFXw2rCiJ6a9DhvhM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697068530, "uuid": "97b68bd1-abff-42d1-a2f8-250403b21c61", "value": 1703424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697068530, "uuid": "970da173-5801-4835-aba0-923ef145366d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068530, "uuid": "ec6d1ad3-db63-4989-9d1a-1f8e225507c9", "value": "029e13881d8d72bb0f1e844e08c60c3f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21d98348-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067874, "uuid": "e30fcde6-075a-416e-9d2e-0141ad8e1813", "comment": "Malware payload", "value": "a9c3b9a30859661eb07c236f5ba977c9", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067874, "uuid": "6d5e19c7-e7e9-4fb8-ab7c-5616a92c4081", "comment": "Malware payload", "value": "30d828fe22893c588e356bc2c8f9e800715923f2ee023141a41c5055f846c1e8", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067874, "uuid": "2d36ca40-a1c8-45f3-9999-eebdca4cce59", "comment": "Malware payload", "value": "cd1d848abee242a083ff8a1633f7cf7ff7ebdafd", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067874, "uuid": "922dc4d0-b016-4ecb-b889-2955b4b41c4d", "comment": "Malware payload", "value": "475ce2ae393bfb9618ded8a770472c57b86e1b88f7b17c0c92e6f5f835b0e08f0b71d3764549d6dfaa7f71f1e8c97596", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067874, "uuid": "b594ec43-dcb6-4e83-b1b0-d58eb1031d44", "value": "T11B25893263B22F3CA678FBF600DD15479E797D631011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067874, "uuid": "eb38c3eb-71f1-481f-98c4-a1085cf717d4", "value": "6144:iqzIHqFw2r6TjzHFgjiHFgrkqOFtKuByGi7a3TbwLMN7EF8Zz5Z/NjRzWGCpobxU:utS4FMT1u3TbYhKxXzSVif/Dn7GptQDq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067874, "uuid": "8284d2c4-b6e4-4c4f-92d2-de10bd21d1a3", "value": 1037111, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067874, "uuid": "6021f959-3334-4e1f-9d82-1dc694c62170", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067874, "uuid": "7df77b16-1e24-48c6-9ad6-0bd12b8a1704", "value": "information[2023.10.11_08-07].vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd4cd333-682f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697026528, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026528, "uuid": "413cbf25-9757-4ea9-877d-5dca589a5bf8", "comment": "Malware payload (RedLineStealer)", "value": "9fb8fe0ee354dc87769b1e288e389f25", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026528, "uuid": "fb1ec60d-9b1c-40ea-a832-3a2282053fe0", "comment": "Malware payload (RedLineStealer)", "value": "31229d7391d34dc38efe44e330d224d5a92727f8a1b0a1b723a0365e76aa22c6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026528, "uuid": "d6ef45b8-336e-416a-80fd-59bd98f8bc80", "comment": "Malware payload (RedLineStealer)", "value": "d7048e12581be100129bdbdc5ba303bc912f6a35", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026528, "uuid": "9a395b7f-6975-4462-beff-96bc64f9c020", "comment": "Malware payload (RedLineStealer)", "value": "f670880c4e453a107ebfe274bd4e26d6cb3c4793433b73e32ccd890fb16bb9525efb3450c6ca9d48c5d266c08257f960", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026528, "uuid": "9a19bfea-79ab-4231-81f2-9fe101a1f7b3", "value": "T194052301ABDA8137E8707BB078F603930A3A3CA19A7C975B2791695F4973540AD3277F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026528, "uuid": "93ab33f8-accb-4ef2-98a1-48d5214716ff", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026528, "uuid": "ca5ac62c-4e25-4e7a-9947-c751fd5166b6", "value": "24576:UyakomH6hLkwt1+JEgGscUfP/40mipZVUxP:jAf9EvGscUfYli/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697026528, "uuid": "071f6ede-81ef-4453-b84c-26e1aa7e130b", "value": 817664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697026528, "uuid": "23c63379-79ef-4c4a-98f7-b580d4378178", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026528, "uuid": "ae21c86d-42ef-4959-96e7-a765592caf49", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fa5ce02c-681a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697017557, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017557, "uuid": "42376128-0489-41f4-b8b2-99d87adfcd07", "comment": "Malware payload", "value": "76353166d91d6e9f181f27c715bf57a2", "object_relation": "md5", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017557, "uuid": "53afb091-e4ae-4165-9a43-25d8769439d9", "comment": "Malware payload", "value": "3138b23fe23af3fb9127c51f69fd70ca654a5b7089152195adba9f548372fc9f", "object_relation": "sha256", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017557, "uuid": "a693f249-6ed4-459a-9884-45055bd72d2c", "comment": "Malware payload", "value": "553ebec275f3e2de1ccd4171664eb8506139d7c9", "object_relation": "sha1", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017557, "uuid": "42a96529-55ef-43da-8dac-02ff946adaab", "comment": "Malware payload", "value": "cc8b684f29370f35d8e977006d624fdbe962308ed6f824e495910654d83d11a02fa28aa822427a6a4f83df68ade37895", "object_relation": "sha3-384", "Tag": [ { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017557, "uuid": "309ad1f6-b233-4f03-99c4-148c6f7ea988", "value": "T10EE12A5E8622053CCBBEA07E508C1243CB29BE9B024B372EA630915F14BF6E76F55395", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017557, "uuid": "a0b8fb3d-7d80-41d4-bccd-0bf9c4ec7986", "value": "96:0FBsq6wYcTjeMhVVCvkwQEeGIRf3UNa92ZUpkw+T9AwNZotuYuL9+xZgGHI8Z+SY:GBowLiOV8vdQjmEpHe3hYuY3s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017557, "uuid": "88e36c4a-3586-49cb-8f8a-4de786f6f960", "value": 7160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017557, "uuid": "1254a07d-fc0e-4c87-9d9d-5866819cd655", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017557, "uuid": "556eb56a-07ca-4854-af50-f2e31698e205", "value": "INQUIRY.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d6e7787b-6813-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697014491, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014491, "uuid": "02e7b309-d904-49c6-8027-546c092d59da", "comment": "Malware payload (AgentTesla)", "value": "4d3bbbb2c0a68f69e94417833e531fe4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014491, "uuid": "a8087516-32bb-4063-9175-d4464ad087db", "comment": "Malware payload (AgentTesla)", "value": "31a1d70e9feebe26f729b6c37d07f37bd8971ecc6ef4feaae138369a59083d65", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014491, "uuid": "3bda1c13-7159-475c-8674-8ba0195ca6f8", "comment": "Malware payload (AgentTesla)", "value": "5587ce20a8500fd334dc5aa23f18d1818d5e1684", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014491, "uuid": "448c895f-9133-487b-85d1-2775178d83b7", "comment": "Malware payload (AgentTesla)", "value": "0bf4bd04b25dd591b17dcbb4f70171fcf61b201365bfed98d8fdae1d5a774f3e8e0db6d7c5405787584d6116973747e6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014491, "uuid": "15bce79b-3fe2-4fe1-b989-ecb9bdd5fe62", "value": "T101F4E11BB919CF43D4186B76EA93090C27619B49F123EF8A388617463D2339B1D8E5DF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014491, "uuid": "c3bec205-a517-4b79-9149-f47cbda0b5bf", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014491, "uuid": "de488a6a-7a79-44a9-8cfc-8b1ec1f1a901", "value": "12288:m9ZoM++P5Ck1+s0EKjnUNfqFqLj48N5Nz8SfQ3nCG07v/PanfBgzsKnWiMhJ3QTI:UZoM++FZqFm48N5NbQ3CG07vanfB1KnP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697014491, "uuid": "1ad8b70a-0edb-44b1-a123-0e32b271cb69", "value": 729600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697014491, "uuid": "37ad348d-0956-4ca6-8d9f-720c9becb69a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014491, "uuid": "2e563805-0783-4cf6-8dd5-27110a95b541", "value": "M.V GRACE EPDAs & comp's\u00a02 two POs, 17398902, PSB-18384789.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb931e78-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697052321, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052321, "uuid": "31f3c229-4610-4c70-b9ea-4dd9178078b6", "comment": "Malware payload (RedLineStealer)", "value": "ab140b00cb345dac8addfdaf0aded068", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052321, "uuid": "bb89144a-c1b0-48da-a99c-647b02cbab6c", "comment": "Malware payload (RedLineStealer)", "value": "31a6d9124dada285c1a6fe29448d49b90b21805cce361c3cdb5af9dc4aea31ac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052321, "uuid": "2d9a2635-8578-4f39-bba4-8225a8de925f", "comment": "Malware payload (RedLineStealer)", "value": "09443e7f0a53cafd52c746ef013aec0a521dba17", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052321, "uuid": "104f3c8b-6a46-403d-8c7e-2d7639128555", "comment": "Malware payload (RedLineStealer)", "value": "e560e3bf96472862bb58b94bcd7418eceee83bf4350e466a27382f964f89550e04c2faa30fd5d014c4eb36965baa4778", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052321, "uuid": "e6a8fb8c-2d84-43d2-8dbd-ba634d4f0f42", "value": "T168E41252EBE494B2DC79237018F703971E327DB29D78836B2B825D1A5DB2790A4307B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052321, "uuid": "f9cc3e82-a029-4deb-800a-5b6fb17eab00", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052321, "uuid": "ccc20e85-9b3d-442d-80b0-45c885bf4c8f", "value": "12288:+Mruy90rSraABBT+9RuKabXD7zz1PHlrdMKF1R2w7XmFMpTBybonpn+ff:UyrL5gu3BPHvT57Xmylti", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052321, "uuid": "4eeb65f6-efc5-458a-ae30-37d7cfd42bd4", "value": 713216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052321, "uuid": "d6a3373f-564c-4265-a357-2e2afb364e18", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052321, "uuid": "17051d4f-63b6-4452-904b-174011fbe1c0", "value": "ab140b00cb345dac8addfdaf0aded068.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bc6669b-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051624, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051624, "uuid": "78b96b1d-b26f-4fb4-bc1e-cc5c30dbd8bc", "comment": "Malware payload", "value": "c1a52b431177fbd2eb41145ba828b2e4", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051624, "uuid": "8cbd132d-2f1e-4bb8-99f5-9c584e959023", "comment": "Malware payload", "value": "32de3153bc2f4268e83f2b16212065189e0a6350aac9ee052b6f485f01fe2a47", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051624, "uuid": "bd387803-63d1-4654-851a-1948c2cd8119", "comment": "Malware payload", "value": "a43d7df02bbe9bd73e10c720085b661245314b8c", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051624, "uuid": "5bf69e1a-8b92-4d7e-abdf-86eea519cc9d", "comment": "Malware payload", "value": "d35d92684e40ba5651103bee8131b5556f040678061700f05c8060c2559d2c4a9f5c5e2b00e4c66c8c6e3877cdad124b", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051624, "uuid": "eaff995f-3444-47a7-8660-309713f7fd77", "value": "T18DD4333C709EB714D32991303B3CB4551299562F468E060ABFCAD4BF18ED6E2671B7E8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051624, "uuid": "c930a9cd-27fa-4ba2-9802-160e15b75759", "value": "12288:hyH8drcg9Ya1TcCh/pW4IrHDV0Hh7TZmVLdMPgqa4u58vtnsqU5:oG9ZIgxW4IimLdMP+4ptnxU5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051624, "uuid": "d19bfe97-7acd-4651-bcde-882a66703773", "value": 602177, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051624, "uuid": "2a750b49-d656-4ef0-b132-941c2fe37de5", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051624, "uuid": "6bd52f89-3874-4959-8507-5a1f6ed58933", "value": "Transferencia Interbancaria.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "228ef02d-688e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067016, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067016, "uuid": "250170ac-9fae-4eed-830c-b498dafc101a", "comment": "Malware payload", "value": "24701208c439b00a43908ae39bbf7de8", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067016, "uuid": "142301ca-e677-4b51-ac30-c16cd98f3eaa", "comment": "Malware payload", "value": "3336bfde9b6b8ef05f1d704d247a1a8fd0641afaecc6a71f5cfa861234c4317b", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067016, "uuid": "e8e8f001-1eb4-4007-af24-20b1c5870402", "comment": "Malware payload", "value": "25ef7044cdf9b7c17253625a2bd5d2d6fee44227", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067016, "uuid": "48b281eb-25be-4e63-bb0a-a4b22a3c81ea", "comment": "Malware payload", "value": "3d1c10a5a0566215979606417f12b70e1670d20819cdc878a33f405ad415ee5061bf4b8459e8e54bcc7bb0bd25a8c2e6", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067016, "uuid": "60aa8f1e-df1f-49e5-a7a9-3768a570c41b", "value": "T1287423DD453B6C6BEDD0ED69B3AFB71AACB1A849455F3003A20F10C97C101A70DA69F2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067016, "uuid": "589027ee-db66-4ff1-8534-bb6ae010baa2", "value": "6144:DN2hZYThSeVuMaZi3B8z3x2ndfCFxILY1m5NRQN/mlIX1KBrIcRA0A1Bm6+ZrW+h:DAhEhSe4MaZbzxOCnILz5UlK+cRALuhH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067016, "uuid": "7a4bf792-8d57-43e5-b379-3b66aa8be37e", "value": 366071, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067016, "uuid": "3b54a726-66d2-44b8-8c2d-a29b1a286f2d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067016, "uuid": "eff543a1-9c0a-461d-9949-ae0864ae3945", "value": "JNOV0135_7747811.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "21542f7d-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697051553, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051553, "uuid": "dd3b9962-3df1-4bcc-aeb3-5be27a80cd58", "comment": "Malware payload (Smoke Loader)", "value": "89b2afc2b4582eb8f10c2ff61202f183", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051553, "uuid": "db1bbd18-365e-4621-afb4-1deb2bd5067f", "comment": "Malware payload (Smoke Loader)", "value": "33733489e56cae26f1974de014c2004fb75c0a07b8d544545926a2c452a64ef2", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051553, "uuid": "4e10f02d-46d9-40d2-899d-25348f1881dc", "comment": "Malware payload (Smoke Loader)", "value": "920949bac5b9c1b55d97e12ca55a82d9c5216d25", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051553, "uuid": "28f3c888-1a53-43d3-9cd4-a315c538f1d4", "comment": "Malware payload (Smoke Loader)", "value": "13eadd3d9eee30c570765dee9e9ea0357d9a4b4d4169e8d2bfdbfe34355a97c0805efef33f35ba86c4292295708a6733", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051553, "uuid": "c3f54664-f71b-4623-802d-1b74b0465830", "value": "T19FD2218805527DE72F33B2E672BA88E3915F0602254F657EFD5C8811AB26118F26DCF7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051553, "uuid": "11541ccd-f5ed-4de1-9568-29fad0ce22ce", "value": "384:LpG4Ekg7SqQu129MTbvCSw2q5WUmEmTnMS9Z9kfsfqjf6fwfdfpODfFkJJaX:LpckXMRjqHOM29iqqbM+RmFo+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051553, "uuid": "b1597018-a3a1-486f-b584-c14481f020c2", "value": 28563, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051553, "uuid": "f862ca8c-2f94-4757-a499-f0b2d5beb6a8", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051553, "uuid": "5217c591-600e-46f6-a2f1-73ddb29fde74", "value": "\u0430\u043a\u0442_\u0437\u0432i\u0440\u043a\u0438_\u0432i\u0434_09_10_2023\u0440.pdf.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0386bcf8-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067823, "uuid": "f24ed70f-3a54-48a3-9e37-9f0a8219b739", "comment": "Malware payload", "value": "18fd646d4bca745c943fb5fbb759556a", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067823, "uuid": "df3c38cf-eddf-4cf0-ad51-1b92a2044695", "comment": "Malware payload", "value": "33b0caa7066bbe2d8811c641fce0719937dd65258c45577814c1138aebe28606", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067823, "uuid": "9415604e-ebbe-4fe0-a6c6-4eff3a5abb13", "comment": "Malware payload", "value": "9dfda82b4813a32a0919ccf0ef9d0b57be484222", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067823, "uuid": "7d636f71-6050-4a13-b7b6-bda3426857da", "comment": "Malware payload", "value": "f46eb10d3368b8b6811d3a941b50dfb13330951682a443a55b3970c4538be526dede3b4b1f1db016eae3caa2dff17b71", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067823, "uuid": "32e8b287-332d-4084-8e1f-e17ee3a44997", "value": "T14C259A3263B22F3CA678FBF600DD15479E797D631011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067823, "uuid": "b6769176-1781-441f-8e26-02949da3a6b0", "value": "6144:pCCkTv4Am9i/5AIw30JxE8FRBFOegM4TgyKX/hGLTURNrlEgBNJUeMZFKCgHm89B:KNUkJx8jM4T7KGc9d/dRgDBi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067823, "uuid": "7b5fba81-ccf4-4ea6-9b52-1ce905829065", "value": 1036543, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067823, "uuid": "3121d71a-35bf-4c33-8738-e3a7181210c8", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067823, "uuid": "fe91b786-aaad-4f07-80d4-9bebe52f95c3", "value": "inquiry[2023.10.11_08-07]_4.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c3d01a55-6840-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697033786, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033786, "uuid": "4b3f5529-7cb5-457a-b06a-16bdad693701", "comment": "Malware payload (RedLineStealer)", "value": "4e08d203d6b79f637ab3bf06d2959de4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033786, "uuid": "1fa9ee73-4cb3-4f40-a8b4-e17abb6308bb", "comment": "Malware payload (RedLineStealer)", "value": "345ee62dd1e7753cb40448bfdd3b14daf5fa9c9a6d9e3192b14de436124b41f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033786, "uuid": "7dbff2e4-d466-4603-b6f4-4d3eb391f2e7", "comment": "Malware payload (RedLineStealer)", "value": "baa37e3237d39f36c90d8fd3fadd0baac6e08ef6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033786, "uuid": "be792d9f-5970-42a8-b9a0-b31385dcf78b", "comment": "Malware payload (RedLineStealer)", "value": "8a1b0c0acd0b974f293adfde3ec3a64998c6ec737104f16bac5d4adc34aa9b36ccc6b61508c3a392c0f0617cdf799803", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033786, "uuid": "3ef1e75c-126d-4a34-9d20-f0dad8c80652", "value": "T1DB947EE3E897E49EF4126979D7F348D967D6BCD7334E404A1108E5BEC8580D8BB012AE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033786, "uuid": "95a2e2b9-a0fc-4ca6-9f1a-4ab290038c55", "value": "fec5e3ac8231eb123a87c533e215da11", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033786, "uuid": "e180a4c4-9ecc-48e5-9804-23972f512efd", "value": "6144:4U4YIR6/dfCSZn0rrBg1KkFtGBOgy3/yKRbllsqrcn/CLSBm9:4pYBAun0rFWKYGBOgy3/XblOdn/hk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697033786, "uuid": "772cfde4-3fdb-4183-84d0-6f2c36c6dd89", "value": 438784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697033786, "uuid": "506d69ea-1970-4c21-aee0-f320ab39203c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033786, "uuid": "76df6d42-1bba-4544-8743-30ea46f9c39e", "value": "4e08d203d6b79f637ab3bf06d2959de4.bin.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f1c4abab-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066935, "uuid": "0e4be4d4-c882-43cb-8283-7df853fa3cd6", "comment": "Malware payload", "value": "5a695963b3a7fcfdf364c09a13677fa8", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066935, "uuid": "5a89423a-9859-46e7-b29c-c1c1582b4926", "comment": "Malware payload", "value": "3746c533ba6fbe93394a7e7945f801f6db8419be23607b533905e29e4c064a37", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066935, "uuid": "20b1b4bc-9fbf-4cbe-a778-bca410a1635b", "comment": "Malware payload", "value": "08edb2f35aa1fef443f254a394abc0fe1f7bc113", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066935, "uuid": "30cba0c6-a65f-4f9f-bf02-9c0622c61dc9", "comment": "Malware payload", "value": "115b31a5505c8ef5ae493b506562fcb6f6aef84ce0b4346ca390efe3009906df085f8043903994f53ddcd682ff411954", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066935, "uuid": "048bf455-def5-4608-8116-b79da246af14", "value": "T1687423232171924F67B62346F3B70A52BB5E004256E389D7293CC3607DF68BBA7B51E0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066935, "uuid": "3b1aff53-ee32-418f-9eba-8d455c66d477", "value": "6144:yUTqwaSnevV/eDihaC8LOQ8bs8Bw7SzkrT3G9xcbp4Fm2TQvLSQVE7QFi0EYMz7n:7uwaSpi+OQ8j++oFbuFm2OWQ610U7cQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066935, "uuid": "e733f983-b38a-49df-955b-897acccafda8", "value": 365782, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066935, "uuid": "4bf9e4ef-3bfd-41c3-a4a2-7e9dbda5b7e9", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066935, "uuid": "61abf840-c076-4fe5-b54b-576e980473b0", "value": "GOVZ0579_5541529.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fcf521f4-67e0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1696992650, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992650, "uuid": "08fa733b-1f7b-45c6-bccb-4d7d18f8fee8", "comment": "Malware payload (Amadey)", "value": "0f7186045e779a97d0e959e4bfb91c7a", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992650, "uuid": "5052d60e-3371-4fbd-a10d-d724355efb17", "comment": "Malware payload (Amadey)", "value": "37502b069455c4ea99836eddc27d1b1750a1120f3f5d1301643c0f35a19f8450", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992650, "uuid": "57c10f64-d7ca-4757-be06-945042bcf73a", "comment": "Malware payload (Amadey)", "value": "f262ed09198d266ca44149b4cc9dc454b2a62231", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992650, "uuid": "9c5b439c-5d85-4db3-84e1-ba33f1f8aa03", "comment": "Malware payload (Amadey)", "value": "59b861e21e8dd06b2f921a9c22e7350c65241a34703f8eda9b7c8fe06538fd5980174da76473fbb5fd9d00c6ad65bb54", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992650, "uuid": "ecbf658d-b3d7-44bc-b2e1-bd29140e3a81", "value": "T1C444AF1174D1C472D57315B209E4D7BA5A3EB8600BA24AEF63A40F7EAF703C1D731AA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992650, "uuid": "70f899e9-fddb-495b-baf9-612e68a8feea", "value": "06ede52fcc31e4900f4f1a7060fce645", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992650, "uuid": "a7022c31-a714-4a0e-9550-caed43453adb", "value": "6144:/mHQaFz5kyocx5/X/3SPl5MAOAiRRpvPk06:/mH5zWyoWzOiRfPp6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696992650, "uuid": "9709fbde-1b2f-413e-8e0d-a69e9e5fd937", "value": 274808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696992650, "uuid": "b6bd64af-e001-42b8-a32d-6648d2c121e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992650, "uuid": "13e11056-aabf-45b7-a62b-ad5cf7e6020d", "value": "0f7186045e779a97d0e959e4bfb91c7a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "855c706f-6873-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697055586, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055586, "uuid": "a41dcb0b-4f35-4746-b847-affc34aef1e5", "comment": "Malware payload (RedLineStealer)", "value": "1199ab0aed3a69bceb42e961ff115aaa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055586, "uuid": "e6b583d5-d570-4f96-90b8-deec4f36172f", "comment": "Malware payload (RedLineStealer)", "value": "377c74c7cf66e7c8a9c5ad324a412d1e49e11dc32d75835651d769b01d5811c0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055586, "uuid": "cb9f8fa1-a37c-432e-b654-a8075d38d671", "comment": "Malware payload (RedLineStealer)", "value": "52dc830867b40201e1cf32502f965d3062ec6ac5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055586, "uuid": "28679c50-e1d4-449e-a9da-afa1ffe7215a", "comment": "Malware payload (RedLineStealer)", "value": "fea2577a8118b799da93a3cded4316f00f341c0c45ee2d4f8673101db55a84da6f2d8b97dc93b2421f0df21302cd41e3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055586, "uuid": "4b5b57c1-8781-4abf-a7fb-9ab287b6969e", "value": "T123652313DAF95037D9B167B065FA0793193ABCB5A53CC3662B51EC4B0CB3285483672B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055586, "uuid": "dc501de5-539d-4f06-a05c-01ce10346931", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055586, "uuid": "c73f5906-3a7d-457d-a4a5-7baa275bbb34", "value": "24576:byd8pD3PsqqQZVc7+9liF1J/USYwlZr29AQCEj9nmb1YHycuMaZ9gS/tK+OjBRE:Od8l3P7qQL6+rkDLC9AQHj9mb1YvSZen", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697055586, "uuid": "6a5321ec-9349-4cb7-8575-94679aa6ec4f", "value": 1546240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697055586, "uuid": "8385bacc-8979-4cbb-95bd-65b2d19ea175", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055586, "uuid": "a83b446b-a153-485c-b95f-07d27cffbeb9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15a24db7-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052392, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052392, "uuid": "10d32c10-cc22-4efe-8c4a-b0bd91ea9004", "comment": "Malware payload (SnakeKeylogger)", "value": "8e7ebf1bc39efd667d217a01b3ff4906", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052392, "uuid": "ecc4c638-7616-4b47-8955-46ec11302d3c", "comment": "Malware payload (SnakeKeylogger)", "value": "378e803de5841cea84a1157ee59e6c64eb717674bded8dbcaa27621919552c90", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052392, "uuid": "6cd55fba-eb49-4793-a564-bf574e2d9d56", "comment": "Malware payload (SnakeKeylogger)", "value": "f1ca8a434bade6fc32ab7f1937406694197ff75c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052392, "uuid": "d837d09f-bac8-470d-bfa2-dab558b1d361", "comment": "Malware payload (SnakeKeylogger)", "value": "a64d900592eec6152873b7d7475bade0367269fa80953279c11b395d5ee7fcac38882570fa86ec430345d432b7e0135a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052392, "uuid": "1f517d63-1bf8-46cc-8778-f9a6ff24d72e", "value": "T10AC4120477A8A643EAA923741FA9D2B013754C0C456DE3B21EF47DCFBCABB139156683", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052392, "uuid": "3de4e467-1cc0-4701-816b-ec6033b3d7ad", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052392, "uuid": "966aee49-55b6-49ee-906a-1cf49918f38d", "value": "12288:lV5U8fX9KCkemw55kO3XEiNpXdSGvAeqNH86fh8z3GOOM:xftBp3kiRNh1va865i2OOM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052392, "uuid": "26882b71-79a1-4241-9cff-08d752cf71b2", "value": 565248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052392, "uuid": "147820e8-1b7e-4bfe-a324-55a5b8257f11", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052392, "uuid": "8189ecc4-6056-43aa-b389-1177f500f2a5", "value": "08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70ea3b0d-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051686, "uuid": "d8640211-a39d-47e7-8ae9-805878d90152", "comment": "Malware payload", "value": "16092864bb21b9adc5eb59c9b7a7bc9b", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051686, "uuid": "a0faf852-6e8f-4f64-9fef-f25992de84cc", "comment": "Malware payload", "value": "37f9cf259fbf18c03976d6639e6ff6411e926bbff354673eb23f264cb2f71934", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051686, "uuid": "75374762-6b2d-42e8-aebd-96e2bbb5c6ca", "comment": "Malware payload", "value": "52929b716e7b2d651077f4170500c27fe97bc31e", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051686, "uuid": "88a8c555-7b34-470a-bcf9-40bd96ffcaf6", "comment": "Malware payload", "value": "d0a426c842474052fcc02f33f1b5c9d2da872f806d0bb75fa4d11558040ff40c667ac615ed04c560fe504e2175dd113f", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051686, "uuid": "470318f1-a250-49b8-ab76-d4b0fe368be2", "value": "T1DEE433E0838562EFE731D5611A04431942D1B747D48A9D8BEED7491CC9B1EC78ECABF4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051686, "uuid": "1e14ba56-dad1-46b7-8a48-27b9fa9824a9", "value": "12288:8DIzuAcMl31kAG8B7TS038dKpTrwu2Xv5VxsKyoIDbJ0FKZ4qbFZhgBx:8DNANFkAcVdHu2XvvxFyZVp4qbFi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051686, "uuid": "01fa1b3d-73eb-4691-8e89-7cc8b268bae7", "value": 695114, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051686, "uuid": "7b3635e3-0b55-4b04-b0c6-eb0c4bd1126c", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051686, "uuid": "2a5a22e2-8a3c-41cb-af1d-6c47e7f90c59", "value": "\u0395\u03a0\u0399\u0392\u0395\u0392\u0391\u0399\u03a9\u03a3\u0397 \u03a4\u0397\u03a3 \u03a0\u0391\u03a1\u0391\u0393\u0393\u0395\u039b\u0399\u0391\u03a3.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5727852e-681b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697017713, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017713, "uuid": "5867af9d-1c29-4307-833f-08406f13b25a", "comment": "Malware payload", "value": "e802c420f9d3c70c78792f487ab801ff", "object_relation": "md5", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017713, "uuid": "ee686574-0fb8-4d7b-9c86-ae80ec450d2a", "comment": "Malware payload", "value": "3819b8f6fd3474a0024f6c72aa705040d83e2c135fd890c30a0c305e091fc2a0", "object_relation": "sha256", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017713, "uuid": "bd1ac554-a074-4064-944d-361e851797f5", "comment": "Malware payload", "value": "c5198437090fbc64c19102601e6229c179770920", "object_relation": "sha1", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017713, "uuid": "9649b045-83c3-4a68-a469-36cbd551545c", "comment": "Malware payload", "value": "0955080cf8c0414ed6d5284181e676370361bec9eb76e1180a0d3c0371dae06de71d0f71ccdd41ed68d8c487998648e2", "object_relation": "sha3-384", "Tag": [ { "name": "rar", "colour": "#504BCA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017713, "uuid": "e893c255-87e7-44d6-ad07-a4df144aa1db", "value": "T1FF14235F0442E6362F295A88FA304378411FB68B293EAD16F357166FD39818B738C375", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017713, "uuid": "904fdada-dd1a-43f6-acea-bee724acef0b", "value": "6144:x6+kCzMrVhFTAwyFNL4LSY+MBeQ5nUiseEdThi8eJbS:ZktVhBAfTY++eQ5nUa88m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017713, "uuid": "f3b9057f-9b78-4ac2-9883-69c95c88014f", "value": 206405, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017713, "uuid": "84d56f48-d4fc-4b03-af3f-4dcb311592eb", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017713, "uuid": "423b3a1c-63d5-4b25-80aa-a804e619f40e", "value": "k8dt-vs_n203-e1_1_8_csm1050139.pdf.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "273f1e3f-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050703, "uuid": "44ad442c-637b-4ee6-ad57-61a1e994f651", "comment": "Malware payload (DBatLoader)", "value": "012b2964fe008066e079467278efdabf", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050703, "uuid": "22128384-171d-409d-a29c-31a9e11eabde", "comment": "Malware payload (DBatLoader)", "value": "381d31d89f75917ee355a8864c7d0d90ef4b24e70929fb6b21437acf33e71606", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050703, "uuid": "97759bbb-8634-4ff9-b944-54c7eca50721", "comment": "Malware payload (DBatLoader)", "value": "a859ad3b1d634e1d9b5e0f7c7297a256344be961", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050703, "uuid": "023b2e62-81d3-4aff-935c-3a2114ce680f", "comment": "Malware payload (DBatLoader)", "value": "46f8eb0c9bfc271fdf1ec158b661b8982252284f364b83cd08a47a06d2415cfc0e716e2d441154ddc58aa5ec6378a3f9", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050703, "uuid": "687f34a9-dda1-459d-a0e2-8ce67521e94b", "value": "T1C3556CE5A2408C21D0367978CF5AE7D5052D7EDD6D068CCD4E60DACF2A69AE0B9FC063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050703, "uuid": "708018c0-6f7d-4cd6-a9b8-03ef68489b10", "value": "7b81750dfa561fad4dadd71b82d358de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050703, "uuid": "b91c289e-fbb0-4497-a5c2-9af48f51fa42", "value": "24576:iFoEhCKAXS/1+O9P1Bza+78soKoxm5OST6Iytld3BIwbgKcQrE/k2+7VN:iF9ii/1+O9P1BB8soKXx7ytldxdV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050703, "uuid": "7eb3ae87-c742-40ea-b42e-7e9efb9914b2", "value": 1300480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050703, "uuid": "a4d273a5-d986-4514-ae89-e14a967ba05d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050703, "uuid": "d7e087f1-5d7e-45de-a030-477c905cc676", "value": "Product DOC_MDR0307_018.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9148a8a1-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052170, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052170, "uuid": "c735b669-fde5-420d-bc4b-15d2cdc9d5a1", "comment": "Malware payload (SnakeKeylogger)", "value": "a3dbcf0dbcbb710e137414fcd5f27bcf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052170, "uuid": "f2cc7f13-964c-4c92-990d-c649c7412abd", "comment": "Malware payload (SnakeKeylogger)", "value": "38327cd0a5a677085faaadd0a4f4a38b21c2dad9c513b01afeab43f8aa5052af", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052170, "uuid": "b1bb8aff-2ff0-4172-abfb-2c9e291222b3", "comment": "Malware payload (SnakeKeylogger)", "value": "427e1235d337519ee46e9decb6745936bd841446", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052170, "uuid": "dc21b7ab-8c57-4d27-854f-b66193d070f0", "comment": "Malware payload (SnakeKeylogger)", "value": "933b1fe0c0b07144fde577cea7d1d8bb9e2769fdd51726099d62e524ed21ce9f71df805716464bc716515ff7691e72ba", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052170, "uuid": "2fdb599b-82be-4761-a8d1-d0ee5bcbddbf", "value": "T1B3156DD1B1908D9AE87B0AF26D3A643025E37E5D64A4C10C5A997B5B36F3342209FF1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052170, "uuid": "4c9b7a44-bc5e-41c4-a4a6-22ea8a165cc4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052170, "uuid": "850267fe-1c4b-47ea-8da5-3e56f9df7fe4", "value": "12288:wDX9KFTEo3krilATDZhsINvGLpZnK631NhLdFt5Yz:wDtqTEo3CrnsKGpZnKWZt5Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052170, "uuid": "de22689d-6a0d-42ca-9e94-82845252a162", "value": 921600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052170, "uuid": "b4d1b954-f095-41f6-8682-e49a35a31f84", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052170, "uuid": "05a40e52-82c5-48ed-abbd-f699a006025d", "value": "sipari\u015f formu_831519.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "97ec8fd7-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066784, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066784, "uuid": "85ba4eb6-7cf1-4ef0-b5eb-c1b94873448a", "comment": "Malware payload", "value": "7a834d4052bb802d1f8ce3c3b31b815b", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066784, "uuid": "0371abd5-fc4e-43ed-8b16-f6ddef4fa7b3", "comment": "Malware payload", "value": "38335cb1d4ad5c72e7ce64150124f0b60ae1da38d862ed40b6a5a2b92b7ed0b0", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066784, "uuid": "44862326-0507-4b58-82fd-3b04c792880a", "comment": "Malware payload", "value": "80b2630f4fcfa6bcf30e924aaa9c9865ba53d021", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066784, "uuid": "9504652b-f5f5-4ce1-a5a4-e1cc1f8fb527", "comment": "Malware payload", "value": "4dbfdc87a4e32d1bcccfa73370b33dd9c48fe99d14e887fa97a4f4ff056ceef0ff7c2ea977bd9389cfdc8d94a51761f9", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066784, "uuid": "6019b6af-4ec4-434e-a253-1aa6b5227e78", "value": "T1ED7423F3996F98CAC34910F5EC8979047FF5BB1A539F3B496B42985E0E701E400B1EA6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066784, "uuid": "8901edce-2167-45cd-a62a-27b203c9e49f", "value": "6144:en2lm2O1P/XSet58WG3lWpYzn9RFgSrE8H5B75EUjaaTgzhLynmmOHsndG:6gm2OJ/SesMGY8H5B75EFPWrOMndG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066784, "uuid": "39efa3ad-d1a9-413d-a085-162a847bcdf9", "value": 366076, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066784, "uuid": "0e774897-63be-40b6-892d-d482005958a6", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066784, "uuid": "3fb798be-1984-457f-9969-727d754aba84", "value": "AHNV3568_5761796.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33e747fe-6810-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697012929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697012929, "uuid": "524d7cdd-fd58-4d67-add9-0720a0e26917", "comment": "Malware payload (Smoke Loader)", "value": "81b3f1622bd17dd42a0dab4ccac7e28c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697012929, "uuid": "93591d6a-a451-4869-ad4d-327e33d397b3", "comment": "Malware payload (Smoke Loader)", "value": "38ca03f3e5bf9c4b45789d786b4ace3bb805df322b821f66bea8132c92fc1eea", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697012929, "uuid": "619b7dd8-8662-4765-b26c-43a6d772f9ec", "comment": "Malware payload (Smoke Loader)", "value": "29664760094d3b211d1ea7e7c2083c54462c4561", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697012929, "uuid": "cfc00c7b-75df-49c5-9b63-775bcef630fb", "comment": "Malware payload (Smoke Loader)", "value": "6814ae8a6fcbf781c04638091bd615291f0ed14f299710ebb469d76013ada297227030fad3331c1e434e111cbb3767c9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697012929, "uuid": "8d4b92bf-89e7-4fbf-abb9-fadccbd4d1da", "value": "T1CE3523A3E7DC4471D8B62BB05EF60393273A3E916D72C35A1756A42A5C73A80B471F0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697012929, "uuid": "ffc5210b-6dfb-403c-865b-cc26d2186005", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697012929, "uuid": "7657fd09-89c7-407e-9f68-8a916a968f66", "value": "24576:GyYxOIGbdsYZ5c8y2dUwKLog+qU7e3HTpi1R8OgH:VAOxSWRy6UwK0g+zejpCSO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697012929, "uuid": "ea0b5d72-7ca6-4f6d-91b4-d03aa86f5141", "value": 1067520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697012929, "uuid": "baf48e5a-44ff-4086-ba84-b036aa95f470", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697012929, "uuid": "3223ea09-1c48-493e-bdfa-10ebf6b08b18", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e8a9969-684b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1697038233, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038233, "uuid": "8ef495b3-da13-4831-85f4-ed406dd13001", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "92d699a4fdae6075ef29d88b8819a99e", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038233, "uuid": "060efb52-2c82-4756-a048-2da03076ce38", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "391706a40cfac92148b8c21f3eeb07101dbe69a931d2b821e2eb77dbe9bb0c07", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038233, "uuid": "a2aa4e24-a6d1-4e45-be0c-b98379f4e281", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "35d3548de5dcd466aefd6c0a1f3103de0bb2fc7b", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038233, "uuid": "0ba90f4c-2953-41e3-8e43-764106cfb43b", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "8ccf990ed5fe35010fd2f31025eae670ab46ffde3b174197a93bf11eadf2d94f4e4b51daa2f165b6208c0cece45ac7a6", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038233, "uuid": "e4019c9f-56a7-47bb-b77b-f2dc91032794", "value": "T10434BF16F993D871C44740348824FAF8763DBC629AD9898F3B583F6F7D312526B6A270", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038233, "uuid": "40827250-2bac-44dd-b54c-affed8165803", "value": "987d26efaba6f21b1152f94099a2d2b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038233, "uuid": "3d8f7b15-aae3-45fc-88f8-b33a34f65607", "value": "3072:TX5T4YMANtKZ0KM/Qe93GtTBje6qSXH64Ppip35PeTy60:LVNtk0K0X92t9CrkHZPCleTh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697038233, "uuid": "519484cd-fa83-4732-a0d9-d1b6738622ea", "value": 230400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697038233, "uuid": "f5c2e3c1-deee-4548-bb41-8cef8f345f4c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038233, "uuid": "fd3644f0-800c-442b-8da6-a13b04b939f9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49d36d2b-685a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697044749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044749, "uuid": "781f3ca9-eaca-4573-8e88-5c14a7896443", "comment": "Malware payload", "value": "f6732c4d65472b4a6be00db4dbd03f35", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "windows", "colour": "#2DEF59", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044749, "uuid": "ed47f8ea-79ee-46fb-9430-8f1156980f16", "comment": "Malware payload", "value": "395a9a2c469c6b79463c210d230f1b8911e65c88dc5d7deb24e002735d6dcbae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "windows", "colour": "#2DEF59", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044749, "uuid": "7075b9cf-125c-4c1f-8f01-332ead31cbfb", "comment": "Malware payload", "value": "d9598e8f3083d3cfb15a5257427ab847d394c7ec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "windows", "colour": "#2DEF59", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044749, "uuid": "e2ba1d9b-3523-4caf-833a-e2bf89588daa", "comment": "Malware payload", "value": "e7ac222d80ca5382eab76628a6111319680cdd44c4c6ea2a41284edae2810d1c7b06200cdb4b049252da36b45d41f7cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "windows", "colour": "#2DEF59", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044749, "uuid": "12bfc633-a748-43f1-8858-1b977a9a0470", "value": "T17B84F6017081CA64C8680578CC2EDAF52F267DE4CAA149F73AF17F7F7D74182A966A31", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044749, "uuid": "f6c95f49-22d6-41b1-b168-c03ed0aaca1b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044749, "uuid": "99bb4ff7-a77e-4817-ba27-c25cb5309108", "value": "6144:JL6qqOmG8vySMur0jWp3CpgLALDjW2qS+JQi9E3AAqgE:gNaU8Wp3wgEDMS+JQi9E3AAqd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697044749, "uuid": "50aff96f-8280-4b5e-94ab-7e366462b36b", "value": 392704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697044749, "uuid": "049e239c-2ac0-4560-907c-922292e476ea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044749, "uuid": "31cace0a-41f4-4fc5-abb0-c7c3b4489213", "value": "MonoxideTool.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9925b3b6-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697052183, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052183, "uuid": "f0cb8344-a77a-4605-be0b-c89ad73bc795", "comment": "Malware payload (Formbook)", "value": "7ea59b46c9050306dfc3b9bc6262bb31", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052183, "uuid": "bc1df6c3-386d-4e98-9897-85313ab4fffa", "comment": "Malware payload (Formbook)", "value": "3a452895ad493a3e9b36eab8dea6053ddbbc86954fcaa445e78f1df433b9298c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052183, "uuid": "e14212a0-5957-4e1e-b829-c0b391b99b9b", "comment": "Malware payload (Formbook)", "value": "547a32f15c255e86b9e3610054cad7bd87797f80", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052183, "uuid": "438199ba-a346-4ec3-936d-d7c4a20f1098", "comment": "Malware payload (Formbook)", "value": "484adebf9e7e3e0524a3bd39e53904566f8ee64262265557c5b51591c6acd5b64d1e5dff0ae07428988474cab1cc517e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052183, "uuid": "7c0667f0-512b-4d40-b28c-6a5a54dd94da", "value": "T168D4F14073F7C944F3FABA791DF1C94187BA75173542EB9E4E8162AD243AB818701E2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052183, "uuid": "8aeb4cbd-ee45-402d-921e-9ad71127271e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052183, "uuid": "771f4def-fd5a-4194-bb4f-8fc33496c11e", "value": "12288:zMYnQ3j67SESV1eXl8OhA90ZOaHnDi1dg8gOJh30gHv9oVYrbwnN2b39QaIGucZG:zBZOaHDKShM10NJ49/ZgZuZa9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052183, "uuid": "d8596502-adc4-4b30-976a-9dde338c39ef", "value": 610816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052183, "uuid": "44a26167-198e-40f6-9c8e-ae6fe1b891fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052183, "uuid": "32d685d9-9e24-4a5a-aa1e-384dab0b9a40", "value": "hesaphareketi-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2efa4bb7-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067896, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067896, "uuid": "67bde56e-d5b8-456a-9954-c8753b42e2a6", "comment": "Malware payload", "value": "730202d675eaf81bc96b9c9b1d6168d9", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067896, "uuid": "2ed5d471-4a85-48cc-9184-2d42cf276a56", "comment": "Malware payload", "value": "3a487d3f3cea6d0b055a46c6a2371de2631089400459617c554cbe263e045296", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067896, "uuid": "18109c23-f40e-4f07-b58b-ae74216a056f", "comment": "Malware payload", "value": "cd515aee1eab6b6ba97202f8426c208602194463", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067896, "uuid": "db37a782-e8af-4517-82de-7f7ca7bc38ce", "comment": "Malware payload", "value": "92c6ccb40c06a6494e2a84f12d9711ae67a7f38e418161cfefe9dfd24c912ece4af60ab754cde343cdb6bf3288152fb3", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067896, "uuid": "9df0fe9b-5327-490c-82b7-bb545545089f", "value": "T1B1259A3263B22F3CA278FBF600DD154B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067896, "uuid": "8c25b031-6f0c-417c-923c-ec56bba94956", "value": "6144:S9au8yx1oVR1cLE79fjlVy4YN+12CBeqv4iJQTTQOUO9M8byg/TcpMjHM4c1EECR:SR+Vatk+TQoM6sBO1Za+T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067896, "uuid": "2a6720cb-f82b-49bf-971d-167952328bee", "value": 1036550, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067896, "uuid": "95b7c5fc-e948-4f6a-8745-efbc704e712d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067896, "uuid": "eaa7e9c4-39b5-4c33-81b7-8b419c10ea76", "value": "document[2023.10.11_08-07]_4.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "03d05ef0-6844-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697035182, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035182, "uuid": "eec9fb60-a616-4542-bb02-85369fd86606", "comment": "Malware payload (Amadey)", "value": "010a01d7d42e46870c9b44781256dcc8", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035182, "uuid": "912ea312-2cdd-40bd-9775-a63f231ca91c", "comment": "Malware payload (Amadey)", "value": "3af504bff6826b81d0093b8d153643afb6e86d78db4dfc2cb6f9574ea14265d4", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035182, "uuid": "a9ace1fe-cd2c-4510-a350-c2875cc0e0b5", "comment": "Malware payload (Amadey)", "value": "585c7bb3bd4283ca5ed6a508a8e259fc7ef3a24e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035182, "uuid": "be961056-7c8a-4f93-8988-cc06b497dc8d", "comment": "Malware payload (Amadey)", "value": "6a40328730a13ff33890825581a067f17f898b351fc9d12b90ba099b6b3719b7dc0d0877a9579d6bc26139fa06d96ed5", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035182, "uuid": "8cc71749-f15f-492b-bd97-aa565e138b52", "value": "T19A75BFE43A491E69E039A37DC6D65049D3F474E35363F8873FEF25DA072290AE603869", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035182, "uuid": "ebdde183-19a9-4a02-8214-fe8c94fb28c4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035182, "uuid": "54daf688-ea16-47b4-be84-57de1140d09c", "value": "49152:+gN6XN/aS+kGbFIwlOpY9/LiE4eP3hpjosI:LN6jmIwH9N3XjosI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697035182, "uuid": "f8f7e120-df50-40be-85f5-8d06774dd787", "value": 1600504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697035182, "uuid": "ad40a029-ebf3-4602-b9eb-a7178dfe72ec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035182, "uuid": "fa0ba31e-8409-4864-9754-ebd79945730f", "value": "SecuriteInfo.com.Trojan.DownLoader45.64390.11775.10864", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87042272-6802-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697007055, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007055, "uuid": "0934c5d3-d167-4995-a13d-cfa2a34f48ea", "comment": "Malware payload (RedLineStealer)", "value": "1fd7d57a7ab199711e5c36a88f998433", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007055, "uuid": "2ddb6083-9630-4df8-8072-79fce8c16776", "comment": "Malware payload (RedLineStealer)", "value": "3aff0ef81a06ae312413d45a749cb4ea43864654e7b4deea3887d9d605525654", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007055, "uuid": "800e53d5-4dd1-43e7-b200-4b0ac28335a5", "comment": "Malware payload (RedLineStealer)", "value": "ec480dcb5bad45525da51e44e228c3f36e6f2769", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007055, "uuid": "74a4501a-c602-46fe-8a74-de04c5f5fd83", "comment": "Malware payload (RedLineStealer)", "value": "f3ff7951c29bf728183322a332c74a83c415f0e9f9e7ad60d5a81c9a4bb59cfbf8073bdd670764e32f3654524e5c4a8c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007055, "uuid": "bc6f70ee-2a4b-475c-a419-1a28c722bb20", "value": "T1F044AD11B5D2C432D473153209E4EB7A6A7EB9614B614AEF67E40F7E8F302C1C631AA7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007055, "uuid": "aacc9760-2d93-4c90-84a2-0e068651ddf8", "value": "ec52118c8f3a38f5cc07e496f7fb55f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007055, "uuid": "8195e90f-d6bf-4c12-aec4-5c6ed06d7b95", "value": "6144:xDKfTqHz6GV3Dmsiwyf0LvfhYuJAOvr9ri3Clp6dAQrQS:xDK7QzZV36YLquJB9ri3C7yrQS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697007055, "uuid": "6736fd81-e2a8-405d-b14f-8019c17484d9", "value": 277880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697007055, "uuid": "8ccc0a1b-d1aa-44d3-86c4-ec30a5abd0ed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007055, "uuid": "d430e06a-1666-4728-954a-5d200c8296ef", "value": "1fd7d57a7ab199711e5c36a88f998433.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70d414df-682c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697025057, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025057, "uuid": "f5c9fbb5-b31e-449e-9e2c-d583f98a787f", "comment": "Malware payload (RedLineStealer)", "value": "a0c359f56064964353645093911a7b92", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025057, "uuid": "c7caa068-4a80-438c-b1f2-1bb81d48bdf4", "comment": "Malware payload (RedLineStealer)", "value": "3bacf224bf0f884ded8c0bb95c69143741ad7230545f7e4ff464848bfe24a031", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025057, "uuid": "d79ba52a-1bb9-4981-8426-a5dde8fb7c8d", "comment": "Malware payload (RedLineStealer)", "value": "0969bce922fe565c1f511b42f9867ecb88a66067", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025057, "uuid": "551c5ff4-1e8b-4671-a5ea-70d6a09d3c0d", "comment": "Malware payload (RedLineStealer)", "value": "c7b5f50b058d3bad529529bbcbcd0a0712ee8fa8adaeb2b69fa521084a497a0b10693b4ca5daf077330e869db8993da2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025057, "uuid": "caf9593b-ef92-40bb-903d-cb8fcec3dec0", "value": "T14944CF01B0D1C472C9B225360DE4DBB55A3EB83109A699AF67F80FBE4F34385D72176A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025057, "uuid": "0872cbe6-a596-4caf-b756-a5324d7bbe61", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025057, "uuid": "3fa92fe2-67fa-4380-8e83-be44e246f9cf", "value": "6144:5CumaZ0Gm8XTX/lbXat6ULk+j5cNAOqHj8enxIan5:oba6Gm8DX/8CAHj8vs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025057, "uuid": "c1481f9d-8565-4f14-9536-4b31ba5250a0", "value": 261896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025057, "uuid": "b8307094-0bb6-4002-8fa6-95bd1d472c91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025057, "uuid": "79bf65fa-4421-4918-98bc-1d78d33b7a58", "value": "a0c359f56064964353645093911a7b92.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "589e7129-680a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697010414, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010414, "uuid": "56237969-c521-4903-8f29-c6b121baec65", "comment": "Malware payload (RedLineStealer)", "value": "510f1c6038e432ad5c518c8e0127725a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010414, "uuid": "02813699-f74f-4039-b4f9-9febbd160c20", "comment": "Malware payload (RedLineStealer)", "value": "3be66e25a5015f26365c28290d97feadd4748be5391297100617c1ad11c8f204", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010414, "uuid": "4cba6d22-e062-40e5-8aea-ba79fa243aec", "comment": "Malware payload (RedLineStealer)", "value": "68bb3cd823733e17232e5f18aba5471d9b813c7f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010414, "uuid": "09b35856-b097-41ed-b80d-f266c9241fde", "comment": "Malware payload (RedLineStealer)", "value": "596c6244a52317f83b9b430c7d89f5866f2805c9afecea03d68c5d3f61c40af1eacd1c7c800fd8ffbccedaff83de05d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010414, "uuid": "c5474eb7-fcdf-4bf1-bb8d-84e0b4469009", "value": "T1B63523176BE4C473D8B20B7054F623930F39BD50D9B483AE2361AA990C73795A9B173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010414, "uuid": "99751b26-0993-4471-8d86-3b72174130ba", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010414, "uuid": "47ab1f0f-e550-428b-8aee-0a4c579f4895", "value": "24576:jyxPr1Fc6rZSbleglQZSL8NOgYI12T6PTkf7V8kQUUd:2xxJrZSblDlQjNOgYFT6IfLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697010414, "uuid": "231e5fa5-db31-4a53-8c6f-71d7fae16aac", "value": 1075200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697010414, "uuid": "db92c21a-f8d4-4e95-9882-dac83baa043c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010414, "uuid": "5900f721-0fdc-4bf0-90b7-f68de8dd5244", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ddbe0488-683c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697032112, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032112, "uuid": "470bf9b8-108e-4dbe-a1da-d4282e56c07c", "comment": "Malware payload", "value": "de7f6376ef7f87051f09e71dc9e138b5", "object_relation": "md5", "Tag": [ { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032112, "uuid": "fef29ff2-0de0-4ec0-8bdd-0f5af7921452", "comment": "Malware payload", "value": "3c191a9e18ddd5140be7b8af77f9a72c103d2e638f591046cca35b6c89b4d7f8", "object_relation": "sha256", "Tag": [ { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032112, "uuid": "6d7347ff-e1bd-4312-bde0-b303d252c4ab", "comment": "Malware payload", "value": "da41cdd7fa1623d74b5daff86559816f5d74cd2c", "object_relation": "sha1", "Tag": [ { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032112, "uuid": "9c12e526-7f9c-4fc6-81fa-ba8f889f1240", "comment": "Malware payload", "value": "bed6bb384f0da4d3ebfff2f3bb864e1529f734a9780d5cbfaf458ab23cf9e3fa814e7db7191ae1ca7b09581cc91fb505", "object_relation": "sha3-384", "Tag": [ { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032112, "uuid": "5c152170-ef43-46b1-8b42-67fb9cff1f7c", "value": "T1D201C0410623226243B243773654D996DA6E427FC3446B05B4ECF0877B7CD1E4AA5FBA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032112, "uuid": "d7690145-6c67-43d1-ad68-4871e383d59c", "value": "12:oQ1Q5HWv47KBL5/IIurfFsROK2GogQevS1MnAQrBo2VuSnfLNezM5Li/nZj:oQ1QN+GiL5/Lg9sROEogQ6AQFo2oSfLc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032112, "uuid": "ec5db88b-c38c-45fe-8755-5ecbb7d7274b", "value": 756, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032112, "uuid": "edf244a1-312f-450d-b1de-efc7ceb3ebf9", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032112, "uuid": "c4cb2468-3ff1-45d3-bb41-7f5aa010854b", "value": "de7f6376ef7f87051f09e71dc9e138b5", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "58495c55-684c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697038760, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038760, "uuid": "a8904297-aa5f-401f-9e5a-a5f4e3493e6a", "comment": "Malware payload", "value": "7981e2f467362b08d22fad773e24df3b", "object_relation": "md5", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "strontia", "colour": "#7ACB24", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038760, "uuid": "0b40b7f1-198f-4ff0-9e3c-2a6f3e114419", "comment": "Malware payload", "value": "3ccf4a79e6dc06def1c928e1378a9ea64274089d0d6c4da758d0c9acab20324e", "object_relation": "sha256", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "strontia", "colour": "#7ACB24", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038760, "uuid": "4aee45bf-6747-48a0-9bce-4cf39ec2ee89", "comment": "Malware payload", "value": "3cd4952c6b2c192a41f7f625d9b94d27a869858e", "object_relation": "sha1", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "strontia", "colour": "#7ACB24", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038760, "uuid": "39be6c44-e2e9-44dd-b923-61a98b3eccfe", "comment": "Malware payload", "value": "fc0d62217b03a21939d0781bf17b5ee6fcdc57046c691d9d77affc8d60c821625a989fb278f9ea8110dbd372418ebdd1", "object_relation": "sha3-384", "Tag": [ { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "strontia", "colour": "#7ACB24", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038760, "uuid": "bf940b19-81b6-4c19-8eac-65bdae0f8726", "value": "T11F753302FBE9497E74439633954AEF1BA5F8420007047443B9BFD69AC38A6F5F2B50E6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038760, "uuid": "88264584-e301-44b8-a2c4-3a7874a70502", "value": "49152:0Y+ACumdRqBUaTKb2ZrpuoFsncXjkBTRlCHkH9MEniWm:0PxJowb2dphFsnmjkBTiHkH9DY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697038760, "uuid": "9fc8ac3f-649c-4755-88c2-c7b5cb4081f9", "value": 1619796, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697038760, "uuid": "e4510adb-f48a-4e6a-b1fb-34404ec607ed", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038760, "uuid": "7458bcae-8fa4-4b4c-a028-6b439463f907", "value": "Bur_Oil_Company.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ab3d377f-681c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1697018283, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018283, "uuid": "8d3e974f-1410-4dff-bf48-ef0dab657a7d", "comment": "Malware payload (IRATA)", "value": "42e72c04545383f1e810ca4d45d15cde", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018283, "uuid": "d80fd376-a2e1-45d2-8928-813e69a105ca", "comment": "Malware payload (IRATA)", "value": "3d65434129914da7fee77b9ebea14146d19dc9a318b425632c93be2521b0d7e1", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018283, "uuid": "869f2e77-c81d-4fea-a628-23fd787b4fec", "comment": "Malware payload (IRATA)", "value": "169e1f6f81377846f287b3fb767662cf8ff24d35", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018283, "uuid": "e08fdc7b-a2d9-4dd1-a0e4-9366e7f35ddf", "comment": "Malware payload (IRATA)", "value": "ee273e2b6f91ce158c7ca730b8ba3306d5587ae7dcc7aa78207f54a0f2e84a6ffcabd6959d3bde1bed39aaabfe85fd86", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018283, "uuid": "f856aa5c-f75e-46de-af7a-57bb8914767a", "value": "T15336CFC7F7D4A95BC4F39332827657A651074C264B83EF8B6D04367C28BB9C01E5AAC9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018283, "uuid": "fcbfdc69-a909-405f-927b-0ad73b914105", "value": "98304:8a0a4+MN8gLCrgDJsMsnn+hB/euTKzWcAI3:8a14+YLJsxKTKd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697018283, "uuid": "7364835b-3dae-4562-8c40-99824522a946", "value": 4950002, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697018283, "uuid": "6d01e705-7564-4468-a3be-f896cc878b05", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018283, "uuid": "5afed5ba-9130-49ef-befd-106876985d16", "value": "app.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "958b663d-67f5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697001496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001496, "uuid": "fefe26cb-ca0b-4785-92fd-73299df07f07", "comment": "Malware payload (Amadey)", "value": "bfaf64f9f76d585babc5513250fee308", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001496, "uuid": "f9167dcc-0ae2-4f94-afbf-26e3d1d9cd2b", "comment": "Malware payload (Amadey)", "value": "3e834f3482b60456e7d849e1cf4df2097eebe421356294c06514a3a56acca1a3", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001496, "uuid": "b75e0bb9-0ef0-4c0f-8475-022904a9fd50", "comment": "Malware payload (Amadey)", "value": "61b820e84ce881e729eb77d884f9d207e96a7557", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001496, "uuid": "d0bee9fc-7330-4740-85da-ddf54e028985", "comment": "Malware payload (Amadey)", "value": "7be4d707392f96ae144527ed24635a0839c63b7b8ed6577cb8288b161d7d3dad1b467fb218801f690713c3a08a936be2", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001496, "uuid": "6e4ba849-214b-4160-b3fa-c8146581a88f", "value": "T1E635231763E88073D97617B068FB2393267AFCA4A97547672291FD1B08B26D82D71333", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001496, "uuid": "9b081899-e4ea-4a43-8d12-9dc33a26bfc0", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001496, "uuid": "bad77008-775d-417f-aea2-16f6a8679498", "value": "24576:Py4T+yvjsG3x15/eEqUv540ATQn9adNKZ1Vmh:a4TFrsG3JVv5bAq9adNq1Vm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697001496, "uuid": "7eba6025-7e48-4a10-9536-7f03900f65f1", "value": 1125376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697001496, "uuid": "36a429d0-0346-42b6-9fdc-3165b6fe593e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001496, "uuid": "064ef6a1-1bb9-4c40-be69-b34253c91ddd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "96579c37-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052178, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052178, "uuid": "7f2470c0-aa2d-4e33-b53a-6e06b9406f40", "comment": "Malware payload (SnakeKeylogger)", "value": "0862f3721231b5ae6187d21bdd7d10bb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052178, "uuid": "2dddf051-853b-48fa-93c0-0916a78c73fd", "comment": "Malware payload (SnakeKeylogger)", "value": "3ebe00bea5ef09413106adcf450e6b52979020f11d6a5e822b9dfb94e187cfb5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052178, "uuid": "59985fd0-5c53-454b-9949-f54497af64c9", "comment": "Malware payload (SnakeKeylogger)", "value": "bc27a6025008226f287a9437fbf9b0a7cf4a124f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052178, "uuid": "9e616ff1-7aa5-40b2-8810-e0a494d066a3", "comment": "Malware payload (SnakeKeylogger)", "value": "1a76bdd58b1e05c0ab048176b1dacd86f656dcffe41ec01c8e03331802c920bd1fc6e0da6c785e2dc3ef1d2a2a4671b8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052178, "uuid": "54260ec9-d389-4dd1-9549-6a63cecb603a", "value": "T129155CD1B1908D9BE96B07F1AC3A653021E76E9D54A4C10C5E99BB5B36F3302209FE1F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052178, "uuid": "904ec6f1-22ef-4ca4-9a50-2a583458c5c0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052178, "uuid": "80c7d908-39b5-4315-bfed-4ae869f38c6b", "value": "12288:2xX9KFoUXsvxb6Y1IjSEPwvSBT9nQeLrFv8zA1VEo4EPSdRfDx:2xthUgemIjSEPwvKTtLrFX/K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052178, "uuid": "7398b79d-9dc3-4c82-9d5c-555df6f2302e", "value": 897536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052178, "uuid": "ff0fa331-7fa1-4eea-a162-5277dca97109", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052178, "uuid": "441dece5-a12d-41ff-8b8b-c7fa68c4fc7b", "value": "sipari\u015f formu_831519.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b22a966-6835-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697028886, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028886, "uuid": "0ed324b8-0ccb-4a26-8e9b-a146e4eacfa9", "comment": "Malware payload (AgentTesla)", "value": "89dbaeda081c59fe1b0848a2defa634a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028886, "uuid": "1144c0f3-925a-4b24-bce5-00068a122c48", "comment": "Malware payload (AgentTesla)", "value": "3f58941384220ef9ed6d58fec255b96a08e1b60db39375764bac633a6c5c00de", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028886, "uuid": "cd903eb4-ac43-4187-ad07-0668a9be93f9", "comment": "Malware payload (AgentTesla)", "value": "9a10be2b7530674c33b9e0bab4e218000520b668", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028886, "uuid": "4341d0f2-de2b-435e-a4b9-2f154a996f48", "comment": "Malware payload (AgentTesla)", "value": "5a357d5df7c983493d6ae7bd52d61437ae18d58d5323a67ea732e7b20d2daa4c0ba7f80f4fe9980a5490d13aadbbacc6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028886, "uuid": "f75f9de3-f239-4a9e-a611-f719c448384b", "value": "T119358BDC3550799FC957CC76CA582D24FB242ABB470BD203D12316ADAA2DA8BDF141E3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028886, "uuid": "f89012fe-4b61-4faa-aad8-3619164ff7f0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028886, "uuid": "fb8bd034-b675-49bc-acb4-17c82431d4c1", "value": "24576:dRrizMqqptoo+2PIMnZiq6KS9sB9yGNQQn6Iq+:8M/too+QIeZiq6KS9UK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028886, "uuid": "40a9a243-7c1a-4e3d-9eb4-6beb9331be34", "value": 1076736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028886, "uuid": "1e3dd719-9168-4c41-b6ad-4ea5ad9216e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028886, "uuid": "0468eb31-db40-4b81-93d2-7ebb9ef0f7de", "value": "3f58941384220ef9ed6d58fec255b96a08e1b60db39375764bac633a6c5c00de", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec6b81a6-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697050605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050605, "uuid": "8e21761d-9ddc-439e-a9b7-790c10139950", "comment": "Malware payload (GuLoader)", "value": "078d0541de096fea0f56da3f9829fa52", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050605, "uuid": "962a8ea9-1080-415c-880c-d1f24e76c392", "comment": "Malware payload (GuLoader)", "value": "3f6a9588bdb6d6029f394cdd368a8e31b65766043eb66853990109f1fbd2941a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050605, "uuid": "16e4df4e-b939-4c55-be09-8fd31753e717", "comment": "Malware payload (GuLoader)", "value": "fd1e84759f4aa387324aaae99d2d87c754ad5c64", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050605, "uuid": "d265143a-9227-4572-b313-a146e8a545ec", "comment": "Malware payload (GuLoader)", "value": "f8bd09e68e2f7275b6415cf4a0f141084dfdf0be6bc30350b77f633314d9f1285de9e02e302f49acd8d17f5ebaae16f7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050605, "uuid": "d68c5afd-2ce7-4435-8977-134a4c817d5b", "value": "T106E4015D7F64DC86C9B15871F9A9FFE2B22E6E41DE81528772887BCCAD316810C34A43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050605, "uuid": "7da5149d-9bf1-4f70-8efb-0ff342962e6a", "value": "7fd61eafe142870d6d0380163804a642", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050605, "uuid": "31cef59f-a526-4348-8a23-9736cde35164", "value": "12288:Xt1WjIsnQw4TJ1LNeCBhiJ37bivMeyp7nZ02N2+XKWN9+SpHe7ZF4o:d1WjIOMNN9837Mb07nO2NlXN0SpHeNFb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050605, "uuid": "cbd08b10-0f1f-459f-ae3a-d6daa88f67c6", "value": 717320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050605, "uuid": "3268004c-4873-48a8-8f3c-1a8842b95e8b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050605, "uuid": "e0935c76-6647-4dc4-8523-a54f4b04c49b", "value": "CONTRACT Nr.50432-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17ebf670-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697050248, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050248, "uuid": "ec31dd69-03a1-4aba-b3dd-be54d85025e0", "comment": "Malware payload (RedLineStealer)", "value": "ac33b7fa565862d4c08acc4881b30239", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050248, "uuid": "4f32cfc1-5f83-4f99-ad7c-b6835870996b", "comment": "Malware payload (RedLineStealer)", "value": "3fac06c5350d8d7ea32675c3a0a773019c29af564c938ac3ec33e358552d9c8a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050248, "uuid": "d3f4822b-b632-4da2-93cb-6a4962995e26", "comment": "Malware payload (RedLineStealer)", "value": "3a76382f59246dde865b802018a6ffde3f5fe36c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050248, "uuid": "60f81f29-8716-4d74-bd17-d5ad15cebd8b", "comment": "Malware payload (RedLineStealer)", "value": "b9a8003506c9ee8da1024a8bc609d96c2898db02efe41765e280da694ef59a26857e6c6136e39e7974fac69f1196cb0c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050248, "uuid": "6580cd5e-e5ac-466d-a093-a2a9133607d0", "value": "T145652392EBF69076C8F123709CF606B74B3BBD639874834A3659ADAE0C72560547037B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050248, "uuid": "1f03999d-91b2-4648-90e0-d1d73815ca4c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050248, "uuid": "0e418ebd-3ad8-4efb-8150-6b9aab204caa", "value": "24576:7yobDI18105/BOIZm7KCFi+KtTi6YxJZT/tH5V4PgxkHxPT1y/Z3H/LeAYNH:uoIL5/48wKcxE+fnqgyxG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050248, "uuid": "fe9f7617-0bf5-423e-bf84-53d070e95790", "value": 1545216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050248, "uuid": "c405afc5-396b-4b47-a76b-4e8c54143938", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050248, "uuid": "05063982-dc73-4ca2-ae30-f5d87c5d0216", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1b018bc8-67ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696997425, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997425, "uuid": "afd3eea1-a303-42c0-a20f-e6da69c5e4f8", "comment": "Malware payload (RedLineStealer)", "value": "1da59c190358a8ffb0e4edfab4283b85", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997425, "uuid": "a5088b06-1a90-47d8-ac65-37bfff08cf42", "comment": "Malware payload (RedLineStealer)", "value": "3fd41b22ef72d277ab7314021809d5def44b51f10dab94d1bbb5a533bfd22a7e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997425, "uuid": "6fb57041-d144-4a8f-930d-fe83a7712967", "comment": "Malware payload (RedLineStealer)", "value": "38888d8d8682477dd6efb6f35c79021850d479f6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997425, "uuid": "549cd00e-6f17-404e-b036-3f292decb750", "comment": "Malware payload (RedLineStealer)", "value": "f95d41037bec138f64c5836e41da1bbda98e57c473285de79f156ead96f0e600d728f9a5f274e44bbc6b24409e295aff", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997425, "uuid": "c9d3d39b-03e6-4aaf-b2e1-24821602aad3", "value": "T1B8D41243FAE48037D9B83BB064F607C31E35BD942978871A37866C9E5C72584A93673B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997425, "uuid": "b7eb47de-cbb7-4f36-ae8f-82334df75b17", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997425, "uuid": "a2c17bff-ce21-4318-b296-e55784e894ad", "value": "12288:tMrDy90WM4FuIwEjzu6R2CA9VEzX0VlsNOkqkZkP9FRv:ey7M4FFwE26R2C2E70cLZU9FRv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696997425, "uuid": "cf975568-5738-4b77-ae94-6a558b98d204", "value": 620544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696997425, "uuid": "d71ce789-a870-444c-b605-8e6516649f7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997425, "uuid": "b9cf8914-5c02-4e98-b1e9-2e82d64961e8", "value": "1da59c190358a8ffb0e4edfab4283b85.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75cc2a2a-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050835, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050835, "uuid": "c90e68f3-e9c7-4cb7-af92-3fb43c44f755", "comment": "Malware payload (DBatLoader)", "value": "f4a366dcac8b11a7dfb5279c2332b370", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050835, "uuid": "8bb8b02f-04ce-47d3-b705-d5d6719d94f1", "comment": "Malware payload (DBatLoader)", "value": "3feb7b95494db81ea47763a9d772e6eb8c8b2bfdf5aeec3a9282c203482839bc", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050835, "uuid": "ac229fa6-c9e6-4231-9f02-bc405cde5a5f", "comment": "Malware payload (DBatLoader)", "value": "12a874fc1f1e7a6dc3a9c5c831b360de2efed4bd", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050835, "uuid": "24381937-508b-4fd2-883f-46b3e2f3df29", "comment": "Malware payload (DBatLoader)", "value": "c0ac01678af1b24708904c697df19f89814b331aba2b257b1441df28e780b2b4c5a1f9676f5388045464f9c50d6cd626", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050835, "uuid": "21626fed-2676-448f-b3f8-041ddd6e65f2", "value": "T13F356B34B3B118F1F56676B5DD06A7F41DFF27AEA904288992793D5B2CB27812E1002F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050835, "uuid": "f6cf96ea-7033-46a1-a89f-c12c452f84bd", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050835, "uuid": "22d3343f-bb7c-49f1-ac7f-0de4afa8ae5f", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5K:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050835, "uuid": "28fdb922-0dfa-4142-adfb-fd7f3519e74c", "value": 1124864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050835, "uuid": "4fab62dc-cb08-49da-9486-7a0dc6ec5b67", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050835, "uuid": "976d75eb-8671-4deb-9c27-e59eb1adec54", "value": "deposit g.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eab7517b-681d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697018819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018819, "uuid": "098406c2-ac7a-448e-9ad0-97307d2f0acf", "comment": "Malware payload (Smoke Loader)", "value": "b34aa61738f03ba0bb2c7db303f056be", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018819, "uuid": "1eecba3d-d733-48b8-a47b-6db120dc5a2f", "comment": "Malware payload (Smoke Loader)", "value": "3ff20844cf25c1a7745f5a06ba8c681b4b203c46977b21d4b5b8303d043e13a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018819, "uuid": "2623aed9-349a-4e4b-b0e5-1770251e0347", "comment": "Malware payload (Smoke Loader)", "value": "20a0e8915cdcf8650fd5828bdd84074533e04ced", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018819, "uuid": "f31c632b-7bbe-4bae-b93b-109b4a87bee6", "comment": "Malware payload (Smoke Loader)", "value": "d46bbeb7b3e926e0add31484aa2b170b832d1bd4c7ddce5b6b06ef78a0717d1a71e21c56aaee7fe9f6852449bad8002b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018819, "uuid": "8600d2cf-1748-40d1-83cc-41d21be71074", "value": "T1B9352353D3EB9463DAB623B058FA42430E357CA11E78D21B3BA5941F0E726C5A93731B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018819, "uuid": "b4ed8494-d037-4dca-b016-9b7a1ef53abd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018819, "uuid": "9e4dc5d4-29ed-4ec2-a10c-24e38d9c06b1", "value": "24576:pySlcqW16tnPxKTWbCWozzDNUSnBRw578AzPCMsb1Z3f+:cUcpEPw5J7BRwCA2Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697018819, "uuid": "c18d576d-9beb-47c5-9bd1-f99c89c83b64", "value": 1080832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697018819, "uuid": "4857c4f6-9d21-46c8-914d-28a7ebf7a962", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018819, "uuid": "57e44445-774b-486d-afec-9c538b6f3645", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3dad0cc9-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697051600, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051600, "uuid": "2656bda6-e9c9-4e99-9a5c-67ea4a926650", "comment": "Malware payload (AgentTesla)", "value": "534c913fe54a34e4e7e843fdb8c8943f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051600, "uuid": "cb1958ac-d8b2-4898-9323-ce9982912be3", "comment": "Malware payload (AgentTesla)", "value": "401f7664ecc21d411674cc96ccf6c6fe0795cccb33eebae6cdbab6bf9b6ba605", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051600, "uuid": "38a24e47-fa54-4be5-8663-c06c4e5e1267", "comment": "Malware payload (AgentTesla)", "value": "6899d08c3ee15bfbd9584d10be66ed120beaf2e9", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051600, "uuid": "19654f5a-b740-403f-95a9-4e63fbc66993", "comment": "Malware payload (AgentTesla)", "value": "6236c49ab67049a84c4457a4409f89736b305c46f1051f0fc9c43af0cae0aa59c9f29c0a742e07a500601c7e12de65ab", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051600, "uuid": "9215df9c-9719-41dc-b6c9-1841d69c7366", "value": "T19DF423449ED3406CF64D29679A7E43AF1F1F6ECC218BE038BA7A75AD1C41BA80CD24D5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051600, "uuid": "2089e677-4e03-4f40-9949-d5639bd4c0b5", "value": "12288:QenW6ZY7PtiaZxIq4yr8BHnc9rUSDBHLLrIDrlPlL0TDn18jMrdLfU:pbYrBx7YHnGUSDBHLHAhPlL8byjgQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051600, "uuid": "ea7b2cd3-ad52-429a-9f36-65f77236ef83", "value": 774783, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051600, "uuid": "3af56885-47a4-40f6-a2f9-420c70966d96", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051600, "uuid": "39720328-6f5e-4b62-b020-5fcee4fbff2d", "value": "Enquiry No. PLH-23-074.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d32a14f-67d2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1696986369, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986369, "uuid": "29ccd18d-3f62-4ca1-8454-4f6283e155d2", "comment": "Malware payload (LummaStealer)", "value": "198d592d71cd794beb4411b244b5c28d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986369, "uuid": "29348457-370d-4f6f-8e53-243d12d42161", "comment": "Malware payload (LummaStealer)", "value": "40a32ca3bc74fe4f80e03482b3b1d7bcee014dee822a8299bcfbf48ee8c03f73", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986369, "uuid": "df403a29-0d00-456e-9982-978bb1f5431a", "comment": "Malware payload (LummaStealer)", "value": "b6c542e4cdbc736c0ecfdd2d87d371662fbb5c02", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986369, "uuid": "eaefd672-30dc-4281-aeca-a99e05629906", "comment": "Malware payload (LummaStealer)", "value": "56156e1405860ead7bba6aca3a19e7ac533741e020f51369a6a8e5eb8e696024d0803e1e16bd28abd51104b8cfccc986", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986369, "uuid": "16ee0eae-b7d6-4a48-8c5e-a838fbdafd11", "value": "T195A4AE10B9E280F2D873253101F8E77A9A38BA31C9758DCFEBC44C7C9A36690A75575E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986369, "uuid": "df04f895-6662-4e11-a9a0-2ec90302c1dd", "value": "d13adfb2207c0a29448d597efdca439d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986369, "uuid": "a1bb62d8-39a8-44a8-899c-0f1c99b0b924", "value": "12288:fh30hEYRHB30pGmVWLpni0bUvW+tVfFMNuHUs:f+nF0omVWBaW+tVCGH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696986369, "uuid": "5674a822-0f33-4ed3-aae1-0011d26e74f2", "value": 487936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696986369, "uuid": "4e46e3da-1702-406f-a7a5-a512192b1b4a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986369, "uuid": "207ba978-c096-4799-9eec-532382a98540", "value": "198d592d71cd794beb4411b244b5c28d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ede4d944-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052325, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052325, "uuid": "42ad881b-7f00-4570-881c-d48dd495b4d9", "comment": "Malware payload (SnakeKeylogger)", "value": "61a347aa80bae20fc5908ae86f8790ad", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052325, "uuid": "71bdb29e-b702-4f7c-9e69-a1570cd977ed", "comment": "Malware payload (SnakeKeylogger)", "value": "41ccb4c165200571b2d10047d7e25c85e7a270c2bb6c3438c7f8edce7dc2fc9c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052325, "uuid": "ca3cae15-dd30-42c4-91b3-d41d20e87483", "comment": "Malware payload (SnakeKeylogger)", "value": "2163cacdcb0b91e2a4c4cb2e2e021d6148961854", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052325, "uuid": "bcc1acad-6285-4ef2-ba3c-960cfa121aca", "comment": "Malware payload (SnakeKeylogger)", "value": "4b01a779583b47841a41d2a2c7a80cbbfbf60aa0c2ca53f76d5bdabf135600ce9f2477d48c706251b5369356e026de54", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052325, "uuid": "2759a652-d3ee-483e-aed5-6a2a8057efaf", "value": "T146E24989F6485967DDBC067460632A611339FE33AC43F36F59C47BAA3A737C205026E6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052325, "uuid": "99985e23-3fa4-4b55-b82d-bcacf40ebc58", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052325, "uuid": "46d22d09-cfb3-4b75-bb8b-ca6ca623bd24", "value": "384:LzsL/CyUCVnCMr2jEKqv++7Jk+qY/sgKwLF12APL6yRqtxAx+roEOPVK/KO+zB6a:aUCVCMrJJd5pRKs3RqtGx+roLYP+ka", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052325, "uuid": "08eb9986-a93d-4b94-bead-eb38090abf1a", "value": 32768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052325, "uuid": "3511b19c-a43f-459e-a2cb-fd42f7ff32fb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052325, "uuid": "123934e9-d245-48c8-8ca2-96012f579257", "value": "Fnjnpedy.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "102bff11-688e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066986, "uuid": "b815143c-7f2b-4253-8b2b-5f5a69891f34", "comment": "Malware payload", "value": "e306491f387d2c07faae5518196171f8", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066986, "uuid": "ed155163-932e-4db1-80a1-778de0690a63", "comment": "Malware payload", "value": "42fb8a2fa1add857371877831770e274aeca1dbf78267507ff5f3aa24202b81b", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066986, "uuid": "1b42d928-352b-4c69-8cbb-7480521f05cc", "comment": "Malware payload", "value": "0c3509e3e65221827fb04811db4a610e28c701f4", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066986, "uuid": "ea77a53b-6390-4883-8e69-8cf4362b8e89", "comment": "Malware payload", "value": "61a6621cd5701314da6f2a6b7ef0acdf4cd4a5bcf075064adf9cd6837e0bfdc2bb3afbf6e0c9bc5d223d12d5c9a11258", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066986, "uuid": "f00dd5da-9635-4c7b-9c66-1688a3b21c77", "value": "T189742361E60A03F6ED42553E8A902F4237A8F5BC4C86EF4481BAF55377E4199E1F3944", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066986, "uuid": "571e33d9-c5d0-4a45-8895-d5d84912c0b1", "value": "6144:zJNw0a+t8TzZzaa7pMw5QyWAR7b3br8aplWQtkFH0nfLSNvP+/tZOxKyE:I07mTKpyWApL38olWQtkQjCuGq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066986, "uuid": "8d5c811d-262b-4515-8e6a-2204c304c769", "value": 366185, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066986, "uuid": "fa32d2c0-cca8-4f32-b0fa-810c9a9aab5d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066986, "uuid": "1da0b616-8cbc-44bc-a6a8-9244256ed500", "value": "DJXZ3689_2832026.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec9ddbc6-67e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1696994771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994771, "uuid": "6f725e3a-8504-4b06-adcd-618e0fd74aa3", "comment": "Malware payload", "value": "94a8f3962afb223c692c8c8757e2b14d", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994771, "uuid": "6505299e-039a-41c7-849b-8a1e98a219dc", "comment": "Malware payload", "value": "431be214153fd5ffd4ff4fe2826276c8feb1459837eda7462a171c824bd63d31", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994771, "uuid": "2bd68199-99bd-48b2-af31-f26261053f2a", "comment": "Malware payload", "value": "3d5a3f9bcd56b73a96a70cdfb9def93b54643c1e", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994771, "uuid": "2e424c8e-0194-48bc-881b-97f8f94ec89c", "comment": "Malware payload", "value": "9351f2c26c727667fcf3f5f903b69431ca30ecdbcd04a369b9eaa72193c904e5785c9fa96951e026a448ab30f1d74174", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994771, "uuid": "7844215a-acf3-43ab-ab56-d5d020e3dcb4", "value": "T19793F803B6864312C4085675C5FB182403FBB7CB2777D6453D4416EA2E927EAEE4EBCA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994771, "uuid": "df878f9c-3214-486e-a778-21f7d2f89436", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994771, "uuid": "e4e3b1d8-28aa-4872-831c-bfbc2b05c70e", "value": "1536:UizKGlOe/zPrgqtkAmNqxAt0jw2J+Xz9nZYaXXXcH+kSKmaT9GjrhySpX:UiPOKzPEA/mSJwnXz9ZkSOTsjty0X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696994771, "uuid": "dd03a466-e5dc-4138-9d4e-fdc57a38f801", "value": 94720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696994771, "uuid": "70592ebf-eb92-4ab1-a0b4-6902559bad66", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994771, "uuid": "aad6b369-5428-481f-829c-fdbad2117733", "value": "431be214153fd5ffd4ff4fe2826276c8feb1459837eda7462a171c824bd63d31", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9da7dd8-685c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697045822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045822, "uuid": "7a3dd14c-b665-4628-829b-71478eda022c", "comment": "Malware payload", "value": "d33e1c6f5f72a43ef0cede4c1b2e5362", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "batch", "colour": "#5941FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045822, "uuid": "ae9863f6-c5e4-4140-bbc3-bb1a5ea17c62", "comment": "Malware payload", "value": "4323169477b86b23c8436c83a7c116550f2a22d3baec9fbe4f767c62bbc70a61", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "batch", "colour": "#5941FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045822, "uuid": "4b37f7e5-5976-416b-a80d-c7ead3223b62", "comment": "Malware payload", "value": "87e95e945f009ed45545d330fbac7f60fe3a5c3e", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "batch", "colour": "#5941FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045822, "uuid": "0ec0c57b-7695-4868-83d2-01146ba2ad27", "comment": "Malware payload", "value": "11c24afc3a5c568435637b5c7d1c669ba46aa85f0027f9ae8ea40006109ada26e7225208c0e78b62c4d42a4f03640f2c", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "batch", "colour": "#5941FF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045822, "uuid": "5abebded-63a0-4a8d-b5b5-eeea1c6829d5", "value": "T1DDC27F2B390AE0198944B6A4CB3FB59EF748D08792D46D5CB4FF40E66741DC3B06D78A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045822, "uuid": "d4a24410-07d0-4482-a0df-4b2194749a9b", "value": "384:0oGL5IjEZiZryAOENuPuOJsYTQpLuLpDq7QYfLGMV+jasHHLgLxLJsYTgV+L0py/:0zmNu2OJsYTBJcJsYTtz9aF4GC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697045822, "uuid": "2f290e78-68d9-49cc-b42d-2147b20ff338", "value": 27706, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697045822, "uuid": "08670c8a-c450-41c9-89e7-f9219411f56d", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045822, "uuid": "8d8a4d11-a6e6-4562-96c8-57c0658eced2", "value": "Loveware.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "127ba917-6839-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697030482, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030482, "uuid": "3a04fbd6-16f9-4c08-b351-b256f97228d9", "comment": "Malware payload (AgentTesla)", "value": "a119383584e80da3de3c9e13ea0fd8a4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030482, "uuid": "8f3a7530-4813-4bf6-b8ba-aa2863290f0d", "comment": "Malware payload (AgentTesla)", "value": "4343245f1db76214093c4adefb0b167327c7bd49fa66608eccb2c4faadc3e32d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030482, "uuid": "3a3c4733-620e-4373-b780-693ba228d2b9", "comment": "Malware payload (AgentTesla)", "value": "e11fd30e973f1017441d7c8ea8f0bbc2b24428a7", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030482, "uuid": "2c663243-41fd-44f9-8c5b-3f604fce63e7", "comment": "Malware payload (AgentTesla)", "value": "4894464b0b63c814a0bd3a209bec825bc6b3360c612d1b0065d5214a0f56d6fd9994ad6697c2d24ef7d4cc955ce50c1d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030482, "uuid": "06d76321-c54e-468b-9a28-ddbdd68ef996", "value": "T17CF4012432E89B66F2BE5BF64174120207F5652735BAE3AC9FE014CF6F61F818514BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030482, "uuid": "08a12051-7fb4-4d76-a14a-438a70c28e63", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030482, "uuid": "501ad813-d313-413a-8952-7cf33ae1c72c", "value": "12288:ReX9Kk/xdXfJ4kauYc6F3TVw8EIvvaCrHBW1QbFN2Y6aHJEbrK:Retj//Pqru56F3ZwPW92/K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697030482, "uuid": "99bfb20f-450d-44c9-be64-3f1934fb94dc", "value": 751104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697030482, "uuid": "837babe2-231c-402d-a513-cf114c807254", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030482, "uuid": "aa8bad77-f527-478a-ae28-03c636a70b9b", "value": "TT copy for EUR 87000img.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb040097-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067702, "uuid": "10e19e0a-049e-41e5-90f4-7a322f5cbb9e", "comment": "Malware payload", "value": "1c95398fd994ea907ddecbfe33243000", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067702, "uuid": "31e85337-2e20-49fa-a57b-858a0a1a64cf", "comment": "Malware payload", "value": "4393a4c372a925ad97a4804c6748da9809b8e8bacd89061c8c3c5300212413b1", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067702, "uuid": "84b80df5-fce8-4b24-93f1-a837f5f22a1a", "comment": "Malware payload", "value": "c6378a701ed47859a44db73524583fdd0138d079", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067702, "uuid": "8440719f-c8d8-4137-beb4-91bd55301800", "comment": "Malware payload", "value": "a837c7d08e6dea457680a09b93e0a8777accfe74bdeb41143638c1824e52196974a9c15385a51d58428ab48232de9c6a", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067702, "uuid": "ea399654-0434-46e0-a267-193bb2003b8b", "value": "T193258A3223B22F3CA678FBF600DD15479E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067702, "uuid": "fc5522ec-d89d-4934-adf5-26d9872d189a", "value": "6144:4gjNDx1OrvyMp/k6IZGy7fxEDTtYaOLoOcTABT39NTXf6ujwC8xty1nElu61/3W+:D49TCvchTkX6dG6G6XVrV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067702, "uuid": "9e21949d-e1b2-4bbc-bd60-6ea8821fc241", "value": 1036943, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067702, "uuid": "8c6a5651-3a91-4f94-a845-e261fea5a1d8", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067702, "uuid": "20f1b9ba-b21d-49cc-b624-5d6c8e922f9d", "value": "Statement[2023.10.11_08-07]_1.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92c41133-6822-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697020819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020819, "uuid": "f14aaff7-79fa-4d44-8be9-547a43305906", "comment": "Malware payload (RedLineStealer)", "value": "69af2bd55e1066a28655d743fccaa887", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020819, "uuid": "d18b38ec-63f2-4656-a197-7ccbf67f4192", "comment": "Malware payload (RedLineStealer)", "value": "43abab7ca57180b703ed7ce6be5ae0ec9fa570fb2d347a61a70a978b6f87a5fa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020819, "uuid": "3d7964fd-0a07-41e6-815c-cf2ba5759a54", "comment": "Malware payload (RedLineStealer)", "value": "6251fd218511601fc66cd601426a16c8cd3bcae5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020819, "uuid": "8cf028b8-57bd-4d89-a5ca-c2fdabd34266", "comment": "Malware payload (RedLineStealer)", "value": "92522d61c90b7b843b8261b2cae786d643c0ee20686824af93755a9845e48d5eaa461a090551fe9b410f8e8b5e97bd7e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020819, "uuid": "bd54302e-b865-44f0-8554-e603b783777d", "value": "T11C44BF01B5E1C072C9722533C9E4DBB55AFEB8310AA59DAF57E80F7E4F20381D721A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020819, "uuid": "16af8993-d7eb-4177-acb4-2eb008a76189", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020819, "uuid": "e5803bca-0695-4ae4-aa70-59c92d823390", "value": "6144:ICXman0Gm8XTX/lbXat6ULk+j5cNAOx1Va8/W4Cws0Ian5:5Wa0Gm8DX/8CvzmKOs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697020819, "uuid": "0f3c5271-1062-4959-82de-0f872918c7e8", "value": 261896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697020819, "uuid": "4cdf7f03-208c-4bc6-b95a-857af4488a43", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020819, "uuid": "307f3fad-85cb-4487-bea7-06055752c268", "value": "69af2bd55e1066a28655d743fccaa887.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60cfd1e9-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050800, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050800, "uuid": "e3088d36-3209-4b5b-aade-19158ed9b647", "comment": "Malware payload (DBatLoader)", "value": "55f98fbb317b4152ebe2c8cc2bf33c2f", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050800, "uuid": "5c1b1caa-8fd7-44d6-baef-4844864c376a", "comment": "Malware payload (DBatLoader)", "value": "43af3e8acb9ddd2f5f99107a4b715b9ff684631e9d88847034b279b2a2621fc6", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050800, "uuid": "8cbd92f7-2afc-4af1-9b83-4fe1b9ac6f05", "comment": "Malware payload (DBatLoader)", "value": "68322786ffb6a76f56982592e8d9761844c04425", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050800, "uuid": "a431c5e2-56d9-4de3-b5cd-90a354b9075d", "comment": "Malware payload (DBatLoader)", "value": "d74864aa23721ea96d2a4a356a4b1d66b95a52a72649bc6ff3717711a7775edb86d6b8d9b0afa4a0863b0cb9c1f0dfcd", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050800, "uuid": "929d1977-75ac-4a64-a889-fdb8e28babb1", "value": "T153355B34B3B608B1F57976B5DB0667F41DFF27AAA904288982783D1B1CB27916F1102F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050800, "uuid": "257476f9-60b8-4d54-9b9b-65abf0aac8ec", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050800, "uuid": "2886e502-a2cb-4f2b-bfe2-795670b954a3", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5L:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050800, "uuid": "5887dceb-bf71-461a-949e-99c5dfc6c81b", "value": 1124864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050800, "uuid": "7ccea338-ba1e-46e9-ad02-41edae8da529", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050800, "uuid": "ebef350e-47a2-4969-8728-3ca11b686533", "value": "Uxhrzfxrovilkl.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e92e232-67dd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696991150, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696991150, "uuid": "079588ec-8372-4a69-b81c-a4e28719b672", "comment": "Malware payload (RedLineStealer)", "value": "b0fd306016252223fb1094e576bcc108", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696991150, "uuid": "a1dc4ff7-6ff2-4d61-800c-57e31740cd2f", "comment": "Malware payload (RedLineStealer)", "value": "455d4700cbfce1bf289767e8294ae356063582bf79ce9128cd309ffd0364e4b1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696991150, "uuid": "e31cca62-2746-49a4-80c1-c2b2fd93a919", "comment": "Malware payload (RedLineStealer)", "value": "d9b2dc3236372e40c234d57d4cc9f4867dd0dd03", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696991150, "uuid": "c7830646-8a97-4266-953f-478b1dca7c00", "comment": "Malware payload (RedLineStealer)", "value": "34ceb91f1a93fec1e77c85f0fa4d1ecbb20c523f1819c40b975b98d5a4d9ebd8b3adc8ee14077866b8534d8b87627896", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696991150, "uuid": "89bb9c2b-a58e-4f06-b911-d9033b435d29", "value": "T191352341AAD99133D9BA0B3409FA03D31F32BC608C34472F37A6E94A9DF2664753176B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696991150, "uuid": "6d200020-9370-4b12-b6cc-a38c50f47e43", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696991150, "uuid": "d1fae5f8-ff7c-4f78-8c0c-8df269ed3d68", "value": "24576:dysCPSGhYG97v+Fdpg2u6IimZ93plRKgeOdXdPnY:4sCK1G97W5gTiW93N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696991150, "uuid": "4ffc54a0-4ffc-4dcc-9dde-300acb58b43e", "value": 1131520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696991150, "uuid": "1120b27b-7e6b-46cb-a954-7a61c61d210e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696991150, "uuid": "cf355e8d-2987-482c-bef5-173b3d6bc5a8", "value": "b0fd306016252223fb1094e576bcc108.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d07d41a-680c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697011173, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011173, "uuid": "7021b4e3-e6e7-4adc-8b4c-e855ca845ee1", "comment": "Malware payload (RedLineStealer)", "value": "179abf66d3061592a32cd8ee6cbd2020", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011173, "uuid": "6ed9b363-474c-4efb-882e-b5c04b6db14e", "comment": "Malware payload (RedLineStealer)", "value": "4593a33df0f188c697451fbae11171e5c70e20dc76b49180da848fcd3fd8198b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011173, "uuid": "d99b8443-f11b-4c61-884b-4ca3a43a6438", "comment": "Malware payload (RedLineStealer)", "value": "9ec4036c608787f3a559efa744d4e33c92e6753b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011173, "uuid": "88c3f7b4-a1d4-48f6-aabc-6cad119f8c3a", "comment": "Malware payload (RedLineStealer)", "value": "2eca7d36d8a4d0901278b96ffb0f7d91b4ee063f7106db8dbfcaf9db5d3604afe7368bedf0634f2c5ca5318a86e354ac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011173, "uuid": "8ef1ede6-fb85-448e-95a1-885d4c1ea745", "value": "T1C5352309B7E851B5ECB107F098F622830A367C615D7C879F369AE40E24F24C5A63676F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011173, "uuid": "6c39d2d7-83a9-430a-a272-5c74224f29d9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011173, "uuid": "073aa6d3-6239-4d46-b79d-bf44ba43150c", "value": "24576:iy4kKzQCF8H9OApLq8SqASdS0GfDgK/Hq1Q:J4kKF+H9nLRY1gue", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697011173, "uuid": "625ac758-2775-4122-9d6f-5c7fc4fc9692", "value": 1075712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697011173, "uuid": "d69f21bd-cf6f-43ed-b1d7-92202742896a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011173, "uuid": "02420c8e-f541-4cdd-96e9-502dcc287967", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3f12c57-6830-11ee-a6f9-42010a9c0055", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1697026861, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026861, "uuid": "d99a14a5-aad1-444f-879e-ee71e7f9c8e5", "comment": "Malware payload (YellowCockatoo)", "value": "ce9bcfde709b5223fd0451ed3fbfb014", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026861, "uuid": "51957d3e-5eee-4c5b-a145-c54c7cae28b6", "comment": "Malware payload (YellowCockatoo)", "value": "460f257daab0aaa03740d4450967c47a22cdc647a648d114cce3ed32b06570c8", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026861, "uuid": "fa7cdb10-832a-4779-9629-2a3b926715a4", "comment": "Malware payload (YellowCockatoo)", "value": "a2bf539d9dc74972438c66019403918734123080", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026861, "uuid": "7ecedb3d-0268-4068-8e24-ccadad5aa61c", "comment": "Malware payload (YellowCockatoo)", "value": "23850365ab515ffe4089391671fcc0095f121e5a20f087080fe76fee7e91ff10ce598dbc1dcb2ec58358b48d1a311287", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026861, "uuid": "3b4ce41d-f441-40be-b331-fd1cb1615006", "value": "T1E9D4DE043BA4DC508B2C66E868DB97078B2756A7DDEFFF0706A291701A2B96357403CF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026861, "uuid": "7a49a3d2-d464-4381-aad9-9914dc3633e5", "value": "dae02f32a21e03ce65412f6e56942daa", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026861, "uuid": "7ed25f6f-5e6a-4cff-b664-8a15389fe622", "value": "6144:LrEu+8J27ILOpNmQi3Y/fBUEw7ND54qDNkMkmUz22exuDllELKi0IXoI:LF20LOZAY3HeNl4ZMkqolWLKq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697026861, "uuid": "3c13ae6a-4c03-441f-8f70-b48614ae0a49", "value": 623616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697026861, "uuid": "3ef168a7-618d-45c4-ba88-f8be0466dd94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026861, "uuid": "1dbd2133-5201-4457-8c53-56b875fff340", "value": "uABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZpeYXTSYCXfCUKFpmEYd4LOODGRv2WWiO8XKKWFWUw9C3fyTYV_AWVNgFGhBWCmFLR5ZVBnDeZVTC.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f665996-67ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696984548, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984548, "uuid": "a5217160-d932-41ab-8a67-831d9531d701", "comment": "Malware payload (RedLineStealer)", "value": "084bddfaf6e90e9ecb97077d1ec4660f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984548, "uuid": "a29b4aed-718b-4d59-9ae6-8891755ecc9e", "comment": "Malware payload (RedLineStealer)", "value": "4625a6264c13cb84fe0a6f04ebf9aa99754caec0b4edba02a04bd67640b04ea6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984548, "uuid": "2dcbcb5d-b2b4-48ff-a481-4c3956deb90f", "comment": "Malware payload (RedLineStealer)", "value": "fa31f521aea7fc8d08a7da110da63e9ce1a15b8e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984548, "uuid": "c1add3fd-ff1e-454e-90cc-bbe5c29d4bcc", "comment": "Malware payload (RedLineStealer)", "value": "bb3107d77350a8e28f5ebddc98d99f8953387359661eb14a4474dceb2096b1a1360e50ccdc49ff4394a965b743e9386a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984548, "uuid": "2a7370d7-5822-41b3-bbab-d6be15e2fe74", "value": "T1F0548D0074918032E87315378EFD9AAD663DB950075967EBA3DC0D7EEF20BE1BA30556", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984548, "uuid": "d8c89c80-6589-4771-90b8-8e2fa9f2c3b9", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984548, "uuid": "dd399f9c-abcf-4852-9c2d-dfc1da6d8eab", "value": "6144:KdsXxSgma4CKBk/uB3wb9MEZ5uRVAOYdYhGO8+c7On5:EsBSBaFKBkG3cFybSY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696984548, "uuid": "dee1d1d5-ab16-41d6-a4de-2b8f28ac75cb", "value": 304904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696984548, "uuid": "e44cb849-888e-46ef-b038-f5de8fc773fe", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984548, "uuid": "096d68a3-5f0a-40c3-aa97-b0b2b9955edb", "value": "084bddfaf6e90e9ecb97077d1ec4660f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c60cee74-6840-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1697033790, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033790, "uuid": "ed72b0ab-d628-4d68-b360-ebc430975b1d", "comment": "Malware payload (AsyncRAT)", "value": "8c2e8f70092b290f97ae1baa83aeccbb", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033790, "uuid": "1e164ed9-34f5-4409-8b7a-031aa5c4936b", "comment": "Malware payload (AsyncRAT)", "value": "470556fb4a6a391d85e137d35fd76f1b8f9f984b4e4c8dadf3da3a072e901112", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033790, "uuid": "142917b3-6dee-4f51-88b2-a346f0d386c0", "comment": "Malware payload (AsyncRAT)", "value": "cb7c50c472e68a8b4ba94cb99cdb154c99492feb", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033790, "uuid": "1f481521-7928-4363-88de-bb3d25075b87", "comment": "Malware payload (AsyncRAT)", "value": "7aa6acfd0e1e78573e87160b095c7188ea052a879006efddaa9c32e823c69abcb6f24b74d7c128b3d624664ec53cf5b0", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033790, "uuid": "d6fa3ff2-bf22-4426-bf05-f68c4a9c5208", "value": "T19E5309093BE8C02AE2BE8F7458F6768545F9F56F2902D51D1CC9149B06227C2AD42EFF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033790, "uuid": "e13dfd21-d2b9-436f-b521-63c00960b9fe", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033790, "uuid": "db252499-70d5-4dfa-892b-ad9734e44e31", "value": "1536:/q2FoaIkEZMqC3qkrfF6JoocXmoE83U6aN10rxObLu9xx/I2a8rgTR9x:S2FoaIkJE83U6aNCrAbLuRI2Tenx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697033790, "uuid": "3460f667-01c0-4311-a257-7fdea358eee2", "value": 66560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697033790, "uuid": "4908e6c7-11ae-4641-b8af-e898570b53b2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033790, "uuid": "9396eea1-2356-47ca-b078-4c877fb5f4ed", "value": "8C2E8F70092B290F97AE1BAA83AECCBB.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be16ac28-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052674, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052674, "uuid": "b5382417-d275-42cd-b384-fff8fac55501", "comment": "Malware payload", "value": "16a20efbdcaae674bcfcf3100332cd3c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052674, "uuid": "f65143a2-0dd1-4005-a6a5-d0b592f79c86", "comment": "Malware payload", "value": "476e1c4ca9e0dff520effc75c48b7f3e349c73ab9e4d373646f40a570f846614", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052674, "uuid": "038d2cc8-fae4-47e8-b298-02015ebfff72", "comment": "Malware payload", "value": "9ab61e5ff881fd74f6ac4e8be9679a35fb615e50", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052674, "uuid": "b3811c91-8e43-4e4c-9b53-a5808a1d83da", "comment": "Malware payload", "value": "5875aa3217d2c3626a0cab253f56b69771c3714c9032bb92481a6a2a4c63e46f08f9b4b732d40a4797f75dd86fdef3e9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052674, "uuid": "7b067728-5c10-4382-ac09-9a0784e735f5", "value": "T1F024CFD1F942D8B2C846403C8424C6F8697ABC76DA88CA9377783F7F79F12926767250", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052674, "uuid": "1ba8f2cc-32ea-47b2-838f-11f8eae21d00", "value": "8cacf442a096d56f8e956cabce20dddd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052674, "uuid": "71d9d915-9068-4944-9911-71e60e1528b8", "value": "3072:YXp0CmHPtjf0y4EGMmQHFkFa/wIWkmG5zrTy:sGhHRf0y4EmOF8IBrT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052674, "uuid": "a2203fa9-1edc-4366-9012-311ef9b83ec3", "value": 229376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052674, "uuid": "3c190602-9efb-44c1-875c-abbee103114d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052674, "uuid": "06d6b465-99a4-44b8-a97b-837b4dc93cb8", "value": "16a20efbdcaae674bcfcf3100332cd3c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "15e1cc95-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1697050245, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050245, "uuid": "307a41fd-bf7c-41a9-97f4-a0be9966be7d", "comment": "Malware payload (MysticStealer)", "value": "c56550c10d43c1e38e41c9c181faf4e5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050245, "uuid": "712e8471-77b3-4efd-b7cd-01d16680484e", "comment": "Malware payload (MysticStealer)", "value": "479265241fadd4a8a8dbce343aaa0580a58727bf995fc75f567232094dc8a562", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050245, "uuid": "aa6d4bb0-096d-469d-a171-e867b76241a8", "comment": "Malware payload (MysticStealer)", "value": "4a1eb7d9323e20feaf72f0890abe010a5b6d36c4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050245, "uuid": "537a7f8a-e4a6-43f5-95df-021182548f14", "comment": "Malware payload (MysticStealer)", "value": "576df8a9243ef98179c4a806bd1cac36388c76dfcca4a1f8d5b1490cbd84d10004f166f7f949eabd89b730860eaed3b2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050245, "uuid": "6d91db58-483c-4d50-8654-ba5061327ae8", "value": "T1DC94BF20F0D2C17ED933553685D4CE75AA3E7C10097D87AF37E9873A0E24281E666EE6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050245, "uuid": "0eec056f-ece3-4a54-971e-ef41a3042bb3", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050245, "uuid": "ef8ea521-fb7b-428a-a927-2da6ab46431c", "value": "6144:BSmmabnVQ/6wW2+bJiPIaNsaeRVmAAOhETTFZ93T6fCADf/VaqR6GblSx6n5:uaDVQ/TW21q/kTFL+aADnTVwM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050245, "uuid": "b2e1db76-15dd-4d23-b774-d097148065f3", "value": 417544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050245, "uuid": "6d11936c-70b8-402e-8062-0c39199a8749", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050245, "uuid": "e97e0d0f-9bed-42f2-b1fe-01f1a986a2e0", "value": "c56550c10d43c1e38e41c9c181faf4e5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "feebb116-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697050636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050636, "uuid": "c47d5a48-a3a1-4ecf-accf-92d062006dc8", "comment": "Malware payload (AgentTesla)", "value": "4ba9875666ac2b03505c363d49d0d1f2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050636, "uuid": "aa4e9b55-5c39-425b-9ab3-8d7f52450222", "comment": "Malware payload (AgentTesla)", "value": "47d9150f381dbd27d1b7106f75e13a9dff14539caa580ddb1fd9a201b03f6e82", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050636, "uuid": "f31c6ed5-b658-4d94-8e0c-062c2b6b2a0d", "comment": "Malware payload (AgentTesla)", "value": "1dea54a74ced3de818e0a0ffbdf56070df47add6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050636, "uuid": "f560c290-63b5-4981-a812-f00ff8ee1bb4", "comment": "Malware payload (AgentTesla)", "value": "91a0353fc1f4b8db12fa955867a9e93569df03d57d131bdc7ab935a2d554946e83cb8d317c48595bb28544f7df791aa8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050636, "uuid": "8c49512b-55f2-48df-825f-350e5a2e9cd2", "value": "T178E4F15E7F94AC82C5315938FEA9FFE5722EBD01EE85024A32587BDDED312901931683", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050636, "uuid": "6b4f40d8-6dd3-461f-85c2-bbb845e96ace", "value": "7fd61eafe142870d6d0380163804a642", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050636, "uuid": "85aceccb-86bd-482c-8904-a4cece36a997", "value": "12288:0t1Wypy5Qzsrmzl2V80yWMeyp7nZ02N2+XKWN9+SpHe7ZF4a:I1WypeQArmzlI1b07nO2NlXN0SpHeNFt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050636, "uuid": "bf6edf3b-b43f-4af7-bd15-3c5d597ec9c1", "value": 704312, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050636, "uuid": "c16e6ba4-18f9-4b31-9e8b-40361181590f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050636, "uuid": "4cb50d41-d2c8-4680-b63f-227a17a3fb54", "value": "UGOVORNI DOKUMENT-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98a1c24a-682c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697025124, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025124, "uuid": "4a09c9b7-e5a4-4b1f-bdf0-4293076e3b5d", "comment": "Malware payload (AgentTesla)", "value": "8beea4542da0d51348a16bf8c23071c0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025124, "uuid": "1b51ae5c-33b4-4d94-af3e-69c807bd70c5", "comment": "Malware payload (AgentTesla)", "value": "48ef496367a300605f93d8d5f650a7a9a9e333c6acae2770efd78181bdd293aa", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025124, "uuid": "622c52d9-7f33-432e-8772-c2c7a7bac8b0", "comment": "Malware payload (AgentTesla)", "value": "5f2916f47f10f9f73bf7ccde27cb62afafd57f09", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025124, "uuid": "98436ca2-882d-4d4c-a504-0b9ebb323093", "comment": "Malware payload (AgentTesla)", "value": "759340a9f91ff4246b8651e98719e55b9ed063cd2411cd5f3a8d3ea7ec90912a741e22b5a1b241a5f394054815dea04e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025124, "uuid": "b495c9c1-68e6-491f-987d-2b6845d97621", "value": "T1B0F4C0DEDB85BE44D33D3BB9F1122264E3B4C5D71581D3574CE980EABBB2696BE02060", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025124, "uuid": "49d88ff4-4490-4c9e-b6ee-8f4824f29d87", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025124, "uuid": "591f90c3-c631-44d8-b6a6-d854460b46c4", "value": "12288:UTENKu4noPCwfUufseLyGnMvXyJPuBBS733wWapZ:YEN4noYufseL9EXyJoBSL3Yp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025124, "uuid": "46b635e7-5084-4200-b331-54cd108dc96b", "value": 760320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025124, "uuid": "a8478027-776b-4886-a102-8b5fee33e5ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025124, "uuid": "c4dcefa1-5abf-4ffd-9414-d6fbdc4c6f26", "value": "48ef496367a300605f93d8d5f650a7a9a9e333c6acae2770efd78181bdd293aa", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "889ef445-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697052155, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052155, "uuid": "5fbbb73a-4bc5-4e53-953e-93931b9f1813", "comment": "Malware payload (AgentTesla)", "value": "200ac6270ae719e20029e2536ad26ae6", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052155, "uuid": "e86164dd-8811-46fb-9c73-d0fa8976a7e0", "comment": "Malware payload (AgentTesla)", "value": "4910064584a83b348a17494b285f381eb9e6fabb59c528320ba90b31965c014c", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052155, "uuid": "57dd62eb-6c9c-4732-b327-445229b38f99", "comment": "Malware payload (AgentTesla)", "value": "bf2b141d8ba2ec6c264fd83b0915105688463348", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052155, "uuid": "bb008f8d-b34c-43b6-aac6-fa36aeed4304", "comment": "Malware payload (AgentTesla)", "value": "6df1511299f14960f4453c205ea36bb7b107ff01cd140c1538fe4c2bd285f8b790578eb2f4c802c41c8dd65078132bf7", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "img", "colour": "#F0AECC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052155, "uuid": "e80eb486-e6a5-4daa-861a-55f44e55523f", "value": "T1D3E4013973BC6B17E6B953FA4034005413F8545F6524F2A81ED6A0DE2CF5F188BA2E6B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052155, "uuid": "7ab48b66-b938-41f4-affb-b0980594de43", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052155, "uuid": "35ecdfc0-162d-4156-a62e-5213a53003af", "value": "12288:UJX9KZfrwLiGa2XreuaDca9+0ODnNmGD9HDSHxqJ/FNJWxE9ZACQYa5Ne25:UJti0r7MOhmGD1DSRI/FwaAJYw55", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052155, "uuid": "3b202cb8-9f12-4768-a155-3deff3cc7180", "value": 720896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052155, "uuid": "c7248fa4-04a0-4526-a992-8a1aa362d561", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052155, "uuid": "bf0e7891-2438-4e94-966a-f7d130355143", "value": "DHL SHIPMENT NOTIFICATION,pdf.img", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aeb1348a-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697050501, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050501, "uuid": "fdf1b5bf-48cf-43f4-b2a8-c0b54b667bdb", "comment": "Malware payload (AgentTesla)", "value": "963fae0096ff0060f0c179fbbe3f9d84", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050501, "uuid": "665fef24-6959-4520-95d9-215f8a96a7e7", "comment": "Malware payload (AgentTesla)", "value": "491a456f605b2e032bd3317d855cffc065aded96394126bffa79ce8f9b6daa92", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050501, "uuid": "a5519072-e92e-4dfc-ac8c-2a912f7185cc", "comment": "Malware payload (AgentTesla)", "value": "4673031b2b9199a184dd9e8f5552fa5a2a24e59e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050501, "uuid": "e332d315-fc38-4035-b93d-13cedf398923", "comment": "Malware payload (AgentTesla)", "value": "e863b96d95c1e21a0460a4e46fb94a80a6a9d206a0bf0b70913c135e380ba0850617710665597d83d0f49fcd155fa273", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050501, "uuid": "44e2ad8c-163b-405d-875d-fa8b6ecfd9c1", "value": "T1A705BFCA92044065FDA65B71E4AACD9A06136C756F70A7FE1C1AB3E904F3AF12363713", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050501, "uuid": "f29c8259-95cd-4aa8-89f0-da1a71bf4106", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050501, "uuid": "56182dfd-9c08-49fb-88dc-6fb0e51e0253", "value": "24576:gf55q5MXDqPt5chn4888ukWE7i0yPy+D+jBz:gf55IIDqPtV88YWsi0yPy+a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050501, "uuid": "17541318-5b34-45fe-a0d5-e616f8e0449c", "value": 811520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050501, "uuid": "fc20e7ad-7488-426a-b726-83a2430ed3d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050501, "uuid": "cfe5db87-10f8-49f6-ae40-0d09adbe4647", "value": "PO-0028392023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd7dca7c-6820-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697020085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020085, "uuid": "9f27fce0-2fcd-4c8d-93a3-8963add21e5b", "comment": "Malware payload (AgentTesla)", "value": "60fe00c709f6b2011e745a6c4b042b44", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020085, "uuid": "ea427daf-73b8-4b7a-b41a-2c66b98148bb", "comment": "Malware payload (AgentTesla)", "value": "493e3d54159cd3ebde6aa0b5216ddcb14863b4b064bb80c654353838926d191d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020085, "uuid": "14d3d74b-3807-44e4-abbf-710c9156f450", "comment": "Malware payload (AgentTesla)", "value": "159adac4aafff37bf4a72a6a8cde0e01a31e699f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020085, "uuid": "68dd42aa-42c1-46d6-b9e9-4fd447a974f3", "comment": "Malware payload (AgentTesla)", "value": "12497c586e767472aab29d96209fe51bb7c253280ae77243c41c415cda413349aee62b941346b6970575bd8a3b7445f8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020085, "uuid": "fa5d323e-c8b4-4537-96e7-910cd4ee57e8", "value": "T1F4742304B675C0EBD42B4D32967F02225FBAFD7656A3868B27140FDCFEB1645980D722", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020085, "uuid": "200743b6-8efb-4b4a-965f-5ba18e757f05", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020085, "uuid": "43b22042-1f7f-40bf-9f95-40b0e65951da", "value": "6144:/Ya6tYcav590d0+oGzhemvNPPnPSxLkJMvRZCFj41IZcErKpSkaI+2CfXd6CMtTG:/YHYcw5j/Gzh5vNP/PSxLkJ8RW41eDky", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697020085, "uuid": "d882e89d-ab33-4474-bbbd-b8b3d009c0e0", "value": 367106, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697020085, "uuid": "72f5f217-dd31-4a0f-b84b-4977e9f7f27f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020085, "uuid": "92b71cee-b1f3-45f3-b9c7-94e3e505c145", "value": "493e3d54159cd3ebde6aa0b5216ddcb14863b4b064bb80c654353838926d191d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a9dd255f-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697068102, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068102, "uuid": "8787bbd7-1aa0-43a8-be0d-8854159b2164", "comment": "Malware payload (Mirai)", "value": "987073257ea21cb062ad793094441d57", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068102, "uuid": "c6b69c44-cff3-4f53-821d-429d1383b319", "comment": "Malware payload (Mirai)", "value": "49eb2b50c36f1b3770db839a2eef1d69f32cf64467845ccb8e9f030ef7e7f9b0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068102, "uuid": "e509c444-5b02-4822-b760-11e590f0102e", "comment": "Malware payload (Mirai)", "value": "fb008961bb1661cd79f224c439e029bbd7dc57ca", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068102, "uuid": "921de7f9-b45e-403b-90d2-792e491854cc", "comment": "Malware payload (Mirai)", "value": "04429f0ac31ace35f02a216032f068e8197aa7c23e212edb02537f2802c06bb9ff0886af1440661ed6c2387a9378d2c9", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "sparc", "colour": "#77E303", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068102, "uuid": "357cad97-ab44-465e-af4a-73d2aaff05f1", "value": "T146735B24A93A2F26C1D4A17E62FBC321F1F6230E25B4961C3CB60F8EFF1465464562B7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068102, "uuid": "75376006-0400-42f1-b3b8-871aab7b04a1", "value": "1536:ubHmkTSo3BOIqS5aq+Dc035R9QuEk6vNNicKzfJFx8:kmcjaq+Dcc5J+vN4Fzf58", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697068102, "uuid": "a1aba4d4-fcad-48ea-b913-b53b61fb0f98", "value": 74572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697068102, "uuid": "052c158c-3137-41c1-b25a-31d1a6ecf211", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068102, "uuid": "580f9d48-b551-43b9-ab78-126c6ff7df7b", "value": "987073257ea21cb062ad793094441d57", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c7ff95b-6864-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697049021, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049021, "uuid": "2d88b69a-dc03-44fa-ab58-1e50a80e28de", "comment": "Malware payload (RedLineStealer)", "value": "a96679f247f12449ced97a4937417d9b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049021, "uuid": "f8c2ca8d-c80e-4a75-b21c-504e9fea7a3e", "comment": "Malware payload (RedLineStealer)", "value": "4a80d209ff3bccd8932ec1b30c3927855756dd1239052c102f7da735f9b64f1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049021, "uuid": "f7c9043c-90c9-4e9b-a1d2-009082bd367d", "comment": "Malware payload (RedLineStealer)", "value": "66b28cafe476aad5f3f801dedfcbfd00830445a9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049021, "uuid": "e36ea210-8c32-4a44-b610-df151b6243fd", "comment": "Malware payload (RedLineStealer)", "value": "e6c0188c3bfebc86f681d37f697052c40f5d68e1bf46e54d45aa145a18499200d646291e61ad7a06bddcc852e5c60117", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049021, "uuid": "3064ee39-e5f7-4909-afa9-06136beaf509", "value": "T1CC75FA1176F95B59FAF34FB85ABAA611087AFC6ACF11C2DF1251508E0D21BD08970B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049021, "uuid": "23f7092b-740c-4b7a-a0b5-b599e16995f2", "value": "b092678fc438a3bc6ea71ba0ea4cfa08", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049021, "uuid": "64386d89-9279-42b1-bb32-005e81aa0daa", "value": "24576:jxY5+whimILMd8VdT6gHBA2F/6a9DhvhAY+if:bwhimILMdYp6IAa/6a3vsif", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697049021, "uuid": "55c29ad4-c96a-485b-93d3-aff687c15135", "value": 1692160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697049021, "uuid": "8dd6550c-737f-4966-a721-6dace5b15561", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049021, "uuid": "54769dae-3f5f-410b-a9a2-3d2f632d1c53", "value": "a96679f247f12449ced97a4937417d9b.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8dc3557-67df-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1696992107, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992107, "uuid": "3595ff5b-ade3-410d-8829-e90ad9af7a56", "comment": "Malware payload (Smoke Loader)", "value": "18c40733fb38d25befffc2a5519125fe", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992107, "uuid": "338aa815-260e-49c0-818c-ade7c607a280", "comment": "Malware payload (Smoke Loader)", "value": "4b2cf734a9445d26b4cd0105201beda40f0030fa6696771f914d73940b4de4d7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992107, "uuid": "01155945-7760-49ef-b942-9a11479eccba", "comment": "Malware payload (Smoke Loader)", "value": "4c78751a2781324962dcea5fff0d45fe2303210e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992107, "uuid": "190633b0-8042-4b42-bd1e-a9d0b77d68a9", "comment": "Malware payload (Smoke Loader)", "value": "5b7d13d6f07862b9e6f267d0f0568cbed97d422b857276e98130593aa314e9eaee2c0e9a4405ff033504427858d4ba3c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992107, "uuid": "c1d2e372-43fb-4fe8-ae29-9b6b96ecf69b", "value": "T1F0352303E6D90530EFE0A7B058F613972F38BCA299B883FF2351914E6670DD5643A766", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992107, "uuid": "a0dc18dd-f6d1-48ae-998e-83acfbf68391", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992107, "uuid": "90da2b81-a324-4afe-9b64-0fed0269339f", "value": "24576:Nyn5/PNXQr4thzzIOdN5+d0gNayNSXaX3LPFoHGnPtM:o5xQrSdCwyNj3LPFomP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696992107, "uuid": "59377b72-f3e7-4cba-b9ad-36b162e8e63a", "value": 1126912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696992107, "uuid": "74989571-3ae1-4e70-8198-bcd4ae1e421a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992107, "uuid": "194b235a-4df7-4846-9e1c-f3d9e2379389", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dd8f269e-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066901, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066901, "uuid": "54d80604-7895-48a9-8c35-97e4813d3411", "comment": "Malware payload", "value": "45ffd01e93565a6916ce76c26f257041", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066901, "uuid": "0e003ddb-2f51-42ef-b48c-916c4f94be6a", "comment": "Malware payload", "value": "4b673d06b3300d117ed33e1a591cb76c13a6364611ae8576c45599312d50e126", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066901, "uuid": "40927112-7b39-4449-a422-8dd00e9e5ffe", "comment": "Malware payload", "value": "23a60bc502f0dd2bd4e5e4f911f895fe44dffda4", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066901, "uuid": "333cf2db-d889-4961-a47e-77392d54fbad", "comment": "Malware payload", "value": "47ffe4f4cd76fb4bf9b1b1c454915423835704af29fa981f8c392c41ac6651e9fa2e7b78e5084dc5fb94aeb843f6770b", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066901, "uuid": "7b6a456d-4bd1-47fa-8ccf-7459841dce5f", "value": "T16C7423EE1038A1A77C5DD16325DFE8C1D0AF04F4C42AE49BA97760D70B6CC4B2E6536A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066901, "uuid": "a9d50750-4567-4887-a819-ea37315d1c9e", "value": "6144:x1sxGAQF3KMjGvWvVCanmw1gbZqh4RN9kQk2gZ3dD8GCvClN28p5oftD5fmpNnZU:4xBQsMjqWvV1nmbZqK8l8GQ208qt6Z+H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066901, "uuid": "583c79e9-7f38-4b15-97ed-5f3b86bca626", "value": 366044, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066901, "uuid": "c67c7b1e-302b-4840-980a-51461c20750d", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066901, "uuid": "7e359d20-b0ee-433e-82ca-89cc16625c5f", "value": "DJKT0567_2116463.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93491b5c-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066776, "uuid": "5c20b49e-f2b2-4a25-a3fe-c3836ef85a5c", "comment": "Malware payload", "value": "59cd8d78dcdbc616129cbd5d068e540a", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066776, "uuid": "bad34c5e-7a3a-4285-a5fe-b2bb07458b96", "comment": "Malware payload", "value": "4b731652a86ce0f23e4dc59ff967b483ad10db1f52671d3f1239bf32cb82905c", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066776, "uuid": "a40821e8-a0c7-432f-8c8a-42853cc4d7f4", "comment": "Malware payload", "value": "1ee6ef224793f45b27f7693b071b4dbccae58132", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066776, "uuid": "cad3f2eb-23be-4cf3-8fc6-eac3d40d62f5", "comment": "Malware payload", "value": "78bad55b0f35eb988c95853253478656b3df9271fbd8fe0a8ff6904e0b9359e715b0ead082c5aa8914cd2fa5c5ff5fc7", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066776, "uuid": "ff31114c-ac42-4425-973b-8f8a026e77de", "value": "T195742385EADF33805620F1FD696243C868F1EDD053784EC7A1A93B4A9587EEE4CE20D5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066776, "uuid": "b711f19e-9361-4b73-8b61-8376aba802b7", "value": "6144:whOOoOIyGRJuDuwTRtGbQYo29ktzqPq6lPbZhO3yIoj3BycJy:whDiKTFYiUNFrOiIoj3Byp", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066776, "uuid": "0dc06975-9310-4c4c-b195-beb39170e6a4", "value": 366207, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066776, "uuid": "d34266cb-4f08-44dc-83c9-7b33894f4f63", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066776, "uuid": "a8c2fc96-9a95-4a98-ada9-1caa21f3fa39", "value": "KUYZ0248_8497127.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ef90366-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697051200, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051200, "uuid": "a59194cd-ed46-48d6-a780-7a01f57e1df8", "comment": "Malware payload (Smoke Loader)", "value": "6f40cc8a9cde0a463d051ea5d6fa369a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051200, "uuid": "8b2fe49b-532c-4c91-8102-700bf8f6f426", "comment": "Malware payload (Smoke Loader)", "value": "4bba6cbaca8ad2de49841dc47704f6718f6818a9ae8bfc9eee4cd47205204772", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051200, "uuid": "f0a5ce22-5720-4500-8eff-f82a39a06c11", "comment": "Malware payload (Smoke Loader)", "value": "73a20eccda9f6432c8b3e857736833a6698cfb5a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051200, "uuid": "8d5007d0-4767-431c-bece-23d87084c084", "comment": "Malware payload (Smoke Loader)", "value": "11ec1085c3ea1e9cd002af48e1ea684606ce5b2e39d01d1247987440a4c795d2a8e18de0f27f33f1678dc0b0d08087a4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051200, "uuid": "10fe3b2a-a6a9-4c4b-928f-4f5752fd8b8f", "value": "T14A24DF02F542D8BEC44740308825CEF47A7ABC66DA59899737683FAFBD3139267B7250", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051200, "uuid": "77bd6afc-d106-4946-a1f5-f9d6834fc9d8", "value": "a56a3b566f53101a1a6e35ceb20468a9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051200, "uuid": "c9815a13-919a-42dc-8e16-b085c1e3dfec", "value": "3072:AX5deVPVc3RV6ps16v24GLI4wTipvAHvVifl2tn0l5aeITy:0qWhVgs1E29LIFfkfl2tZHT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051200, "uuid": "22d796c5-8924-434b-a647-17c3ab4b938f", "value": 219648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051200, "uuid": "cfef3a1e-223c-4a7e-89e1-42c56132813b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051200, "uuid": "373382b0-353e-4ef4-86b6-f9af93169d12", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "82efd577-683c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1697031959, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031959, "uuid": "28923b76-7c07-43db-b060-5eb02de57c70", "comment": "Malware payload (AZORult)", "value": "e4a96c57213df619491c4a5b626b308a", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031959, "uuid": "10d5ed2d-a098-494c-814e-bf0a1e26b905", "comment": "Malware payload (AZORult)", "value": "4c7be44077e7183529cb676d7528ec2aa17ea0585596efd6bc4dc0ce32a232e0", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031959, "uuid": "e9336776-5ad7-4a16-be65-60092adecbce", "comment": "Malware payload (AZORult)", "value": "eebd54622f55382920937d4960efad6c2a8a9e64", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031959, "uuid": "2077bea9-1228-4a60-8549-704e73993187", "comment": "Malware payload (AZORult)", "value": "d78aafeaae68563f220af20a5a335b7e0bcb00bf3592b91a2d1c1a067d19d70ab4b9b440ce5ff7a774eceb279bd20655", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031959, "uuid": "0716f5ca-f025-41c7-b30a-66b39dec268b", "value": "T14AB423D93D91D5C9FA06567008F44779C6BEBF436762CF4B67A02A311883C2A836B067", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031959, "uuid": "de471eff-092a-495b-b3df-051acb2e6021", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031959, "uuid": "c2c0df13-94fd-47b0-ba5b-27c794a8b090", "value": "6144:1z2yP2JSSFUEc1wrVNcXPGwVJxJoITgmnTivrinXsUrk2fUJaZqicB3ogiJfW4uf:YHc1I4/GKMITxiDOQvJEgij0UQPN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031959, "uuid": "b81de795-a15b-45b6-acc3-f2b5804140c3", "value": 526388, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031959, "uuid": "82191559-90fd-4f13-99a1-d9c824a97d09", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031959, "uuid": "f13ef90f-db4f-4e38-854f-f5d076277d1b", "value": "4c7be44077e7183529cb676d7528ec2aa17ea0585596efd6bc4dc0ce32a232e0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "93f05ae9-6887-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1697064200, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064200, "uuid": "1964b353-a6e0-4364-bd27-4ac2ff59b9de", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "7a32b7f0d4dcc94360db566dbf8dd024", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064200, "uuid": "e5e54734-3530-4941-b8d4-c70f5b89597d", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "4c8756ccd186a7a67588fd8e4d877ceb5112417ce46f94c5134c40b9b7b10f84", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064200, "uuid": "690941a1-eb29-4f9a-9baf-cbdf87b1743a", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "ccc323c22856ba6c57b23217d45f769f8988b910", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064200, "uuid": "dcc9ad8f-1d66-4336-b707-a831d0db5724", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "11ba7ba1f56ffa4ec7eb7d25fede436f231e1e86e3e093f266e9663cff97d996d6062e28a10a663e84821df8de493413", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064200, "uuid": "d9a72352-fe11-4d02-8360-bd0046f2b30a", "value": "T1FE652326D5C8A11ADCB52778A8F212131F347DF2CDB45317168A6DD914F2A88F9323FA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064200, "uuid": "4e481bd0-fa0f-4c84-9327-a652105b2258", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064200, "uuid": "0d93c153-de90-452e-8eae-f5d39e65e179", "value": "24576:DyKKIB3QoOvD7FR9ccm+rDaFoGzkOgW1oWFEmQFSgLK8w+c1v8D5xRu:W2B3J0Jccm+rDAOq57AAg5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697064200, "uuid": "b26b0c3d-df6e-4d14-a3bd-7912590441e3", "value": 1548288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697064200, "uuid": "ec59d5da-1864-4029-b382-82fb82fb2b70", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064200, "uuid": "a3a1e33e-27c4-49c0-b8af-4db8740caf3f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6fb24ea1-687f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697060703, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697060703, "uuid": "bfc7d3fa-bae5-483e-ac3f-8b5c41a8d105", "comment": "Malware payload (RedLineStealer)", "value": "4da6693c7bfd7ea9f1fe690a0feabb4c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697060703, "uuid": "132e66e7-87f1-4cae-b174-3fc883cdac56", "comment": "Malware payload (RedLineStealer)", "value": "4d1a3defff4f88992554dc0c7c3ef51fbe028aa9d442cd6d3b8de7eed1292a9d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697060703, "uuid": "c6cd69c7-fbdd-4e42-a182-607d9298a70a", "comment": "Malware payload (RedLineStealer)", "value": "1093b3878981d6fdfee8bceb32b7b271433d42e5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697060703, "uuid": "07a0f5a3-f7b0-4632-9feb-761d77037b09", "comment": "Malware payload (RedLineStealer)", "value": "cfb1119acc761a0fe23e4a66148ade7e1dd2974758a659031c776397ddf8d03c17280d5ccb2b73ef3114aba0131f436b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697060703, "uuid": "d79c408d-dad1-4af4-96c6-25bafd01187a", "value": "T1FD652392EADC1375E47463B16AF353931E747CE04CB0862A2AD1B4AC1DB3198E9317B7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697060703, "uuid": "4754daec-7a56-4f45-8c3c-eac8de0e5f54", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697060703, "uuid": "803e8e4a-82ff-4b34-bad0-bf817a7e1d83", "value": "24576:Nyl7RQEreO2W7hlqiisKin5U89nKY24ISz9fjF5E/Vy6ks6o4CNz8owgE6A8s:ol7iEreOh4Ns75U89nKl4IwBjvAklo4n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697060703, "uuid": "a49852af-059b-4e76-b19d-5d35449954d6", "value": 1546240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697060703, "uuid": "419dfd4d-095b-4068-b38f-3de1fed24e15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697060703, "uuid": "4687a1fc-e802-4487-8aee-7652a60f68f4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07b2a912-6835-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697028746, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028746, "uuid": "0875a409-4c77-4e40-9f52-623291fb0a23", "comment": "Malware payload (Smoke Loader)", "value": "420a2e015c63848d3441af81a0d223f8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028746, "uuid": "e7b5ebc5-24b4-4a4d-98b7-1403ebc10a6a", "comment": "Malware payload (Smoke Loader)", "value": "4d4723d82252a443ebf20abf584bd7de2e22cedb6df8db2e02dc8ac64b87750b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028746, "uuid": "d66d9325-6f3e-4b5e-8435-8615767efa51", "comment": "Malware payload (Smoke Loader)", "value": "91267ea009efd66041ac5c735a775e35428d4c56", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028746, "uuid": "61a804ed-7136-429f-9850-37aed78aa7a2", "comment": "Malware payload (Smoke Loader)", "value": "5141496c4d2555038e729bc9d5d959d16e13d0ce51b71156097b7f655ba50d00fbdf706a23b2bed22fec7b1b2c2286fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028746, "uuid": "bc8d6553-f398-490d-a9c2-b296bddc3129", "value": "T1B434CFD27982D4B2C447403CC824C6F47A7ABC768A594987F3983F6F7D3D292AB67250", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028746, "uuid": "7ea96dd0-26e1-460d-a786-7694f16d4131", "value": "c8b7da62a536f23a0b3169f49ecdf603", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028746, "uuid": "2b5f8584-1dfb-4f76-a108-4680d5137877", "value": "6144:P9KCxUpnATnlIqTqlQpBeCnIzgFo5404T:PbknArLexIo54n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028746, "uuid": "f33c9d80-e1c9-4625-9301-f6f49afd3488", "value": 230400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028746, "uuid": "4ca88580-ea11-4e92-90b6-304265b8d496", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028746, "uuid": "9e2a1f20-9020-4e60-8db6-d905d72130ff", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dc4d208b-6876-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697057020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697057020, "uuid": "2f810aac-172e-4a70-a5be-75eacffa5495", "comment": "Malware payload (AgentTesla)", "value": "8a301509dc309dc02d9e20f1a1528ea1", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "themdia", "colour": "#7BC875", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697057020, "uuid": "9ee6f5d9-667d-4b72-bd2a-954643614da3", "comment": "Malware payload (AgentTesla)", "value": "4ddcd85210da5bd6a6afb3897779761f8d8df54f3116ce67aa3d53f74309043a", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "themdia", "colour": "#7BC875", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697057020, "uuid": "241665e3-6aa4-4d1f-b941-650fc638ee8c", "comment": "Malware payload (AgentTesla)", "value": "45b867e8f267e01fd7cf694291f809ff969882c6", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "themdia", "colour": "#7BC875", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697057020, "uuid": "4fc804c6-8bda-44c4-89f5-8b3f2918d817", "comment": "Malware payload (AgentTesla)", "value": "5b4076227dfd24ce344eed4735b309810b0c0d701d132471e6b281b1dbe804724e855070e4cfa1bb27054e058c7fca7e", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false }, { "name": "themdia", "colour": "#7BC875", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697057020, "uuid": "7a512056-990f-4d98-ab0f-855461586004", "value": "T1E675331BF7B78579D838C437A1A052E94C293A5698B8FDBF7EE900F5C18754E0AE50C8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697057020, "uuid": "34cfcbf4-c3eb-4063-89b4-912b44f4f3aa", "value": "baa93d47220682c04d92f7797d9224ce", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697057020, "uuid": "dcc093c2-a3ad-4955-9257-eb1b0c0ddfb4", "value": "24576:hxnR6jAv7ayVVIKsD+bPNPMN9N6/FGOWNdgjAXlXmc1wBl9Uem4HF17D4Ev+9Q47:hZIcveuIKsDuNUNp9rd1IQ8FaQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697057020, "uuid": "2c049941-1f6d-456d-86bd-0a5852284e14", "value": 1652224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697057020, "uuid": "bb1564d5-74d8-4e2a-8a00-0f1b834a8506", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697057020, "uuid": "ae4576fc-7abf-4670-8044-535e59a88592", "value": "BwZKBus2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2875bc9-6883-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1697062587, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062587, "uuid": "c98ffd5e-ad84-4692-889f-c646c5ca24be", "comment": "Malware payload (Tofsee)", "value": "0dd828e69d29ed7f004837822a621299", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062587, "uuid": "d4715adc-6aee-4587-a133-54fb09baf09e", "comment": "Malware payload (Tofsee)", "value": "4de255bd7f8f3434121c22a64f4fa39d0cdca3b5a3efb252dcc9eaef346c46e9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062587, "uuid": "ab9b87be-df70-470c-8aa8-00e010042a8c", "comment": "Malware payload (Tofsee)", "value": "0fa7aec7cc1db6ff4e083d2f0681f1de9a32c7b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062587, "uuid": "60492689-9e4e-4dde-afce-a85f3b6245cd", "comment": "Malware payload (Tofsee)", "value": "d35c38904dfcd227fc5925f3b6fc5fb153af9705aec9f250def23029956ff0db5ba0b051484409fa589ee61f0b38cc5a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062587, "uuid": "f6c10435-fe1b-400f-986d-e3ed75d6bc29", "value": "T1F224CF127A82E4B2C44741358825CAF8BA7FBC76CB6959C777583F6F7D30282A776240", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062587, "uuid": "120cd8b4-3a79-4cea-ae73-8d6881eb65fc", "value": "672b81f1197fb8c01c300e40d940875f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062587, "uuid": "91570d57-ae0b-4c39-9af9-3db5eb346f8f", "value": "3072:CLUX5nl6Nkeq1LZC87SvBVlmqaghXqk/zrBQlFC+p8vF5XGoTG:UQ9eqFZC8qgghp/zrBQlFKvPGoT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697062587, "uuid": "de1fa759-c29e-4c58-95fb-dc5f1de6d76f", "value": 229376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697062587, "uuid": "8c9d91e4-2b21-4b08-a0f6-501b81ef1778", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062587, "uuid": "00d2ddd8-bf05-4b29-ae76-ac1733c33fbf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22f92ee1-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697050696, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050696, "uuid": "9cdeb635-78d8-4f6b-845c-89b4074cbbca", "comment": "Malware payload (RemcosRAT)", "value": "f0bd493782b9a470f04986d36be4c096", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050696, "uuid": "5b11ae32-65e9-407e-9b23-3d3f4a42f6c5", "comment": "Malware payload (RemcosRAT)", "value": "4e8a45e3ed0ef2d55f13edfc4d88fe163b580c4041a4e572497280d2cb817d02", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050696, "uuid": "8522bbe2-9605-442d-9e2e-95a0d8eab1fa", "comment": "Malware payload (RemcosRAT)", "value": "25d5a64d178da31ea3694afa779316a0c50e3b52", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050696, "uuid": "d581389f-bed2-4a04-9b69-bbe551bfb479", "comment": "Malware payload (RemcosRAT)", "value": "240fedd52a727f03468119fc20431fd91e45e38f53d6babf3b7d30cf2044bebe7c10e5596b1e6f5d154e99fb3f6d20d0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050696, "uuid": "9f9bb75c-2537-4c01-a7cd-15526ed0a727", "value": "T13C557DE5A2408C22E027397CCC5AE79505297EDD6D428CCD4E54DACF2E6DAE1B9FC063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050696, "uuid": "a0e83bd9-bf7d-436d-b465-0b3c53166831", "value": "7b81750dfa561fad4dadd71b82d358de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050696, "uuid": "743be393-8f26-4616-989e-158980682ab3", "value": "24576:iFoEhCKAXS/1+O9P1Bza+78soKoxm5OST6Iytld3BIwbgKcQrE/k2+wVN:iF9ii/1+O9P1BB8soKXx7ytldxWV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050696, "uuid": "deeb7f45-ebc1-48db-91e7-4c234d3922e6", "value": 1300480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050696, "uuid": "bb5359a5-0354-4cd3-b0ec-59824c486790", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050696, "uuid": "20aeb319-669d-4e6e-a0b3-178a1b588dbe", "value": "PROFORMA_INVOICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8dc6205d-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066767, "uuid": "8f3bad24-6d27-497a-972c-183be61de9bb", "comment": "Malware payload", "value": "0d12e4bd0e06802281627a7b0370f327", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066767, "uuid": "ae7cef17-53e1-4904-bfd4-fda12beb64e3", "comment": "Malware payload", "value": "4e9908277fc5dcee1a5ebc2d77e1971300e0449d0dce9213f0e2648b7780650e", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066767, "uuid": "42a523e3-3263-4258-a2e1-15fdccf7f431", "comment": "Malware payload", "value": "dbd90cfef2e4b1fd371d2d662378c39172439081", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066767, "uuid": "65b68d9a-35a5-4fdd-b678-5e9148d764da", "comment": "Malware payload", "value": "16ab1742212a33aebb835f0577d6583d7600f8e2b183566a45fcbb7d6f648bd9f2b2011f552e85452a4d1b71feff7ce4", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066767, "uuid": "a6f4d5e4-270f-4441-ad3f-c08f728cf9a6", "value": "T197742373DD7050A6FCF2CF66306F1126687F20B7DF2B4252EB5423AE05A4912650BEB9", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066767, "uuid": "bdd0ddb2-9d93-485a-8c57-de4e7b752886", "value": "6144:tJsVW7lVspDsDATMdazwPaff+Cxr/HZT6laHQe05ykWKzDbSspp:/sVYQDsETNzwP0f+ShWl805y8z3Sup", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066767, "uuid": "c4b67bd8-6d25-4799-9486-958a5df62dbb", "value": 366221, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066767, "uuid": "9be31e83-ebd6-4101-be1d-7f32bee937d5", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066767, "uuid": "5441a807-9c33-4c82-a210-b4ce37f74e9c", "value": "CGMP1279_7140970.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d9105d82-6851-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1697041123, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697041123, "uuid": "fb820ab1-f411-4ddf-b37a-6331a9a008d8", "comment": "Malware payload (Tofsee)", "value": "db877a900c857d20ebc2f45d67a72826", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697041123, "uuid": "e8e87577-e728-43b2-93b6-3760df16ca8f", "comment": "Malware payload (Tofsee)", "value": "4eef869206505d77a7efc5827d0b7f0f0781f078e00b3308e6882c24938eb13d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697041123, "uuid": "42c31fc2-3b4c-48e3-aa8e-88cfeb3f2a9e", "comment": "Malware payload (Tofsee)", "value": "bfc689f4c35dfbba06345e7d78ad7689c49ffe48", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697041123, "uuid": "b255822e-d676-439d-902f-c671283440f1", "comment": "Malware payload (Tofsee)", "value": "828838b63516a79118c507095d291f610033a270ab944c7ab7cc26e96831d736a8900ad42345c65c953a377deb50963f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697041123, "uuid": "4d11c5b4-db0d-4840-967e-a38e65a61fa1", "value": "T16934CF227A82D072C44B4074C820C6FC757ABCF69659499777983F6F7CF12A26BB7260", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697041123, "uuid": "dbfbca55-6a47-43a9-a80a-54375a2c7909", "value": "987d26efaba6f21b1152f94099a2d2b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697041123, "uuid": "93966be5-b033-4318-b473-f06930fc1424", "value": "3072:9X5xeKI1OOslQw0NUHNposJKdewZmET3RIDFjMqLR/j35EWTy:52OOmQwVNusJKMwZ/qDFYqRjeWT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697041123, "uuid": "44b3bda6-311c-4286-bb8a-4e42b496a40a", "value": 230912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697041123, "uuid": "a92cc17b-aee8-4038-bffe-59ef6ce6dd48", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697041123, "uuid": "b238c629-423f-4578-b8e1-a3e907021e37", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51d0df89-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Babadeda)", "timestamp": 1697050345, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050345, "uuid": "a010eff6-4fbe-46e7-ad6c-cc80a61c25d9", "comment": "Malware payload (Babadeda)", "value": "82664a236f364cdcec0d818ebcdfda50", "object_relation": "md5", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050345, "uuid": "8155739f-e778-45ef-80e2-0c9cd56b7ad4", "comment": "Malware payload (Babadeda)", "value": "4ef11c4362bb39a7474ad6580abba1db5db12c60bc209d609f2ee3d876ab22c5", "object_relation": "sha256", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050345, "uuid": "00c46b8d-a5dd-4ffc-bdf0-7d066ac1b170", "comment": "Malware payload (Babadeda)", "value": "72d168e9bfecd7207f597dec49f47d1cc287995c", "object_relation": "sha1", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050345, "uuid": "3be73e56-32a0-4ecb-86eb-5018f5f26561", "comment": "Malware payload (Babadeda)", "value": "bacefadaa9d816b284dc0cadcd0c83676542821cea2a35b97dd2da9d3a0a3290eb2af014a90999b8e6daf854145c7a0e", "object_relation": "sha3-384", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050345, "uuid": "e7c642a0-4d6b-4760-a52e-9540491ececc", "value": "T119A36C41F2E241F7EAE20A3110A6712FA73677245724D8DBC34C2D429A53AD1AA7D3F9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050345, "uuid": "76642bff-2c86-4fbe-b8cf-c405b83fcd1b", "value": "5877688b4859ffd051f6be3b8e0cd533", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050345, "uuid": "8cb93a96-3b0e-4ba0-85b1-6721d26a6b8c", "value": "1536:17fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf4xZO779tx:hq6+ouCpk2mpcWJ0r+QNTBf4K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050345, "uuid": "7febaa01-f318-42fb-abe1-44d9aaa0816b", "value": 100305, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050345, "uuid": "a712dec6-bb35-4540-8cff-89ca15a2b979", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050345, "uuid": "6a76beb1-211d-433b-aae9-ffb555c26e48", "value": "82664a236f364cdcec0d818ebcdfda50.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a76859ab-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050918, "uuid": "87cec2e5-bb08-4a6e-a11b-9d9279571d7e", "comment": "Malware payload (DBatLoader)", "value": "b4850821966f6634064e41da041c0786", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050918, "uuid": "4ff7c676-122b-4aef-b734-51377feb5385", "comment": "Malware payload (DBatLoader)", "value": "4f1f159f4bbf4affc0f19a22bf1d266ed04702ca3d3b1f0b479b4d67be301cc5", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050918, "uuid": "bbf479f3-1f84-49e7-94ca-c3dd44ca8904", "comment": "Malware payload (DBatLoader)", "value": "ad928fa24c5bc352ae8e155532bc6ba93665b5ab", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050918, "uuid": "65e01c70-45e3-40ce-8114-a76ad8498136", "comment": "Malware payload (DBatLoader)", "value": "c73dd891d29802d9ff2782734c223e7548668202019d329ee632c4052ec1d51880197f568a13a966ad8056edc3141393", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050918, "uuid": "868c148d-0ab0-463b-9ccf-64da08180fab", "value": "T1EA355B74B3B208B1F4B97675C90A67F41DFF27EDA944288982797D1B1CB27826E1102F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050918, "uuid": "b0a5763a-510b-4be9-8224-6369e3818d20", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050918, "uuid": "ffc4f81e-16ea-468e-8019-50dd15ca2322", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g53:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050918, "uuid": "5e489229-57d0-4e51-85a1-cf3aa8112c85", "value": 1124352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050918, "uuid": "a4cc3654-f156-4e52-89bc-763420802899", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050918, "uuid": "31ba12f1-aeaa-47b7-9c3b-6c6ce2828045", "value": "Hlrzaqeuzrmikf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce86c36e-67f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697001162, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001162, "uuid": "0d820069-77ae-4b52-a4ee-7ba36f6e26d4", "comment": "Malware payload (Smoke Loader)", "value": "48a983f9332c5929ca70936c3e48cbeb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001162, "uuid": "ea98e803-3d73-416d-8600-e3e593fb63a7", "comment": "Malware payload (Smoke Loader)", "value": "4fde35f203cdacb88a85df5622b3b0b4e3f572c616b124c007d6158534d36896", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001162, "uuid": "614373b0-0875-4abb-9967-331c98e4720a", "comment": "Malware payload (Smoke Loader)", "value": "4e9ee762c63a704080be100c989cf6d977fdbb8d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001162, "uuid": "2a51ad7d-f735-4db3-9407-2a52f9397d2b", "comment": "Malware payload (Smoke Loader)", "value": "69ef8d89bcbb778e0251e105dcdbf780c9e5289fc997379bd24f10ab3ed298fc9d4e5acaff10e9c0cc6caa1ed8a97543", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001162, "uuid": "d22f5f8c-753a-4d05-af2a-6b1e06bd8f54", "value": "T1CD24CF117582D4B1C44F403C8824CAB475BABC768B5989B377643F7F7932292AB7A23D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001162, "uuid": "7aeb3671-eed6-448d-9e31-8f20b3eca1ce", "value": "1779cddf5976b55ff16f4e4d4c8ed385", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001162, "uuid": "d9673966-0f41-4057-a02d-f5060a6b64f4", "value": "3072:fXp0iIMwtfs45fH0ooQqLuflAcSe46o24mRBbEZ5UAVTyh:PWLMCs4eovqL67N1cgAVT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697001162, "uuid": "8c758a9c-f7fe-41a4-ac5e-8239c094302b", "value": 229376, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697001162, "uuid": "74222553-e742-4c0b-8f32-ad0dfbf48200", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001162, "uuid": "e6bb8449-e579-4545-b4eb-7432df251f27", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aee3b0d9-6815-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697015283, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697015283, "uuid": "7e139328-6392-4891-b548-90b68b062937", "comment": "Malware payload (Amadey)", "value": "75ed7019ed6f5224bdde1b983e020d26", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697015283, "uuid": "ee8082e1-71f1-4b19-a46d-dd5e308b030b", "comment": "Malware payload (Amadey)", "value": "4fee0bca77540a7d1dc2143464f076777950baaeeba6c07f3e3a679bf3e3094e", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697015283, "uuid": "085f523e-617a-448e-9761-ede6769c68a6", "comment": "Malware payload (Amadey)", "value": "5db5d82f7f049d81baa2ca67904ad0f4b9316334", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697015283, "uuid": "38df46ab-346b-4743-b634-10b0122f0237", "comment": "Malware payload (Amadey)", "value": "915b7ba74953a0376cbdf7130636d9ee51248e3f4953a9e1b009d2645ddd6adca7987b149a41f4fafc3997e2a9de5440", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697015283, "uuid": "c24bbf5a-352f-4bc7-ad02-5b90c17543c2", "value": "T1353523C1E7D4C073EABA1BF004F6135F0F3DBDA15AB8838B1296A95A4D72AC0553573A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697015283, "uuid": "a583fcad-1664-4fc0-a0fb-b55ce4555349", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697015283, "uuid": "fdc277f2-fe47-4b00-a9e1-66ec675e5d93", "value": "24576:HyD+pHMlSRFCFOnafYGiLSDZ65xdmaYbJ+Myy:SD+pHM0RIFeaALSDix0h+My", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697015283, "uuid": "e1f34d06-05f9-462d-ba4a-d379c7474a19", "value": 1080320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697015283, "uuid": "fc5f52b4-e3d9-45c3-817c-0cd92ed24d47", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697015283, "uuid": "7ba87a88-071a-411b-ac8f-3b182b38fe39", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d888907-682b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ParallaxRAT)", "timestamp": 1697024595, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024595, "uuid": "49890485-ee8e-4811-b396-06b00f54cd4c", "comment": "Malware payload (ParallaxRAT)", "value": "69b85492367598683cc28f7353148a5c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024595, "uuid": "95b962f2-45b6-48dd-8095-4bb5dab07cb5", "comment": "Malware payload (ParallaxRAT)", "value": "50390617ca0f0b27057a4447414d7799996b69e615bea931a31d673394d92695", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024595, "uuid": "483d2ac4-3c6f-4580-82d5-dbaf47556094", "comment": "Malware payload (ParallaxRAT)", "value": "e03f54756a9628a142ee2cb2a9190dd1511b5336", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024595, "uuid": "578edc7e-541c-4875-9671-93130150242f", "comment": "Malware payload (ParallaxRAT)", "value": "a576c5c60b85d1b360163d07f53d7fcfd6fca6c4336a61b2e445e5bf59b7f4a83571db01cbffa1fd31d265b243f64378", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "ParallaxRAT", "colour": "#D46E6B", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024595, "uuid": "9f0c4cc6-3734-44b8-800e-0f12d1537c3b", "value": "T12EB58D22BFF19577D17303359A9EF27930ADE5300B35C19723991F1CAE301A396296AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024595, "uuid": "9bef9f38-78ac-447e-8017-5305009425c1", "value": "94dd02744fcb699e42c8cab9862521cf", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024595, "uuid": "330cf2b3-fcaa-4a5e-9895-c37bc39802f2", "value": "49152:Eq3QscuJsVPCYc80pixEXY2QpvH8nzf9Gion08mkCSgo:E0nJsVPBcexz2QpvHqL9GiouSx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697024595, "uuid": "7dd2d1e3-0a45-4d36-acdc-1eb2b8c9b714", "value": 2405528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697024595, "uuid": "da778560-8015-4b4d-b9f1-ce4062c93c80", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024595, "uuid": "45cab932-85ce-4024-a262-9b3db744ad2a", "value": "SecuriteInfo.com.BackDoor.Rat.457.11176.23459", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33f25168-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052443, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052443, "uuid": "57b7fe67-2dca-4d35-ab1a-d7100ca8a312", "comment": "Malware payload", "value": "66432b6891f56626fbb7449fec95586e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052443, "uuid": "19a8417e-5497-42d2-83c6-e2570275fd27", "comment": "Malware payload", "value": "505f88cefadf688106c58b9b98e70da648ea5542e83397d869da45ab4364f791", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052443, "uuid": "e42fe8a0-6542-4256-a7cc-5e742a8fe276", "comment": "Malware payload", "value": "f91fadfada4cd77e5ef244543b18c1561d12a967", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052443, "uuid": "81af0203-ea7c-420a-97fd-7ce18343ed62", "comment": "Malware payload", "value": "133230561fdbcb76861d390f6f26a5f65491c2bd455e8888e63141770e24899ac64b410b70f3b221fee2edf96d227486", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052443, "uuid": "cd9002a1-bc96-43a4-a448-2bf31ec893b0", "value": "T1C8A20851721C5267CAED067D885316D202BAEB23F882F75FCFE0E91B7D523C998016E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052443, "uuid": "dd47c1b6-3256-43f3-8d37-ab44d0c0f909", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052443, "uuid": "12440e4a-ba85-44b6-b617-b7f7c3e4c091", "value": "384:HxwJkR6/k1eBunPNw7WTffUPrCKlZpRJbkwQanQwveflC:RC/XunlMWIPrbnvYE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052443, "uuid": "ad94ce32-78c2-42ab-806f-8b37099e4ebc", "value": 22016, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052443, "uuid": "5df4a807-6b8d-4b09-9297-b8d953047dbc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052443, "uuid": "b5142fc7-e517-40b6-9129-2011dc1566a7", "value": "Habtvpiuidi.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd3e90b8-6860-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697047519, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047519, "uuid": "587e37f1-ce2e-4002-be53-ee4d8432c422", "comment": "Malware payload (RedLineStealer)", "value": "2785964cfb964bffba0310d671c4fa24", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047519, "uuid": "6773ddfa-49f4-4081-9bbe-d6c237e09d01", "comment": "Malware payload (RedLineStealer)", "value": "508804ae480d3468f8649003f2baa3e97b990776512a9481cb840326fe7473de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047519, "uuid": "4b7d2ddb-918f-4503-9ebc-6a1fa9c5c219", "comment": "Malware payload (RedLineStealer)", "value": "734b787ab1fb32147a7c8f733aab64ec235d1d4f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047519, "uuid": "bc066800-a5b7-4599-a1d9-decc0a80e8c6", "comment": "Malware payload (RedLineStealer)", "value": "1a673a00acf40f86aae67b4359df45387b008847e59b69291a1c058d21a04a2b030bf86ab9d915e851028d70a520a8e9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047519, "uuid": "1ee40736-9901-4df9-ad25-65aa31c996ec", "value": "T10E258D2138C08176EEF320B647ECFA3A46ADD0B0072916DF16D857EEE7206D17B36596", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047519, "uuid": "2e19eade-b65e-464c-9255-1dc70e7fb9b1", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047519, "uuid": "1760a13b-b606-49e7-ad61-45df194e862e", "value": "12288:p59vrSlrVEepsxylL5dPM7xj1Vc1jBAhEQtt7kxIA6u99lTb+nW:pnVepsxylL5dPMdj8jqtttl4v+nW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697047519, "uuid": "7736b436-7776-4198-a3d9-0cca98cf162c", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697047519, "uuid": "4604efce-ae9a-452b-b8e5-f8699e547bee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047519, "uuid": "696eec51-80ae-4acc-8c5d-516b5b991d5a", "value": "2785964cfb964bffba0310d671c4fa24.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d5e7c6d3-67e4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696994303, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994303, "uuid": "9f458b79-f1b8-42c3-946a-19cc57b0f69e", "comment": "Malware payload (RedLineStealer)", "value": "a856632ea5b9f0f0c335945a21a6474f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994303, "uuid": "7e34a774-67e8-495a-bf54-10ec4be3aed6", "comment": "Malware payload (RedLineStealer)", "value": "50a94ee88a15859c14d0645cad25a09a1adb0142cd8eeacd10a6e6fe6e5ea9fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994303, "uuid": "0f579160-fde4-4911-8bb8-5aba6edb42a9", "comment": "Malware payload (RedLineStealer)", "value": "e0ae8f9336a644af43db4166c6a96b87e313cd5b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994303, "uuid": "e2fd5772-e05b-4dc4-a26a-2f8437199359", "comment": "Malware payload (RedLineStealer)", "value": "93d8cec7631e97e9f8042d5f3dc728c5ff390af86a5fcff6ab117d64f8869f301f3b7dfce88abd95be5463448797f3fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994303, "uuid": "816c408e-05a7-4eb9-b711-b8a865ee6ee7", "value": "T1AA352207F6D855B2EDF0977005FA1AD30739BC356E380A1F2691B81A1CB3291A1B6777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994303, "uuid": "9c790228-adda-4be8-9a7b-b8f8a6c6f9a3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994303, "uuid": "11542206-d081-4665-a6d4-9e5335b9a0e7", "value": "24576:TyaKQbgsXb4X10gsqIsewXY8A5H7RRXPLNN:maKQ7kX1zXv253XPB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696994303, "uuid": "289fb312-0611-4630-a53f-e933d2b713c1", "value": 1138176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696994303, "uuid": "c179464b-df2a-4522-a9a4-241c36c4deb7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994303, "uuid": "4e9a2151-0fcf-4879-b2c1-d4a0c278d28a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8cebd7a9-67d1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696986020, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986020, "uuid": "c61ed31c-9b36-4d4e-8bfc-8482dc124dcb", "comment": "Malware payload (RedLineStealer)", "value": "e6c96c3edaaecd24f63c3c3ac4397efb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986020, "uuid": "f63bba20-1d9b-48a4-b9a0-ea670d3faddd", "comment": "Malware payload (RedLineStealer)", "value": "50aea8e9604f61d6718291fad33f323246faa82ae0008488620a1dd0b84dfda7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986020, "uuid": "6fd7b5ac-2f41-4fcb-8b68-b9d8f07eef81", "comment": "Malware payload (RedLineStealer)", "value": "0ca7942511ce700f923cd8d26d69d1ba38c1eb7d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986020, "uuid": "80933bc0-999a-4a49-b2b8-773f89db2a56", "comment": "Malware payload (RedLineStealer)", "value": "71deea616ce07b64cebd15e3bc043086f92c325051c200b140e09cd351ffca0d254f81ed322810759e1e615ee85fc1e2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986020, "uuid": "ed764e85-8635-4453-a3c9-576537f3067a", "value": "T1D0352366EBC89469CCB86F70C4BE02431D363CB5DA34923637855D8B1DB2989D533B3A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986020, "uuid": "906ad53c-956c-42a5-850b-78fa84739897", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986020, "uuid": "6c589333-473b-4044-ab51-c3fa0848fa5d", "value": "24576:+ynMON9xVQAj3Z5scM1jTlx2f7ho3NbfV/IaSt3Aoj:NzzxVQAjpXM1WFo3NbSrt31", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696986020, "uuid": "d195c2f9-1436-42bf-8615-c062a4e6504d", "value": 1129472, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696986020, "uuid": "f97ff061-076a-4d4b-80b7-382d80df6381", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986020, "uuid": "a193daaf-3fd4-41b3-9600-931c0ee35a47", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2540541c-688c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066162, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066162, "uuid": "b47f73e4-94a2-4d47-b96b-db4d1e73b5bb", "comment": "Malware payload", "value": "cf9c217dd4416c8454b923f0bb526748", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066162, "uuid": "8aee48c0-9e85-49a9-b6b2-763a7bf309b0", "comment": "Malware payload", "value": "51215d7d543fa28d5327e31002069f37a17cbed4b539bbf437d3a56cf906d3db", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066162, "uuid": "9699d7ae-9559-467f-897e-6b87a25ec9b4", "comment": "Malware payload", "value": "b039f86204fe0ac7e1f0f5e3690134300071b946", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066162, "uuid": "bbbb50b5-9d69-417d-9a8a-ae09dfcb141c", "comment": "Malware payload", "value": "673d4d2cd63006147793371d7a2c716074d20a81ea8d09e699a030b18e4568c3cfeef8432edc1cfb6d766edd85e3b572", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066162, "uuid": "e9970839-4d93-4bec-b1d3-e395cea913f1", "value": "T11B258A3223B22F3CA274FBF600DD155B9E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066162, "uuid": "9a24f4c8-d173-4cfd-84fc-e51ea7a3b5fa", "value": "6144:XoEsxGrDm4ErxJ0eGGGsphHCapSSJry9lKm4RzIBCAGYse6aWnPPuiUjAxCbT8Ie:21rG66fszIBqPr+vNsmxO8oH1qII85", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066162, "uuid": "069eeef4-c539-486b-a120-25e883901cdc", "value": 1036616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066162, "uuid": "f5cbd075-26d4-45f1-a0d7-1c5e51c23da6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066162, "uuid": "1a3472a6-261d-4593-aca3-653e9363bd31", "value": "inquiry[2023.10.11_08-07].vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9b562bd-67e7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1696995625, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696995625, "uuid": "c0639426-7b49-46df-b5a0-3ee012ce4c6f", "comment": "Malware payload (LummaStealer)", "value": "9e99c123155edc120ada1a277d90169e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696995625, "uuid": "23246ef6-1b1c-4d57-a87c-bbe654192380", "comment": "Malware payload (LummaStealer)", "value": "5141d617cc9d29de1b5d0b421cdd1a1019773fe3dd72b7e65783572845c2bfe1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696995625, "uuid": "1e362fcf-130d-49f7-b215-c8623ed93b99", "comment": "Malware payload (LummaStealer)", "value": "fd6d24228e543f1965115cbc3daab1e15b324085", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696995625, "uuid": "ab227f7f-92e0-4df2-9290-d1625a06d0ec", "comment": "Malware payload (LummaStealer)", "value": "5b6c4ccc06c2464d6739f21ca2a982f0169882acab927600ff90aefffa31cdfcf9b63b886ea72ac6d27135f126b1091b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696995625, "uuid": "9f06f01f-7cc0-4012-9d2f-b09fd9e16b87", "value": "T1D4549D007491C832E8B318378EFDDAADA63DB550075565EBA3DC0E7ECF206E1BA32556", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696995625, "uuid": "59ef338a-f4d1-451f-8bc3-6744ed034816", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696995625, "uuid": "68047643-f46e-4924-9be2-f37d7288e044", "value": "6144:L0IGE1CmaGsqk7+R3ylssEt+nZUAOGO1hwdTZcAQYn5:wI313aEkq3c/6hHAQe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696995625, "uuid": "0ebd85a6-d638-4d35-b7fd-74d508919f70", "value": 305416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696995625, "uuid": "3f5e3c78-0644-4e52-979a-6eac27accb1f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696995625, "uuid": "8e258b48-4111-46d8-88c2-8a14d9dc16d1", "value": "9e99c123155edc120ada1a277d90169e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ceaa5267-6813-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697014477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014477, "uuid": "9181463a-03c5-4ed3-bbb0-ae6b8f13573e", "comment": "Malware payload (AgentTesla)", "value": "8040a799707f745145d9475d616604cb", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014477, "uuid": "340ff67e-44c9-4fdf-82ff-8e463607979b", "comment": "Malware payload (AgentTesla)", "value": "5147a33098e50d8296f37bdc46d05a7cf51f0457b9dc0f830794b1efc27df805", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014477, "uuid": "e8c43422-87d7-45b3-8b59-60d554db4714", "comment": "Malware payload (AgentTesla)", "value": "8fe6909cbf98b4bbe8355c126663d565bc1f0873", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014477, "uuid": "32da3103-ec3f-42f8-ae66-aac29352fc53", "comment": "Malware payload (AgentTesla)", "value": "8c9e8f76cb4d11762ec345d992febc0c1b82d6331bab65af3766e71e4e5dda859a3c3c84aefa9e005f9e4cb8b022df1d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "r00", "colour": "#8408D8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014477, "uuid": "683f5b29-1da8-4930-9408-3f419b45d7ad", "value": "T13DD4237EE9A046F9DF6A0010F028D2446153DCE424F8895BD768DCEF3D7887296A25BF", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014477, "uuid": "a9830de6-955b-479b-8e26-66c32dd79295", "value": "12288:h8yTXbKoisxn50M8hHKMX33L3aWr/olSF50xdOmtPQd+:KyTrK6xx8X3baWjY00DOmtPQd+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697014477, "uuid": "c7377af1-f9b8-430b-95bb-d7021b7c5453", "value": 597973, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697014477, "uuid": "2bbe9080-7073-48b8-a9da-88c16ea15e4a", "value": "application/x-rar", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014477, "uuid": "7a13bda9-709a-4968-a2b6-d91881eef165", "value": "M.V GRACE EPDAs & comp's 2 two POs, 17398902, PSB-18384789.r00", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbac3056-6889-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697065153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065153, "uuid": "d058d40f-e797-4cce-8b65-2387ae39df84", "comment": "Malware payload", "value": "6c8965f1d56a93b0bf67780f7c2fa965", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065153, "uuid": "6ce5ea3b-3429-4e2b-b673-e5d57f0de794", "comment": "Malware payload", "value": "52817df4b19ffc52e81384b3117888fc053326b9635152fcbd7ca62d00801887", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065153, "uuid": "05d9d2d3-b0d2-4c74-bf0f-dd374015bd68", "comment": "Malware payload", "value": "c3beaf2bf36e40c5e1afb3c0e879ae1d25f02922", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065153, "uuid": "c2145c6d-ec3d-49ed-887a-7555e54f8abb", "comment": "Malware payload", "value": "c11c3906858269076e0c9d7e193c504637e9e3f1d1f58610ea07da4dbacdf2033f06609ab5577c0fa06240c2ba20c58d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065153, "uuid": "3518ff81-b9e6-47dc-b3cb-7801d1064a3c", "value": "T10E8533206B94BEF8C1EB7631FAF22866E1FEB737897D2845DC1A413B1653601C799270", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065153, "uuid": "82847a3c-ff41-4df1-a0e9-c95b17ddcfef", "value": "baa93d47220682c04d92f7797d9224ce", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065153, "uuid": "bbd0c947-c050-47d8-9409-7892b56af369", "value": "49152:WBRmRJuZoLIEk0zZVACftmxN4akoFc0y6sFzxT:WZ/R0VAMmx/FldsdT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697065153, "uuid": "8f63098f-3eb4-47cc-9ae4-760f2ad7c07d", "value": 1735680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697065153, "uuid": "161ded0c-04ee-411f-bfb1-9291f33cdad5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065153, "uuid": "d7994eff-7c81-46b0-ba74-bc71cb2ef2af", "value": "2Elynyru.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf7336bb-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052677, "uuid": "00b44bc8-64d3-4ba4-9973-492e5fd4d418", "comment": "Malware payload", "value": "9ee15d4c37ceab48e76e710b45f03fea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052677, "uuid": "eaff2159-85e4-49af-8d0e-f245cc9b32be", "comment": "Malware payload", "value": "52e8bb888f9035928e87e31b8ada54db336a747f1c7e802d7f7eef9fdc7e1a04", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052677, "uuid": "d698e234-3cb4-4eec-ab5c-d20262c98366", "comment": "Malware payload", "value": "19ff9f849be520089fcda8b82823b0e62956af36", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052677, "uuid": "f7b32d54-8b11-4689-9250-6eb19b322758", "comment": "Malware payload", "value": "221c511a2ca59fa0171ddeafedd27358c88f93574d938fd5e2b593bb5838442125122c73aa091d1117d3c91435d725d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052677, "uuid": "a0dfcce7-52ad-4a0c-a1c6-0560ea9d3b6e", "value": "T19916333109DB17A7CAACD03295CA6D75D8A420147652513BEA297E86FCFC18AFF307E1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052677, "uuid": "2465f55b-0192-495b-b11e-7a9859b25207", "value": "d5e0355f8764c235b38759b860077ceb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052677, "uuid": "fa59262b-50a5-4e9f-bd89-8c4e156e5e22", "value": "98304:K30RhUp9Jyo6dVAngZAPnTOMoUAjx+mGxzBWOx:e0XUpHyo6LAn1PnTvj+5wzBjx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052677, "uuid": "8395498e-27c9-4f99-80c8-e460e22703af", "value": 4069417, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052677, "uuid": "ad3f4dae-dc0e-445a-9577-0143ca7bc2c6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052677, "uuid": "933ee549-cd67-4275-a52a-16987e49bfa2", "value": "9ee15d4c37ceab48e76e710b45f03fea.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22992f44-67ea-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1696996579, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696996579, "uuid": "98d5a4ed-3986-4a14-8999-9e3717de0573", "comment": "Malware payload (Loki)", "value": "547949fd0f0104c00c8fc87d08b19052", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696996579, "uuid": "8f46f4d5-a5fd-4ad8-88d5-9823e29f98c8", "comment": "Malware payload (Loki)", "value": "5415b8619c976711571953ab82b9660f0bf2eba863005beed9f9892342bc87d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696996579, "uuid": "30d44747-4ac4-4f3f-a37c-8825ebf703e1", "comment": "Malware payload (Loki)", "value": "73e16eb53932e83c81c14f0351a409e710ca1ff2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696996579, "uuid": "8610f80d-04eb-49d1-85c1-6f0a2a89f805", "comment": "Malware payload (Loki)", "value": "7fa092d07dcea6ad0579e9a53b26661b4244ff58464e7922775e81f2b96fdd0c8bb8816f7d389326a924eae8b5849fd5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696996579, "uuid": "431d376a-40a3-4050-bad5-08d32e060aa1", "value": "T136C4F140B2B64B27EEB683F68264266487F5395E743AE3851DC1A0EFA971F014F41F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696996579, "uuid": "c1f94749-9fd0-4605-bce2-07bd942ab928", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696996579, "uuid": "377d0a92-a208-4963-aa80-75b09acf0828", "value": "12288:ElYX9KkpP2j17SAkAInj8W3U8VZJM7Hu+luAr:http45S1j8uU8VGO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696996579, "uuid": "eeee34a4-9d72-462e-9feb-0d6aaddb1aea", "value": 566784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696996579, "uuid": "80538b48-56f8-428f-951d-b1eb50452997", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696996579, "uuid": "66d41c86-a385-4bca-a5b0-82453283f09f", "value": "PaymentAdvice.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e553348d-6853-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697042003, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042003, "uuid": "7c40151c-b7cb-4eb3-b59e-56cc2ba772cc", "comment": "Malware payload (Smoke Loader)", "value": "ac1c3c428ccbd57d38dfd56b83af5a66", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042003, "uuid": "cf2cdfa7-9a94-4b8d-9f85-5341b153d856", "comment": "Malware payload (Smoke Loader)", "value": "553230c06bf11ece9093e3aa7ca6b414b84a21e1a35120d3d7c2f9c780d9c5ae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042003, "uuid": "1c87b868-e395-4ad9-94b6-a119179c52f6", "comment": "Malware payload (Smoke Loader)", "value": "be8408f42a55330915ffcb0ab1f8b1381cc86dfd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042003, "uuid": "47da8408-2956-4819-8848-e9bde1d19646", "comment": "Malware payload (Smoke Loader)", "value": "bec74ce4a53f5e29309e3208f6aefcaa7b4f2d8589d28d8b1d3e52044a9f4ab1561a38210fdff7f328c4185de3e5606d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042003, "uuid": "4de5afbc-668c-4bc5-9183-f321165f73ca", "value": "T11134CF11B582DC71C84740388828DAF8F77EBCB69659899337A83FAF7D313926767214", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042003, "uuid": "de0451de-4df2-4420-8311-f4e01814dcc3", "value": "987d26efaba6f21b1152f94099a2d2b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042003, "uuid": "2f1c5d13-0ea7-42ec-8633-4f73bec7c423", "value": "3072:+X5D4IcA4tKZoaUpIcX9VFehAWZ1v9HxfFdY245cdI04Ty:G54tkoawIQVJWL9HxND5J4T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697042003, "uuid": "63a03374-3abd-4424-b86d-0ed033c3dd75", "value": 230400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697042003, "uuid": "518492e1-1ed9-4c94-98e9-47a7bcee39a7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042003, "uuid": "78273635-ae02-42fb-9a49-f47f4c99c6c5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c7deb3ba-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052691, "uuid": "cf8605ce-17a9-4a9b-ab5d-1d04f1d39223", "comment": "Malware payload", "value": "1b6e485cd55f8ae517df22014c9d66ec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052691, "uuid": "8f3404e5-4d59-47f0-82c6-76e2a7835e48", "comment": "Malware payload", "value": "5656c153b65de82b8104162a070e36cde0a5ae7fb38569390fda0e9f2492a9d4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052691, "uuid": "c275e5df-dcd8-4092-b608-2305f039f024", "comment": "Malware payload", "value": "51a16000b6ffd4e8fcccd12b1795229a7b59c851", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052691, "uuid": "7cb8b52e-8b01-49bd-a169-80eea1e32534", "comment": "Malware payload", "value": "b0bed053faa993780e905488f8e2fd8c9b65cf7fbe2d0b3e3173e43098a5d8ac1c4347db8535736fa7184f963a13aaf2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052691, "uuid": "e27ed20f-b7c3-4340-9366-eacfe5e12570", "value": "T1DDF4022433AC4B62E27E8BFA52B4065207F6B52B347DE3A89ED118CF1F61F424551B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052691, "uuid": "aee7f164-87bd-411b-92ec-f72d767332bd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052691, "uuid": "1a3db05c-7301-4fb7-84cd-72ea91b8ae48", "value": "12288:bbX9KkBC84+B8iZiItl8QwuHUAi5MfcvyfpCi/MUaMD9cjRvvHSKyw:bbtOcHdL9Uza0aIkD9cjRvv2w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052691, "uuid": "629bf5eb-c237-470e-9384-b6d9b4a74c3c", "value": 754688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052691, "uuid": "ea54a1f3-9677-4a3d-9b73-68ddaea46f56", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052691, "uuid": "6ec4bd2a-5600-4d3d-9c21-11270df93902", "value": "1b6e485cd55f8ae517df22014c9d66ec.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "74e31d52-67f2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697000153, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000153, "uuid": "c3f5a0cc-8c8c-4dd8-868c-72f3029159dc", "comment": "Malware payload (RedLineStealer)", "value": "67cd1490efb341d09358ae5e0e0cd3dd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000153, "uuid": "5600e490-40fa-4c87-aa65-c329263a3d2f", "comment": "Malware payload (RedLineStealer)", "value": "565d0a671870bbc0e6d64868a7794be7d6372b854adc93e35a960d4d099f31ae", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000153, "uuid": "59867078-6af3-4154-9b07-ed54e80147b0", "comment": "Malware payload (RedLineStealer)", "value": "bc08a25ccf24bb037c179c8fef8ce8a121bfd235", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000153, "uuid": "75838f9e-b23d-4b75-a2a0-29ec6d469aed", "comment": "Malware payload (RedLineStealer)", "value": "c26f2c47a6a9218d16e5a959d90257d70de3a1a68ec55ccd76aa38bf1238416cd562282cb93bd0a1e7d559d92f964838", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000153, "uuid": "a5bd3f03-112e-4455-b97f-dfb8577998bc", "value": "T1A835231365E55473DCF50BB0DCFB0387063A7C63AD248A375BDAE99669B26C0683072B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000153, "uuid": "6b89bada-0502-46c0-90ef-6fb5db6e079b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000153, "uuid": "50a2e2a6-b714-4e18-ac0a-a7070afe4848", "value": "24576:xy9/kJyCg/+vK2aezBam/WqHHtLGlXeXVXFFnG4qe:kOvuuKg1acRHHtKJeFXFFnw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697000153, "uuid": "6feedc48-42ff-4ba9-943d-4b5d77818e33", "value": 1133568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697000153, "uuid": "840ece83-692b-49b3-a710-9dc9a539d7ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000153, "uuid": "8b55ee10-7ae5-41b3-ba33-941ef8308450", "value": "67cd1490efb341d09358ae5e0e0cd3dd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1f7442b3-6874-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697055844, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055844, "uuid": "81ac16bb-5fff-488b-8b52-367134182b64", "comment": "Malware payload", "value": "bb7c575e798ff5243b5014777253635d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055844, "uuid": "21d71fbd-4c43-401b-83f0-7912157c9c97", "comment": "Malware payload", "value": "572d88c419c6ae75aeb784ceab327d040cb589903d6285bbffa77338111af14b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055844, "uuid": "773a779e-3dde-43b0-b7c5-a09d8b05466a", "comment": "Malware payload", "value": "2146f04728fe93c393a74331b76799ea8fe0269f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055844, "uuid": "4774b17b-49b4-4e2f-bc02-baeec46eebf2", "comment": "Malware payload", "value": "199baf93bafb95bfb24615a3a0eeea259651562d035340fc82299fff0c41789619294deb18252248b25c5e7870bb483e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055844, "uuid": "79e27f55-407e-4e64-94a8-f2f6c35f8500", "value": "T1AF7523A1BB4804D9DD1AA5B63807C5082B32FC6BC9F8575F6AB6721E8EFB3404C97453", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055844, "uuid": "d4842569-690d-46a6-9cfd-5700d2c61967", "value": "573e7039b3baff95751bded76795369e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055844, "uuid": "73cd81a6-8b54-494b-bba2-cd1ff9470aab", "value": "24576:D+c6hlrwmBYO0ToPjesrqayUByzNu+pzghCwDUkJDFellgCgHqTXhFZ+eQnbzOa8:DnUlcYYvTobdYNXFghlDHnewCThkjbFK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697055844, "uuid": "a818b367-a5b8-4010-9f49-0b1215148e3d", "value": 1592136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697055844, "uuid": "7cd66544-5688-4f8f-a3bd-26413b40afea", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055844, "uuid": "1e6df2c2-3749-4033-9f71-ea207247cb89", "value": "netscan.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "32afc19b-67cc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1696983721, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983721, "uuid": "61b807e4-9b44-46ff-b498-3abd2a87fd61", "comment": "Malware payload (Tofsee)", "value": "a8585854c7a75192794f345a352c62eb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983721, "uuid": "14860180-9c0b-47f6-a58e-d8914754cafd", "comment": "Malware payload (Tofsee)", "value": "577f7a89f71c92f7aa26e8edac4ba449327b75251b4aef85861d0fab35e3d7f5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983721, "uuid": "ffca4d94-9af0-44a2-a7eb-ad90cd96cbde", "comment": "Malware payload (Tofsee)", "value": "84e1c2d35214090bfbd91d5d20d23c5a787beb45", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983721, "uuid": "0496b95b-a8c9-494e-a394-5788de91d125", "comment": "Malware payload (Tofsee)", "value": "a823c5318603b66419d3921e2963a299cd51a54bbf7e1cd9765a2363a0294969a9a56ff1efa9bebeff414ed094c33c7c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983721, "uuid": "d37c9d6a-06b1-4ccf-84a0-4c7ea99a27d1", "value": "T104547D03B3A0BC27E5665A324D2DC6E43A2EFC918F19679A32486F3F4C711A1D576B13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983721, "uuid": "8f5dea69-a554-4a0f-927e-e50c001ffbd9", "value": "c0a3c238d9ecfd3e9ab3d94bcbfed84e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983721, "uuid": "a8cbf79f-cc72-4927-bba0-bd1bb6d2ed33", "value": "3072:Gyv5Sfz6m3uahPDRQLptm4Gvq4cS+oiCHbqdCLO30:xwfz6aPD2LptHaq5S+OHbqSO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696983721, "uuid": "49d79d06-790b-48f3-8bb2-e26874025546", "value": 301056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696983721, "uuid": "8dfd6892-8834-47c9-bba1-d24179f7d162", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983721, "uuid": "664f7837-efd8-4f09-9641-1dd424dbde04", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "70983132-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067577, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067577, "uuid": "4b48d8c2-bcd4-4886-99a8-9267b051bb8a", "comment": "Malware payload", "value": "6ea91bbdcdc23c556639614291732b42", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067577, "uuid": "01634215-1008-43fc-a3b2-0de786f68849", "comment": "Malware payload", "value": "57a8bfc0fbd4dfa10de20bb5810475ed8b5f94aa71411f0859cdc9b7d91d9b28", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067577, "uuid": "8beed571-0927-43af-ac88-3cede3d74d59", "comment": "Malware payload", "value": "fdf09d8a12d90b59b88928e89145ba730a4f4f51", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067577, "uuid": "746eb8d7-0ad5-44fe-b3bc-59d49f3ca9b2", "comment": "Malware payload", "value": "abb98c1393dc36d9fc9f6ed2c396ee1f0f3265684f33f5d7d83bcfa683bf3a06c007f15f05c9fc36d6e8efbd20c560ca", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067577, "uuid": "7aa3cb50-e724-4548-9527-8eafe9bf1736", "value": "T1B4257D213CC09176EEF310B646ECFA3A46ADD0B0072912DB16D897EEE7206D17F36596", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067577, "uuid": "46e5623d-7113-4472-8ce7-3d61c1aeeb1c", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067577, "uuid": "017c4e4c-2b1a-4274-981e-c554b40f8ffe", "value": "12288:hihVWAVpsx7UgJCSkZZ7gFEZfAhyCgetFQ+3iByRoiu99OAz1Rn2:b2psxIgJCSkjQAKyC9I+30Z7n2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067577, "uuid": "68cb4408-77c5-43c2-bcb0-0019706cd483", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067577, "uuid": "1bc2a095-24fc-4c27-9ebe-605e97bc065c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067577, "uuid": "fe813dd1-9504-4eed-9e8c-5d5bad6a6f63", "value": "6ea91bbdcdc23c556639614291732b42", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "281c18a4-6842-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697034384, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034384, "uuid": "01606564-5fd2-4696-acc4-4af425af6625", "comment": "Malware payload (RedLineStealer)", "value": "746e895cb5446cac35c146e5849cf2f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034384, "uuid": "a7e3d0a4-dcc0-4b12-889b-c56b6fe3be39", "comment": "Malware payload (RedLineStealer)", "value": "5838e398d16703ff8378790d976e73661a39ce6b37641226ea57751daa0cde70", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034384, "uuid": "fa1ab837-ae9c-4936-9ad3-c80afc8f9501", "comment": "Malware payload (RedLineStealer)", "value": "8969ae781392e0383e02d96089b5ab97beca9b81", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034384, "uuid": "9b207bb7-6c58-45af-9fcc-844384e933e2", "comment": "Malware payload (RedLineStealer)", "value": "0ba5c63da3d14e89ab03731ccacc1708381b16482851a1db6f69e2f351fcbed06df908faf8e4bd1d63d7e55d29b42124", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034384, "uuid": "585703ce-607e-4f2e-a249-196cd11f377e", "value": "T181051222F6C488B1D5AA1A341DE2B771B77D793007B68ECB8B440A2D9F710C16B35B5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034384, "uuid": "339fffbb-8c5e-4489-bcbb-ed9d8f25bf71", "value": "fa8d20faea9ef7b4e2b7fbfe93442593", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034384, "uuid": "c9e2e886-cc2b-4428-8e47-5ea81a77110c", "value": "12288:f3DkEGDINi1EwkG8Cj5w9B4RLWgJ1fCN/Dl0NjwZj5iKHHhd7d+j+sdGWejSxFe4:/DkUNi1EvGSC1fCNr+SJDLMKWemlT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697034384, "uuid": "d9498526-33bc-4522-9010-89f9c85daff5", "value": 868061, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697034384, "uuid": "876ae85b-7a38-4123-ba8a-e38816c00634", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034384, "uuid": "4aa2061f-2a97-4aa7-85b2-56af77975bf0", "value": "746E895CB5446CAC35C146E5849CF2F5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ef9f6fe7-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052328, "uuid": "be3e3458-878c-45af-bc09-4956653a150f", "comment": "Malware payload (SnakeKeylogger)", "value": "597b9168856a6693e107e7f1e80483e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052328, "uuid": "b749c890-432c-4bce-94c9-71f07e991907", "comment": "Malware payload (SnakeKeylogger)", "value": "58639b55ef4faebf0a6ab625ecdd348508fab2fc433a1dcc2bee02b20bee2078", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052328, "uuid": "1ec7a260-bb56-4831-8161-f334b2907837", "comment": "Malware payload (SnakeKeylogger)", "value": "ce15dbb1a3397127def9ab607694a82c14abfa2a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052328, "uuid": "e9e84080-0081-4b02-bd01-22d10d01d106", "comment": "Malware payload (SnakeKeylogger)", "value": "8c236313715947c720b3fb415eb14cf0df5543db9743dbf8d497cc9c3fa84c87794b3cbdf5f13bcc4bec37867c2c6bef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052328, "uuid": "278691ba-c33c-4bc6-a1bf-498f9e9d9ed0", "value": "T1DE54F11AE8DDD166CC2843B970C95E1A13E9F8CDD9A2CAF84E8DF451D2C27A1DEC148D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052328, "uuid": "dbdd8d45-2ddf-4315-ba69-8b447c1d987b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052328, "uuid": "530be89e-002c-4918-98a6-1f12febe768b", "value": "6144:+KbhmkakvzstDVP+8SJIDRINLLOxJSksFGAtvHLqsIaP7i2NnD:+N3PZmvJIt6LOXSBFGeBIaj7N", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052328, "uuid": "a430860e-f1fe-4dbe-bc50-b6b87d91b8d3", "value": 283648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052328, "uuid": "3487e6b3-5956-4271-87f8-762e75b43d9c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052328, "uuid": "f6e7209d-87c1-4dd0-9c0c-9dc9e285665a", "value": "Nmtdeo.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a76b5922-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052636, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052636, "uuid": "a9b7b5b4-903d-45dd-8eee-deb439d6e536", "comment": "Malware payload", "value": "74cade02002bd5f0fa774b2d4a3415b3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052636, "uuid": "8da8c356-04a0-4554-a597-10a520db4a7f", "comment": "Malware payload", "value": "5877e408a6db4b8619a2f6f75a58a9a0eb866e45614e1370bb6cabed7d375d36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052636, "uuid": "c7dd968b-dcf7-4c92-aa91-c0b7e0aa21c6", "comment": "Malware payload", "value": "115048f3115e8a1cbb3bd849963582c38dd486b5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052636, "uuid": "bc2f8b27-0639-40fc-a2d3-ae70b072f331", "comment": "Malware payload", "value": "41976606a730ba2fc073971b8e91ae4d45b2041a555e47d89445d114c04019d42a19ef7f015ceaf45639521b32c3dd1c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052636, "uuid": "751d76fd-e86a-4562-8fc8-8d3abbb7eefa", "value": "T1F8E56E157FEA3AC0EBD7FBD15BB1E9A4857BE2715A0742B8500832DCCB739948926C34", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052636, "uuid": "fe9b02ed-4afe-41be-87ad-6f7a17d5431d", "value": "98304:vS/mhBf1jK3eUMDNMa7gdwjOZ+FLCKNYR68irMr1/KMCYWXPca/IPP5S4FaGAV5:K4PcJ53Fa3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052636, "uuid": "902c270b-b671-4614-9d2b-969854983257", "value": 3269542, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052636, "uuid": "4d215a60-b3a7-434b-9c3f-7601cddcfef3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052636, "uuid": "42a491d1-51e3-4103-940f-a30729e3ca0d", "value": "74cade02002bd5f0fa774b2d4a3415b3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44ae7175-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697050323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050323, "uuid": "54851744-caee-466a-a948-a18dd52208f6", "comment": "Malware payload", "value": "884ec9a50d9c67877a4ac2adfefbfa81", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050323, "uuid": "94293e79-23ac-450b-bcce-ff9c74931961", "comment": "Malware payload", "value": "597a4cd79735388e0b1eeae4d8ca2efa33a60a4fddf3067a97ddd5ad3293f7a3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050323, "uuid": "5613ebb4-b085-4960-bb50-64d3efd3925b", "comment": "Malware payload", "value": "b8ded614dd3a56c7ea091465b857d21c41aeb137", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050323, "uuid": "cb664264-4407-4db9-afbb-6d00e7a1fa73", "comment": "Malware payload", "value": "3bb425c87f8751936b955f32faee5868d3ea35c80e89a5daf4fdded791e952a3d9f9b00ff6a493e418b7192a398874dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050323, "uuid": "8f17b63f-3c0e-4faa-9104-d2346d4546a3", "value": "T1CB347DE7A0E8BDEDC400697957918D8C55E6FC286297805FBF58D9EB08901E1BF007AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050323, "uuid": "4a601241-9684-491e-ac75-addb12601c3f", "value": "fec5e3ac8231eb123a87c533e215da11", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050323, "uuid": "8725aa17-8352-427c-9a13-e3f9f6ebd46b", "value": "6144:oDfbsh2h3aQlHVn0grQihqCOZNOh35dKFSITV:ozb8W3D1n0gE0qCIQ5dKFSITV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050323, "uuid": "a054a180-7eee-4a55-aaeb-6da307f4accd", "value": 253149, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050323, "uuid": "f6cc68a5-33a5-4edf-af8f-46ef6e193b64", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050323, "uuid": "613148fa-dca4-430d-bd73-53905500792b", "value": "884ec9a50d9c67877a4ac2adfefbfa81.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec0b48ff-682c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697025264, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025264, "uuid": "5763b01b-88c4-4880-ba7c-68dbe941c31e", "comment": "Malware payload (AgentTesla)", "value": "edefce3c8aa728e6d8718dcc75b801e2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025264, "uuid": "3e180b5d-8e75-4f52-ae0e-43b1264ce062", "comment": "Malware payload (AgentTesla)", "value": "5994d3897dc6097f95ccb74dae995b87274b19d4fd62df21c226607b0d94cbc6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025264, "uuid": "28e730d0-74fd-46ed-bde3-d5f80cc132e1", "comment": "Malware payload (AgentTesla)", "value": "6b2c25817ce660c25bc9651d86a7cf816d719c7c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025264, "uuid": "fd2f9d74-0294-490e-9c77-53bf2e3a799c", "comment": "Malware payload (AgentTesla)", "value": "4222b4ef974f4c5ebfe505d0c44e0ff6a9d17cca035742314f631e356c36034be4c4fe8537fdd8ddc96a80057a12a682", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025264, "uuid": "ce5b584a-32a7-42cc-ab4a-f692904ec916", "value": "T14C341284A1E1C56FE9D346B306396F5A7F1E5810606CC306AB20AC19F91BBC1E60FB77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025264, "uuid": "38272a16-2686-4374-8dd0-dfbace633d52", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025264, "uuid": "1c2ffe8b-334a-44cf-a0ce-e58a7025627e", "value": "6144:vYa6jAf0x2IBUqkLIjdAmSPIA640Mb2WtvS8Y4Cn:vYhAf0x2IB2UoaMbZzY4u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025264, "uuid": "1b82f0d6-7cb0-4124-b1da-f6d88411b83d", "value": 248703, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025264, "uuid": "b6cb77d0-8c04-416c-8378-aff573293f15", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025264, "uuid": "7be083ec-6c1c-4560-a94a-327bf7cffdb6", "value": "5994d3897dc6097f95ccb74dae995b87274b19d4fd62df21c226607b0d94cbc6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f6f677d8-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066943, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066943, "uuid": "02ce0052-413b-49bd-8fa6-fbf03180e80a", "comment": "Malware payload", "value": "7f8d6422bfd12f85707a5c24b746daee", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066943, "uuid": "90d7cbba-1062-4f6f-81bf-775453dafecc", "comment": "Malware payload", "value": "59c04c68eb110f4a505cd4333738a5b8807f68e3fd5c8458ddbade780a4c1ad0", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066943, "uuid": "a10dfcb1-ac17-4447-9179-c2b1ca5d4423", "comment": "Malware payload", "value": "00e953ec4f74444bda21a57a1ef1351af8047a8c", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066943, "uuid": "eba2d53f-f99b-4237-a9f5-1b6fc5c94f84", "comment": "Malware payload", "value": "f92981f68783d0687ee409b35875660022f3eb482cbfe325141f30745572f02d821938a6c5ee161fb6f8ed1b6d9242ee", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066943, "uuid": "3b1cfbdd-c1c4-48be-9b53-3b74ec7e7d57", "value": "T1E37423A7233898E2923DC8F4D4F164964040EE9237F4D6AF68696C2153FE58A0F5F27D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066943, "uuid": "9721db28-cd7c-40c8-8ec8-be941b674163", "value": "6144:LPpNSl8c8gAbErLxusvjATZ2oNBVB5+sOnS0vhReL7QIQHUrIrWHwEvB2mjG:9c0QQSjiZ2SB5sHvfg7ITqzBHa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066943, "uuid": "84f32dfe-70d3-4806-97d7-9015a5f10e3c", "value": 366235, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066943, "uuid": "157c4321-c91a-4f2a-bc2c-06e90b307590", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066943, "uuid": "e95712b1-4f66-4696-b985-37be406daece", "value": "AHPZ1578_5850747.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40ff17b2-6822-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697020682, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020682, "uuid": "9ac2cfae-c82f-4794-b49f-5fc12f9521b3", "comment": "Malware payload (RedLineStealer)", "value": "2069496b1da4293dd8b3c547e52d96c8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020682, "uuid": "d5d8f2f7-11a5-4429-8bbe-ad62c2a15c7c", "comment": "Malware payload (RedLineStealer)", "value": "5a366d37e6ba46de23d6a5cf2596fa75736e4abd36400633059bc973f2d2c028", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020682, "uuid": "31387461-dd7d-4b4f-b6f4-720d31655ee9", "comment": "Malware payload (RedLineStealer)", "value": "99b23ece07999015f54944ef60608df1df896f45", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020682, "uuid": "9ef99c72-7a66-4d52-911c-bd380f0fb529", "comment": "Malware payload (RedLineStealer)", "value": "cb9676a83e5022db0c619031687178a9528411f7f74543216c874d6dfc4a417919979fd5cfdcc4787c5075f50c6eae73", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020682, "uuid": "fa7d107f-9861-43d7-8ea1-617d1edab4bc", "value": "T11035230673F18136DC7517B1E8F713C316357C6A8939936A1B85A84E1DB27C0E872BAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020682, "uuid": "dc241c8b-984e-4442-96ee-1b9d2dc62362", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020682, "uuid": "41458c32-dcac-4c87-ab9b-826c0467c827", "value": "24576:nykmZcjUuJ3dxtZpxCExJKsTgEpU9A3xrt+C1+tIdh7uxNZtzBsfl:y3nUNx/WoJ/bpIA3dIFfr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697020682, "uuid": "0cfa11f2-5213-41cb-a52d-1f4e6a044709", "value": 1075200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697020682, "uuid": "396d44ba-7aa9-4e6b-bc28-b4b24f4c5533", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020682, "uuid": "644e5ea0-b48c-44b3-a3a3-3371a570b2cb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "da004e08-6846-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697036400, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036400, "uuid": "7cdc457b-ae9a-4855-8ca1-d20c2ae3742d", "comment": "Malware payload", "value": "0a1ac19454ab6b6c52a9a58c6d324edc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036400, "uuid": "1cfbe242-5ad3-4c41-894a-7bdef449d8ff", "comment": "Malware payload", "value": "5b133b1aca30d526ee1cf88d51857c88b9b4f8bcef753511e8f98b15b5349327", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036400, "uuid": "d24ed3ef-8a9d-4156-ae5b-7f6bd5b7f668", "comment": "Malware payload", "value": "4f16d4b64ee20689e655300e6c9505e684dfb293", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036400, "uuid": "33eb4cb2-df34-43d6-8c80-8c49a765d2cd", "comment": "Malware payload", "value": "67415b68c517decc66ae8607bbad2a67d2a93a31e48cf637a300860da927cf5551128c3d0e6ad16f0e3a8997677d4a93", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036400, "uuid": "0eccee9a-a5f3-44c0-bc09-085f2b619589", "value": "T1C4568E0627A843ADE0BB9038D8676A01E7B67C19477197CF13D0619A1F777F09E3A722", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036400, "uuid": "418ce3de-0aa8-4b86-92ed-b9a25b3f608c", "value": "6320642039f12dbb303e73fd505a08c4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036400, "uuid": "3a8c2fbf-e4ed-4c9f-973e-80631883e9d9", "value": "98304:mEDtxY9k0pQFCi7EPtxY9k0D5FJi7EPtxY9k0IANPgyJmi3zpySMrc:VtCiQSJiQhAPpJzj+rc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697036400, "uuid": "2244603a-5415-4861-853e-814af09b4beb", "value": 6142344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697036400, "uuid": "7965d12b-966e-4990-b589-05d8394877ca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036400, "uuid": "da2cddc4-cc7b-4642-a827-f5c1ed9ced59", "value": "\u88c5\u4fee\u6574\u74061.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "641130fb-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697067556, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067556, "uuid": "b11eb823-e83b-4732-83a1-725c39a56191", "comment": "Malware payload (Mirai)", "value": "3b3558b4c3dfd3b4f9f1707e58e677a0", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067556, "uuid": "87010cdd-ff0e-4429-8224-f94acec68401", "comment": "Malware payload (Mirai)", "value": "5b6f00e0b4cb79fd1ec30d96f4569b925db702b84dada60c63bdd5202375ffac", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067556, "uuid": "3d82c2f1-01f2-474b-b72d-3802d2e81587", "comment": "Malware payload (Mirai)", "value": "95da7f5a8a21787f933da2d69e4d6cd6fd1ba015", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067556, "uuid": "f4ab99f7-7f89-431d-9001-073386c5ad05", "comment": "Malware payload (Mirai)", "value": "7a9f2cd6b312a975c27d967063bc87b9b4e1d0b40accbc51458846e9f07b70464235b9f7f0ee1f8864e5849906625c1c", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "renesas", "colour": "#A6898B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067556, "uuid": "fe0afb4c-064a-4e1b-8e92-e04b8225ece7", "value": "T12E539EB5C5A8BD99CF698278B61488389723900565E33DFAE741C7A6D00BEECF00D7B1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067556, "uuid": "31c96970-c054-4420-9096-8bff73e4a0c8", "value": "1536:B/bivQhunGauwt4IduhosjT1RYeycfs3QtLok1cY3CJFa:BjiBGFOdOT1Rhf+Kn1cY37", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067556, "uuid": "1104b9cd-4f32-4ffa-92d6-87d3d2cadf75", "value": 64348, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067556, "uuid": "3bb3d77b-b1e3-4609-b475-1c5848478002", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067556, "uuid": "35fcd1aa-6926-4c31-bb88-98ead7479a07", "value": "3b3558b4c3dfd3b4f9f1707e58e677a0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "67d8b6d4-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051671, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051671, "uuid": "ecdac2f2-f17e-4aa7-bbb8-87feda5eca2b", "comment": "Malware payload", "value": "5f853e929eca2cb14b3b36629bedef3a", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051671, "uuid": "de660d02-a730-4504-8ecf-d70a25bd45ea", "comment": "Malware payload", "value": "5b752a0921fe5d9386187091ada9852c357323beb55815406c2998a47a2a24f7", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051671, "uuid": "cbfaddf3-7dbc-4471-8ff6-d7e0efa9943b", "comment": "Malware payload", "value": "fe12d7c6573c93471d03978320950fe65aa0619a", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051671, "uuid": "1218bef6-f092-489a-a1bb-42bbb1702f86", "comment": "Malware payload", "value": "f5a82d3a35ac5a249989b3eda1de3ae50fc9213da3ead363e8aa7dbd98fd8ff9a178223895a5df11438dbf5fd936b0da", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051671, "uuid": "ffeb70ad-592b-4eb2-ab91-fb35b300750f", "value": "T191D42387785332F4621E0EA17124BEC3EC3554066BA6198D647F930B6FAEDEC590FB84", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051671, "uuid": "52ddfb0b-e091-4df6-bf1b-4af958ae1ef5", "value": "12288:qJCmFc6OfaEADpYNgvRkSfmUynrRZ0P86HQKirS7zeri:yxkKhvynrR7vtrOeri", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051671, "uuid": "594ceb1b-f077-4987-89f6-a69f498c90fa", "value": 632558, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051671, "uuid": "458d5b14-f285-434e-bad3-db1eb504c3cd", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051671, "uuid": "db414113-897a-4f90-881d-bac7f59a54b9", "value": "Yeni sipari\u015f _TR-WJO-10-10.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a248f502-6834-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697028576, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028576, "uuid": "365c6772-0ade-4c49-8397-7e775eeb7b40", "comment": "Malware payload (AgentTesla)", "value": "0d3ea97b20b9713ac80d8d56e1697f7f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028576, "uuid": "906ca574-d23e-4dc9-8332-bd0ff42f2bb4", "comment": "Malware payload (AgentTesla)", "value": "5b7713b5af376ac7e9766a3efbae0288fba17c8599ba9c2149d78d5e67eabc7e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028576, "uuid": "91a2329b-6702-4368-8616-c4f2ff468ac4", "comment": "Malware payload (AgentTesla)", "value": "914d6b85b08b298893cbda80bb34bb3df0c6cf09", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028576, "uuid": "1fc692aa-1108-457e-bcd1-5275346fddd9", "comment": "Malware payload (AgentTesla)", "value": "ef108789e5f8349b5175753a29f8f70753d5ea556a7a528ad26f91aa218b26ee3bc0c3a74635e8ce18484c5f6a0e2f1d", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028576, "uuid": "cd44463e-7d2e-4ba3-b6ab-71f91ce846cc", "value": "T1C9257D51E3F4A64DF4DA8636ED3063E4A2B2B8227726E74DCC04D65A782D7D789C0363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028576, "uuid": "b1674c0a-ba2d-411a-92b5-7a37889e2ad9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028576, "uuid": "bd4cac26-8a7c-4bb4-af01-f929e462c2d2", "value": "24576:KVSlsS/ohNdsr6RMDTivaj1vWXY56f4led9B1mo77p4hQD/:K40MysvqYsAled9Bp7tgE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028576, "uuid": "c7d73216-b75a-436d-b241-af23a2b0cd9c", "value": 1021856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028576, "uuid": "bf84a8ed-f3d6-4243-b8d4-0c424e28c76e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028576, "uuid": "e1746ba5-58cb-4815-a3a2-f42a92ce3685", "value": "14079200.EXE", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2b313c8e-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067890, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067890, "uuid": "91323bae-bbc4-4edb-8e9d-00fd05dec50c", "comment": "Malware payload", "value": "4ff5625e6bd063811ec393b315d2c714", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067890, "uuid": "0075dfc3-eb25-47e2-b4ee-29c55d2c0be4", "comment": "Malware payload", "value": "5bab2bc0843f9d5124b39f80e12ad6d1f02416b0340d7cfec8cf7b14cd4385bf", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067890, "uuid": "5440683d-73e1-46e9-a6a7-a916b41618bf", "comment": "Malware payload", "value": "42b188e2e015a72accc50fcbde2d2c81f5258d0b", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067890, "uuid": "d0907864-a612-4406-8b6e-c24154dca01b", "comment": "Malware payload", "value": "5fa1459ba4a37f25d03bbde3829a0cf1eabfdd765f742fc60306e777810dab4653500b08265772b1243141ff8b988133", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067890, "uuid": "03c670be-6bdd-44e7-9d7e-0108dfd032c1", "value": "T1BD258A3223B22F3CA278FBF600DD155B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067890, "uuid": "5db9ec2f-f725-4a6f-ad04-314044edb916", "value": "6144:ahBT1O3Ok0FID+bbGALk9kJmtZYvz20FAyEJdHLyhS3Vdhka8rccTXCOQS7YPWGc:RALgObHuyozlr5VZl5h1NY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067890, "uuid": "9e898a35-8c96-4780-b511-2238ddf31a7f", "value": 1037220, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067890, "uuid": "26fa8860-8972-4e95-b2e4-e9eeaabde792", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067890, "uuid": "fd0d863e-320c-4843-b1f5-d9859ddd3e5d", "value": "Document[2023.10.11_08-07]_5.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "95a28f6b-6833-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697028125, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028125, "uuid": "2b768a16-99c2-4913-855e-1b4a9ab7b9cf", "comment": "Malware payload (Amadey)", "value": "7bf101b7b7b02288a1d5ccfee8ac654d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028125, "uuid": "0c67538b-3bdb-4e3b-89d8-a1a67fb7e51a", "comment": "Malware payload (Amadey)", "value": "5caae6f68bcd83af56d3a118b58ff7daac1a8277c591f595e5f292ac267147e8", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028125, "uuid": "e02046a9-7036-4cd0-8942-7dff0b09081e", "comment": "Malware payload (Amadey)", "value": "0c97dad7832aeb3ae71c0327c15abd12ebfc83ba", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028125, "uuid": "3204c0ef-db10-4f35-bcd5-1f5da6b4915b", "comment": "Malware payload (Amadey)", "value": "5e08cb0f005480ec1f492ed5fee56104d0c70c0be4a57329271964e3cc84e132a486314da79009cc79aad5ae1b83cb57", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028125, "uuid": "af45930d-53a1-40fb-aa2b-83ef0d7b148a", "value": "T11366337353660446D1E2DC3F8A27BDD432F5421FDB82A8B95899ADC21E365F5E382B03", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028125, "uuid": "0b72fc17-fdad-43e9-902e-81c04edeaf02", "value": "a4516a6804cddd5e52a802d79bbd487b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028125, "uuid": "43ae1ec4-62cd-45d9-a81c-8da5f03aca2c", "value": "196608:rhVPWHEP910i7QclVMApoEt5ZfHbMRlBBFg7:rhVuHEPP0VcmkHIRBFg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028125, "uuid": "503e1ae8-9e33-4da7-a742-2007c7e39093", "value": 6542848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028125, "uuid": "31c5fdf1-9d46-4742-afb4-411022238839", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028125, "uuid": "2a6f6caa-aba4-4f4d-805e-3e12a12f4c06", "value": "SecuriteInfo.com.Trojan.GenericKD.69278639.1895.19429", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fbf7beb6-681b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697017989, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017989, "uuid": "9669f9d3-d4e4-40a8-b9e8-1887e00658ad", "comment": "Malware payload (RedLineStealer)", "value": "e939e476e256994e9a43324f9effb391", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017989, "uuid": "b79d471b-e7fc-4237-936c-caad6becab9f", "comment": "Malware payload (RedLineStealer)", "value": "5cabcd95b415dc8eb0dec906a09595f1392423388f22faab3eeb2cea17a77050", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017989, "uuid": "08d51423-f02e-4a06-a3e7-f18012f73c3b", "comment": "Malware payload (RedLineStealer)", "value": "2e745a72f9afd550b6e517d8d7561696a61649b6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017989, "uuid": "01fedd7e-69dd-4fa2-80f8-e9cfc03343b7", "comment": "Malware payload (RedLineStealer)", "value": "0f379cade278c4bf6f6093a60cdfca06aa2d714389786d2686954b4dc5386020f974301af6aa45b96b0ad4a4dd9f2b9c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017989, "uuid": "f0832537-1fb4-4fdd-8ce7-981a369156b1", "value": "T1B6848E03F0E1F132E463B4311ED497779A7DB46706A07A7B1BE84AAD1A74F40BE19632", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017989, "uuid": "d1993890-39ef-4483-bc67-097e469218e4", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017989, "uuid": "efd37d15-55ca-4d94-9584-2b17be4f3df7", "value": "6144:Ema4Rd6TwUHn9li+ZEXLyaN80AOel8rtnsc3Xe8I9njGzEB08n5:daGd6MUHadsurRsmO8I9nRB0q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017989, "uuid": "771a8158-51a9-4aa9-ab06-ad4668935be5", "value": 370952, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017989, "uuid": "a2b47aac-c79f-4371-a46c-53823326feb3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017989, "uuid": "5f05dcad-7b45-4791-843e-b700efd0748c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b257c9a-6881-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697061608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061608, "uuid": "009dbcf0-f0d6-4213-b89a-17b6b3de1951", "comment": "Malware payload", "value": "74490259410ffe0cf8831f09ce9cc3f0", "object_relation": "md5", "Tag": [] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061608, "uuid": "d9823581-6bab-4c9b-9328-4e14607a72f3", "comment": "Malware payload", "value": "5d051867d11588c6709621edeebecbc552c9ced761c508d0c2369ded39545f52", "object_relation": "sha256", "Tag": [] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061608, "uuid": "60f5ad52-5caa-412c-9b15-c79f39b16f43", "comment": "Malware payload", "value": "a05942f49c44c9684010aea7273c9d384b9376f2", "object_relation": "sha1", "Tag": [] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061608, "uuid": "c733006d-06f4-41b5-8d23-aa6d2b0e4f38", "comment": "Malware payload", "value": "fef7299a1f076e580b6d8b6a6fa94e0286585176734c9d1171fba00d7be4aae9e0801e852f8a0bfcf7bef20996bdbacc", "object_relation": "sha3-384", "Tag": [] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061608, "uuid": "596fda8c-95ec-40a5-bc55-7c6eade258bd", "value": "T14C33F88ABC92A917C6D023BABB6E518D335977E4C1CF7227CC144B10378A91F0DA7B52", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061608, "uuid": "008ad0d6-09e7-4c65-a3c4-3ab8eb1b886d", "value": "768:L4Iu4WApq0/34Mh3qJu1FYXVLX7UdF8sN1x4Qq8i5u4oo6DINZVnN2q3+3+1p:sZAbwc3TwAdF8ZQuu4okEq3+3+1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697061608, "uuid": "f8aacae7-7064-4ae8-98e5-e187bcffdb39", "value": 54772, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697061608, "uuid": "a634317b-3240-4390-b723-cc1ff343e045", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061608, "uuid": "7eec65f5-e235-4eee-b60e-8a24e0fedfbf", "value": "cutie.arm5-20231011-2200", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bb6fc7a6-6841-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1697034202, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034202, "uuid": "55ab0990-d2a1-4003-81df-d36bcdf91c7b", "comment": "Malware payload (AsyncRAT)", "value": "9fc02bb58bc420c81bd03f8886486021", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "documentacionrav", "colour": "#D0E491", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034202, "uuid": "61fbcf28-c6ac-4cad-b720-c8db4b3bf403", "comment": "Malware payload (AsyncRAT)", "value": "5d3aaf3732577f847e8ad025861d78dcf013264e4617dc958982c96a6fb6752d", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "documentacionrav", "colour": "#D0E491", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034202, "uuid": "30e4fdeb-3c93-4022-ba13-40f890f7f3cd", "comment": "Malware payload (AsyncRAT)", "value": "7d5df338a184e4a8ed6c6cf10e27f28359cdcd56", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "documentacionrav", "colour": "#D0E491", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034202, "uuid": "4550a807-5b69-48da-9901-78d3338db50b", "comment": "Malware payload (AsyncRAT)", "value": "490b2af66ebc01c4a853bf13248e9c2bb9b2b5ce2a5e1379ada608a5f0a5e4bfffb61978d2f46d0bc521e0c1d97ada3b", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "documentacionrav", "colour": "#D0E491", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034202, "uuid": "eaf6a66c-76b8-40b5-999c-83aaf884aaf4", "value": "T16D33F1ABF6CE7172D2165176A5D56A9E6D82CD01002001CCCAC50FE9DF7B9C2F8CAADD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034202, "uuid": "eefe004e-6bd6-4de0-a0bc-b632de8ceaf9", "value": "1536:3N4mWQ+l3m9Z0378uCl7S9KkK/GbWE1/tc/8SDX:/6m9Z0r8x7SgubBBtc/84", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697034202, "uuid": "976f889e-5bd8-455c-95ba-477a35c6d3cd", "value": 51752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697034202, "uuid": "ec6c7ede-a889-440e-a661-60bab0b406cd", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034202, "uuid": "d8ae59c0-6bfc-47f9-9222-9c23617b0111", "value": "Comprobante_de_transferencia_bancaria.pdf .001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25c1d1bb-6842-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697034380, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034380, "uuid": "2fe47a34-6cb0-4fc3-8011-4ed24ec27501", "comment": "Malware payload (RedLineStealer)", "value": "66e82c3ad4d895fb640c5a8212f654b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034380, "uuid": "20463bca-7049-4105-acaa-e150adfad9d0", "comment": "Malware payload (RedLineStealer)", "value": "5d5893089c3d5bc7dd8d908cd1d8b526155ae1fa8faeba3102e3eefb2c953d07", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034380, "uuid": "78411601-42f6-4b02-86cb-2486fc02667f", "comment": "Malware payload (RedLineStealer)", "value": "3591e4309d780c02c599af76e55eea7df55139b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034380, "uuid": "46913745-18a1-40f2-9f99-e44a1b8d013b", "comment": "Malware payload (RedLineStealer)", "value": "a18f957e134b28afd9e97dd6c41c358dc380129052bea666fe006a8f449cbf60f5a20b0870ca2d0f9d3d49d7ed395e17", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034380, "uuid": "f182a3ac-f4c9-4079-bc30-9d3276a04885", "value": "T1BB449D11B1E1C032D572253609E0FBB65A7DBD300BB299EF57A40BBE4E303C197756AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034380, "uuid": "8839f91d-9744-4a24-a95f-32cd6729f98e", "value": "9854fe208003549216f1ebd6ea57c6a1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034380, "uuid": "363c6c20-5858-4d63-939f-cf8e2b7953c2", "value": "6144:mimak61I+ffSbJ8/rADV6ga9DG4u4AOob3hDg35Gn5:mXaq+ffHT9y4GNDc5w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697034380, "uuid": "dbe6001e-06bc-4092-90ad-5c73731f167c", "value": 264456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697034380, "uuid": "c0f8769e-0633-4b30-b12a-fac3e170cea1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034380, "uuid": "7748d46c-bfad-4add-9ca2-cb313fdbf126", "value": "66e82c3ad4d895fb640c5a8212f654b1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48b27087-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067939, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067939, "uuid": "c5e2950b-8812-4f2a-95ef-f9a4b8751921", "comment": "Malware payload", "value": "0245e02cbb6ffe2716c2aeb7fb8006d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067939, "uuid": "0b4b337e-da27-42b4-b28e-f180f9627a07", "comment": "Malware payload", "value": "5d5bc4f497406b59369901b9a79e1e9d1e0a690c0b2e803f4fbfcb391bcfeef1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067939, "uuid": "d07be5e8-474f-4c65-bc20-519b16af5034", "comment": "Malware payload", "value": "59dd3d2477211eb4fcd72b542812a2036fa0e1e8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067939, "uuid": "ba2c7c50-12fc-4ce4-8179-2a688e453263", "comment": "Malware payload", "value": "25ebed2ab8af63c4da571ed46e13a161d9e7046b7239c7e9a7726a45f0ef190f67b210f3139e5c5f7fe84d50d2c1342c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067939, "uuid": "a11f84a7-b624-4f5c-903d-841850de2c8f", "value": "T1B4D4E05A72E40C79EE738139C9536946E672BC211660E93F03A1475ACF3F390AD3BB21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067939, "uuid": "df9f87fd-7a3a-4f6c-af66-aabab921a389", "value": "7ce9e53905dcbbd72b6f2fe3c0459df8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067939, "uuid": "a19bb5e6-e7ef-4529-9895-1e3327ec4893", "value": "12288:ujan3B7+2OoGEwYXorDxBDWgyv9cii8VPezCTr:Jn3B7+2OyJo/DWz9cS2zW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067939, "uuid": "26a017bf-e156-4ec2-8844-65ba8841c205", "value": 597504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067939, "uuid": "184ec430-8774-4d8c-b27b-a4c589665893", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067939, "uuid": "7f065ce9-f54d-4b59-8030-27a5d83071e3", "value": "Feonjuackm.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "be2c8061-67f8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697002853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002853, "uuid": "0f0ee3ce-f7b4-482f-9333-ed95d5d3fd52", "comment": "Malware payload (Amadey)", "value": "cf7780ca38d90bab26c8e971b682017e", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002853, "uuid": "afd1f1a2-30e2-4e57-b4d5-b72dfee0e292", "comment": "Malware payload (Amadey)", "value": "5dfc3245d7c6b13d9cae4a439731d4c1eaad5775e58aaaa9382c95baa750779c", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002853, "uuid": "6366032e-5576-427b-9eb5-b3ee5140675d", "comment": "Malware payload (Amadey)", "value": "2f80445a0e2ad5d75b6e4e98d7317fc321c9d5a6", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002853, "uuid": "bb04057d-cf79-4a44-b312-f384a7b39b9f", "comment": "Malware payload (Amadey)", "value": "fee71c5b1691d7b080661aaee8edcb95b39b3481b7f9e2ad66dcb1847b064e3f10de6d79242bf73ac6c057b44fa0b567", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002853, "uuid": "559eff35-ac7e-475f-abeb-b4af2940fa48", "value": "T184549D407491C032E9B318379EFDDAADA63DB950075965EBA3CC0D7ECF20AE1BA30556", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002853, "uuid": "fd3848ca-9101-4a12-95a2-3c00ac0c1c1a", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002853, "uuid": "ebdef851-52d0-4258-ba6b-c06792c6159e", "value": "6144:iG62m8YmadEfzap3NAeN4ORk1AODrDh5F/Sn5:T6p8paafe3+1ta", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697002853, "uuid": "abad25ec-c874-40ac-9237-c9d017f30202", "value": 305416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697002853, "uuid": "974ee909-d58f-436b-a3d5-ae5cbfc50c39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002853, "uuid": "2da578a5-eb39-4e58-bf29-d28743345fe4", "value": "cf7780ca38d90bab26c8e971b682017e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bf8e4fe-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067945, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067945, "uuid": "ea91b900-7ee8-44dc-8bd8-12e2302d8caa", "comment": "Malware payload", "value": "bb7da19e0399724519724d44d7c331c7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067945, "uuid": "55896b5c-5c10-42dd-a596-d557ed8c0a5e", "comment": "Malware payload", "value": "5e3bb62b44636f502e387d4c00bd5a7bc1d040332028238ccd812f73e6d859ca", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067945, "uuid": "7861441c-14dd-497e-aafd-4403488322c0", "comment": "Malware payload", "value": "b10fb1c24b1d4187e24ee1be76b6247b862b214c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067945, "uuid": "571d2b5b-6013-4bb3-9699-ed11eca346ae", "comment": "Malware payload", "value": "a4c6c2b781b788277630911a5e8e42f8b6a73d0ae857fe144441f6ca0e3386f37d25629360719797b299c54523e18757", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067945, "uuid": "4cbd5240-c349-4802-bf77-0b18fd039636", "value": "T12564BF4976D80CB9EDB39238C8576545EA72BC150374D66F03A0835ADF2FB90A92FF21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067945, "uuid": "749888df-6a12-4ef6-b299-7bb44a493cbe", "value": "e7125b885fcd1eea77d2881eaaa53c4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067945, "uuid": "188726f9-dbd5-4e71-9429-ed69026bf1e5", "value": "6144:yN/F41OWGRkFtwxW6spj/JbUaeboh6EReEUHFmUC3qS7e/g1j:y5FCOWGRayW6sAowXFmUy4U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067945, "uuid": "619d71f7-91ae-4be3-8482-508a555063ea", "value": 335872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067945, "uuid": "10b769b8-624e-4d56-8bc3-0e2cc511d9b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067945, "uuid": "e2c25681-f64d-4f5a-ad77-3e966423e02e", "value": "0317-1.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35cec0c7-6821-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1697020234, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020234, "uuid": "e6694e96-c5ae-4c0e-9e96-f2d0e312d45c", "comment": "Malware payload (IRATA)", "value": "29cbbe048cf2055d07e7203844a29647", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020234, "uuid": "9c730e07-9072-4655-8343-01f884a39dbf", "comment": "Malware payload (IRATA)", "value": "5e57ad832d0eba886df242533510228877eea42944b1934951fcb6fb2b9c2c1a", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020234, "uuid": "6b3ac0e3-3a8d-4019-8e6b-41ac7ce1de65", "comment": "Malware payload (IRATA)", "value": "3da99558f7682da843d274a5c656e8649565f93c", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020234, "uuid": "ebb58230-9087-41e8-b2cc-d7fae8cbfc35", "comment": "Malware payload (IRATA)", "value": "f60ab10ac2c658a556e74ad462663cf88adbef72dcc47732e1910ae60422cf45687ee273027284d8f9ad49c1ab71ab8b", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020234, "uuid": "19677d81-e344-4c4b-8700-3cf78780116e", "value": "T185C52382F372AC1BD836C0326549273A51674D18CE46FB87394477EA24BFDE84BC578A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020234, "uuid": "b2958137-252c-4852-b793-6557ee426d82", "value": "49152:BE7137Qf4Phr7WY27VZWYhtNWSIWoDarMmcn1xf2HItykyXOkn5K3RChk:Be3sQPlKYoWYhtkSIW0mcnnf0IUFeYk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697020234, "uuid": "88af8795-edab-4550-86f8-33e63291f973", "value": 2744397, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697020234, "uuid": "a6389ab5-8cb3-4bac-85e3-e994a6fa63c7", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020234, "uuid": "66c8cbe5-7c96-45bd-a32f-d7e31c0aa045", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6992a77-67cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1696984452, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984452, "uuid": "596fe1bc-b27a-468f-b192-301872b65ffb", "comment": "Malware payload (AgentTesla)", "value": "e6d4199e17473fdebfa24ef6e4302a92", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984452, "uuid": "d856a7d4-da0e-4652-8e4c-9ae2b66598ab", "comment": "Malware payload (AgentTesla)", "value": "5f62b82aba3010c5601596f618738b5c122cda283b924c6586ba24bdae54b011", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984452, "uuid": "5f1eeea6-8dae-49fb-b76c-1f6ffbbf6969", "comment": "Malware payload (AgentTesla)", "value": "e4b1a4111a0a80e7fa71028c139aee1e0e0e55ad", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984452, "uuid": "f156f414-35f2-4e2c-aad9-8cb2881cc6a6", "comment": "Malware payload (AgentTesla)", "value": "69284eec19be2ebd49b46796eef55b0d0fa406fd37f550231491438609822fad5b76161190171b4611c58e2b3a2be4bb", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984452, "uuid": "d23445ac-362b-4981-927b-46f690f3e75b", "value": "T15EE4AE6135DD6799C235EBF50358288193EAFE36931FF40E3D89B68B713DD40AA23162", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984452, "uuid": "8fe1ec13-2410-4e4b-aa60-2e7104bd6479", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984452, "uuid": "b4a426d9-3c06-4c93-95b6-d6fea53f1911", "value": "12288:dilJtGlJM7w/02vzrayHAHCuUGlaDNyd6hUe9uv:ENJj2PRgiueDNLh79u", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696984452, "uuid": "770cfef8-014d-4735-9233-7f2fb38c62b5", "value": 681984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696984452, "uuid": "2ef43c52-7bcf-44c3-8f79-f48ab516388c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984452, "uuid": "33e4031a-0159-49a5-8a1f-fe74e32a51fc", "value": "SecuriteInfo.com.Win32.PWSX-gen.27217.11199", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c188acc1-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066854, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066854, "uuid": "9a1153e3-47fc-40d0-b228-1d0d126901b5", "comment": "Malware payload", "value": "65db734fe8986edd321e6d24bb2a6461", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066854, "uuid": "99216c64-9e68-40ba-9350-6b1538fc208c", "comment": "Malware payload", "value": "5f71f074a95620304afac416ea96034c54be485517db9070c6f9a5878162d0fd", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066854, "uuid": "b8f6d035-44f1-41e9-bf79-4a3fef5ada7b", "comment": "Malware payload", "value": "044f17ced33f8ef563ef26a0992c6170c552f13f", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066854, "uuid": "8a5ddd58-3ed7-4315-86df-a66432d16686", "comment": "Malware payload", "value": "8680c58688df18c1800ce7bd3dc7565cb352dc7a956ae8d4faa98e7829028f3ba9518f7bec45c23156e994ef86b251e5", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066854, "uuid": "c70457af-c2d0-487d-9948-f21b3124107d", "value": "T1CA7423DB3DDC3E9C39A6FF3C174168B316F8AB7601A8589564006375852E8EF7861CD8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066854, "uuid": "639ecde9-1f3b-4862-bbbf-c2ed21c1c0df", "value": "6144:o/gzhsSDIMO+q8cBaWVwmJVLF7VBHCRYzkhMGUwYMj7k0txYerSIwtGQv8dMCEdQ:Ag1sSOJHBJVLRVx+0kDc47kUxYkf5fEy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066854, "uuid": "44dd0bc8-84e4-4e6c-a814-f75e49f07639", "value": 365833, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066854, "uuid": "8999b4d1-2d54-4ee6-b7e8-82f7492332c4", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066854, "uuid": "2e3d3ea8-9547-446d-9134-cba9ccfd5974", "value": "DHLU0158_3856983.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "51c2b710-67de-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696991504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696991504, "uuid": "924419cd-6fb6-4f5e-beef-3e8f41b900fb", "comment": "Malware payload (RedLineStealer)", "value": "0da96074e45c23cba6056f54a5d628f8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696991504, "uuid": "caf3440d-5263-485c-b53c-203104e6b269", "comment": "Malware payload (RedLineStealer)", "value": "60b56834f524f7d19afbdea9f3c76c388bfcacdd9cf0e9ab7f570e83ac86e3d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696991504, "uuid": "93e8adaa-6666-437f-85cd-d3084409c1e0", "comment": "Malware payload (RedLineStealer)", "value": "c7635b43ad8e26dff0b23da766bf0d09f58c5d8f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696991504, "uuid": "d20c4faa-1a83-4399-b719-58ac608edaac", "comment": "Malware payload (RedLineStealer)", "value": "66f5b6c4319d6fa262d043b34084e121306cc4e352d044aa83c939c9e5c83caddcb0aa319c2d23dd062ed4e8dc91e653", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696991504, "uuid": "f3f84ccc-a0d8-4c8e-babb-16a27bff352c", "value": "T167352313AFE48572E9E627B05DF603C30D793C655C344B2A324AC9AA1EB1AD0E572737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696991504, "uuid": "e4346869-2800-4ec5-b8a4-e268a7eecabb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696991504, "uuid": "3c96d84e-6a22-403b-b7c8-e6c57c49dff5", "value": "24576:fysE+iSfUxotN2djs53NAl0aHz5F/9/iTKujVBBmI55HARPO:qGPfVkjmGl0Ez//MTKCXBm4s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696991504, "uuid": "57b91fa3-1948-4647-8a8d-a722a58efc45", "value": 1129984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696991504, "uuid": "294fdaae-674d-4544-b290-7de249d97179", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696991504, "uuid": "fff4b69f-3c2b-4240-8f0a-2946548c3a19", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "45979c82-683e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697032715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032715, "uuid": "928e1eb0-3b82-49f5-b3d8-ccb9e82df16a", "comment": "Malware payload", "value": "5b679db38a93747a22f1d2eeef65d024", "object_relation": "md5", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "prnjobs", "colour": "#9EEA33", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032715, "uuid": "8c010135-0588-4936-9c8d-9e0233de300f", "comment": "Malware payload", "value": "6156934d1263d34ec34a5f6cfdbcd35b34e0fd2bf3b5f75ffb001956929d0968", "object_relation": "sha256", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "prnjobs", "colour": "#9EEA33", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032715, "uuid": "ff533fcf-3013-4e2f-a823-7a60a06dfbcb", "comment": "Malware payload", "value": "f9bec40c88d7dee7749b89cee70823259e028f7f", "object_relation": "sha1", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "prnjobs", "colour": "#9EEA33", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032715, "uuid": "d1e3b8ca-7115-49cb-bc6e-aaba4d82b694", "comment": "Malware payload", "value": "d8c95fe191effa1f1a50f4a43adcd60b060aa230498b2ba306eac926b79ce69c00b46565052fd1556b1c7c45ba2726b9", "object_relation": "sha3-384", "Tag": [ { "name": "AutoIT", "colour": "#C5D2EC", "exportable": true, "hide_tag": false }, { "name": "prnjobs", "colour": "#9EEA33", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032715, "uuid": "ae3113cc-add1-4e8e-b4fd-a39bde6da557", "value": "T190028C52FD4B8E38E146DE8A2D47A4E2D9320402FA54F5C4BB8CCBCD57C362595FE660", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032715, "uuid": "edbcc9d4-d159-4501-bfaf-359a74403eba", "value": "192:ZIbMu0Cp4EmpXUHg4KR/oNQsKzBQXY0fd:bzE0ig4KR/aQsKFQXY0fd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032715, "uuid": "4f8b311c-8c95-431a-8d29-bb96a98938f1", "value": 8717, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032715, "uuid": "88b9efd7-8688-4bd0-af00-e98dd95f8564", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032715, "uuid": "933496d4-cef9-48e2-8078-fd3e3f9a004b", "value": "d05fbfa51e48f00d4d5e4dc5840b4905977dc575aa33292c24d88975", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "024b22b6-67fd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (OrcusRAT)", "timestamp": 1697004685, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697004685, "uuid": "66499c59-35a2-46d7-bc45-a75e45706741", "comment": "Malware payload (OrcusRAT)", "value": "07c045f42f9c0f444bdfd7d8d0646fc9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697004685, "uuid": "4245cdad-3e51-4428-a748-7331cc6a3b38", "comment": "Malware payload (OrcusRAT)", "value": "61a20552d05c3972476523ce0cf66f41099a26753dcea5cd275f4faba407abe0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697004685, "uuid": "681111f1-3cff-4363-b99c-82441e9a4d41", "comment": "Malware payload (OrcusRAT)", "value": "d462587abff0077dea94f3465155995fa2455b3c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697004685, "uuid": "e9d40c65-9ac5-41f8-8ef0-8d3913f81e7f", "comment": "Malware payload (OrcusRAT)", "value": "65173084640b2327c372a40740875ec315fc710dedd040d5ff1b524c9cb939619a2d2ccf31ee6414541c66656bfecd25", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "OrcusRAT", "colour": "#FEFE05", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697004685, "uuid": "01182dda-6f2c-4d65-a179-82637cb269f7", "value": "T14406FC3D0CBE53371974CA95DB88882AF47085B7F1E21F3961D79999920A94378C3E3E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697004685, "uuid": "5d02b953-71c3-47ef-a71b-de677ebfd99d", "value": "6144:VzCtGlJJlgdwFxeHbLWE9nzF/YFCJ9Ed6Yhfojt4m:4jt4m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697004685, "uuid": "4bd2d4ee-6558-472e-ad91-26d618d82eff", "value": 3792720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697004685, "uuid": "f31a80ff-3ab2-4835-b7a2-c38b7ce78973", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697004685, "uuid": "381feba4-7b82-48f9-aec6-4f61d1a1f553", "value": "07c045f42f9c0f444bdfd7d8d0646fc9.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49ea2854-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052050, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052050, "uuid": "8304816b-4817-45c5-ba55-1f441f1cbe60", "comment": "Malware payload", "value": "aba3c8d6249588d54aa9536a156f29b7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052050, "uuid": "a63815e7-aeb2-4d80-8cc4-b3e059f421ec", "comment": "Malware payload", "value": "61d7847617ce3e59e301dd1779044feab0d1d3bfe9aa62870fb795435a47eed2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052050, "uuid": "7d22703b-0558-468d-887f-41c1c41aa121", "comment": "Malware payload", "value": "983211c810531559fb818377080f88e9ede2e869", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052050, "uuid": "f3cb6ca9-451b-4ccc-a11b-af406a3982ce", "comment": "Malware payload", "value": "fae8f2395fd14da481f6dc322c733fbca7d029a85e27f04b489cce3da3bf3b18429edcf1c847eed0fd53d4451d7347a6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052050, "uuid": "c7249fce-8d7a-4503-a1ad-854ca4e126fd", "value": "T1A3352355BA21DF51C822A53F6B9FFA199888B4398C14626ECDCCF31FA5640C05C87DBE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052050, "uuid": "ccb33065-b321-4637-8a36-2cc0b117a3fd", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052050, "uuid": "67f60ca4-3f0e-4c96-a013-57914a00701e", "value": "24576:IuTpjBb+HM+UV2lVEUxg2JLYgrQt69TUw8eBpS:IuTpjBaHM+UV2lVJkgkoTUzwS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052050, "uuid": "41a0bda9-fed0-4b0e-b974-fb904f1ce163", "value": 1076736, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052050, "uuid": "b3eb5dd0-02f9-4d0c-a20c-08b07e0c2e17", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052050, "uuid": "5b6d5b9a-59c5-4dc2-bba6-43f7f726ea7c", "value": "SWIFT-PAYMENT-VALUE-DATE-10-10-23-YAT171928-36Y1T2-716YAU-37102YJ-AP26.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b0574d6d-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066825, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066825, "uuid": "a2a4280c-5ff4-48a5-819f-89ea9a44c13b", "comment": "Malware payload", "value": "925d7dd7651c06ee06c8abdb4ded6e25", "object_relation": "md5", "Tag": [ { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066825, "uuid": "9209cc4c-4b96-4c90-9f13-0783082487dd", "comment": "Malware payload", "value": "622b2f883a0bb94c4946f0a431e6568d6c8cb5dc54e214197fe002b6c850ff4e", "object_relation": "sha256", "Tag": [ { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066825, "uuid": "fabea815-5059-442c-bfd3-749f3cb0d0b2", "comment": "Malware payload", "value": "e384bd6438fc5e16c3dd472aee121b44c9060bd2", "object_relation": "sha1", "Tag": [ { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066825, "uuid": "5391542d-f8c1-4089-9399-b3a191ffa87c", "comment": "Malware payload", "value": "9d0dfd1eb90f695e46b38f2b27b00aebbe9671c333fdaa91e4ec3dc4a58ac2989624e2fe8b78ff3350f8da891df533cc", "object_relation": "sha3-384", "Tag": [ { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066825, "uuid": "6cb2f797-daa1-4649-afd8-4a52970ae307", "value": "T1D2742333E803A94788092999E3252DED39F819FEDD1E07704982FC978D732EE5452A77", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066825, "uuid": "4b0f299a-b31a-47d8-8795-068024407aae", "value": "6144:AUhfNQDsPhUoIGbjHccRl6trl3pL9ymmMik5j8Cx26Rddtwe84Q99gFkwraS9:Dh0sPhUfoTccmtrR1rmMiQltRdy96kwr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066825, "uuid": "043b4df0-66cf-42c3-aafa-d5420a9a314c", "value": 365953, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066825, "uuid": "3991400b-6a70-4996-912c-e89644db5486", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066825, "uuid": "d1290719-87bb-4181-b4b6-d4ba24f712b2", "value": "IPSY0138_4221801.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "73178c8d-67f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Metasploit)", "timestamp": 1697003157, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003157, "uuid": "20a50452-64b4-4de5-ae2c-1f85aa36621f", "comment": "Malware payload (Metasploit)", "value": "2eeab273293d358d548a3aeb7f8b7033", "object_relation": "md5", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003157, "uuid": "cc63c13d-d76f-4713-9a5f-1bd9b9dfd7da", "comment": "Malware payload (Metasploit)", "value": "6251062f06e8620842f81523e617a10a552476a74e3dcf737d3ad6cdf34383d2", "object_relation": "sha256", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003157, "uuid": "92b6290b-1622-44aa-b970-79a733492bf0", "comment": "Malware payload (Metasploit)", "value": "400f16cca9153263a8a4792c30341ea687350fc9", "object_relation": "sha1", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003157, "uuid": "1c9e2616-5f1c-40d0-9832-e74e771e3386", "comment": "Malware payload (Metasploit)", "value": "a443497312f20b9fec56fb2032c6eebea5d99188f4d37d48776d22608859b7dffe66bfb6898c2d12a661b6fe75a696b7", "object_relation": "sha3-384", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003157, "uuid": "323e260a-08ab-4853-bbfa-9111736bd1ac", "value": "T1BF61C0933151B8EA425683BF3D596AFA807FC224955A6045F78C4F5CF8DDE233A8D6C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003157, "uuid": "9f78e717-7098-42f7-a945-0de5e4b1c554", "value": "96:0GTqMJ/HuSnWFN+Cfh5L0H3mAiBrVMVNz7H:5tJ8F2H3mAiBrVKhD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697003157, "uuid": "a6d289ea-ac79-44ee-83fa-7829b0fc3674", "value": 3256, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697003157, "uuid": "fd1575a6-911b-4a2f-8d28-4094a52eb8da", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003157, "uuid": "5ec1cfcf-eee0-4f98-a5f0-70be2ae6b7e2", "value": "Nmyp2y0F.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ecc0d56d-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052323, "uuid": "b47f7ac4-a4de-4871-9ae1-d97d3cbb423c", "comment": "Malware payload (SnakeKeylogger)", "value": "18ca50ce46f3936a2fc9def3f45b5525", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052323, "uuid": "0a7e5c70-fb71-49df-bf4a-3c6ee024177a", "comment": "Malware payload (SnakeKeylogger)", "value": "62c1d71fff5293071772735f75960544716be3c3ee5996c6889f3ef3b4e7bcec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052323, "uuid": "7e013532-1d68-4c67-80d0-e3edd9336e5e", "comment": "Malware payload (SnakeKeylogger)", "value": "611fc5292204652425f972fa13e77c75e40a95d7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052323, "uuid": "f30848b7-01ee-40ec-af0c-72d8f8a81041", "comment": "Malware payload (SnakeKeylogger)", "value": "b6a59a687bca512219f79c5afd9a9a198cd9350f7a9ce8cdb4b94a6b216da337f0806220f47ba0575f8c5c9ccdf59661", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052323, "uuid": "a85854ae-6914-4573-a5a2-b6b46d03e2bf", "value": "T176A259C2F78066B6FE7A03B050270A61173ABD6ADE51670F24C47F6B3D737930516A2A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052323, "uuid": "5d06eb3c-990e-4a48-b9fd-98772a078c35", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052323, "uuid": "2b2c9e83-3851-4b63-b6fe-9200456dc5da", "value": "384:yOwBKtL2M2APL6yRqtxAx+roEOsVK/KO+sB6fea:8fs3RqtGx+roAYP+97", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052323, "uuid": "5f62d693-bd0d-4028-9a55-7fd2aa88aed9", "value": 22528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052323, "uuid": "7962a38b-1f0c-42ac-85f3-e5b22fdbc5ab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052323, "uuid": "657090af-ec60-451e-8cd1-817f0770fb1a", "value": "Qqiodttyb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6d3ae58-6845-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1697035912, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035912, "uuid": "a21b2b6c-51d4-443a-9bf6-c86715ef4193", "comment": "Malware payload (Tofsee)", "value": "a05cdab7cadc5e5bafe2c8c2cb0a7ad6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035912, "uuid": "31dc9465-ee70-40b6-878f-2dfed4501084", "comment": "Malware payload (Tofsee)", "value": "62deb61d4e50d43b1b54f361f716238a810234701833deaeae15273e9b20aac6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035912, "uuid": "2e553448-7370-434f-9e99-af4f85a1a5cd", "comment": "Malware payload (Tofsee)", "value": "81cd346306d44cf7ab0d661b5e15e91f7e3b3270", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035912, "uuid": "c4189eb6-5cf8-4886-8678-087bb092c146", "comment": "Malware payload (Tofsee)", "value": "46363392fb023b28c5b41734e61516201afbc1a73910861ec697b0e13daa452fb2915d797b080db15e6266984de7540c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035912, "uuid": "3c5bcd07-eacc-4fda-b389-cd73c26f8ad5", "value": "T1CF24CE11F542D8B2C447403C88E4DAF47A7EBC628A99C98337A43F7F7DF1292666625C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035912, "uuid": "e4a10eb5-3be8-4a73-9c1f-3b75277cf683", "value": "987d26efaba6f21b1152f94099a2d2b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035912, "uuid": "21a1dec8-d844-4f15-b2a8-902b1ee795ed", "value": "3072:tX5E3cZqtVDI5cI7I9ye/L5pdOLDz3uhhIZO5vUTy:pxqt1I5tO5pdCchICUT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697035912, "uuid": "140de67b-63d6-485c-ae3f-996989f42faf", "value": 229888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697035912, "uuid": "51a5cf96-5714-4128-a87c-64f70bb08fc8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035912, "uuid": "2ca811be-2d26-4247-83fd-d0b4bd833a32", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94cd00ba-683c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697031989, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031989, "uuid": "07bec19b-8584-45e6-8ec6-a468367bca5c", "comment": "Malware payload (AgentTesla)", "value": "b6f06228d26e3a5b3b8fc1988e35b926", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031989, "uuid": "2276c1b8-17ca-41df-9366-43d5cd7506df", "comment": "Malware payload (AgentTesla)", "value": "633732fb9207dfc4671f1b6da4f78913e6a4301462af3f6f6d74144142cb371f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031989, "uuid": "1149bfbb-962f-4e2d-9198-585fc640ef34", "comment": "Malware payload (AgentTesla)", "value": "b0410f2d34727645cf104cfa7065a15c1a892321", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031989, "uuid": "9fe10f60-5f64-4dda-ad20-1ad4e1d46061", "comment": "Malware payload (AgentTesla)", "value": "8925b3ec9654ea45252ab5d619f6d12d16d5044986f5facdbd19d7f8f06b9a5cfb109f70fa2e0451cba3f86d5d6ae2e5", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031989, "uuid": "2dc8c8d2-6d8f-4623-94fc-6cf054c32b9f", "value": "T1E70418142BC9A725C5CE4276F4B107144FF1C203AB46BB67A9B6F9F21C8778299232B5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031989, "uuid": "5d572805-60a7-4580-aac3-c9dd062e1989", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031989, "uuid": "d0839837-5986-4a14-a25c-a3cbd3a424d5", "value": "3072:STLRDzHbYtK7k9Q6yb67UgyPFTsVBkCSzteMagSYRkVzwv1ma8c2D:STLRDzHctv9RxkFT8kCatcYwzcYh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031989, "uuid": "e60597b8-df88-4df2-b5af-baecae1ce0c7", "value": 173056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031989, "uuid": "c17f7927-84ee-404c-a67a-4aae6f398978", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031989, "uuid": "5efd5a5a-cb32-49de-83e9-a428c54e646d", "value": "633732fb9207dfc4671f1b6da4f78913e6a4301462af3f6f6d74144142cb371f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "236b641c-6820-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697019773, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019773, "uuid": "610552a1-66f0-465e-9176-47cffe11f1e9", "comment": "Malware payload (Formbook)", "value": "3d7420d1cf88e1ffc6d0dd85314fbfb5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019773, "uuid": "35ea9400-33cc-4d05-b54b-6eaedb1dfd70", "comment": "Malware payload (Formbook)", "value": "633ccb020bf31ee6dc2d876b157822ebdac8e73f7da640eb58102e6d233cbf2b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019773, "uuid": "02a44f2d-d932-4dda-913c-7852e5f94f52", "comment": "Malware payload (Formbook)", "value": "00af90a66e1be8974ef99d2630e905213aa7548f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019773, "uuid": "d0fc5282-db09-4558-85c0-9ec794034332", "comment": "Malware payload (Formbook)", "value": "862568b290ff744266b26c92c83cae51be023864031000d942cf64fd5af2c3533641b976519728565850a6963b009a6e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019773, "uuid": "e2871d0a-0a85-4680-b5b2-c080951c90a2", "value": "T1E584239969E4D4B9F4B60D3298374A2B09737D2E1CF09A731B54B31E7632242D62E337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019773, "uuid": "7ba5a4c7-b938-4849-a5be-b60e67d42078", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019773, "uuid": "2067c052-073a-49a1-a644-660f8f8f1dae", "value": "6144:hYa6KmnIocXHUsP93EQNjYDZiJL+JFX+z/Fpv9QQWCHtec1WtvpDi:hY0aIFJ2MkX+HvGCCTi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697019773, "uuid": "cb1ffed6-3f14-4dec-a649-878d09294990", "value": 404132, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697019773, "uuid": "30c75fee-7477-484e-87b1-e9bd831ba02e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019773, "uuid": "ba2de9e1-772d-498e-a9de-ecfacfc0bf49", "value": "633ccb020bf31ee6dc2d876b157822ebdac8e73f7da640eb58102e6d233cbf2b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12bb588c-6833-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697027906, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027906, "uuid": "5763915e-5b03-46fe-b15b-3c8391ecb6f0", "comment": "Malware payload", "value": "25fd7d845b92c64a565bdaf7859ca297", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027906, "uuid": "90ae9535-85f4-401b-94fe-d68e7bc0b67d", "comment": "Malware payload", "value": "63938e04d96076f0e179e61e7dfe2bb01f4fd8e04d76f9d04839cd30d875a79e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027906, "uuid": "3ad38d49-a34f-4fd2-ac92-7af00e0faf80", "comment": "Malware payload", "value": "e82730a0d62263cc47c450dbc18b7dec98b14b79", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027906, "uuid": "5f6f7ed1-fc6e-4dfc-9785-70ab663d3991", "comment": "Malware payload", "value": "dff26157d14ddd888d5eac62e39d961b85ac657d3a13f66cde5c6c9f63e19ca984a8f2dc1ed0102e810fc89ee515a762", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027906, "uuid": "ce639061-bab3-4a5a-85a9-8ca813b9ee91", "value": "T163E4C1D8BA4FB6FDCB5FC03489E98389315019A44B14DEBF28EEC6312C622945D35A77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027906, "uuid": "1e0797c2-1cdd-4b22-99a0-97dd1dda9e55", "value": "4c0ff5b3377a395ecbe66bbf39e8e491", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027906, "uuid": "8913a0af-55e8-40fe-bd0c-bd37cdedd9c2", "value": "12288:ZflgviNS83+Qfe1eKIwjwWGahaxo9V0ZcdL7qWszVG+zls:5N3pfeEKaWhZ2YOs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027906, "uuid": "78884a7b-86fa-4e9b-923e-afdbd83caf07", "value": 692109, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027906, "uuid": "5cbdc299-55d3-429b-92a5-4ef097b246e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027906, "uuid": "1e6d3225-435a-4d9c-803a-ea3dfd6e024c", "value": "63.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d92b461-6811-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RiseProStealer)", "timestamp": 1697013294, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013294, "uuid": "ae803f79-4d70-456e-96bc-2bfb70f1c2e0", "comment": "Malware payload (RiseProStealer)", "value": "70b0f53613cccdbc852f62e9aeda50af", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013294, "uuid": "d815151a-eeed-4883-b2e7-f0599ef5aeb2", "comment": "Malware payload (RiseProStealer)", "value": "648d888dcde0b63807486fa05ad07d1f5487a6df5ccb3bcc5a98d5be2cc135d9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013294, "uuid": "9aedeb71-6a34-4921-9bbe-d92d95fc11c1", "comment": "Malware payload (RiseProStealer)", "value": "575b6fbe2f0f689b4003531d087b4e6513fd1ab5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013294, "uuid": "03ce7b7b-1dd7-4477-87b8-a1e03ea0f20f", "comment": "Malware payload (RiseProStealer)", "value": "bf6bc9787a58bc803c6cd693806a323b9d56b5855615393f3c2507065b5528fbf1317b5ab84d0a0b858937af61c8bc5b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013294, "uuid": "7833bdb6-0a9e-4e4c-a3b7-a56fb99c0310", "value": "T15F459E71B402C137E1A111F19A7D5BA621A8BB310BAB08DBB7C45E3E94F1DC26635F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013294, "uuid": "2e0b5c4a-2544-4e09-9740-6600823c398d", "value": "b625b0422748e8ddd8a2e69ebe413b45", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013294, "uuid": "ba560834-ff9e-42f7-8923-e15e3ce7a1c4", "value": "24576:G1vuE03HfGvF4TLt7oj7v0zvr3974W1PbijMT6YFbs7pmqBTxVk1GFbwzFVc+:+6XfGvW17iWbijMeYFbs70qBTk1GFbwx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697013294, "uuid": "d6289df8-3f27-4218-9373-3bcb977448d6", "value": 1279488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697013294, "uuid": "caaad9ed-e6d8-43cd-940a-a72ee48b9353", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013294, "uuid": "4e7dff81-ea77-4d40-9d9b-6079448c9e1b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a4c73ba2-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697068094, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068094, "uuid": "a3191c12-2f27-439c-9ac7-f8f4a89c859a", "comment": "Malware payload", "value": "22039b4e72ce0742877b7854e30e6026", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068094, "uuid": "5604dddd-dd1f-4e40-882c-95e7ff6f21c5", "comment": "Malware payload", "value": "649eea896e40d799eac014b84a9150cc5b4bd337ee200c5397ed383664dbb33e", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068094, "uuid": "dff13d89-58b7-4d1d-880a-c600d96906f8", "comment": "Malware payload", "value": "419eb522c0dab8f323eef0964c988dee77038bc7", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068094, "uuid": "3aff0bed-a10b-4020-a5da-f8ec8d709c91", "comment": "Malware payload", "value": "190571d88c4a3808a917b59e894ce79b976a138c09c8416ba8feebbc9d0d1cebda0f6dadbe86c4c879c5115aa557c1db", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068094, "uuid": "02c45622-9ba1-4b1f-9688-4889070c0320", "value": "T136257D2138C09176EEF310B646ECFA3A86BDE0B0076912DB16D857EEE7107C17B36596", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068094, "uuid": "e18b88f0-67e1-42c6-b17d-355cd6edcab6", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068094, "uuid": "4c2c3511-bfe0-441b-a074-f2bc77741940", "value": "12288:hi+TWAVpsx7UgJCSkZZ7gFMRfIByCZeEAQ+ni5SZYzu99Dmv9MRnI:e2psxIgJCSkjwwCyCse+ncGnI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697068094, "uuid": "4e29f1e2-45c4-4c71-87ee-c1a6476e90c2", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697068094, "uuid": "1c48c50c-899e-4b6a-94c9-985438c08769", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068094, "uuid": "b8fbad6b-81d2-41af-b3fb-558907dd739f", "value": "22039b4e72ce0742877b7854e30e6026", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79ffd7c8-6859-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697044400, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044400, "uuid": "7c9a663e-5773-4bfc-9923-7e34e07a5ff3", "comment": "Malware payload", "value": "c91672ab4f5f4c49216f2e9d19fda405", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "batch", "colour": "#5941FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044400, "uuid": "963f809e-424d-4d5f-8675-386f28c52307", "comment": "Malware payload", "value": "6501a5b432c8ff0d740520ef039d89b3ba6bcd3d991ff48fdf240f509d1e471e", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "batch", "colour": "#5941FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044400, "uuid": "b232866f-3142-4dca-9fae-a94aed84899b", "comment": "Malware payload", "value": "08ce15eff8412103df7316ac140b37a308e3df4d", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "batch", "colour": "#5941FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044400, "uuid": "3fad5234-cd37-477b-99a8-3ecf2b3d3688", "comment": "Malware payload", "value": "e69b0edbbf5edec993fe5581e48716e573d505ebb4636b860888c957cc7046a3fbf1381dc06f129833af60ec50c9c334", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false }, { "name": "batch", "colour": "#5941FF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044400, "uuid": "54d3888a-db36-458f-97c4-45b7bf9b2d4f", "value": "T1FA05126C994C22CC497EE3C45D66C5C8A37ED7773105A92FDC6E6AF01906A6FEB63800", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044400, "uuid": "652e0b41-8787-4778-9120-f0ec3fc2e660", "value": "12288:D1+JwgC9fTZB3n8VLNq/0whQ/49qBWNuwmPUfY1+fi:zy4t6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697044400, "uuid": "4acaf77d-b9c3-403a-befc-dfbaad883c37", "value": 869741, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697044400, "uuid": "5ea40435-c4e5-473f-b56e-b367a0a62cd0", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044400, "uuid": "5c5048af-4ab3-4ff3-aa37-3dd21db154aa", "value": "Install.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f4482e69-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697050618, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050618, "uuid": "2c70aade-2def-4210-af8b-f591dc1df01d", "comment": "Malware payload (AgentTesla)", "value": "c63ffa4c4217bda6e79080f4f7e2f360", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050618, "uuid": "2997e4c6-b47d-4c1d-bd80-b035e8e1eb75", "comment": "Malware payload (AgentTesla)", "value": "658c9ccc0db6aba803792fd738ffd5a4d8974db6432affd99111fe4a54ac7a28", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050618, "uuid": "f2978392-304f-45c3-8aa3-94a5ecefd772", "comment": "Malware payload (AgentTesla)", "value": "e18074ae70871f8703a3af3ceb253046f8b19d85", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050618, "uuid": "51ece95a-fbb5-4cae-ac7d-8aa0502af06b", "comment": "Malware payload (AgentTesla)", "value": "6ed48b22d3b06634a04a11d532331252b03d08cd488835d8def2e9df64831ad75da78a88e27650ba68ab6a7600c4ddda", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050618, "uuid": "c684a1c3-5732-40c3-87c2-b585ba4573e6", "value": "T100E4015DBF54ED82C1715979BAAAFFE2B22E7D11DE80528B72183BCCAD322801D35147", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050618, "uuid": "445b1a93-d992-4a00-89c2-6dc6cf5b7a83", "value": "7fd61eafe142870d6d0380163804a642", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050618, "uuid": "42bd8f7f-821b-4c38-a946-44d50d384923", "value": "12288:st1WAdD7trLt5afB0ktLc+jdbWMeyp7nZ02N2+XKWN9+SpHe7ZF4z:A1WAdDZrLtJKLc+hCb07nO2NlXN0SpHv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050618, "uuid": "40c82dee-408d-4c29-9ded-216dbd52fa80", "value": 721720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050618, "uuid": "95335de3-b2af-4b46-ad26-fb5ded3f2b6f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050618, "uuid": "fdf8cb83-1c94-401f-b3b3-0c094178fcd7", "value": "\u041f\u0440\u0430\u045b\u0435\u045a\u0435 \u0414\u0425\u041b \u043f\u0430\u043a\u0435\u0442\u0430.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cff6534a-67f8-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1697002883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002883, "uuid": "38b30417-10b0-4b40-abad-48d2c254cfbd", "comment": "Malware payload (RecordBreaker)", "value": "1a35df4d953c7c7f011f4a03bb047d47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002883, "uuid": "f16212e1-0bed-4d12-83ad-f23fdf2eeccb", "comment": "Malware payload (RecordBreaker)", "value": "661619bee5d7b2c990720d645d7def09c3de41a964acc6ddc77866b8e283a37b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002883, "uuid": "34c9a66d-7eb8-4b5f-8fb6-47b03e9eb6e4", "comment": "Malware payload (RecordBreaker)", "value": "d2f6dba2cdbbd2675f82fbfa62dee7115158bfb9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002883, "uuid": "1f3df9fa-823a-414e-97b1-59b8a1d35548", "comment": "Malware payload (RecordBreaker)", "value": "0ac42fc5f68e22482ee71fc99b2e4e1aed2d597b10fa73a011b68aaa38ca633ee2f8cec09998430c18308d68d4fade41", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002883, "uuid": "99246cbf-48fd-4414-8cb5-d05dcc2d9711", "value": "T1C324CF217982C8B3C44643388824CAF4B57ABC729A59B98737A83F6F7D313527767325", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002883, "uuid": "aafae433-ff9f-44d3-ae80-47798179ee5a", "value": "1779cddf5976b55ff16f4e4d4c8ed385", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002883, "uuid": "79521745-8d24-435b-8d4e-6f62fcedfbf7", "value": "3072:HXpXmbVOfni3ylom62SkAvRHN84LYkWA96g5sbgTzTyh:3tMVqi3YHVsRVYK96RMTzT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697002883, "uuid": "9be6aad7-ffc1-408b-953f-68d0e1595961", "value": 228352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697002883, "uuid": "70f6d2ef-d456-4953-b6d1-044a64971ff2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002883, "uuid": "a18759c9-bdfa-4405-ac9a-cf3964e7b210", "value": "1a35df4d953c7c7f011f4a03bb047d47.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b38bb0c-6856-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697043140, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043140, "uuid": "1914a532-b1c6-4e14-873e-d1f2339f09fa", "comment": "Malware payload (AgentTesla)", "value": "83968d9a28921d060d0ea722c8926f52", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043140, "uuid": "12a77ade-ef79-4cb4-a72b-27dbc47bb975", "comment": "Malware payload (AgentTesla)", "value": "6703706a8c532bece036e36fc650fc082b04c5b771e5c2458adf28fdc667ad97", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043140, "uuid": "090aa468-9017-48f6-8226-004aaf260a01", "comment": "Malware payload (AgentTesla)", "value": "738d0628cbf225253a9bbb41251cc5c641862a0e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043140, "uuid": "f74b8d4e-1b23-49ae-bb64-70c2e55f05d5", "comment": "Malware payload (AgentTesla)", "value": "b9f061d59ff186808f797ee8eed71914a4dadc756561c57f8c932f2f4392e5e876c88151fc6fa6d79519440e91ce3394", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043140, "uuid": "8b6df520-9ac1-46c7-b182-060a054443c6", "value": "T1F0E4F12423688BA7E23E4BFB55B4031207F97527307AE39C8ED218CF5E61F528564A77", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043140, "uuid": "31deb5d1-d53d-466d-8c71-4e52a2e1d265", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043140, "uuid": "cd40454b-2b44-4b85-a971-4fa0c2bdc9d6", "value": "12288:tQX9KYL5hIvaVWPTyQkQAhENwYgol4vW:tQtuvaV3QkQAhENFgolAW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697043140, "uuid": "73917ce0-b47b-4410-8c07-15049a16478d", "value": 668672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697043140, "uuid": "78f97631-9843-46f6-bbee-9b302b734bde", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043140, "uuid": "6aa4e112-b580-428a-80b3-11ee2add7cf3", "value": "COTIZACI\u00d3N-GRUPO.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1e204c3e-67ed-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696997860, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997860, "uuid": "968beffc-8598-4d51-b85e-121a8a33b272", "comment": "Malware payload (RedLineStealer)", "value": "9f0d1d3e4438beddf63282ffb1b5cfa7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997860, "uuid": "6774bde9-8656-491c-b681-33965518b0cd", "comment": "Malware payload (RedLineStealer)", "value": "67e32cb030c9da2329c348f31a945978b5d7c4223e5ba6ad7ec2ef651fab17f8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997860, "uuid": "14c59c94-b6c6-4c6a-bbf9-07b65133e620", "comment": "Malware payload (RedLineStealer)", "value": "249754ce55d0200b35e44342a5cdbf6ebbb5a34f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997860, "uuid": "a111a486-ef1c-4e0f-9272-3eec944aa1f1", "comment": "Malware payload (RedLineStealer)", "value": "1f70990facc7b1f237c7ffca2c8a466c37be04e0a7c1d1494f5cd80e9394e07ac27dd3e739aa23342fef4c7915a1c28c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997860, "uuid": "0b5e4105-531d-4b68-a326-f5cde963d506", "value": "T14E3523439ADC8062D8B447B119FD22A70E37BCB09938A7672355D91E4CF3A84B93172B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997860, "uuid": "68bf15bb-b33a-4c10-b204-83bba35e7561", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997860, "uuid": "e39a6499-fb35-4273-91c1-5678a3e475a3", "value": "24576:Qy2v0xJeB63oXFMPJPdGowZGZh2AIGzT:X2V6KFMJdVlZhB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696997860, "uuid": "cc8b662e-c10a-415a-82fc-2cc6ce11dc9b", "value": 1133056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696997860, "uuid": "111c70df-58e7-4e69-8d78-a5854cfbb742", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997860, "uuid": "88af7b66-1340-4689-ba8b-0e46ac2822bc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a22c19c1-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1697052198, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052198, "uuid": "9f29dcf6-4e51-4a5d-ac49-5a3fbf238b62", "comment": "Malware payload (Loki)", "value": "2814debbeb532af81d72533ec11d734b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052198, "uuid": "061d8077-47b0-424f-a9d2-711646522a8b", "comment": "Malware payload (Loki)", "value": "681221b205f2d008f03eed616b560000c1bf95fe68e1a3d86efcd8c0da8a39c3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052198, "uuid": "f4f98ebc-fb09-4658-b26c-e2dc669d61c1", "comment": "Malware payload (Loki)", "value": "f2f22a0b529a5c86c1a5597b22990a3d8bdbf1b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052198, "uuid": "67e30eb0-4d84-4aa8-b51d-fee4499b3c7f", "comment": "Malware payload (Loki)", "value": "2a3568ac84f3de529e01db21565ed4edb37480a5c3d520d1be002ff0f4fc29fc9b12d7d2123afddd3cc24f7eb7ba50fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052198, "uuid": "38c41b68-1b45-4b77-9b09-72362f1f04bd", "value": "T18BC4F14072BA4B27DEB983F5856029648BF5356F7A7AE3802DC1A4DB9871F405E81F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052198, "uuid": "b80e9e62-907d-4080-a408-966ec60a3ff0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052198, "uuid": "ceb09960-4634-47b2-a477-c416ad320368", "value": "6144:vwmA9tlM2xLVMMxv62c+SNKZ0K6okpjSEdhzkWselANKdsicoJEh9sI/WB0yoR5f:v49YX9K96oAjzgWselGfpWV05XJg6J", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052198, "uuid": "9370f7fa-8827-48c1-bbc9-e315e28d2de0", "value": 567296, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052198, "uuid": "a2e22edf-dcb3-4106-9274-f4047be8937f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052198, "uuid": "b5dcedbf-d481-4885-8a47-77428b146ff9", "value": "th\u00f4ng b\u00e1o h\u00e0ng \u0111\u1ebfn Awb#_1294040291.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5b3048e6-67f7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697002257, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002257, "uuid": "6e06bcc9-fbc8-4af7-a117-73ed46b6bc0c", "comment": "Malware payload (RedLineStealer)", "value": "19123d16de6c36cf830bac3be7a42aa0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002257, "uuid": "6b1cb093-232e-475c-9da4-aacc8b76c143", "comment": "Malware payload (RedLineStealer)", "value": "686ce602b193c0ad3f5d1a451fa64e708374750977bd66d0b0d0fbdd3c51c6fb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002257, "uuid": "33eb22e2-dd86-4a10-aeeb-66affe5c652c", "comment": "Malware payload (RedLineStealer)", "value": "09d2d1375141f32c2d6a64628b8b64f5fca55a2a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002257, "uuid": "c282b6b2-4b42-4c27-a828-339d065880a6", "comment": "Malware payload (RedLineStealer)", "value": "b326fe0bfb037245f3f72bccd9afed0c38ec6247ee113a07c3fb87d558144951b58a33ab49c6f6f6f76f45b55c5052cf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002257, "uuid": "7a436cef-a401-4029-a7b0-60dab49db9ff", "value": "T1B6252357AAE88871C8752B702CFB5393193CFD619D3882AB2B924C9E1CF11D8647177B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002257, "uuid": "3750f950-9e96-4a20-a475-1effa3f412dc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002257, "uuid": "8b37de34-f42f-4d1a-9df4-5e9461c307ef", "value": "24576:jyRb7gTlWqtB6UKllBJ1YMTsu6RhM9tCApfbxr:2GRntB6UKllBJ1YMg0tCs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697002257, "uuid": "8f96b86d-41b3-49bb-99e3-5b4b4127053d", "value": 1022976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697002257, "uuid": "93ade1a1-6e76-435f-b565-8aef2d5087d5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002257, "uuid": "6f06afa0-070e-4d90-a32c-22ef7aca75fe", "value": "19123d16de6c36cf830bac3be7a42aa0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ae79d6d-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697050307, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050307, "uuid": "b198e063-b554-4b78-80f5-e8ef791f585e", "comment": "Malware payload", "value": "034dfb2a7a6be34ff4c197c3f5158c4e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050307, "uuid": "d292bff1-ace6-470a-99b3-2f8836740962", "comment": "Malware payload", "value": "68aa3e720e8acf3cbd64f4046d067c50e53426ad0a2e738d08618c7aff116073", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050307, "uuid": "b9fbdd95-342a-410a-ad8a-ea2b2b3302e6", "comment": "Malware payload", "value": "f7805977f7cef6bd9b6fccf0f0a144626a838fde", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050307, "uuid": "bc62f7a3-5cfa-4caf-983f-803e9657aec5", "comment": "Malware payload", "value": "456bfb8dfa7c00722055ffe53bd4e7caabe9ab8116b3a47ba2b58573b529a66eb5f2396e0f62f50d9c3168ef09d57e39", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050307, "uuid": "061b5817-80a8-4895-a4e1-a9b7869fae66", "value": "T1045622FD63983748C45E8C384523ED8A71B1162F46FC96B9B4CF7A807F9B510AA16F42", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050307, "uuid": "a6310560-cbbb-49c6-8009-e1b1a8f99032", "value": "0319e999ac49e0b5e3cd76fe794c25ac", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050307, "uuid": "c1d15006-8f65-4f50-aa1a-ba5bcdcce35d", "value": "98304:sB6Xdvo120oIeVsHteuyK8mCpq3wdqVAYUzujDG:pC8VFTd4AoVAYUzT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050307, "uuid": "584947d6-f642-4492-89dd-509879080c05", "value": 6276096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050307, "uuid": "1ddd157c-f0c8-4429-9846-7a0991c2128d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050307, "uuid": "2121b229-2f98-42c5-a843-0466f069af55", "value": "034dfb2a7a6be34ff4c197c3f5158c4e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "961f34d1-6865-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697049601, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049601, "uuid": "41186a70-cf94-4ec4-a23d-0d0239916c41", "comment": "Malware payload (RedLineStealer)", "value": "5479b092606c5d52f08d402d7702abb5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049601, "uuid": "0c217ea2-a23a-4281-ba7e-5792f2ed870b", "comment": "Malware payload (RedLineStealer)", "value": "68df165652fea0b1c7f7f539d0a5c9af38fb96df197fb88698c842c77df7075f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049601, "uuid": "44217d06-f5af-48e7-97b3-731e85cccda2", "comment": "Malware payload (RedLineStealer)", "value": "896c91f40e57aa10cc10249b2bdb02bcffbe9885", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049601, "uuid": "9e9b7add-0629-4bcb-bcbd-a4a2829b393f", "comment": "Malware payload (RedLineStealer)", "value": "d3deefd5631a25e163e75f2c5432bca092238337302d83bb3e63e9b008010822ad16e5f368a4abb4435ec6df2b11d893", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049601, "uuid": "1aa5c5d5-38c0-46b8-b56d-d16c5b398d52", "value": "T1476523376A985132F9B913B049F302C30F377CE549A8E3AB36C7586B1D72696EA31351", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049601, "uuid": "fc38a66e-7ba5-4067-a79b-d4ad2b830e0d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049601, "uuid": "18ae0910-82f1-4d29-b486-e5949f41de30", "value": "24576:oyy5P31wgWCIxFvT5P7jUviXW1WmBoD0JpszUks5ZrunIz9mnwW1p9JjH9VW8acj:ve3ylx55DjQpvOEs07OIonvjH6c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697049601, "uuid": "df6f26aa-70e9-48c9-a3fe-93d4c40ca779", "value": 1547264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697049601, "uuid": "8ab40a68-4886-45d7-bfde-c990ade5779b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049601, "uuid": "81ff14c1-2ff9-4110-a388-b78b995d97dc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cf4cc80a-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067736, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067736, "uuid": "86bfe933-c950-49f9-915e-02dbfb9cc425", "comment": "Malware payload", "value": "93497ddda3a2579acb8d0501a08820bb", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067736, "uuid": "45f5be2f-b55e-4ecd-ae50-16ebc2e91509", "comment": "Malware payload", "value": "69e3c157249070aec7d5e003cd6b3dd05f87b555e4997e4c11cc5ff07462e3db", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067736, "uuid": "7d63b28e-ce33-4227-8cad-9f3deb2cd0c1", "comment": "Malware payload", "value": "2bdaaa12d3531ab4ef724d4f8e7bdca94b44e0d0", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067736, "uuid": "dd93463e-063c-4926-b6ec-721c6e8d5264", "comment": "Malware payload", "value": "d691757d3ad3a0ef189a63101a631857a739eed1903e8b1e93fcc0ec7a414dd53ee8087bd2c2e62dfba84122c454e6ca", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067736, "uuid": "4a2961eb-ada1-4df5-bf46-12d359060856", "value": "T1D225893223B22F3DA278FBF600DD15479E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067736, "uuid": "5e066c5f-83ab-4d3a-9441-ebac17e317a9", "value": "6144:raUiRvosY5pwgrhLjuCzS9GlJjYhR+z3b7ELb1MCQdMEKBP+bIr3xbtnL3e8QVoG:qLlAFL7ELvH5NzOFxwruT0VN8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067736, "uuid": "7d478f5a-ecba-4cbc-b963-8dfe13a5e9f7", "value": 1037084, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067736, "uuid": "47b2e03c-3c53-48dc-8b35-e476ad0c1ad4", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067736, "uuid": "f9d206e8-b353-4a02-8843-0f8ca5e7ca79", "value": "Offer[2023.10.11_08-07]_2.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b97a3dd5-6860-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697047513, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047513, "uuid": "602b50fa-3d5c-4f86-b954-f62ac55741d4", "comment": "Malware payload (RedLineStealer)", "value": "bde70e16c30631388860835d57083dbd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047513, "uuid": "10d086f5-aae7-4c7e-99fb-68c4ab6f8755", "comment": "Malware payload (RedLineStealer)", "value": "6a75d9ae54b683bf3d5f15fe0513ac6c87e7d4611b436bfc4bd03cadcec51936", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047513, "uuid": "1ce49ee9-11c8-4445-bfd4-01b335d624c1", "comment": "Malware payload (RedLineStealer)", "value": "1d89542120a6cf226efc70bdd9b3ec6156626107", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047513, "uuid": "6c4d58a4-49ec-4edf-af75-ab3c06d8c983", "comment": "Malware payload (RedLineStealer)", "value": "bb07452b94d732a985261ce675b2e3a8d8e8949dab0208b369e0f2b0d75dcdaba67b7755ebce4880f7c68f864d4b70ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047513, "uuid": "ef59020d-55e0-4587-9b24-80e2bdc2740c", "value": "T1C165239292F5A172D97863B168F203C716B5BDF0DA7086673701BD2E1C32A94A83177F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047513, "uuid": "87cfc12f-2211-4976-854a-905992bb1a0a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047513, "uuid": "b3d4d898-03ed-411a-868a-dd7cf058f92b", "value": "24576:qyu7C7rnsWkOSK7cj+idRXTV6ELdn7esR2ViMFyliF1uaOl+S2L6GiQcp22t:xu27rsacKcRjV6Up7nR2ViWMyVxL6X1M", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697047513, "uuid": "5fc33a56-f8b7-4976-8770-c6e43489b16e", "value": 1544704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697047513, "uuid": "245014e2-3367-43f2-ae58-19196077846d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047513, "uuid": "45b4f286-2d0f-40bb-b291-2e6f2715e502", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4ac071c5-67e3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1696993640, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696993640, "uuid": "c2e69230-29a4-4e40-ab76-f477700e172b", "comment": "Malware payload (njrat)", "value": "82f98bb613a30f61ceb9ca7686f97847", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696993640, "uuid": "519c95b7-8ba7-4ce0-a7b4-e7c2c688d16a", "comment": "Malware payload (njrat)", "value": "6a96b4732718c044ce7c95dc71493e1f09a4005003159114068a6122fee051b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696993640, "uuid": "d5cc8b50-bcb1-452d-903d-dca745a5c0a8", "comment": "Malware payload (njrat)", "value": "31c0ba8ec4ecd3d76fff9fc679a791d59e634047", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696993640, "uuid": "676a85db-ddad-4495-827a-5b88ff8ff25f", "comment": "Malware payload (njrat)", "value": "f6c503bc72c7054f2077c103b54e7c3eb889e9e7a1bc6e27f006f872d63fdc67068ea09bdf31bde11fa4c384d57ec994", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696993640, "uuid": "1be2b107-417e-4a8f-9a10-cd670dde8652", "value": "T147C2195D3B908162D2EF2BB006B2DA2502F2E10B5A17EB5F4CD844FA6B773C14D819E5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696993640, "uuid": "cc8cfb3d-3bad-4fcd-89d5-fa577015aab7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696993640, "uuid": "b21804d7-f198-4a50-b4d2-62013d7144e5", "value": "384:LLd6cufEYAA/XgWeyoHzCYe/iBY2OzRLTm3yilqr63+bNtVvGD:fl8AA/6T5e/gsEgVvGD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696993640, "uuid": "b7257524-99b6-45a5-af82-634b3bc42a4e", "value": 27136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696993640, "uuid": "dadbc3ab-e0e5-49f6-8264-984cb3b16805", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696993640, "uuid": "02ca6c49-aa2b-4e34-84aa-f60779e55219", "value": "bQ5J.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af60432a-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697051361, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051361, "uuid": "d4f826de-206e-4efb-be51-4def12ded0d7", "comment": "Malware payload (GuLoader)", "value": "8539f3e4825235b4cd824bd84733ea4b", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051361, "uuid": "d222b363-46fb-44a1-b0e9-c099c7baa143", "comment": "Malware payload (GuLoader)", "value": "6ab849d1b9d529361f83985e9f47d18ab2318308cacff2145d966c2d5c387d4d", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051361, "uuid": "03feba3a-6f0e-4a37-b99a-098ec78dc04c", "comment": "Malware payload (GuLoader)", "value": "19fb462af223ffe1b0e654b94f825296173a4979", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051361, "uuid": "2ede26e8-a424-4cdd-9329-9e08ff2ad4f8", "comment": "Malware payload (GuLoader)", "value": "c4fd172f6588c7c4af0cc2586a7733a348fa31132ad6e243471bd7089b5b1dbd15e0f8ee3228b9fb51ffa8d70670cd3a", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051361, "uuid": "1f20fd62-b722-4eb5-808f-4a2dc572d188", "value": "T16055E003D804DB97D40E83F87E133AD91F0E7F19E8D569DB14A67B8B3A30BA2095A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051361, "uuid": "83e210dd-f197-4717-ac5b-3ab4d6cefb69", "value": "24576:SWQmmav30xgzZyCw6Vq+vqfpZyFw6V5+R8IDpbRMwvEhew5oykGfK3CwLx:XQmmQ30iVu6Vgx6VgR7vrAoGfKyE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051361, "uuid": "ab84418f-af9d-486f-a919-8fcc51c776ee", "value": 1295360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051361, "uuid": "c69c1255-4abf-4506-9ac8-585cf268f27e", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051361, "uuid": "29cce21d-2c52-47e8-b6bc-96a67ce0d385", "value": "Part number 91875-11400 x 6.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d5cb9d4-67f0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696999255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696999255, "uuid": "9fdf9a6b-6577-4b8f-a34c-2b6ecbb0124f", "comment": "Malware payload (RedLineStealer)", "value": "68cbb1bac87a574eddc1cc9a3cbd01b1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696999255, "uuid": "11ca9e36-bcf5-4ae1-8f2c-ce9ba3cf63be", "comment": "Malware payload (RedLineStealer)", "value": "6b90caf1c87d30d3338b8c02582a90abc5ade1a2381eef20cfd32ab28216d622", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696999255, "uuid": "3f063e8f-bdd3-4e23-9bfd-764849d96cea", "comment": "Malware payload (RedLineStealer)", "value": "5fc0ca4e2aa9e7cac1e26eb22607e3472cf3ef59", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696999255, "uuid": "060e488d-61d7-4b69-828f-d32beca007c6", "comment": "Malware payload (RedLineStealer)", "value": "822055d41599895f331f3e96dfe7dd4778f42187fe57fcf62249b166c63ff06540ba076edfb0772801765e3a3741171b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696999255, "uuid": "5f72a451-db77-4b0a-a7cb-675920b96bd4", "value": "T1E1547C0174908033E9B319378EF99A6DA63DB950075E65EBE39C0D7ECF20AF1BA30556", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696999255, "uuid": "ff194185-feaf-4010-a771-3cd279267c47", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696999255, "uuid": "90f2d922-bde9-418c-8dc9-ed1b4ab51bf1", "value": "6144:gYZq5CKmaRSpSrjbR3visnj/tRBPAOwcDhC1gOWTpJBn5:rZaCPabr53qAp/E6zn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696999255, "uuid": "bd2c40e9-a04a-4bb0-9636-f2fbc25d2f2d", "value": 304904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696999255, "uuid": "a92526dc-8ec2-4664-8465-ee7e4e1cffca", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696999255, "uuid": "36ea9f7b-173c-49de-ad01-b7b34be6ef9f", "value": "68cbb1bac87a574eddc1cc9a3cbd01b1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9edab126-6857-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697043603, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043603, "uuid": "30243f69-4a0c-451b-99bf-4362108698bf", "comment": "Malware payload", "value": "0743ef7863b98b1b5176805448f86417", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043603, "uuid": "ce0a1148-5271-4e3b-ae42-add79e3b5172", "comment": "Malware payload", "value": "6bc6b15b89387d9de01d506ca19989f12e22ccdb8013ed94cfe2be54cf60c4f7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043603, "uuid": "b0e92c09-0c46-4eb3-9cb7-d520aa6ca93a", "comment": "Malware payload", "value": "e551494be489d3c3f22eac5025627e849021e483", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043603, "uuid": "1e9f5959-1a3b-4d40-9223-d8511e34640c", "comment": "Malware payload", "value": "34fabad761c045fe2b94c96d060857d453e5467a15a98e67834934ac5852edc8fd5ff53b8817b4f8555ce4d7b642a734", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043603, "uuid": "83c29668-9952-43e0-b359-03fdf235dee1", "value": "T11954F10EA7D524F7E47883B880D34053D27178A21BA6A2FF01C4E5B99E13AD136B5F47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043603, "uuid": "199f31a4-863d-4de5-8194-3d5d54cfe3a9", "value": "4cea7ae85c87ddc7295d39ff9cda31d1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043603, "uuid": "e7422072-e8f1-4afe-9d6f-b25633882e59", "value": "6144:fahOwhA2YG8QG8RyjhdmerhCoUcieirM3I2ljGBW+VU03tiLI:fiJhlYH8RyrYFfFI3IejGg+VU03kL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697043603, "uuid": "626e84f7-9670-405a-b3f9-56ba7a7834f6", "value": 283136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697043603, "uuid": "2fbf0d3e-b98f-4817-9a0e-54100e2aceed", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043603, "uuid": "a75433a8-ce1e-4d59-87cc-6dd1b5c80d10", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5e43fd82-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051655, "uuid": "5a25ee09-967e-4fef-850f-2c8dfa1573f5", "comment": "Malware payload", "value": "5f0a41100dd08ddbf58e1a314991f84e", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051655, "uuid": "d3a0bebf-009c-4c3b-8389-3eab9694a575", "comment": "Malware payload", "value": "6bcaa06dd53ee4d8fe107f6e4ac613b687c63bf521b7534a195dccbb39383654", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051655, "uuid": "68caa636-342a-4f8c-9df3-8a356c53fc78", "comment": "Malware payload", "value": "83df097fff63f0b84eb609c1a50bd5b69947e839", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051655, "uuid": "4c682dbb-0e53-4779-be2c-f6c6dc28c309", "comment": "Malware payload", "value": "1df5a1fd13959daaea5dc55eff9242b4eefbdc6d295d0ef49310d3829bd1885dd66f1e578f593e1e198e39d3ab856682", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051655, "uuid": "0097afa0-80a2-4551-9ee9-715780a4d547", "value": "T195E42333EB16DC944FAF2AAD30447E56012D3C7B0517071C75BABA1F2BEBBD0A489856", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051655, "uuid": "3da731af-2071-471d-898c-95fc6960273d", "value": "12288:KJFOqgO6iZPE/dg5UlQK6rFp6gJL7MltpvwdB8OP95drlw3EJVLMPx6jleW:WXyak6rL5HMXFaBRP9zlyioPAwW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051655, "uuid": "735c9477-9396-4ba7-878c-e53f520ee215", "value": 717260, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051655, "uuid": "d049c191-4ab8-469d-9f38-daf4fc207aa8", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051655, "uuid": "7f83a0a6-b777-468d-9430-7d2fb7ab6fc1", "value": "PI 890009765.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "99388ad8-6825-11ee-a6f9-42010a9c0055", "comment": "Malware payload (ArkeiStealer)", "timestamp": 1697022118, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022118, "uuid": "8947301a-c540-4ff3-bba7-aea2d02ba85e", "comment": "Malware payload (ArkeiStealer)", "value": "618518efc2bfc1b6e4eb70d6bee93163", "object_relation": "md5", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022118, "uuid": "e29f6d25-02ca-49e9-8987-bb100401dc01", "comment": "Malware payload (ArkeiStealer)", "value": "6bcc6c9c64361c031c6f59b812e6efdd6f01d448b834424839da0520cbb8ae7f", "object_relation": "sha256", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022118, "uuid": "3b9ba6c7-2796-4b1a-a7d1-7a0996ccf778", "comment": "Malware payload (ArkeiStealer)", "value": "2078bccf463e3ae5d6dbb75e36b65ed0b14b7ae9", "object_relation": "sha1", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022118, "uuid": "3da8a56f-10fc-4773-97c1-ac7ddf336060", "comment": "Malware payload (ArkeiStealer)", "value": "f353e30060ce41ad95a342228653fb46b0eb0783ebb617c476fafe914f028975785267510e084feb4b6aa4ae96d38828", "object_relation": "sha3-384", "Tag": [ { "name": "ArkeiStealer", "colour": "#21CE25", "exportable": true, "hide_tag": false }, { "name": "bookinggoogledrive", "colour": "#D12BEC", "exportable": true, "hide_tag": false }, { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022118, "uuid": "2894d92c-416d-4213-8eb7-a361d86430f3", "value": "T19A25ABBC70B5B81EF5D4437BC6852CB6DB2CA580D7993DDB8E204166BD8310E1FAB861", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022118, "uuid": "e07cd9eb-93bf-4795-ac6a-0f869a902910", "value": "6144:vgH4ndiP0yHrT7x2Wt3whW1CB3ZJdtxlvpfF2v7XSyKChEK1b:vgUiPxrTt2Wdwz5JfN2jFKCieb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697022118, "uuid": "5f83afeb-8fd8-4a90-8202-5fbe943b68a6", "value": 1054057, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697022118, "uuid": "25c871b7-da35-4b6c-b5d9-26ef8685a917", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022118, "uuid": "1946b782-74e5-43ef-9811-df1ade260155", "value": "recommendations.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a56a37aa-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050915, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050915, "uuid": "dd8b1fc8-bd42-46d7-9fbf-419d5b94f587", "comment": "Malware payload (DBatLoader)", "value": "22d3a3c2ef2230695bc95068c085439d", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050915, "uuid": "ba7f9785-ca73-4185-86f7-9d52b8378d35", "comment": "Malware payload (DBatLoader)", "value": "6c8d7823a95b1f64dc178f107799e1b58d1026653861757555ac7a7c7f1c45a2", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050915, "uuid": "09ffb774-0634-4457-a223-962362749fed", "comment": "Malware payload (DBatLoader)", "value": "a07bc44e9b4d2321db79e742c0ee94c22f0379df", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050915, "uuid": "8501c494-3446-41ec-ab08-119e16c87d44", "comment": "Malware payload (DBatLoader)", "value": "4bd09d62519507fdec34bcb98f69c9c020f73b9edac70317401f715ff0b0ade9e6a23d556ec846769227aef22e4cab4c", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050915, "uuid": "f68e3930-18c2-497e-952b-7287c212c912", "value": "T1B0356B70B3B60CB0F4A976B5DD0A67F40DFF27A9A9502889C279391B1CB63916F1106F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050915, "uuid": "3cb2ac0d-72bf-4da1-859a-4640a834b04e", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050915, "uuid": "fccd5809-1711-4066-9a30-4ce9046e80a6", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5I:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050915, "uuid": "68da8500-0c60-46de-973c-eb8094305de8", "value": 1124352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050915, "uuid": "e8fdd100-f6a5-46f3-b0bb-57676099fdb5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050915, "uuid": "cea47796-f8d9-49b2-8ed1-88407022c3fa", "value": "Zdtqgygoywgcgs.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b51f6b8b-683f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697033332, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033332, "uuid": "055f6a79-ad7a-47dd-8cec-f4d45c892a16", "comment": "Malware payload", "value": "0a0b738cc3bedd5c417fe371b76709ff", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033332, "uuid": "972d5171-c652-4626-9866-f6ac877cc517", "comment": "Malware payload", "value": "6ca27c23e5184814d95b8a510b5cf3cd7a1bb82dd59fb416d55c354b4c03b39f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033332, "uuid": "40f9fbef-ec07-4438-bd15-934ef077adf7", "comment": "Malware payload", "value": "46127ab2771385705af2893deff12bece2878668", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033332, "uuid": "525448f3-9080-41f9-888e-6f94c5f71a6c", "comment": "Malware payload", "value": "513186f77a3e84bf73cc9a12fe9c56a5b9a9375c4159b1984c0f9b277c83b5c91d4be7d301c3dfbdd14d54ffecac1845", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "webdav", "colour": "#CFABAC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033332, "uuid": "b6807be0-38cd-405a-b8ed-f722cae51d64", "value": "T11B266A17A6B840E4D0AFC138C55A860BE7B2B8651B3597DF0162065E6F336E24E7E733", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033332, "uuid": "43fbb8d6-9ee7-41f7-b5c5-eb8ec24e1eb8", "value": "5da3ba53735dd978872a3ed1234c0ec3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033332, "uuid": "f31f48f0-7354-49f6-9755-4be6acd18fea", "value": "49152:o4M4TjK4D42jlRWc5nDitz/EBuEetKt72sQFNJh3/bgww9RCCzzr84tQXqUli8Uv:3PLTWGWEXkwpzrXtv8s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697033332, "uuid": "dd441e33-a843-448c-9922-c6ff5e829891", "value": 4431360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697033332, "uuid": "a7080a5a-cd7d-4287-8dd1-0b4b06e685c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033332, "uuid": "b3a7c21e-2278-462d-9b2f-308a51fb2787", "value": "db1120cf589d3977516e42d2cb276573531af7afdf798c22cf5a5325802233584137f1fab273073baa3ebfe901b6523d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f153001e-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052331, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052331, "uuid": "4ef09480-8723-4071-85e1-21c3a25dc8c1", "comment": "Malware payload (SnakeKeylogger)", "value": "306561287324dcb749b051225c7ca686", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052331, "uuid": "80075647-1c68-498f-b578-28a5b8d85571", "comment": "Malware payload (SnakeKeylogger)", "value": "6caab57198e2e3cc5833f0b578e193c99230595f66ab98eb00f0fdae7d8c2c8a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052331, "uuid": "91102111-ff83-45f9-ab29-d3a998fb3a9b", "comment": "Malware payload (SnakeKeylogger)", "value": "715ac0c7eb48a0ff536be8c8e9cf16e3bb62e3cd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052331, "uuid": "0a2ccf92-01cd-4f58-b579-6133d5d0365e", "comment": "Malware payload (SnakeKeylogger)", "value": "ac3d545d8f6a1718371256fdf18e2b6a164e58b8af05a0b267efbc3a8a67c12b861b7dd3faf45f7c1827c2439fad0bdb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052331, "uuid": "c866c8e9-d093-4f5b-aa85-c270c82efcb7", "value": "T1E8040E32D785FE12D23791F720E6F188C2E1D498C56A87B6A934B1E3A771349B9F110B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052331, "uuid": "431e7f2c-db01-4324-886b-1c20a430f64d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052331, "uuid": "2490f6d9-ecb2-4fbf-bd71-78e251ef933e", "value": "1536:A1vldVVr/ETon7CdEZIPas6A5Adgl6nPUStsJhB9rMVcoXfRlXn:cYon7O/XigW6/wcoZl3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052331, "uuid": "7831a99e-0a99-4196-9657-687602133121", "value": 175616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052331, "uuid": "feca8c88-28b6-4fe6-920b-663e1079d584", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052331, "uuid": "1be00537-1eeb-4d05-9a3f-f80ad80fe4da", "value": "Nhuhqpc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e1e638a-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067573, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067573, "uuid": "9c2ee111-9eda-4ce3-af22-93d6d34ce152", "comment": "Malware payload", "value": "866b4c6741a9bb480a55d66b361cf110", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067573, "uuid": "22646d5b-ca09-43b5-a254-75087e96b776", "comment": "Malware payload", "value": "6cd9c325b168fb0f426f991ab588933350405197a59885b78ec97bf19f57ca9c", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067573, "uuid": "794aa04b-2f80-451c-80e5-e436a37984de", "comment": "Malware payload", "value": "ab3921e6a875fb72983d554027ad925be045998e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067573, "uuid": "5e6d44b8-84d4-448c-9eec-f84289dd4a89", "comment": "Malware payload", "value": "3ef5e2099c198c5890841d4dc6c538ff12db8fd9406ae706e8ef8b27a6ec13214898f5623c1f74762ee06c1bdf734bac", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067573, "uuid": "1b8c6739-9210-48f5-8e9f-561eab282103", "value": "T149458E21F4D04176EDE310FE82ECFA2586ADD0B00719E6DB13D547EED6E1AC17A32686", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067573, "uuid": "c75d8ffb-a0d9-4e09-9967-181f340bfc7d", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067573, "uuid": "7f9bc685-2672-4963-8a32-d9caa549ca85", "value": "24576:Skp4xZEYj0z5f7WSX7iQmstmuIkgxAMdSw7nK:RYj0z5ftiQmsku39WnK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067573, "uuid": "ba883455-1226-4807-bc92-9e6bb0dc1824", "value": 1176328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067573, "uuid": "ce9804da-c724-45b8-9d76-9ef2d8ed8ff9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067573, "uuid": "e5c2d292-4bf1-4824-b640-08d3638ec5bd", "value": "866b4c6741a9bb480a55d66b361cf110", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a34ee3ce-6833-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697028148, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028148, "uuid": "85036c06-ed82-4601-9301-c4a577cae9cf", "comment": "Malware payload", "value": "8d51ca6de408cde161aeaa3808e0662c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028148, "uuid": "17d7eb3e-8235-43a1-bb7c-4641ba684697", "comment": "Malware payload", "value": "6d0aa946e846f72d108e60ebeb3f31f6c8ceb694381561a304a5c22c8c8e312f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028148, "uuid": "4b3d2164-1666-470a-9a97-8840299c8494", "comment": "Malware payload", "value": "e10fda1af28095d2e0ab1f97d9d0f295734bb56f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028148, "uuid": "2aec4986-d19b-4a01-8bbf-18d898dec0a3", "comment": "Malware payload", "value": "d2169b4ab767af5302cc3381883f335175359942c97f8238a5b861537859623266f89f56a66fcab3536461708f7164f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028148, "uuid": "ef2a7ab1-9d45-4386-a1a8-33ebef1a891e", "value": "T195A63362D3690DE5EDB7943DC1C5853AEF62365A53A4C28B03F446B20F276E42C3EE61", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028148, "uuid": "8d1cddb6-82da-49b6-a666-b09a455b99d3", "value": "20d446c1cb128febd23deb17efb67cf6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028148, "uuid": "8887ac4a-f629-4528-86e3-e41daefe0d0c", "value": "196608:RAgTCL6XDwGcsAgectcGfcY3gtFrlnuG1PJT0kjFcJ0:vKGk3meWcGfd8b3Tvpcq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028148, "uuid": "e285b23a-6876-468c-9e87-85fbdab65bc9", "value": 9560709, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028148, "uuid": "edca8ba2-52ae-47c4-845d-0abc60e3fff1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028148, "uuid": "2fcd5e09-c7dd-4927-935f-6069f220721e", "value": "6d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5129aa81-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050774, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050774, "uuid": "27fd4afb-b536-4682-967a-48a7dbca5ca9", "comment": "Malware payload (DBatLoader)", "value": "3676fc6195db48a136cf27fbaf25968e", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050774, "uuid": "07b49b64-a41d-4200-880f-4352862cd4d7", "comment": "Malware payload (DBatLoader)", "value": "6d2399b13a176bbb2b4319d7fc405de5078f1ded3bb0653f8111e79a3f0ab885", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050774, "uuid": "ec4f3763-e214-43c9-8b48-c219c0d1a259", "comment": "Malware payload (DBatLoader)", "value": "cf049c7b0df096743c8e57723bd65746504fcc14", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050774, "uuid": "2da2594a-3a70-471d-bcdb-14a8d4f2eae0", "comment": "Malware payload (DBatLoader)", "value": "da711d718f3ddeaf32d8c4d52ecaea770ab4f99e86ef3b4f22c3ec6186c988f43f970c59d309e286fa252d351a542a94", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050774, "uuid": "ec84d5ef-e5f7-448e-8008-c9578003819c", "value": "T12BA5F167A2904C37F43639B85C0F86995C1AFE303D64FC8B76D95A4C2B766803A39397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050774, "uuid": "5b2c2f29-6f7f-4d27-b750-a752c59d965c", "value": "f48d9fecb191a3f4fc9501cb4eaddebd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050774, "uuid": "26160da0-220c-4730-81d1-d696b89c608f", "value": "24576:sjZWxAnwlVih2Pvhs6E/Hs63YeXb6id8UYeDRXCgRHCZezBQu7kR5VNUAJOw637m:sjZDwe6Evs6oG6mYoYWQuHHwgP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050774, "uuid": "1f86824c-a3e2-4042-a7ca-0d6ffc4df781", "value": 2235392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050774, "uuid": "981aa482-86e6-4f0b-a621-55aafd476c00", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050774, "uuid": "162f4ccb-0d8b-4f5c-829d-73ae5fe0f890", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a91d282-6801-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697006632, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006632, "uuid": "43dc36de-5c25-4c70-a41b-bffdb3b040a0", "comment": "Malware payload (RedLineStealer)", "value": "e986c81848df450748b1844468db9c67", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006632, "uuid": "7a7a8edc-1f42-4e61-b33c-c98f75e70784", "comment": "Malware payload (RedLineStealer)", "value": "6d2ec231112b3cfc9f4b22c0d21866be80d39c68ddc0358bdad12284e4783ea2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006632, "uuid": "3711d6f1-f13b-44b6-b8c0-9abea61deac7", "comment": "Malware payload (RedLineStealer)", "value": "e881fe23c3a54262d0834bfa14f856c45d477473", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006632, "uuid": "87742ff6-5679-448d-abaf-40d781b3815d", "comment": "Malware payload (RedLineStealer)", "value": "de5989f82e009b93deb960b3361809402c8b736cb164f389914ecde167365dac6ede8938998c45ce36b5e5a7bef2280e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006632, "uuid": "0347b770-4c22-4789-a650-568f094610f0", "value": "T11E352323E7CC8572DCF41B304EF613830A36BCB299B94A5B2745999E89722D0F57137A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006632, "uuid": "644edf82-82a4-44ce-b34a-04c20f023ecb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006632, "uuid": "caba74f9-eba9-4c4d-a0f2-70c8002d8d98", "value": "24576:8yw+CLTscCMIu2IVIt56mzIAINGI+M039DVC:rwrLTnCMIr5Ej+M0NR", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697006632, "uuid": "811c17b1-4258-48fa-9e24-4e3fd1f6521a", "value": 1075200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697006632, "uuid": "d4657c58-d0c6-4fd8-851a-2dcb754a1e6c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006632, "uuid": "e0fda07f-fd2a-43c7-a52c-18ecaed49079", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "492bde22-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051619, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051619, "uuid": "c184b8c9-8ad2-48c0-9c9f-9fc5c727edf1", "comment": "Malware payload", "value": "2c0f8b474c8da6b417eebf6f7635880f", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051619, "uuid": "9dec46d8-e003-4b9f-9555-3f384d53dee4", "comment": "Malware payload", "value": "6d4d0e107c3d009afecc9c2ff8ed1f4dc5baa52b2218e1eb27153c8743ea01b7", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051619, "uuid": "96800d14-4a3f-435d-8f7c-48b8b9a38c77", "comment": "Malware payload", "value": "838ce8be1780ae6be1d8178d1932af2e61c4f4a2", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051619, "uuid": "53b7bc96-592b-4845-9765-2da6c4478ad2", "comment": "Malware payload", "value": "f5248d0048663a6f177e1207a49247591aa58e11f1d2bc67b2ad6c9ad4123d40669330ffe8f5816991fe97c128f22520", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051619, "uuid": "9abf16b9-316a-4399-8734-9ded1c13a9c6", "value": "T13ED42346CFB3C997B7EBE5A825903C1FD806DF5A101E2AD53219EA488F68716DC01EF1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051619, "uuid": "585f6a0c-6ea7-4026-b68e-7cd073578f92", "value": "12288:yahBNZFsCOkJRRN07Gk9mFD1o39IfMeIRjFOeV9y6AXWBy5w4GkSc:yahBN4COeMGZGI0eQFOU85wpkn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051619, "uuid": "9cef90b9-c256-4fae-a22a-5216ccffa329", "value": 640121, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051619, "uuid": "7d71f3ae-cf34-4e3d-9c38-d4aafed49383", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051619, "uuid": "23b5ca34-afb5-4d24-b93f-ed78a2db6b15", "value": "Novi poredak_HR-WJO-10-10.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8941e405-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697051727, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051727, "uuid": "40eedc74-f7d7-4333-8e0a-8f2ad7353479", "comment": "Malware payload (RedLineStealer)", "value": "727c9a6a62bd333ceab576931f01695f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051727, "uuid": "43291181-1d63-49ae-8fa8-b019c306eeb5", "comment": "Malware payload (RedLineStealer)", "value": "6d93efd07aa2e72d68cc0f6bf3caad3ef38f6a831d0b701fb570a24e5f52aa0f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051727, "uuid": "362e33eb-ec0b-4dc6-816a-86acc8eb046c", "comment": "Malware payload (RedLineStealer)", "value": "1e56168e1f3940f784da806525310cfc9f63c223", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051727, "uuid": "f7f78d14-80a1-46c9-86db-fc3acb2dfa24", "comment": "Malware payload (RedLineStealer)", "value": "0e07e4a9e6b9d3bf84f5231cb2c5c872d184da3917b9297e956a54b3ddab59f0483cb6086c06c3a0e9b7dfa08c3c4d72", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051727, "uuid": "483b5295-2467-4e9e-9b83-4481b8d4e75d", "value": "T10B652303B7D81433ECB5173419F356934232BCE08EB0827B7B9A6D5649B3958AA3536B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051727, "uuid": "16a39711-f600-478a-b250-a1e5b3d595e3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051727, "uuid": "2965a1c1-13aa-4cdb-a0f0-c1cc7f68da1a", "value": "24576:8yZrnLTVnF4LOsA2OK7esGihhL0cvi1Ik3g6GQsdKojrQu60PZcGKUrE/J3Gk:rZrHVqLOsA2lePkhIolk3FGhdFPZcGKT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051727, "uuid": "55a15402-2f21-4774-9775-3a6df2ab704f", "value": 1546752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051727, "uuid": "48ad6369-c0db-4271-bed8-c987aeafef98", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051727, "uuid": "35dc64e3-8400-40e0-bb2e-e5327bdb58a2", "value": "727c9a6a62bd333ceab576931f01695f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "29e67285-684e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697039541, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039541, "uuid": "ecd4f472-f4c5-4a8a-b291-9d65169bb6e1", "comment": "Malware payload (RedLineStealer)", "value": "0cf002cb6766fb5f3a93d40e94a540dd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039541, "uuid": "f12bc5bf-904a-4fe8-86c9-f8cd19054f1e", "comment": "Malware payload (RedLineStealer)", "value": "6e1a6685347089a6c8e2e8add3fd70ef50aebde374b0d3715c524921e40a3415", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039541, "uuid": "8ad274b3-4c5b-4501-a0dc-de77f989a206", "comment": "Malware payload (RedLineStealer)", "value": "8f64aaf463e03f2b13ecdc2b586bc446bf081ef7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039541, "uuid": "da11beea-baa0-468c-ba4f-7748f55aceae", "comment": "Malware payload (RedLineStealer)", "value": "7917a69ea37ecd97069a2c780ff188a74a7cbbcf4411670ce3b565c211db7e9ccfe5692c2aa6d9f1f2f31c2fcb788e8a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039541, "uuid": "81db5606-182e-42bd-a100-71e717e96ad3", "value": "T12B352317B2E85576E8B65B7058FA07E30A39BDE1863842BB3346E41E0DB33846533767", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039541, "uuid": "cfd1292c-ea7e-441a-8fc1-fc5c8c774e0c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039541, "uuid": "95ccd751-65f7-42a0-bc60-8736a37a25e3", "value": "24576:1yfxWagCqoflW7Lc0iFNU84sTNTAZoYL29QJbpg:Qfx1NHtAL9Yj4l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697039541, "uuid": "bb425251-4159-43bb-8044-917ec0029f0e", "value": 1089536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697039541, "uuid": "28bf5812-f8fc-4bec-82c1-da2c852287b0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039541, "uuid": "fe4c3dc8-3825-4030-90c9-418b71276d40", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b97e55c-6800-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697006070, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006070, "uuid": "93eb7f88-a60c-41ed-84d1-30e09cf7605a", "comment": "Malware payload (GuLoader)", "value": "1da4ad272c0003eed4123fbf1cff80ae", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006070, "uuid": "5d71675b-d3f9-456e-b3bb-9a4ab1e3f5f7", "comment": "Malware payload (GuLoader)", "value": "6e3847772eadcab31e071ee4d90a6e173d3c8461e1755f571fb06e9296c50463", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006070, "uuid": "0f7787fc-3519-489b-9765-b7e788b230cc", "comment": "Malware payload (GuLoader)", "value": "2e47403fa7a132db847d8825a4ddb82b580628be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006070, "uuid": "aaec0a26-8936-4531-b4b1-f42ba53edc41", "comment": "Malware payload (GuLoader)", "value": "6fc98107fd7721de4637b07dae585e6798d4cd1d7b11cc42c873aca61cfb7fd620d40fa38d1dee938323a2291398a2b1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006070, "uuid": "2b61c1af-89d3-4a8b-a732-a8beb3d6b6ec", "value": "T1641501A37905A0F9FB7486317812E525DB6E6F3AC99A048E119BFF2B70F027355CA40D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006070, "uuid": "d7216051-3774-4b91-8fe7-564068b9daea", "value": "f4639a0b3116c2cfc71144b88a929cfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006070, "uuid": "bf5e2467-b61e-4258-ae6e-6a88d9c3d2a9", "value": "12288:EfLFtD/gX1Bcd1XviKVBi+vlNeKoD1H0hfdc6vQksUjwGQSneIDQlq2IwJlGOgB:EfLFpRx3vTeKoD901N50GTnRQNJlG5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697006070, "uuid": "0fa6c088-c35c-48bb-a3f2-a5e548de0923", "value": 897624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697006070, "uuid": "312e41ab-216d-45f7-bd3a-e74a09546caf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006070, "uuid": "30792ed5-7bcf-4d9b-8990-a0987ae489b4", "value": "SecuriteInfo.com.HEUR.Trojan.Win32.Makoob.gen.25322.16227", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f9e174c-683d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697032383, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032383, "uuid": "72a9e9fc-be1b-4ca9-9ca4-a6a73cfeeadd", "comment": "Malware payload (RedLineStealer)", "value": "ee73ee06b273e455012d0dac8d905ba2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032383, "uuid": "c684d801-6d03-4369-9dfb-ec2fd021415f", "comment": "Malware payload (RedLineStealer)", "value": "6e5db63bde4b8327ef0c85e7a17f3bafff3447496711dfcfc14c4da023000158", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032383, "uuid": "f278cb90-569d-47ee-8cd2-f8a1a0513dee", "comment": "Malware payload (RedLineStealer)", "value": "12328cacd5e52d5b94f0b3b634e58ff4695f86f8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032383, "uuid": "e4f7d450-615b-4e3d-8607-b52740e31a49", "comment": "Malware payload (RedLineStealer)", "value": "9150e6de84760611a4576f4482c8cc75d5020f9000edbd1c91b6375722874e51efbc045d4f0258b81e155cb1e8558ac1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032383, "uuid": "ffe9e263-df77-463f-9ab6-d52f9b668eb1", "value": "T1BF458C297D8094B5DCF290B7C2FCB4250F7D90B40B2646C74688E6FADA375E2BA35742", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032383, "uuid": "ba3f1600-3128-43a3-80da-d59a037b6d1a", "value": "9f1ea67607e9ee1d44b0206531b49091", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032383, "uuid": "f3f9ddc9-fc74-41a3-939d-afe0d8fc6f8f", "value": "24576:Zj/0bJGFw+6PpKN6Q4liU4J+/hkjtDcN+lhIZ4K6ST5KAK9tm:Zz5FwzPpKN6PQcytDcN+lhIZ4KT5KI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032383, "uuid": "d193b7d9-e0ab-4dd6-b7d3-5dce7b4a9221", "value": 1229824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032383, "uuid": "1bfae8d6-8a76-4f84-83c3-375af60aac04", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032383, "uuid": "7f15aaa0-feea-4df4-ae78-d9c07d3b2218", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "625e1027-6873-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697055527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055527, "uuid": "085fa9e1-c197-4a64-b5e0-c55bfc28c444", "comment": "Malware payload", "value": "c44e538cad418948d6637482ab0a62cb", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "socgholish", "colour": "#4A4C7F", "exportable": true, "hide_tag": false }, { "name": "TA569", "colour": "#E7DB52", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055527, "uuid": "21ffe584-44b1-4f40-9fb5-a2f8464697f3", "comment": "Malware payload", "value": "6ec089aef5a52889daf80cc0392c93f309f3d1b4eadb7625443686db72b22935", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "socgholish", "colour": "#4A4C7F", "exportable": true, "hide_tag": false }, { "name": "TA569", "colour": "#E7DB52", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055527, "uuid": "4d0f7250-041d-493d-ad99-f35e7c5226e1", "comment": "Malware payload", "value": "ab6cfb3ebfb6a35f093a39af655fbf743330f2a7", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "socgholish", "colour": "#4A4C7F", "exportable": true, "hide_tag": false }, { "name": "TA569", "colour": "#E7DB52", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055527, "uuid": "1e89f7f1-17d9-413e-bc19-a4a8a0205a3d", "comment": "Malware payload", "value": "57800cd64cd27560e92a0ba1fd3158f11c9db5e51356ac8126b044644e31cfa3eda7754f1f9d9502c23828695d00eb60", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false }, { "name": "socgholish", "colour": "#4A4C7F", "exportable": true, "hide_tag": false }, { "name": "TA569", "colour": "#E7DB52", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055527, "uuid": "9c0c32be-d1d3-4b01-834e-c704e0ca0b0e", "value": "T1AFC1FD17F7D5748407830F636E2BA3C4E9548E96BD12C82BD580AFB96C24B74E799D30", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055527, "uuid": "0f0ec289-8444-4f8a-af33-1f524f0502a0", "value": "192:MMzL0W1GZ+4YECbK5PIzIHB7mSHuSTUqUyp:50N+4YECO5PhsVTqU6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697055527, "uuid": "586cffc5-efb6-45d9-a54f-5ce7e5243471", "value": 6152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697055527, "uuid": "9e511571-48bc-4015-baa7-85a6cc07e2af", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055527, "uuid": "42f19af3-1fb2-42a5-b22f-8252177ebc33", "value": "Update.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d8343ed3-682b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697024801, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024801, "uuid": "cd9a2637-bddd-4e5b-b67f-55d2aef4b295", "comment": "Malware payload (AgentTesla)", "value": "333d4bcb0d7983e03d913a0998128ec1", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024801, "uuid": "837df3fc-3dd7-49a0-a1eb-4eb53c3fed1e", "comment": "Malware payload (AgentTesla)", "value": "6f05bf4e73fcdf1621f9b9e91976ab14df2b7203c00f44b555f69249e57ace05", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024801, "uuid": "10f89f19-2d5d-4b17-961d-09905e1805c4", "comment": "Malware payload (AgentTesla)", "value": "8ba5e669dcbed5f7de3d1b95f411e3ad1d58f815", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024801, "uuid": "f789cade-fe18-4521-a57f-93d1369b53b0", "comment": "Malware payload (AgentTesla)", "value": "d57870e38b068570e221058d1d6bd33d2b019f5f01828a042978adc713a6110623f28b3681af1b284a0feb69fb2c0159", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024801, "uuid": "efbe60f4-dc5f-4d35-b50b-928ff7894a3f", "value": "T18E340E077E48EB11D6683E37D3EF6C2853F2A4C71673960BAF48AE6525412436C6E36C", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024801, "uuid": "70ef3802-0b8d-460b-a2f6-ed0bb8723c10", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024801, "uuid": "f838a798-06d0-43d5-b0b6-952d99bef39b", "value": "3072:L+cfrTQSBrDkQdvDR55yYb+fLr5jFspjHBJ:L+cfXLBrDkQRD1i5jFij", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697024801, "uuid": "360773cd-7b8b-4faf-9aad-fb7a4b2ae377", "value": 244224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697024801, "uuid": "7e59dced-4ef3-4047-ac46-4f0e801552d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024801, "uuid": "8b9da3f5-ebb9-4005-9b4c-a4838c0f6cd1", "value": "6f05bf4e73fcdf1621f9b9e91976ab14df2b7203c00f44b555f69249e57ace05", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba6b0e6b-67ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697005853, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697005853, "uuid": "9a9353bc-9375-4407-87ef-9faf9430a472", "comment": "Malware payload (RedLineStealer)", "value": "70c6f78125c5fbc21c970e8e4cb5049c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697005853, "uuid": "8e40babe-85f1-4699-b4a0-cb21758eea2d", "comment": "Malware payload (RedLineStealer)", "value": "6f2df4f28643ccef9a5889bfa5d2fa005b57224ab5ab6be53954edd34adffdfa", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697005853, "uuid": "6106dbe5-a395-403d-988f-d518101372d1", "comment": "Malware payload (RedLineStealer)", "value": "4f3010dc95fced2c30bd49802997d875360c4774", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697005853, "uuid": "bceeed2a-6d2f-4186-8fc0-f824323b650c", "comment": "Malware payload (RedLineStealer)", "value": "0617b03b0dee7ffc74cb66f7dd9b40c4fe47c9cccf93bafecff9eb5f0af0cecf9b69b0016f1ba489528cf3b997cc6d64", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697005853, "uuid": "9f4e13f5-663e-4a76-8409-7c904b290913", "value": "T163548D007491C032E8B319378EFDDA6D663DB950075665EBABDC0E7ECF206E1BA30956", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697005853, "uuid": "40abf7aa-178c-4efb-93c4-cf1569a86585", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697005853, "uuid": "0923f894-2c2f-4d24-aac9-15df76409268", "value": "6144:d9ljNjjYma22525kZN3UEYNwJRiW23hAOsQOh0GQGVHeSrn5:3ljFjpabo5Y3Nb2x+t/Jl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697005853, "uuid": "913b6b4f-3ea9-4d3c-bf4b-02bcbfd857b5", "value": 305416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697005853, "uuid": "43ec564c-6580-4563-8c5f-eb8733a421f2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697005853, "uuid": "79664081-a960-4b30-b8fb-3f0ec0ba2e4d", "value": "70c6f78125c5fbc21c970e8e4cb5049c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "133af609-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697051529, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051529, "uuid": "ae04b0dc-33da-43a3-b77f-1bd39a8384b5", "comment": "Malware payload (RedLineStealer)", "value": "2e7796bd9dea4b4c81a8f48a837c44bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051529, "uuid": "72ac230e-295f-4c0f-93a1-a1728525e989", "comment": "Malware payload (RedLineStealer)", "value": "703ad067513f52c8839d90c1853392f33c52323ea2b77f15e00c0a9b283c42ef", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051529, "uuid": "1f8ad53c-3599-4edb-857b-c4c7ed9ddb2b", "comment": "Malware payload (RedLineStealer)", "value": "80ede6c64494c5654f9e77bdd1e3c89842b8463c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051529, "uuid": "62323bab-e015-4369-b66b-81a7586e8ee2", "comment": "Malware payload (RedLineStealer)", "value": "a1a0ba9b350c14a9721d0648ee8a42a308f4988b4f4d491ee6e9b82ac069a52bc8023518c3675f614d34dcd01a4c2ddb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051529, "uuid": "dc8d5670-a5d2-4232-be6f-e34f7f0bb970", "value": "T1AA652313A7CD4937DCB617F058F306DB0D397DE1CAB0411B66C9681A2CB2AC4A97277A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051529, "uuid": "ff9fb960-3142-443d-9c9e-e620f9e02754", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051529, "uuid": "6cb5f49e-b33d-41e3-9605-5bc8fd6c8f26", "value": "24576:uyVV43TWwWO3q7isgi5mGbYt6Bmfqp5kDFXwCbnb2LqJiD2gxeHM+eNIKSi:9ICwWxilSY4IqaPemJ62ieHM+eVS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051529, "uuid": "84792e63-3b62-437d-9ea2-2d0d25d66aaf", "value": 1546240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051529, "uuid": "928a5a81-c934-4457-8fe6-f5ed652deb90", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051529, "uuid": "e345d4ba-f5b1-4520-84af-e2e2b76369f7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6bdbea8-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052689, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052689, "uuid": "8965605f-a9f3-4d72-a004-8a855b7f4e90", "comment": "Malware payload", "value": "534e8c1d3d71f8736793b80048c3dbdd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052689, "uuid": "3d5af1e2-04cc-4393-8b43-46587dbceb49", "comment": "Malware payload", "value": "70debce3a545cacca8b0bdb6008945852084b36e9160424fb63479c2991dcade", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052689, "uuid": "fb952634-81f6-4a5a-96c8-da47ab29530e", "comment": "Malware payload", "value": "d651b9cf8a717609656f13183ac1c9128e5c9105", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052689, "uuid": "e0b888c7-312a-4e4f-9562-1c9affed30b3", "comment": "Malware payload", "value": "1348718756e203227d811abaf75136dae41cf1a4dce5c5f51e8c0e0a3f06dfaa1cc2f2f202cfefcbe2f13752bb10e6ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052689, "uuid": "0d3b2c43-ad77-41ef-b05a-e6a581d10f10", "value": "T16295F703BA4789B1CD49573AE69B0C3423ACD5817713F61A798A235918437BE6A4FF0F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052689, "uuid": "de6213d3-97c4-455e-8187-f2810f433202", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052689, "uuid": "a211ec80-4172-43db-aba8-a909aaf14ef6", "value": "24576:eGgZShKmrSYSvcrWgzZTqZ8u+gJHE3nY0AdxPQaXm7sqUF0MU8GO0bb:ee+eWghqbEGdxPRWQqy0MU8GPb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052689, "uuid": "82cd68fd-e941-479f-b0a3-96cf84da6836", "value": 1983488, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052689, "uuid": "8da70a14-9848-4b07-bc56-0543942f1d6d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052689, "uuid": "e472107d-ac62-4a38-b0e8-e5334885b1d9", "value": "534e8c1d3d71f8736793b80048c3dbdd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d29aad7-67e2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Healer)", "timestamp": 1696993295, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696993295, "uuid": "726bda42-c55d-486e-8568-c86c12c09b6c", "comment": "Malware payload (Healer)", "value": "cd477aac77d7453206b9e984a4444fc3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696993295, "uuid": "34980b91-dce9-48a5-9e9b-c368284ebba3", "comment": "Malware payload (Healer)", "value": "7106d40d171b3795f4583a91e1b105bd7fc2cb102e290d33d9bbd01ce12622bb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696993295, "uuid": "5eba9865-b099-4226-95b3-8357d458d94e", "comment": "Malware payload (Healer)", "value": "c798de0cf5623a3d7b4beb0e8fa98bb6f32e91b9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696993295, "uuid": "1288c91b-b48a-4e8a-aee4-c2459874c7b1", "comment": "Malware payload (Healer)", "value": "aada3dac288bd7e972f05c4ae2815aaa90a458e53922eab748cd71bfdaf08cf3ad4cdf9aa06282ddadff9f97d2f78716", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696993295, "uuid": "e4231396-3afb-4c29-8943-313eaa91fa56", "value": "T146F41202FBE88026E9F66BB018BA07431F367C559AB4835F3702DC6E0DB3695643577A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696993295, "uuid": "b6a1dcd7-98ca-4dec-abaa-406bcdeea3a8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696993295, "uuid": "5f0de9e9-5acd-4774-b570-3c598a5bc52a", "value": "12288:qMrYy90EqcrEywjFwiKj1PC4/JTc557oUsiB3yPC/oVSnuFlx1GM7Hzj:eyUOiKFC4BTI57oUEkoVcWvnj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696993295, "uuid": "0ad78ae7-43d3-469f-8c97-7c8a704ac1f5", "value": 771584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696993295, "uuid": "8c408713-1842-4aab-9e06-c8cae6ac4ed5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696993295, "uuid": "7b47619e-9135-422c-8fbb-f026b03c01e6", "value": "7106d40d171b3795f4583a91e1b105bd7fc2cb102e290d33d9bbd01ce12622bb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3beb3171-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052456, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052456, "uuid": "18d4ff2a-d961-47c4-8f69-4294af8a1979", "comment": "Malware payload", "value": "517b091e95df581ef75d087c34b6e1b5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052456, "uuid": "ce64917f-d464-49bd-9220-7b57b41ed521", "comment": "Malware payload", "value": "712112fe548cf6e57c16af74063863f34972ad2a4610507406829f349a02f6e5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052456, "uuid": "ebca8c2b-d4c1-43ad-b7a7-4a2e3adc31ba", "comment": "Malware payload", "value": "f047118c6dedbf0a11b819b2627b1c7f64d1c042", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052456, "uuid": "1b4d37cc-8b24-4a87-a8da-c8964fe2b5b8", "comment": "Malware payload", "value": "1d25c58159973b41bd81e6bb665389f978357de837e12ccd84766120d858740958c3356c016ba1e30c0f4f593e0e7d42", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052456, "uuid": "40a7bbd1-4447-4566-801c-a9294a86215f", "value": "T160A229C1FB845626EE240B70A66B4E30673ABF1B87261B4F27C5731A3D87952263F416", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052456, "uuid": "c3a2eaaa-2428-4e59-8e9f-c7777442e649", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052456, "uuid": "0e152962-7a73-4e30-96d6-c43a773369f2", "value": "384:pTYsWJZxNPnbn+b/AeH9F9wGjEnAtNCSGFqUO:pEJhPbn+rLXiiEnuCLFqUO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052456, "uuid": "7f7e1b7d-29fd-41ad-aa87-121aa848404c", "value": 22528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052456, "uuid": "737d2f7d-19d2-43dd-9e45-75c874da32f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052456, "uuid": "e1851658-3666-4310-9b24-0b1a647c1027", "value": "Krtzxmje.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9109e767-6810-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697013085, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013085, "uuid": "86940014-c57e-438c-a688-d544bcacd1b8", "comment": "Malware payload (Formbook)", "value": "6225726dc2de3b5db96c8761185295f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013085, "uuid": "9f9b8f92-e5f4-4b2e-b817-7d7fffd87b03", "comment": "Malware payload (Formbook)", "value": "7173907e8db4e17c40c75efda56d1c1148ae5fc8c5d63a08be83e6e5b1cfe19b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013085, "uuid": "bfb71c44-7de3-414a-b274-e79406a6762b", "comment": "Malware payload (Formbook)", "value": "ce9273692b61591fc8da5eaaaba119fa7b46c615", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697013085, "uuid": "8b9114fb-cf41-47ff-a335-359616c1e3c3", "comment": "Malware payload (Formbook)", "value": "323da9c0965851f43385d8a2fea66f822f583089fbbc714c03099bccc0d89b4eb2fa2f4c7590e7001e8da9407ff27890", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013085, "uuid": "164a4e00-21a1-478b-a1d2-c7981f20d300", "value": "T19643F87C6362CA26DADC4FF654E7F1121B70A1439903DE3E08C45CE65FF6AFA59012A8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013085, "uuid": "bd1b896f-8912-4272-9695-2e83073e691f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013085, "uuid": "0f63bbc0-4837-420b-baf9-6d5ba84be6ad", "value": "1536:CS5xohbHLMbG7gMfCfWHBvy7nElIbNxi07:35xohbHIqgMtdOEObNn7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697013085, "uuid": "49e71302-f796-492b-bde6-a003ee4338ae", "value": 55808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697013085, "uuid": "61d270f4-036b-478b-89c3-74dbf8f8bbdf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697013085, "uuid": "48e6f78c-491f-468e-9ec8-26457a0f2429", "value": "sample.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bf1e7cc-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050711, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050711, "uuid": "c83414ac-925b-4e17-9967-5e4869dad363", "comment": "Malware payload (DBatLoader)", "value": "5142edb1789cf6c61701efd16eb9cea6", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050711, "uuid": "bbafb5e1-e703-401c-a1e5-30c877173439", "comment": "Malware payload (DBatLoader)", "value": "71e47c516e0fc4c7fa136f0d5abb1fa130ccf34ffea2888c072439311c8aa307", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050711, "uuid": "d42c53a2-667e-4f80-b4e6-370cccd273f0", "comment": "Malware payload (DBatLoader)", "value": "86e0621f2b97c9e9c050f285ba29991252a62892", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050711, "uuid": "c8a47c00-721e-4866-896e-d4f8e7191e47", "comment": "Malware payload (DBatLoader)", "value": "077dffe8a49a0e00bb12d344ca4517e69bd9369e73cd472bd61e9f089b6cf532ea0ee82db1defddb822f37b2f9612d78", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050711, "uuid": "ec6fa4e2-9a85-4190-889c-c4b5fddf03af", "value": "T121556CE5A2408C21D0367978CF5AE7D5052D7EDD6D068CCD4E60DACF2A69AE0B9FC063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050711, "uuid": "f2beb740-f034-439e-a957-10301fea05e3", "value": "7b81750dfa561fad4dadd71b82d358de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050711, "uuid": "b197412d-1cd3-4c0d-aa90-fd9821ad18a1", "value": "24576:iFoEhCKAXS/1+O9P1Bza+78soKoxm5OST6Iytld3BIwbgKcQrE/k2+oVN:iF9ii/1+O9P1BB8soKXx7ytldxeV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050711, "uuid": "76a13ebf-ab51-4986-8096-99d2268b28a5", "value": 1300992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050711, "uuid": "957fd6c8-7f1a-480c-a300-32ba31d8eb6a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050711, "uuid": "592f01d6-a9af-4b47-944f-d108f1cddcac", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98b784b4-67d4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Vidar)", "timestamp": 1696987328, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696987328, "uuid": "2e0e5f4b-cfef-4e2f-bebe-e7e5e3952ce9", "comment": "Malware payload (Vidar)", "value": "6dd637aff9819a60bae8503e4bcdd057", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696987328, "uuid": "310550b6-0438-4ba3-b5e1-0de1e28b0b71", "comment": "Malware payload (Vidar)", "value": "71e9af5f139c8743a53390345e7f19199b17892955f0d4607340d7b651ac869d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696987328, "uuid": "602d3b58-aafe-4093-ba02-b6875085fd7a", "comment": "Malware payload (Vidar)", "value": "de795b997ef5c8f23fbd6070807bd356583591ce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696987328, "uuid": "ef77a6f0-b4c3-4f22-88f2-281bc73e1336", "comment": "Malware payload (Vidar)", "value": "9c02127908bd31743eabfd07ab45b5defd15cdb140ec53a041e188c214ded7fe5435f15cea770c8e911f6c267b2bab98", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696987328, "uuid": "ae0e7d9e-b4e9-4460-951e-8f74591e5fe1", "value": "T142267C06ABD401E5E467D630C92FAB32D7B2BC5E1B35D34F0815D25A1E73AA18F6F221", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696987328, "uuid": "511eea35-5b15-47c4-9d5b-fbde4c572633", "value": "8b609662a1bb2ab7e471e49c70dcc22f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696987328, "uuid": "9e929a64-0bb8-426f-a352-65324338e5af", "value": "49152:cmsYNAENX+V06jNeAWwNHkUNy3kDlhgFWIoT7j4G4dg7YDXnFj:YY7skhKV7sC7Yb9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696987328, "uuid": "65a869bb-cb62-4408-b0de-e2828ce3f701", "value": 4482784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696987328, "uuid": "3a286b2b-d622-4b2d-8ff0-aa6d25f486c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696987328, "uuid": "b6106db8-a2ad-4a7c-bb4d-3921070ad7e5", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "864fd930-680b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1697010920, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010920, "uuid": "c6d0aaf5-dfa7-4892-a63c-4c1eae85345e", "comment": "Malware payload (LummaStealer)", "value": "1d3979df5dbc39d00b8c44bd2d818438", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010920, "uuid": "74c13745-dee7-405e-a74e-104012bb3231", "comment": "Malware payload (LummaStealer)", "value": "721b55f4a0841a74df6995724cc47613ce5c61ee81e52840e7b2c79b73ec5d5c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010920, "uuid": "f5d818d3-31c2-4dfe-a97f-6ab067d81f01", "comment": "Malware payload (LummaStealer)", "value": "216adf0e48fa41d0e6026fb57e0059e082cff539", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010920, "uuid": "bd4b325f-9133-40bb-bb66-54a04729de47", "comment": "Malware payload (LummaStealer)", "value": "97c7d4a92c7e1ab4bdd4bb87f2c8072760b92c2470db999ebcf4f1c6dab1cf74f932eca6fbd0241f63d3d5d0ca2ff5c3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010920, "uuid": "7eeefe3d-7a66-4e54-b9ae-245cef58bb26", "value": "T1F944BF01B4D1C432C97A253609E4DBB55A3EB8310EA59DAF67F80F7E5F302C1D722A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010920, "uuid": "d3a88b31-5e99-4136-b8b4-be134b9b20bf", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010920, "uuid": "5532e42f-90fb-420c-9dd9-8d2972a7434b", "value": "6144:gC7map0Gm8XTX/lbXat6ULk+j5cNAO9N7DVQmIan5:xCaKGm8DX/8CXFDe3s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697010920, "uuid": "1a12930a-31ae-4a9c-9992-707b545edda3", "value": 261896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697010920, "uuid": "5ced3b30-9b0d-4d65-8819-bbd59ed123b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010920, "uuid": "bf91152d-904f-4d30-844d-d559fc6ec2c0", "value": "1d3979df5dbc39d00b8c44bd2d818438.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "895d5f7b-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066759, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066759, "uuid": "eb580afd-c119-4d51-bd30-d34cb19838a0", "comment": "Malware payload", "value": "6af2b8dddd0dec1414ad9e83a2cda878", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066759, "uuid": "47cbaf9f-3284-44d4-984e-f33618c723be", "comment": "Malware payload", "value": "722c44ca69df5a45e0c9d80e0f74427539c71b9cd64c83978e722731d1a439e2", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066759, "uuid": "e063b8ab-af78-4095-bb96-e5916ea00bed", "comment": "Malware payload", "value": "f925ae5ac30efc210b9308df824183d2ab41e750", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066759, "uuid": "4c0a9e8c-f331-435c-af81-a953a24e1083", "comment": "Malware payload", "value": "117f73d78cbc90ad9e4ce278b5f6121fdb93498ee372d4d7efaf5b2171d819ce485c247f4937314d29cf8e878bedd991", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066759, "uuid": "b4d4978a-c2f6-4cf0-958f-508c94a61f36", "value": "T1D97423C5DC78BC15C6D0412624D3F5D50037A8B8A49DEFA383C85E2EC57929AACAF74B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066759, "uuid": "1ce32dcf-787d-4627-a5f0-b613a6b98c08", "value": "6144:fwOb8MSAAmIn7vp7eI54IiJvOVnp/0RBgTL3o47YZ1wO7ys3Ex480tCoP6DUp5Uv:fN3A7RS6Vnp/6BgH3o4swWNCtiUi4Gr0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066759, "uuid": "82accb41-bc31-41da-a9cf-98299facaaa7", "value": 366166, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066759, "uuid": "958fc0e7-ecb3-460b-a4ed-2b79069d9526", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066759, "uuid": "ce4a80c2-1b30-4124-b010-1635bee5bd0f", "value": "DKMW5678_4891455.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f98e0c9-67d2-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696986347, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986347, "uuid": "e271fccb-f8ce-4d45-8c62-4fda96844080", "comment": "Malware payload (RedLineStealer)", "value": "8f2624c3b04c0753b978631dc4d226b5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986347, "uuid": "ca503c7b-79e0-4864-bdcb-9204b8859838", "comment": "Malware payload (RedLineStealer)", "value": "72473ed962be244969ad1b0d2387c57a484d569a068cc7b3c19a5dabab07dcc5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986347, "uuid": "2065557a-717e-4092-9c8b-9652296dc05b", "comment": "Malware payload (RedLineStealer)", "value": "83d676ad004ecc3e9db2d448c2ac6b451eca7f3f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986347, "uuid": "474e77cc-832e-4aa1-a860-3f5609cada57", "comment": "Malware payload (RedLineStealer)", "value": "ce432719f8969ae58a625adda5354e994f456483a33df7360afb1078ac18361bc6f8c1ddeb29508e3b62985a3a76ad0f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986347, "uuid": "f06cb839-5d1b-42e9-a09b-61207ce72f31", "value": "T129452387A7D44052D87407B181F602CB2F31BF61A9B486233796589F1C73B8879BA76F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986347, "uuid": "07cd58f1-d511-474c-94f3-1bd1b7874412", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986347, "uuid": "43eec7c9-bdaa-4f05-9fba-ee5706d016f7", "value": "24576:pyURw1JY3oJrFsbtM/o7SeTt/tPR1VnE2XTJFlq2Hd:cUAJHnQ7pFtPRBjH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696986347, "uuid": "ba14cb97-8eb0-4243-b07b-40bd387b524a", "value": 1225728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696986347, "uuid": "b25433f8-128e-45da-b476-dba87f3645b6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986347, "uuid": "31ba9f7c-c3dd-4658-b0d1-699dff68f20a", "value": "8f2624c3b04c0753b978631dc4d226b5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0742533-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051417, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051417, "uuid": "175641eb-0ad2-4928-9c98-47c15800a172", "comment": "Malware payload", "value": "a41c4b0c91c6c6750426eb3ce29aa1cb", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051417, "uuid": "240e62f4-1279-45df-96ad-7d9274cd9941", "comment": "Malware payload", "value": "7316b0e5c95d1ff17274693f4681e7920d6305079d5833c96acf54d724852651", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051417, "uuid": "21421ca5-e777-40d6-ab10-329de0510877", "comment": "Malware payload", "value": "1665f9c71aedd9a0c384552e714ee1fd0178a711", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051417, "uuid": "8548604f-f10d-41b9-96e7-379e2b6d3177", "comment": "Malware payload", "value": "cc32e8fd794694dc154ecfb3aed4c6e44add9297fb669d44f2d64cb16fe6c5d3fc4aaeef3bba4bf40f3360b1ad35834a", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051417, "uuid": "a9cc51d8-1e33-43eb-b892-cbf28ce98f0e", "value": "T1A3732860D9D6263E4A871BEDBF429441C5F8896E8325815DFA9E037E112386CCB3F758", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051417, "uuid": "f8f7039b-d13b-47f7-892c-a85f7ba14a2a", "value": "1536:CPThMc7gioqiGKKoeTHj7W89C0jO1dEZYIeVKXNvXF88G:2Tl7bi1FeDjCLXErnxXF88G", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051417, "uuid": "ca4b09d7-4379-4a84-bd4c-35350686a97a", "value": 78126, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051417, "uuid": "fc82907d-caa5-4988-8f9b-9f33e33fcdc6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051417, "uuid": "11f34171-356c-416e-a7bd-aaf53db3d3b9", "value": "Justificante de pago.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eb433190-6889-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697065206, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065206, "uuid": "fb8697b2-cbff-46e1-b92f-60979a73eb86", "comment": "Malware payload (Mirai)", "value": "9b824f1fa12e28d01a2fbffa847e457f", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065206, "uuid": "c369dfb1-8e81-4ca5-9fb6-26874445f793", "comment": "Malware payload (Mirai)", "value": "73618a35f44e26bc9befa104bf9e22161b3dffeca612b0b2e695b8797196213a", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065206, "uuid": "5da3098f-cd7d-4cb7-9b33-245999952b17", "comment": "Malware payload (Mirai)", "value": "a78d8313b9655406ee2f53d9289c548526e06d3a", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065206, "uuid": "565a75cb-ec2d-424a-8d22-544487426c10", "comment": "Malware payload (Mirai)", "value": "d0905cac38eea6cbdf1384d11742a9273bf48a74c3351514f4c0def6803a1c51419ffad26bc7508bbd2ca83fe710cc91", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065206, "uuid": "6f208f48-1f79-4b62-b0be-4ecbd66673ad", "value": "T1AFD2E0B99FBA460EF4CA373C9E9EDC99659CBC642BBD424606410E2231385E1E3DCCD0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065206, "uuid": "6c486738-efc8-47c1-836d-5804fae5c7b4", "value": "768:UN8fWlfoQmQAXV7EmQciiRcLprDKTSjgq2:IMNXFl7zN4PwB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697065206, "uuid": "8710d3db-412d-485c-afee-9faa23994361", "value": 29904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697065206, "uuid": "9706cf78-4d51-4d40-a799-b92dc7d483dc", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065206, "uuid": "ab4de1f2-8aba-46f0-9f2b-d360eb15c7cb", "value": "xd.x86", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d490cc18-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697051424, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051424, "uuid": "43dc7537-9374-4fa4-8a20-5e4c6928cbc0", "comment": "Malware payload (GuLoader)", "value": "b4d1b6434380a5479afea71fd73a9d74", "object_relation": "md5", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051424, "uuid": "eab9ce93-fb9a-4973-b280-6987a0cf9b31", "comment": "Malware payload (GuLoader)", "value": "73a362f5fb3b1512dd913f9f5fffe0e3968d10ee6e5c243bd76ecbc5cd20e45c", "object_relation": "sha256", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051424, "uuid": "cf12b658-68ae-416f-bdaf-c4b891801ac4", "comment": "Malware payload (GuLoader)", "value": "c2a71e71e07314f75d4ffbfc0778bd4a277dac6d", "object_relation": "sha1", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051424, "uuid": "1f506292-9948-4850-a73c-b9e7eb6fdbe1", "comment": "Malware payload (GuLoader)", "value": "af132b8f3bbaf7c4a1ee7e3eefc2b81e3286e0240d9fde8f51426320b67f4f7383749f45a8d73a50fa1a9342f2ad0314", "object_relation": "sha3-384", "Tag": [ { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051424, "uuid": "79bc483c-0a97-452d-873b-a575f650b86d", "value": "T19B824CB1CB5E160A4FAA27CE9C46885D8A7C8525703F4018BFAD03ED23065BCD7ADE5D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051424, "uuid": "10a7b6a8-b7db-4a00-8a01-a6c6a04d9130", "value": "384:d3tHS5keeAxrwL/YZ6/JYgL0k99CEbf1dd1mn3F2Q1zIdpVyD:hFSVeq2OvKRdURIdpy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051424, "uuid": "5dc3acda-2438-4572-842d-8027529a3e0e", "value": 18442, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051424, "uuid": "73413c29-6651-45fd-a3ea-728c9b392165", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051424, "uuid": "219dc8a0-98e1-45da-9762-7b9019fcb13b", "value": "Equati178.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54a67767-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697050780, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050780, "uuid": "4f4b95d4-62ba-4a06-b045-b5c4aa357300", "comment": "Malware payload (RemcosRAT)", "value": "25f4d53da0f965bf5e74463c48f121f7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050780, "uuid": "012cfb3d-f19c-455f-8671-07b1f74f1aa2", "comment": "Malware payload (RemcosRAT)", "value": "743a42fa1745ca546bde00cab7c219c79b795ab0676a2d7478a655db7efa1fb2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050780, "uuid": "dc746973-d572-4d1d-ac1d-32bbedaf98e2", "comment": "Malware payload (RemcosRAT)", "value": "b270a8b20a838062ac883a42d4a7980a7093838f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050780, "uuid": "1c31cdc2-797f-4025-8b76-de284560f5f8", "comment": "Malware payload (RemcosRAT)", "value": "6f97035abe613a4b922bf06a28d3d2c331120f538552f789f0cb38fc8033a647399018d9ac2c642d5371d230467d009c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050780, "uuid": "4c68de47-3df2-4689-9d9e-284b941dfad5", "value": "T1C9A5F167A2918D37F4323A784C1F92985C2AFD202D54EC8B7AD51E4C2B7A7903D39367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050780, "uuid": "1053f57f-2a95-4c64-b88e-8ad8b9d24904", "value": "f48d9fecb191a3f4fc9501cb4eaddebd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050780, "uuid": "ccdd69cc-afa1-4c9f-bfb6-6e138c8c311d", "value": "24576:sjZWxAnwlVih2Pvhs6E/Hs63YeXb6id8UYeDRXCgRHCZezBQu7FR5VNUAJOw637m:sjZDwe6Evs6oG6mYoYWQu6HwgP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050780, "uuid": "711a8ec5-0bf2-4af1-bb57-daec04dc6eff", "value": 2234880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050780, "uuid": "fe2df2f5-0df0-44a8-bb5e-d89ac826fbc9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050780, "uuid": "6dadc781-6601-48c4-a2d0-33249c2cb44e", "value": "PO-882020-2023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5c015cd4-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697050362, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050362, "uuid": "8ec81fe3-c28e-40e3-9bd1-7ae6425dd297", "comment": "Malware payload (Formbook)", "value": "7f4be9fcb7371a4a4c98462602a33639", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050362, "uuid": "8688f37a-55a3-4942-a8e9-884acfe1fe9a", "comment": "Malware payload (Formbook)", "value": "7475dc716905ee9a57aa78bdb02c71c1d22d93c67326ac2eedb0b72ca82207b0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050362, "uuid": "76c245ff-910e-4555-a987-3dbfa6b154f8", "comment": "Malware payload (Formbook)", "value": "85fa43c5a81e7bdc95e666ffc96de85174a406c8", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050362, "uuid": "ffaed01b-e4ec-477d-8a83-c0828552169e", "comment": "Malware payload (Formbook)", "value": "2695ba15f2437cedc4a954f0ee34dad142eaab0162574e82256a5c0aebe9c93d76049fd257beba4bf91998eaa023ffc6", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050362, "uuid": "4976cce2-2e0c-4235-a945-027caa494d73", "value": "T1F074121173C5E193D42AA6352D39D2FA4ED4BE19CEB84713B3C07F9F7D7AA424809262", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050362, "uuid": "5b7d0ba2-c149-428d-a47a-a9c5f03bdaf6", "value": "f4639a0b3116c2cfc71144b88a929cfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050362, "uuid": "96f2b353-fcec-4663-a482-16b332fbfec4", "value": "6144:6XFKo5kfRpRMZl+qmHg+CNZEibarfXGqDcEHFM6uOv6:6XojRMiN9DGqDcYM0S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050362, "uuid": "40cdeb1c-b021-4d61-bb6b-e6b0b1342b3e", "value": 340531, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050362, "uuid": "6c6ba86f-23da-47fd-8f39-e99e91e001bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050362, "uuid": "7a1da5be-4b0f-47fe-b7df-f2774052a84c", "value": "7f4be9fcb7371a4a4c98462602a33639", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90203ea3-6834-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697028546, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028546, "uuid": "587d5319-3e6a-44d3-9cab-7b5d539762d7", "comment": "Malware payload (AgentTesla)", "value": "6fa731514092a76685ab07530c562186", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028546, "uuid": "f4267e69-2fe1-4050-84e2-25d6e5b3dcda", "comment": "Malware payload (AgentTesla)", "value": "74a84823c35436e2a73f303aaf86be5d2c59f025c948c0044f948d613da91870", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028546, "uuid": "676c46a3-f027-499c-9c7a-e7db92a3c6b9", "comment": "Malware payload (AgentTesla)", "value": "e2118d856d3d42ac24da5d9c1132131ba807446a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028546, "uuid": "a28634e0-a6b3-4887-9b66-5140c5f518b8", "comment": "Malware payload (AgentTesla)", "value": "9ed71aeb1094f24f5a85d55bb5dc567eb11efc1a95985528506d7d878c84abf4e7741a2779d82d249cd733862810a4f6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028546, "uuid": "03b99a44-4eae-41a9-8c5b-b474f100b68e", "value": "T1AFE4F1157AB9AF27CC36A3F64665448407F23C2E5834E684AFE236DF2935F805A91F07", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028546, "uuid": "74c4de54-5f63-4ff2-b58d-5eefe167e075", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028546, "uuid": "010a838c-6bac-40aa-bce1-d83181b5f192", "value": "12288:ylI0+X9K0xyOV216hqfPZIVVbpoFH6RGohLVO:y20+txxyH1o64VoFH6AofO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028546, "uuid": "cc3045ee-5f60-4ab3-af29-99a3b6325c92", "value": 701440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028546, "uuid": "228a7d49-2694-4f0f-b797-200bf59efa3c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028546, "uuid": "985e8c8d-723e-4493-95a0-c89e899fe59b", "value": "COTIZACI\u00d3N.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60b009c4-6884-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697062826, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062826, "uuid": "e7a94276-1611-43a6-a333-8e6978736a0c", "comment": "Malware payload (RedLineStealer)", "value": "3f13bb7a0ac37f756e8ee90fd113f1a8", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062826, "uuid": "5fe75fc2-aae7-4c35-b67e-336909b199d1", "comment": "Malware payload (RedLineStealer)", "value": "7521fe7cf28ff958d95f95a7d873f5321069ba981c99d4a3c3bf889556064dda", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062826, "uuid": "9870c644-9c13-434e-a660-77fddacaae13", "comment": "Malware payload (RedLineStealer)", "value": "889b2d13bc5179988f6a6d5c4a7d07edf818c704", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062826, "uuid": "7a305849-cff7-4fe3-9013-164e4d78dc13", "comment": "Malware payload (RedLineStealer)", "value": "500a007a5f219996a19949c3a5fd106d6ff4eede70449a8f330ee498e665adb838074c4655a2aa185b4986669d015285", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062826, "uuid": "e4c85bd7-75cd-4b76-a061-b3753c2f9579", "value": "T1E0549D0174958232E8F315378EFDBA6DA63CB950075665EBA3DC0D7ECF20AE1BA30156", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062826, "uuid": "5aafb088-b7ed-474e-ba0b-5c7d675cc221", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062826, "uuid": "cb536a8f-20c8-40f1-9cb9-0f514db8b16b", "value": "6144:h89SIDbmaKcGSUm332GHECghdAOYUghaRk+plXOn5:m9rDiadGI3GTMQRntY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697062826, "uuid": "a56bb23f-969f-4a6b-9203-d02c038da6ad", "value": 302856, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697062826, "uuid": "fe319b7d-e8d1-4fe0-bbe4-392c07c0bbcd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062826, "uuid": "e31b1d97-cdc8-4074-81e7-2a860155ffd6", "value": "3f13bb7a0ac37f756e8ee90fd113f1a8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "44bb9a42-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067933, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067933, "uuid": "ee5d5567-72a3-4ee5-af8d-050a2bec24e1", "comment": "Malware payload", "value": "e57ccafa9f8c49657073add0d0536e42", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067933, "uuid": "353fe1f6-9cb9-4555-81a8-db06b6dc4109", "comment": "Malware payload", "value": "766653b6e5db8d5ffc46735bc95d73aa75ec2e3776136076f76a1fd6483518c5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067933, "uuid": "b476a52c-961a-47ac-99b9-f700e50beda9", "comment": "Malware payload", "value": "77e9056492e97c49ea2bd9294abcfc03eeee0772", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067933, "uuid": "ccccbd3b-bc97-4e44-988e-31cb0d45eacb", "comment": "Malware payload", "value": "c4ff1be7ca7a24886539a35ddfb7b05ebef1b796c04ddfa29ab9d06e16346e9e438673d28f1e36404a9e914e154f5dd5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067933, "uuid": "2c05bb88-e0a5-4472-a85e-cf7a029e8afe", "value": "T1F3D4E05A72E40C79EE738139C9536946E672BC211660EA7F0361475ACF3F390AD3BB21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067933, "uuid": "d9486d65-d4ec-47c2-acd4-f778279eddeb", "value": "7ce9e53905dcbbd72b6f2fe3c0459df8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067933, "uuid": "41b46f45-d966-4a7f-be11-1a1bff4ef8b8", "value": "12288:pjan3B7+2BoGEwYXorDxBDWgyv9cii8VPezCTr:Mn3B7+2ByJo/DWz9cS2zW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067933, "uuid": "8a7cc579-b7ac-4da1-98d5-bdd48933a96c", "value": 597504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067933, "uuid": "82e1661b-ed79-4053-b76e-9fcb60864b4e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067933, "uuid": "1d90da06-6fca-450a-93e1-e7b14201caf4", "value": "Vievsp.bin", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0629ec89-681f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1697019295, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019295, "uuid": "298d79f1-ac71-4c6d-8ef2-6185eb0643b0", "comment": "Malware payload (IRATA)", "value": "ec5694f441ad9f34523be5a792a5d0f4", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019295, "uuid": "932c9825-a6dd-4689-bb97-7c29b6144f8e", "comment": "Malware payload (IRATA)", "value": "77a3e4ed1a9ceef55527a8a19e433c4c99726a36f0297e3a28c52c3ac5b02f44", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019295, "uuid": "065427fd-64b6-48e0-ac69-dc55563fcd14", "comment": "Malware payload (IRATA)", "value": "35b0e1a70675a756f6dcf519d9d08ed651b97360", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019295, "uuid": "7aadb57d-3310-457a-997f-d111675f9bf6", "comment": "Malware payload (IRATA)", "value": "ee1b1e6a04d7193fb3c00b0a0cfe57befc61482285e1ab20a8f4548f2ca4db2b2d922c3ec87985a2bf9727724a553f8d", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019295, "uuid": "1e9df680-d68a-42f5-b1fb-da6fd6699750", "value": "T1F2A5338FE651E416CBD7B63426931A9217F76C068E43C047B29A763CBE7BEE8B311540", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019295, "uuid": "527a22f9-5762-4409-ab5f-76295c6752d7", "value": "49152:AEmSzTXrY7ssWKBcjk3Nj6WcnU0pAjkWsP9zpWxNAb47SH:ABurE7s5K0k3N+Wb0pWtk6xYoA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697019295, "uuid": "26c68d1b-4d82-47c9-9799-8095b2d6a7b1", "value": 2239707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697019295, "uuid": "e82fea08-c804-4a7e-96b2-51ea7638dd14", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019295, "uuid": "96945f9e-ae57-4f27-bb16-5cea3f55f775", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "34c1d53d-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052444, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052444, "uuid": "f84cb6a8-8fd3-44a3-9ca2-08b4691e75dd", "comment": "Malware payload", "value": "6745c449b953820c83ebb931fcf2b759", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052444, "uuid": "ebd3c5cd-dab5-4cc4-9bb2-9fc6b8be4a06", "comment": "Malware payload", "value": "77c21757a0570292dce80b69e54b43779f94e1f255abcf6b7eace9803d44ac1f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052444, "uuid": "3cb1eb3a-0199-4734-9946-57fb6ab94398", "comment": "Malware payload", "value": "d4de512a0cdaf8aa399f159953f4730f8f852f8c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052444, "uuid": "f39c0600-d9d3-47c3-8a17-1c2745456ce5", "comment": "Malware payload", "value": "53f96e53c80fc59b61f2fd89d66dd8422dcc0627eab5f498cb8f0f8f4e9168bdc04ad6998a7c294c0ffbe9389dfbd273", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052444, "uuid": "54c2c496-f590-47a8-bc41-49882c8eace7", "value": "T154920954BA9EC12BC25D067A48E7038643B6DB2BB493F35FCDDCA6593D133C48990AE1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052444, "uuid": "cb7213f0-0401-475c-ba66-839e98e7650d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052444, "uuid": "9417c282-52bd-40db-a1ab-48a07292f4fc", "value": "384:UoxClkRy22iqGOlRDgEQknZAfZV/1mmeVXfWdI+k/QaQs+wy3yn:JWi1OlRDgv2CtmJfVdyM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052444, "uuid": "634eee90-03f1-4869-89c2-674e1b078adb", "value": 19968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052444, "uuid": "8547e0cb-f139-46e7-88cc-ae77fd5efec8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052444, "uuid": "e86047df-ccaa-44d7-80e5-81f371b825e5", "value": "Ejatdcqce.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f348edf-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066796, "uuid": "f9ea576b-e4c0-4856-90cb-aeb508db2ea2", "comment": "Malware payload", "value": "43ee3409a946fcece3f723f5928c9961", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066796, "uuid": "63635b7e-cc2c-401c-bb74-bdf700c1a092", "comment": "Malware payload", "value": "781022e3c8d4f54866a127095bfb9b1cbe84d3203f6c100470cb546b4423ac0a", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066796, "uuid": "6396333e-f543-45b0-a5aa-81e10393af82", "comment": "Malware payload", "value": "d90f81369d9366c6919b67d240f4be6a73e748c4", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066796, "uuid": "9eeab4a1-0770-47f4-b9df-1ebec38cbe8a", "comment": "Malware payload", "value": "f3eee7db5a865537ddbe539243ecf0134c8d3c6f31e370fa46d27661d7ccfdc40fbc1d79d742a1c8952b83412576df7a", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066796, "uuid": "6417e151-5933-4340-af50-2267e588aee8", "value": "T10E7423C1B770BE8D682DCF3536DD23F48278256B0FF512812EA934A17E29C57B0D8A24", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066796, "uuid": "75fb4518-5899-4b5a-b99b-4234c3899cef", "value": "6144:WaQCAymc8hIcpExwU0mQFUgY9O/0nrwC+Gd2HLs3+3alCEGMdij9SErN6Z9:WaV82fDPQWgY99nsxHGCasEtaS4N6Z9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066796, "uuid": "40e795eb-1a5e-486f-a036-56a72de54adf", "value": 366216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066796, "uuid": "c4b90c61-a69e-4607-af48-e93fe7edaa51", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066796, "uuid": "eb30e22b-3b5d-4d6e-867b-99ef9758bd48", "value": "JOQS1245_4801661.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "af5eba61-682d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697025592, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025592, "uuid": "9f73f79f-6b0c-43ec-a0e9-fe9bfc57949a", "comment": "Malware payload (RemcosRAT)", "value": "c90bf5170d394ec634e2031567d52cf1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025592, "uuid": "d08b0e10-44b5-4e20-b403-21170dce8d1b", "comment": "Malware payload (RemcosRAT)", "value": "783bcd054c202f00ca273b1fbfe6625a816d782c0951199f1939375af43949fd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025592, "uuid": "664844a3-06f7-4ec0-994f-79917fddde62", "comment": "Malware payload (RemcosRAT)", "value": "ff7b292f641a6f8c219a628e48ca344e9596fc68", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025592, "uuid": "cbc7d0e0-53de-4029-86a8-e320a2abbfab", "comment": "Malware payload (RemcosRAT)", "value": "b12bb18bd2d0f1a0a8f0d7c8000f71d18decd2554fd5ded3b9862190138512d93d6655bc423a7437e2432702ec30d036", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025592, "uuid": "83424481-9681-459f-b454-14e71f4c844e", "value": "T1BB95F603FA4789B3C1481737C6DBF61643A4DBA17223D70A798F236919C37BA5A48727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025592, "uuid": "2124b0c2-bc54-49fa-a028-b235251fc6f5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025592, "uuid": "95381cce-acf1-465a-9130-ed977f5a992c", "value": "24576:CH0jZ5/DRW0WNM8+yXV8QmzK+3xzhPy1E5q/KNCSko8t5AIaLCrQJQ5rD1dRGU5X:CS5CNyCSko8t5AIaLCrWQ5/HW9Ob", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025592, "uuid": "0ce188c5-89a8-484b-bec3-77478cc954eb", "value": 2020352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025592, "uuid": "6cda78bd-e9e2-4bde-a32a-164f3073598b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025592, "uuid": "b9648d4a-8058-49f9-a908-59e59af04ffd", "value": "783bcd054c202f00ca273b1fbfe6625a816d782c0951199f1939375af43949fd", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aabfd380-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066815, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066815, "uuid": "bce4064e-29c3-423d-978a-fc209fde79b4", "comment": "Malware payload", "value": "78f9711fbb5e9fe9fdd06752b7785abb", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066815, "uuid": "8ec2cf70-f171-4d02-affd-ca582bc92234", "comment": "Malware payload", "value": "7853538cac00664292fc05372388c43b2f715bf22c849cb665ff51a524a49954", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066815, "uuid": "5dde870c-ac24-4ec3-9868-9d1275f3fd58", "comment": "Malware payload", "value": "747ec02eb460175b55517399985f3db7b6dd279b", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066815, "uuid": "714858bd-5fd7-419c-83a2-1a3a08a663e4", "comment": "Malware payload", "value": "cc7b94d8b972a325d77688b0ef842c0c7b785e2358bb1879d56177d89de02468c71ac88988ddbd711846b511e894c4d3", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066815, "uuid": "94037fd9-89c1-40ca-81ee-e1adca227ae1", "value": "T17374239CEFA48752A21CED7706433DCDCA246D3E3361EDB402AB06D3D9B1942518E7E8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066815, "uuid": "2a7615d7-af8f-4128-8612-baad2180adc0", "value": "6144:fdwru1qq/j3MWdy8JpMvEuH3Tmj7OfJYZsugeY5oiRQCjvv8M73L:fdauQq/rVy8JpMvEuXTcOfJlmiHMMX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066815, "uuid": "e5cb1909-32a2-4327-85e1-4ea1ebd33426", "value": 366337, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066815, "uuid": "6a1964a4-3009-40d5-8f3e-7c8ae7ba4e5c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066815, "uuid": "e931b08e-9a27-4e40-8ef9-eeb7d398c43f", "value": "HRUX2579_3009077.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "02aef4c5-687a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697058373, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058373, "uuid": "e05d9a35-70c1-4e4e-91d8-257aaedc0514", "comment": "Malware payload (RedLineStealer)", "value": "cdbb371e6898d13ae65ae5d486043d36", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058373, "uuid": "55b28f65-ba66-4768-8072-320acc17b7e6", "comment": "Malware payload (RedLineStealer)", "value": "785b94ac5b341ee5bcd4ff6848e71b4806f4b778fff0972b2f32ae2964fc4d8b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058373, "uuid": "905e20cd-02ba-4eee-a45f-86ce0c68e0e2", "comment": "Malware payload (RedLineStealer)", "value": "3c66b8618b27fb8f63c5bbffeb3ae31bb9ecbc69", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697058373, "uuid": "a6a3b057-5e4b-434a-8979-b53e58e0cb3f", "comment": "Malware payload (RedLineStealer)", "value": "d964b289c91b7e3b4b560c487aa22f7597d578c20fd70409e54529a27eb1b3f77ae87449dd833cd28d57287bf7e83542", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058373, "uuid": "ec7531fc-d5a7-4cfb-b392-be4e86991526", "value": "T1AB65230367D86433CEB863B044F60EE30A793859CEB497AF1BD9A45625736D085723AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058373, "uuid": "e6eb49a8-a31b-4af2-8802-56a7e8b6aebe", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058373, "uuid": "ba2675eb-77e7-41d8-aa65-69e3c9e053aa", "value": "24576:1yA3CPUGR88T/Bg0EJYh75BEiJJU1lbCUnhWpRpQhNS6X9OuM7aUvQzq5CMlcFtZ:QZP9B9g0EJY55OqUXCdTpIN9XQuM7aUi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697058373, "uuid": "5a0d498e-e45c-464d-a07d-3573081bbd0f", "value": 1544704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697058373, "uuid": "536d6b5d-9a0c-426c-9a02-862fa00beddc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697058373, "uuid": "cbcaaf99-a6e3-49ea-a468-30c1d5dcf171", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f64ec232-6882-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697062218, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062218, "uuid": "0f89d9e2-2a38-42c2-897d-ea81d3598f56", "comment": "Malware payload", "value": "83060437f49b2c49aee98cc517b15b5f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062218, "uuid": "20ab3c4c-1908-4e81-bfe0-fa7f8c6b8790", "comment": "Malware payload", "value": "7879964190eceed3097d7cf75637a9a07273fc3beb118ace90f7569e894619f2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062218, "uuid": "088b3a30-d002-4f06-a634-148c4f8e079d", "comment": "Malware payload", "value": "a99cdeb28cc1bfd6f4ad8699b85f0dd901ef1e97", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062218, "uuid": "8089efc8-9aa9-4667-88a1-b946ce1ff128", "comment": "Malware payload", "value": "6597d2fd4f59c7dd63634b47acd4f2e9d5fd15b78a105cfa022611a6694fb9b5eae52a0d00c52f93d1db4349648759b6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062218, "uuid": "45176bdc-f726-43d5-8355-3f99e33d096a", "value": "T1D7055B11BBEACA67D09F3BB2E8B01A1827F5EC59B3A2F74F854D12A41C567402D5036F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062218, "uuid": "f08b9db4-2e63-4460-8f35-aeb808aa9dbb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062218, "uuid": "b7e6e3cc-898a-4c36-9f9e-71121fcd24d9", "value": "12288:AcKnLZimZC94/4ou4Bj1ZVfBbhhTtnD93uH:AcKnMmx4ou4Bj1ZP9RH3uH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697062218, "uuid": "feae1cd6-a825-4723-af2d-d84e272efb18", "value": 819712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697062218, "uuid": "0d446f84-0426-4443-b020-c9bfa8f90a37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062218, "uuid": "8b6c908d-cd97-49b1-b02b-20f2ee5a8584", "value": "pw.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4076a867-681e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697018963, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018963, "uuid": "301b3683-cb3a-47fa-94ff-23b0a3e52cac", "comment": "Malware payload (AgentTesla)", "value": "f83a1ebac520b7deea9613aa2a7765c4", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018963, "uuid": "afa91897-40e9-4f10-896f-05a0f512f551", "comment": "Malware payload (AgentTesla)", "value": "7896b4cfc3a0bc24a6833164c934053575628c00473e3af848d361a6b8b02ca4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018963, "uuid": "53c169d5-7ec6-4c73-985e-d72311a118bd", "comment": "Malware payload (AgentTesla)", "value": "d645aeb7dafcbcc0a9455fecb0a689c84778535c", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697018963, "uuid": "9c764cd5-eab4-4307-91ed-a8d32a61025b", "comment": "Malware payload (AgentTesla)", "value": "04b73dbbea4f0dd065633b9723fc137833a3d613f5da2c69443e005287df3f41c8f05d3a6a067abd77187cd8ed003cc3", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018963, "uuid": "c71e2f8a-4547-47e8-bbff-d7bfdb68e9ac", "value": "T100E4234533F06776C1BA877684B2139013F769256D22F72A9EDD61EE3923F488701E8B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018963, "uuid": "b9f285da-cc31-4a00-889a-9d09115b70c8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018963, "uuid": "c878df5c-fdd7-4084-9d8f-a08f6e0973e5", "value": "12288:GTa1vjJGGna138afdC/OxjsuDHc9iKyfJxezz68DxrfkFDYcnBOc1:GTa1LJ1na1TfddlsWIuszz6+OFEswc1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697018963, "uuid": "4ebe9b87-85ec-40f2-aa7e-7e035670aa53", "value": 661504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697018963, "uuid": "a5d6431c-8755-476d-8555-95d031a9b290", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697018963, "uuid": "39f9419f-22a2-44d4-9a6a-84134da6284c", "value": "f83a1ebac520b7deea9613aa2a7765c4", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60332863-67cd-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1696984227, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984227, "uuid": "2167154c-a4bf-49b0-9323-01418b76a83f", "comment": "Malware payload (LummaStealer)", "value": "0780adc55b115da8893e694dc337d956", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984227, "uuid": "86c813a6-734b-4bab-a87f-0d3df4167161", "comment": "Malware payload (LummaStealer)", "value": "78ffe0bf923b88ec8fc3a814d846ab24a1f606831b13a387c2b9aaf43d3ef909", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984227, "uuid": "f7d81d17-f61b-49ca-935f-2295397770b6", "comment": "Malware payload (LummaStealer)", "value": "88e13937f03f98d42f8269707fab2247b3eff2ad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984227, "uuid": "d92a402d-2276-4675-9693-7dd3ffb007f5", "comment": "Malware payload (LummaStealer)", "value": "75447e2d8bb18f6f2e5754871e4a63ff19a0ccf0070e5ed52b4b681b3fe8e640ebb1a672f3016d6ff2446d83e2b471e3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984227, "uuid": "3d358857-1a85-481b-8afd-d0da0a8c8a62", "value": "T171252282F5E98533D4F23BB194F743830B763DA02879921B3B69A45B1C72655B831B3B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984227, "uuid": "da77c575-298f-4bc5-9b03-6070b43b424c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984227, "uuid": "eb2e09fa-b2db-4158-a83e-efada6b41c1e", "value": "24576:Pyi+IeoHWF8zFjY3d8y5TcmD7iIIuOZH+:avl5micmPXf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696984227, "uuid": "c939a28c-db75-4ef4-9816-b44ebb628960", "value": 1014272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696984227, "uuid": "c4aaf41f-1c9b-4c2f-a44c-e1196e1d96ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984227, "uuid": "64d35c2c-264a-4407-851f-2777a7ad2a02", "value": "0780adc55b115da8893e694dc337d956.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bd18f7ba-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052673, "uuid": "7f33d101-8827-4747-9d23-7860349e9646", "comment": "Malware payload", "value": "41a7d60bf27fb0f847aee929bad2e251", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052673, "uuid": "876b9897-28be-4043-87ae-59e8d2072666", "comment": "Malware payload", "value": "795b951e16aa4aa0557c24eedad4897e457864838393fcf66220da85ad8be9d8", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052673, "uuid": "74cf7bba-7124-4667-a94a-f84b145d934f", "comment": "Malware payload", "value": "3765af7a0198a9fbd715bae2db6cbbd3d0d55992", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052673, "uuid": "3a592e8a-45e4-4945-9409-a290b74c0ca4", "comment": "Malware payload", "value": "92b9678a854c64fe8e18ff2cd13cc763f9f2d91fb847c381745d60ff07560818459f0ad2f0948a15fbb27ac2ed55ec0e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052673, "uuid": "04139a3d-02f9-4ebf-9a81-5175ce4fdcb5", "value": "T132A41216C5E88102D844037B74E8BE4537F9EA8AA6F11EB7B44DF409F1CA7C69DB094E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052673, "uuid": "9cd9756e-8683-4e9b-aa6b-b4071f50f3a1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052673, "uuid": "f04aa305-578b-427f-9784-f2fd4c4365f4", "value": "12288:mtRavrD294wyaVoK1979nUKfE0ART+Dzi:qRNVyaVow59xD2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052673, "uuid": "ebd07e7f-b123-4977-9385-87595474a27f", "value": 483840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052673, "uuid": "0936fd41-be97-4cbe-a4e2-af9161e0f884", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052673, "uuid": "42512818-650a-4ef4-9694-bb1462f0a56f", "value": "41a7d60bf27fb0f847aee929bad2e251.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4b82cae5-688b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697065797, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065797, "uuid": "0363deff-4171-4125-8e26-ac0ace107d10", "comment": "Malware payload", "value": "935e75cbd0f207bfeb6d3b5d90e35685", "object_relation": "md5", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065797, "uuid": "0a728af4-a321-440a-998a-a7fe2b93e7a6", "comment": "Malware payload", "value": "7988501f67d983c87769531838a8554a2fa186c3bb5ea76b9b697491c81ed7a0", "object_relation": "sha256", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065797, "uuid": "72e36377-b042-4157-9864-a7bb4bb54557", "comment": "Malware payload", "value": "d5b486a44268a91e1f118843f0285b3a71f4e9d8", "object_relation": "sha1", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065797, "uuid": "9b1f9aaa-2981-4ed8-b678-0660a4478e29", "comment": "Malware payload", "value": "0ed2059d44d3000c7be4d57dfa52ccdcf3694b957486c3dcbf0cde28fe68605b293525f16a836860ae4aa2cfbb842578", "object_relation": "sha3-384", "Tag": [ { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065797, "uuid": "bd664ce2-afdb-4c58-9aee-5ccf38491df4", "value": "T17B341F037E48EB15D5A93E3782EF6C2413B2B0C71733860B6F49AB9618517829D7E72D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065797, "uuid": "552cef9c-3a27-4f8c-872c-196ef67b7b6f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065797, "uuid": "38b39b48-67f9-4bff-9aef-2cd7c2be3cd5", "value": "3072:KmODaAcN62JnJ8KVCT6dZ4l2QUF6p5UUv0gl2EI:KmyaAcN62ZJfQ+466v0gw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697065797, "uuid": "e2288fc3-6a30-4ef1-ba85-737e445de73a", "value": 242176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697065797, "uuid": "2026dcc0-9eb6-45a5-868a-7b20d04aab74", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065797, "uuid": "191f9b49-2488-4a2e-9aea-250587222b17", "value": "169706579598850cfbadbbdf4df900ae589139a57b2201f8e2de1131806122a34ca2ceda50323.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6984cf1e-6819-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1697016884, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016884, "uuid": "e354be84-63f0-44fb-bbca-9d427d708de8", "comment": "Malware payload (Loki)", "value": "88eb30eddcfc57e23ea7a76d182c7296", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016884, "uuid": "565522ee-d1aa-4249-a956-0d4a9013ddd7", "comment": "Malware payload (Loki)", "value": "799e36ff1695259d24c06e331c23a941146e805b2502b35208fbff613424d3b6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016884, "uuid": "b3cc075b-ce1c-43fc-a87f-c0431e15e81f", "comment": "Malware payload (Loki)", "value": "c839a373ab55f19c52a5295cc7326a77b1d02aec", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016884, "uuid": "8fdadff2-ebc3-4261-a7c9-454278e5477c", "comment": "Malware payload (Loki)", "value": "2f9f092d916ccf36aff161b9611a8b21b0bc36f99a8036ffc427074f1672d56a0cc256c50389735fa5f3373fb4760a91", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016884, "uuid": "6408a693-0378-4487-b09c-dc180b2c366d", "value": "T1C8C4F12533A88B66E23D4BFB05B4024217F97527397DE3A89ED128CF6E70B518564B33", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016884, "uuid": "1c07623d-bcf4-4d61-93e1-cbd26bf4695a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016884, "uuid": "d4dd7f05-e0ff-49a3-9e51-83eac5217289", "value": "6144:F66i2VMMxv62c+SNKZ0pYCpST0xRZPoyZvh3oOrYgG3vmFKE2aPqnUzkoCZCdlBq:FsX9Kcppgyb3oOkg+4KZUImR/gZX3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697016884, "uuid": "26ba72f3-670d-4266-95c2-ad1524b312b5", "value": 593408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697016884, "uuid": "21c74d92-5e7a-488f-aa03-862c85ecad14", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016884, "uuid": "3488e2c9-e0bc-4b54-b89a-35f347d20067", "value": "SecuriteInfo.com.Win32.KeyloggerX-gen.10898.20140", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2ca2000e-6887-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697064027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064027, "uuid": "2b09b6b2-6330-403e-af21-99a67b838bd5", "comment": "Malware payload (RedLineStealer)", "value": "c805f28a5a0e034e3d1cce1e6c827863", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064027, "uuid": "c0c64e84-c5fe-4172-8c8e-ed6fd9abbbf7", "comment": "Malware payload (RedLineStealer)", "value": "7a189e512b93a6092b4f577f7cfdd8a3acc207cd391b77ced502d482b1ce391f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064027, "uuid": "579e0a8c-2014-4338-942a-f0d6a276d972", "comment": "Malware payload (RedLineStealer)", "value": "80c43683be6b1b90474ff70c74d013ccec335723", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064027, "uuid": "77062ca7-c75d-47b9-8c2f-5c97dd8bc414", "comment": "Malware payload (RedLineStealer)", "value": "d6a2e30af9137dbbe39fa986ff26696c6ee98a8fe849093dc670aaf437de4b9a25318d45a6fadf9ba8e35f7b66d919d9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064027, "uuid": "526a0229-0420-407d-8a89-89170c3aca57", "value": "T102652353A2DC58B3EC762BB1A8FA05131B353DE18EFC929E164A5D3C08724C4E672776", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064027, "uuid": "b9e0e3d3-4340-4542-a500-da6825483c0d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064027, "uuid": "52878f5d-bcde-4629-900c-26409199b966", "value": "24576:jyO9vxd/fJr2POpV7OoxiA5Lyqx2rRfjKsOVDCqBuLsLgzxJUH0bTkH8DIv1pQne:2SJrOoOAZLya2dfjL+1gL8g0H0HSTHUz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697064027, "uuid": "ac9c4748-c6ee-4e6a-be85-ad9d3a88b315", "value": 1546752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697064027, "uuid": "17ebfeff-39f6-4a32-a541-4b439e25874e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064027, "uuid": "f7525c5a-d826-4e3e-9d4a-b27db120e544", "value": "c805f28a5a0e034e3d1cce1e6c827863.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5ae90926-6891-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697068399, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068399, "uuid": "9c615690-d008-4e1a-8bdf-8a692dddd1b3", "comment": "Malware payload", "value": "9678275336a42386c582e6708ca25448", "object_relation": "md5", "Tag": [ { "name": "fake gzip binary", "colour": "#276D0B", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068399, "uuid": "59675ccb-2270-4234-8178-42b78ae94c42", "comment": "Malware payload", "value": "7a3344b88242a28070367427772c2a52edfb6eda3bfd3bf3b21458d84c630041", "object_relation": "sha256", "Tag": [ { "name": "fake gzip binary", "colour": "#276D0B", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068399, "uuid": "a139f7a3-d682-4fd0-a3ef-8caf0cc6f5f2", "comment": "Malware payload", "value": "53678d0714df43689d88a46d11a0c89c111fee78", "object_relation": "sha1", "Tag": [ { "name": "fake gzip binary", "colour": "#276D0B", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068399, "uuid": "f156c2db-ad89-4fb3-bfd6-ef01cc989d92", "comment": "Malware payload", "value": "b65447f01696d99e0401cba3d37bd37b83a84dce55eb2b77ee3a22fb2c73f3996053803344aaf4d49baccf9d73aab351", "object_relation": "sha3-384", "Tag": [ { "name": "fake gzip binary", "colour": "#276D0B", "exportable": true, "hide_tag": false }, { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "gz", "colour": "#97C949", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068399, "uuid": "109acc38-d8f1-496e-811d-8fe957b63b56", "value": "T102D423DF4D072C2BB90E3EF9EC945BAA2F10010C7E75445D98EFCDD57A784A99EA0841", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068399, "uuid": "97576265-1a1a-4268-b2ac-a7b5f619d8b5", "value": "12288:BPnjih/q8Sb7VUQXhqeTB3Al9kz5MHfr4qhcsQS+:Fnqq8SvVUQXAeTB3AlsMHcS+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697068399, "uuid": "ac1d9415-99f8-4e18-a067-7420e9e710c1", "value": 598273, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697068399, "uuid": "81755b43-ba73-4a91-99ad-d911f1c0c428", "value": "application/gzip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068399, "uuid": "338c1d9c-ab36-4c25-a1fa-00a2e823f075", "value": "Office txt", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0991a0c2-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051513, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051513, "uuid": "7294e268-8fd6-451d-8210-cdd619c1b685", "comment": "Malware payload", "value": "fdce05c074d2964259914160d703d8d0", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051513, "uuid": "6bea50bf-f7b9-413a-a7b6-35d012d3ee06", "comment": "Malware payload", "value": "7b6ac52d00554670afbdaef1d7b26316cf9f9d4c8d162dfb4b0256077e13b3be", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051513, "uuid": "a6392c2b-544d-4642-9ac6-3ea21c3ce7f6", "comment": "Malware payload", "value": "484ae8e00ef329b004d8e62ad56cae78ce11263d", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051513, "uuid": "9485884c-20bd-483d-ac5f-392d2ae96f71", "comment": "Malware payload", "value": "17167ddd60a3f4a01235785cb21cd63009785e8062e7ad2189f88af8313ef9c8bccab4212501d84a90210da753754278", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051513, "uuid": "46565923-2fe2-4992-9bc2-277f66e7d191", "value": "T127946DB1EF58151A0C4B37EAEC414C81C5BDD16A5927006AFEDD17CEA10B59CA3BEB0E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051513, "uuid": "8a0c8bcc-9888-4f0a-a381-689428c2d92f", "value": "6144:fbjeT31aM0V1AhR0GJGkCYCJ9V6dG0T9vPipgEjpjvc2gomPflA1/tAjy8FU:veAME1u6nVdwopapyr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051513, "uuid": "2869d0fd-062e-4efe-b9ab-a3336bee021f", "value": 437932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051513, "uuid": "ada2932a-a838-44e3-b697-17f18b253105", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051513, "uuid": "7762cc60-08bc-44eb-b3f5-442ec2162194", "value": "EXTRATO COMBINADO.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0eca43cc-6820-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1697019739, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019739, "uuid": "0afffb3a-73b7-4fa7-b553-76ef5a420c1d", "comment": "Malware payload (DarkGate)", "value": "b0a50c48258ab83ce573994a192ea0af", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019739, "uuid": "f6b3ed08-111d-4959-b432-bbd9a4c0358f", "comment": "Malware payload (DarkGate)", "value": "7b83193f23b3273e6051d61970febeb3e7432a7c50ba4a2c936be560d8479bc9", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019739, "uuid": "3c108937-2090-4e9b-a154-c4d490f22fe7", "comment": "Malware payload (DarkGate)", "value": "fc2518048e45a57667d164a26dfccc499100edd1", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019739, "uuid": "9f007564-266e-41a3-8459-a6a70b336001", "comment": "Malware payload (DarkGate)", "value": "03228ab41c4ec7d29996d99e71b9df4ca5dc68b6e7ec13ef83ea594770cecc134605938ec8e5301425818d0f682488bb", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019739, "uuid": "889c3014-1e77-4e70-9f7b-73dcfd4ea921", "value": "T1D1742332C32C2935F53C8E4E9C625C2711A46A01EFF36C66EBC43267256FAB573DA521", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019739, "uuid": "620a264e-b598-4a87-9682-809ea27329f4", "value": "6144:YlFGF1acjZ4t249Sw1uTAQxmCeEdNwVqTN7SaixqT6owwI:YDGeCZ+2lwCAQxmCVsaixqT6oM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697019739, "uuid": "c2cc39c6-f5b9-46f2-b163-cfd65952ebd4", "value": 356880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697019739, "uuid": "f0120f6d-26e8-4c38-9dc2-683952021cf8", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019739, "uuid": "8258ea8b-744a-4aee-8e43-0347a94d60bb", "value": "t.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "40a40e74-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052464, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052464, "uuid": "df17c722-d7e7-4e3e-99ca-67df9adfb82c", "comment": "Malware payload", "value": "42bdec956e3d3cd6b04415bbb5e38036", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052464, "uuid": "6ef2cc23-65f6-4d4c-af0e-d85beed6981c", "comment": "Malware payload", "value": "7c4a53d94a6145c339eaba3d09e88a60975bc9b3a53a1e62184be58571f4b039", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052464, "uuid": "d4837bf8-7006-46a6-9d2a-2013e59873f7", "comment": "Malware payload", "value": "59bc07ec47586661b9bdcf31afad9e4d6a2c55f7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052464, "uuid": "63862fea-81c3-4f6e-8804-fa8d39916843", "comment": "Malware payload", "value": "75f45c3ab4bbf96bf071946a6e9035c72875730f68e3197d383682c009846f85d050557ac72a6174081b0743eee3fbf5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "pif", "colour": "#A6A680", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052464, "uuid": "42a4ff7f-0e5f-4e46-abff-9e08121c92a2", "value": "T1EB74E71A976C5595D37F5234E0512008DFF4CA27F38AABDA9A40BAF95C537C0EE034A7", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052464, "uuid": "18d40184-df5e-4049-8d5c-391b535e25d1", "value": "6144:Swg1k/BZ4BmUoObMSTE/+e4NVnbS0p29zJonqLfTqKzy75:yk/3UJbPW+e42Emrdzo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052464, "uuid": "1e1fb175-66a5-4e22-8965-c22f7a5394fc", "value": 338944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052464, "uuid": "66605de4-fc24-4226-b0fa-dde4b3d8e362", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052464, "uuid": "cd67e71a-6d9d-4bab-8358-c341ef7e3d39", "value": "MPS202310038742916.pif", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b4ee5afc-686f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697053948, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053948, "uuid": "93a5f422-27e1-48af-8d6c-401692b7a77a", "comment": "Malware payload (RedLineStealer)", "value": "e8d3063e17b6027f937df29dad1c1d8d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053948, "uuid": "3b40186b-631e-4801-806d-5f8dc10b3718", "comment": "Malware payload (RedLineStealer)", "value": "7c5c38bd861b58d95d0eee4bcfb61fb32958f1c15796d74c9ed67d162b50c156", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053948, "uuid": "d2ad1011-91c9-49aa-bd26-cac8bac73bf0", "comment": "Malware payload (RedLineStealer)", "value": "76627a342f380a2e3a712f490acabf2f99dae049", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053948, "uuid": "34d1945c-ed14-40a7-abe0-8a3482758b40", "comment": "Malware payload (RedLineStealer)", "value": "0755eaebabffa02722edb0e7e54a57ea58e2000757945684504f70c7f4078cffa77a1cc73036f68ab64012cab87fefd5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053948, "uuid": "b944cf6c-9b8e-44b4-9dc1-4d602f219b49", "value": "T1CA65233A6BF05532E9B90B7008FB03A307397C519634A7D73BE2BC295D3244095AA77B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053948, "uuid": "382c0d29-ba1f-4dcf-9fad-b79cefe8e230", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053948, "uuid": "6b2e61cb-6dfc-4ee2-92ec-08faae41ac43", "value": "24576:RyjaOepVdhA+7s/iXU+g+dVNGRRxcH7Kvw/Li52PYL18AYGIsLgBpb:EjaNfAos/cBNZGLKiYnPYL1pYGJL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697053948, "uuid": "9c829db5-f4e5-4d12-83f5-5171e13c8752", "value": 1547776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697053948, "uuid": "a051ee18-d34d-4e6c-b54d-7290df1df032", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053948, "uuid": "90a24fe6-44eb-49b6-aa79-fd35f9dba463", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eab09318-681a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697017531, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017531, "uuid": "0bfa123d-34a7-402d-88eb-a8d1d8cb88ce", "comment": "Malware payload (AgentTesla)", "value": "a1c1a78e318f495517de63bfb734b218", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017531, "uuid": "ec9a1bb6-827b-4766-b8e6-58555095cae4", "comment": "Malware payload (AgentTesla)", "value": "7c670660dc8b64c1ad7b330466111702cc518b9635482824b7d04ac75ca1e935", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017531, "uuid": "19a1dc5f-dc7c-4d97-bdb4-d82374e81acb", "comment": "Malware payload (AgentTesla)", "value": "053dfeb2acdec982119fe242f205100a4bc4d9d5", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017531, "uuid": "59c99ccc-4922-4371-8060-d702d4605dd8", "comment": "Malware payload (AgentTesla)", "value": "579bbac97d628c47d5df8a6d1b5192175d783ab9a89a6451b6cc28997d57f21e257afa79db186ce947ceaa5a4f196f03", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017531, "uuid": "7855e7ca-05f7-49a7-a63e-5ae472f24502", "value": "T15DE4F10173BA5B27DEB643F68625256043F4352E797AE3A41EC2A4DFA8A1F401F41F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017531, "uuid": "5f2804b1-e6ba-4ac4-84b7-943fc32656e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017531, "uuid": "10dd5970-3412-4d64-b1db-d0e6cd343914", "value": "12288:+mYX9K9zJwPMUMEW2IWcstWRQB89HqcyEirwkP+AB2afhJSZsWTmAb5qxwExdV6:QtiBUMEWzW3tm9KcyEirwkPAySwA5qWK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017531, "uuid": "5b8297d3-5065-4196-b4ba-2f1bc977ab70", "value": 716800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017531, "uuid": "6ff559c3-6d36-4d46-832c-93d483542e05", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017531, "uuid": "981e034a-4032-43cc-9aa5-ff4c9407f69c", "value": "Payment Advice (3).exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "80768022-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066744, "uuid": "7787cf4c-d618-4310-b22c-f6389e76fa5c", "comment": "Malware payload", "value": "0f825ab04271e4dc307d3d351d40091d", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066744, "uuid": "300fd90e-3ab2-4d3a-9f51-87fc545a8be5", "comment": "Malware payload", "value": "7c6a35f194741b1003b404f484d7814926e698c0f3ba7b1b7516a64816dea859", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066744, "uuid": "504d96c3-7b26-42d1-b842-6ea003a1847a", "comment": "Malware payload", "value": "d61d0b832fe2e95768b760ab926013651e0fa1c6", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066744, "uuid": "9349834d-357b-4d8f-8d02-b195f1b43c7f", "comment": "Malware payload", "value": "41cd69312894477ce9c51f2c97e47b5358276526e4e97522b63eab8eb33ef757981547f67dd23bb3419a2162f72eec66", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066744, "uuid": "9fd69689-dde6-47e9-8905-6b41036d5e72", "value": "T100742328ECBE49DDBC6AF7F5E92791480481C3EF19C987968D9F509FB4085862D3E1D0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066744, "uuid": "0cb9fc84-48db-41cb-88f0-f25738874081", "value": "6144:VqqoYEpXh1AZLRKrckOr86punk8tQ8Vkom7h4xKNE7Ntkzp1GYdsBHtu:wN1pHAtg76pukubaomSxHXkd1XdkHtu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066744, "uuid": "77a7d797-b7a5-4614-a46f-8f7d4593dc0b", "value": 365838, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066744, "uuid": "7d565f3e-1e5b-49b4-8777-1c1aaf59652c", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066744, "uuid": "8b469763-2dd1-4c1d-ab4b-de37bcb418c7", "value": "ANQT0367_4169992.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6e258716-67ce-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1696984680, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984680, "uuid": "3b9f1b3d-d031-4dce-b086-59e1fbcc811e", "comment": "Malware payload (LummaStealer)", "value": "21ea0238341ecf82b07ee9b135f7ac41", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984680, "uuid": "9dfe668b-ba52-466c-ab9b-5bb6018974ac", "comment": "Malware payload (LummaStealer)", "value": "7d28009f24871d841eb41fe272d816b4f8e386d4d2a10922a6ba3ebbbc1cbf00", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984680, "uuid": "f0e34550-f8ea-4e7e-86a0-99f24490df4d", "comment": "Malware payload (LummaStealer)", "value": "1c836c7c4ff50b676d92ed47a5a2b52fa931bda5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696984680, "uuid": "b77b8a70-c334-4bd7-a98f-e31e08b2661e", "comment": "Malware payload (LummaStealer)", "value": "bb0fbddf8a55544e95a8792000cf80e94f303fb000a561650e7c150e3160f892dba52452bf65c40f90b62d11756ed67f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984680, "uuid": "c1fe092e-fa16-4afb-8241-d3a357b00c9a", "value": "T1D9547D03A3A0AC63E5664B324E2DC6E4372EFCD2DF55679A32546F3F0C711A1D662B12", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984680, "uuid": "39b7f887-88f2-4226-989c-a6bfa6785d76", "value": "c0a3c238d9ecfd3e9ab3d94bcbfed84e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984680, "uuid": "4e5e4e5b-f23b-40d5-8462-b4dd415ea35d", "value": "3072:cCiU3SKz619dKLCaZ6cGVSPMZ2zRR8RlRtZ5ObNIU0aOQ96CLs30:cNfKz6HdKbt2B+SFNU0g9ps", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696984680, "uuid": "6df820cb-e216-4e1c-907e-71a84ac0eb3c", "value": 301056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696984680, "uuid": "776118e1-d162-4b70-b728-9407c58c9d27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696984680, "uuid": "5fc4023d-14a2-4c40-84cf-8a4aa1e3915a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25c6e04f-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050701, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050701, "uuid": "7b0d9d0e-b548-4ad8-9fdb-3f48b71a81a8", "comment": "Malware payload (DBatLoader)", "value": "6932c9815bac84926d2dbbd7b4fc11a2", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050701, "uuid": "ca232092-5b2e-42c3-a237-9d5821c108e4", "comment": "Malware payload (DBatLoader)", "value": "7d489f696a0cc6d2b4f6a046bfbfd575d3bc2a55df7be21d8359d406f677e533", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050701, "uuid": "25c4a233-567e-477a-a12e-df1a5bb9f25b", "comment": "Malware payload (DBatLoader)", "value": "696cb6536679b44394bc0e4f6afe93b955789e4e", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050701, "uuid": "79a9f972-e9ed-48b7-8e48-f30838c2bc6f", "comment": "Malware payload (DBatLoader)", "value": "5474ce68953d0f6920ec8febe5fa9aad7227dab5b52dd4d0cfb8e225db73b6d3754f080f5a9d1895964900288c1c8232", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050701, "uuid": "135ebc46-cdd6-46ca-bbca-9ea390eacf40", "value": "T11F558DE5A2408C31D067797CCC9AE78545297EDD6D068CCD4E64DACF2E29AE0B9FC063", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050701, "uuid": "a1bb1d99-670f-4a43-aeac-98765077106e", "value": "7b81750dfa561fad4dadd71b82d358de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050701, "uuid": "b8fc02a0-f6f7-4e30-a0f9-f9e7320ffb0a", "value": "24576:iFoEhCKAXS/1+O9P1Bza+78soKoxm5OST6Iytld3BIwbgKcQrE/k2+ZVN:iF9ii/1+O9P1BB8soKXx7ytldx7V", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050701, "uuid": "6aae5668-8096-4707-893f-b7d20e658ac8", "value": 1300992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050701, "uuid": "104f652e-d439-4ddf-828b-b443952d4f8c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050701, "uuid": "fef44a63-29a5-4207-bac0-d6524d4291e9", "value": "PO_3948.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1baa3e90-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697050255, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050255, "uuid": "6be7815b-814b-4176-8874-5d739a166cce", "comment": "Malware payload", "value": "1f5ce1bd1c533fcc0066c163f6c20cb6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050255, "uuid": "d1cc91f9-9ffa-4b1a-85c7-3105ff87bc5e", "comment": "Malware payload", "value": "7e261cab7138dfb36685688d9c251b058673fc090d5de5348a537183ebecea3e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050255, "uuid": "e3298305-b725-43c6-9a63-5d9fec8e6e58", "comment": "Malware payload", "value": "a24888d4981a1c75e94a0c3c5aa3031b5be9661f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050255, "uuid": "c760e887-2584-4aa0-8ffc-a144b834a3b8", "comment": "Malware payload", "value": "083f16d0abab97018686a69f27b99402f7907f964b016a4b5bdc2e005f28cd3e90d859e5ba84d89f77b98139694f4dc2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050255, "uuid": "f8dc832a-27b1-44c1-8bcb-fb00528c6aed", "value": "T1A165A403BA9789B1C249773AC5972C3443A5D58173A3F61A798E235B18437BB6A4CF0F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050255, "uuid": "1b14d0d6-7b8c-47e9-962b-e8b21c212259", "value": "24576:bq+rq91IdRTkPoHznHVmn7swrOZgtyjB/VKuq37Do9UGIwN59:P41xhhr8Wuq37Do9UGIuT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050255, "uuid": "5b88212f-638a-44fc-a0b5-16dbc85657c1", "value": 1462840, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050255, "uuid": "26a95d12-279c-4f1a-8241-014c2f427b32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050255, "uuid": "38021b58-9803-416a-8c93-0fbd5b51b560", "value": "1f5ce1bd1c533fcc0066c163f6c20cb6.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84e68a36-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066752, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066752, "uuid": "95f96948-d41a-4d41-a0f7-23d2d2122237", "comment": "Malware payload", "value": "02ef1f6747682764dec39f0c72573d3f", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066752, "uuid": "edea5abb-f127-44cf-b339-03298b4b7b55", "comment": "Malware payload", "value": "7f3477b5b3b5a75ca5601ac7f6510ed4dbd1977a5b435cd3d03ef00d0f946b28", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066752, "uuid": "f13b20f4-8dee-4ad7-b275-955213f36be6", "comment": "Malware payload", "value": "b4e11cdc2f488af30d7029db4e5b78514cb2f58f", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066752, "uuid": "3329efe1-2c46-43f9-82c4-104a432477d2", "comment": "Malware payload", "value": "6b998f9acfd41ea4447bcbe245dae6e1ba260ab255b75b06d75e9da1f47d70401c6042f5ee833e2d216fa1773509e9aa", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066752, "uuid": "33bcede1-65e8-4676-8bcf-8a650edad16e", "value": "T1C8742379FCD085BD8B12543C636BCCDF58CC38E4ADC1A76B5429778DB62442E02366BA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066752, "uuid": "2ff8226c-491a-4b6b-98c1-57ff317ea7b5", "value": "6144:/1diYAEF2zEsbAxldJFDQh6d2ulW4B+f9GsIJySAa8HUyvrBjIsX5fl1AOA8qZ:ddPYzEsbAxzEEhlj5R8HUyjpjXJlm84", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066752, "uuid": "c68db687-380d-4325-8d6b-77124ca43df1", "value": 366181, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066752, "uuid": "a27e586d-ce75-43b0-a9d6-4d775b2d018b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066752, "uuid": "5ab5e263-a49b-425d-b45e-fbe14ae5eb64", "value": "DIMX0589_1100329.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3bd3e0d1-6838-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697030122, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030122, "uuid": "b5746f2a-c226-4ed7-a91b-207ca41aeca8", "comment": "Malware payload (RedLineStealer)", "value": "1b928b834a268a890a7702dd5e0b056e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030122, "uuid": "e95c5959-befb-4f60-8b51-6bb7662ec224", "comment": "Malware payload (RedLineStealer)", "value": "7fb51568cf319f6b0cb697aeb39fb8a9350494dd3177d7fa051420389dca2f68", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030122, "uuid": "012dfc64-cb62-49e3-8403-94b3a2d4e6ed", "comment": "Malware payload (RedLineStealer)", "value": "a781c1557eacd0bd8a972c45d379e47ba5a75ccc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030122, "uuid": "85a24e2d-4dc0-4319-884c-4774f03556c9", "comment": "Malware payload (RedLineStealer)", "value": "953b9e6d7f96edc803fe672d328e350957710b115efa1a59366a63db890b429951813ba4a99489d28a88afd12221994c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030122, "uuid": "dcb40fdd-2a18-4de8-a726-e069fcaf8def", "value": "T149352303A7D85163E8B6BB706CF617A30A39BC611D28837A3F16969B1C73444F4B6739", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030122, "uuid": "3b34deef-c8e6-49d3-b439-56edb6b02fb9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030122, "uuid": "fa731474-f73b-4def-8fbc-291854415c2a", "value": "24576:ByCxtVoICbONVV/Nmb2a6yfcYjEHlq5PS6A:0CRcbEj/NXYclyT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697030122, "uuid": "40fe5a4b-1dda-45b5-a783-565546645f94", "value": 1061888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697030122, "uuid": "92074400-10c3-461c-a6cb-902c36975cf8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030122, "uuid": "35caface-d46c-47fe-ae6c-caba3c90e1f0", "value": "1b928b834a268a890a7702dd5e0b056e.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df9d1497-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067763, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067763, "uuid": "f84d098d-a092-4769-a260-e33567522d5a", "comment": "Malware payload", "value": "064e59b3e9028c0f3973f41742dedf41", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067763, "uuid": "efc1a5c9-0795-4ea2-ab9f-a22eeedb1e4a", "comment": "Malware payload", "value": "8041f1d8a71c710538a31bc441cf3ba7678185fb75e6423bbf3733175f9dccf7", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067763, "uuid": "83311004-3498-4ca0-bd02-fac2a0776bae", "comment": "Malware payload", "value": "bc2ee10a88735cf4f3f664093ef2a1bc922664ce", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067763, "uuid": "ac0348c5-44be-4ce3-ad87-f743eaadd867", "comment": "Malware payload", "value": "203a99f52785363c8cd2861f0f57bd9f4a2b97658647520df9971d50f659d71ac9c870fead195b4a13d667d19678c6a5", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067763, "uuid": "3127bb44-5109-4aa0-b4b1-b0a8318c8895", "value": "T15F258A3223B22F3CA278FBF600DD15579E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067763, "uuid": "dfcf0af9-63ad-42aa-ba52-0b333c4f3cc8", "value": "6144:US/Pe5EE3Lt02BZDB9bmFn1kZGMdGKQ9jMHqCg/gthDDEssR+6NQ7NQKqxzTE6sP:n3mbsQG4HqC6k9jN2x6rxNCwX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067763, "uuid": "4a55f2a4-2253-4f37-be62-cc21d38d017c", "value": 1036720, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067763, "uuid": "8617248a-2c76-4579-945a-d47563a130c6", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067763, "uuid": "c707e17b-8ec1-46af-936b-1a53171183c2", "value": "NEW_WORKING_CONDITIONS[2023.10.11_08-07]_4.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c969cb0-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DCRat)", "timestamp": 1697051276, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051276, "uuid": "7a6f771f-1b3d-4116-b03d-8595e5d513e6", "comment": "Malware payload (DCRat)", "value": "a278ae193c852c9348d2e54a2e2379eb", "object_relation": "md5", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051276, "uuid": "c34b47c5-b9e7-499d-8e71-39de6ea07a1b", "comment": "Malware payload (DCRat)", "value": "8071d6607613c65aa69aaf0fa05ca22c67b50d3f231b224726321e8d8bfbcaa6", "object_relation": "sha256", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051276, "uuid": "5e8e0fff-e4ca-4ede-8684-4e15cc48ff25", "comment": "Malware payload (DCRat)", "value": "6cd7ab5d925e679efd0255f6543513808f9d5560", "object_relation": "sha1", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051276, "uuid": "947aa72e-896c-41f5-8f97-b342b952aa80", "comment": "Malware payload (DCRat)", "value": "9ceec9db9f3b980b37e2a96577679c02ecb9d6a26dbe319d23d5391afe4897ab7d1b7bfc91d5a100b1ee27ed707644db", "object_relation": "sha3-384", "Tag": [ { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051276, "uuid": "6fba492a-547a-4e56-9ab3-10f820a55254", "value": "T1D6D3B700A8D5CD77DBA99533FDE012439A2A5D9DF1932B251A03FB540CEAFB68D22374", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051276, "uuid": "1cb42b8d-f384-4b7a-a2f8-9703640b2d6c", "value": "3072:F8RlusaYCQUfzbspKNMOccF6l3iMAelbWTz6kLYXDMxY:FRscQUMyMOUIGbW9S", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051276, "uuid": "f799206e-0c15-4d38-9e8c-848100f9ebc3", "value": 131584, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051276, "uuid": "9e2243fe-3a13-45c4-818d-f20808b46766", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051276, "uuid": "6795de3a-3063-4838-b104-899826f11105", "value": "a278ae193c852c9348d2e54a2e2379eb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca96f983-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052695, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052695, "uuid": "d41e2edf-caef-4214-80bb-936ba244ddfe", "comment": "Malware payload", "value": "e43b9767f08c2b5cfb4b52e2eba34546", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052695, "uuid": "389d4812-0c9a-48fa-bc2c-28ebecf8e162", "comment": "Malware payload", "value": "810b1fa7f6da8f8630e22580272d2b2aeea8902806ec2ac92c8833becd71de0c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052695, "uuid": "eeb8014b-2a0e-4ce3-bfba-ffde5f480f34", "comment": "Malware payload", "value": "d31f95efbf5a276860dc9303fe7178d5cca0c577", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052695, "uuid": "79e0848b-23d6-4527-892b-70bf4b847dba", "comment": "Malware payload", "value": "ae1ae83846583df34d8ae21d1a6321c2007cc7268aecce61cf91a35ae05b034b74c8b0c7b35500cff682266d634d5686", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052695, "uuid": "2559caa7-227a-435d-9a34-4a59147b4eca", "value": "T1E015287C15699A8DF3A482BEB1728CFF17963C1F40B7B5F7A16CB4970EA97D20402621", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052695, "uuid": "d9e0d995-9b20-4b71-bcd6-42172f6863a9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052695, "uuid": "cebf9392-3480-4d09-9cf6-070706adcf27", "value": "12288:zHX9K7IKlhHhcTtP8Bq2NQyBWOntlnH40bW0v+eCCTafpE:zHtUIKlxehQNQyvnnY0bWsdQpE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052695, "uuid": "bd779341-716c-4354-95bf-2fb31b5a1c86", "value": 916992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052695, "uuid": "08e760b8-3606-4d84-aa64-ac99fe4e9aec", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052695, "uuid": "6781e45f-997f-46f5-8133-73efccbe0143", "value": "e43b9767f08c2b5cfb4b52e2eba34546.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aae7e7ba-6854-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697042334, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042334, "uuid": "375ab71b-9c1d-4e67-89f4-ffafc958511f", "comment": "Malware payload (RedLineStealer)", "value": "4be3cad4f356ce5ba1639d83f1e495bb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042334, "uuid": "32d29950-e14b-4423-a77d-2644e5d7e639", "comment": "Malware payload (RedLineStealer)", "value": "81447787e9525f5d61c595ef643373a5b8ad148014b23722291d68a5c72e1d5f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042334, "uuid": "72c5a160-a2a8-4ed6-8ce5-ea07e9f823e9", "comment": "Malware payload (RedLineStealer)", "value": "9df562670d076233898de02a95fd7f5b06e773ee", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042334, "uuid": "cd837913-bfcc-480d-960e-ef473c3dff38", "comment": "Malware payload (RedLineStealer)", "value": "ee757fffc06fc718600396b73c68082b87729e492ebbbee3c934d607c82a63eac8e6061713dd121bbbc1229e18af1192", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042334, "uuid": "bea5b7a8-f93e-4d45-91f7-c09fb85ae7d2", "value": "T1A6652303AAE852B3DC751BB0ACFA039B0236BC615EB553671B85F81F4D72BC4527136A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042334, "uuid": "346d49bd-08aa-48e9-9ff4-c1b02c637c85", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042334, "uuid": "76c64b81-5b33-4c42-bfa7-94a9aecdd430", "value": "24576:7ylGvwDFO6wlRUN7n85is5M7vA4jLd724pMjkxR7jvskidrGPZZ8+aFgobvE:ultgiVnSq1LUnQxR7jt8+l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697042334, "uuid": "b58a6d50-6fed-4654-93c6-f7397f2a0bd4", "value": 1548800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697042334, "uuid": "b5646725-ce9a-40e5-9814-d02346b202da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042334, "uuid": "59268d9a-f31a-4357-bffd-989eaffc65ad", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2c8ea0b-6836-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697029543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029543, "uuid": "430d9b82-b629-4703-9a01-6b17da0f9faf", "comment": "Malware payload", "value": "692c87535d4979b716b0f068fbfc77d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029543, "uuid": "a96d5c22-e04c-41c8-9a28-25899d3ea113", "comment": "Malware payload", "value": "822a7bf656726dc5c46c7548783a4ae0b5108b5d0d750849025a61407ae78e57", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029543, "uuid": "f9800f56-ce53-4f38-abc7-cfc0be194156", "comment": "Malware payload", "value": "ee75914bb018947d963c724f984defee179b6cb4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029543, "uuid": "771c8646-b0af-405d-bf95-2cf611aae3f8", "comment": "Malware payload", "value": "820b97604f24ed979766ffa8fddf8048902327bd317cb326380a489ce490a5a254eb85d25b84458e53966634dfc834fa", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029543, "uuid": "1ad7a12d-ac72-4168-86d5-d28e62706918", "value": "T1A9D61223B385143BC0AA163E6A379374983F7E2075539C976FE57C8D4E391902A3E297", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029543, "uuid": "242a1770-d1d8-48b0-ac96-dfd1c80f5737", "value": "f2b1f322788104d5df540a11aa2b51d0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029543, "uuid": "9592dc1b-45ab-42f8-b995-5efc33a47647", "value": "393216:c4sazCTrLnn9HuWCjKktV/05d3Hd84u41UIw0:6TrLn9H9Cjpb0X3dAv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697029543, "uuid": "62b4361f-1310-46e0-a182-819384360f66", "value": 13528064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697029543, "uuid": "2866ac58-63f2-45d8-8eeb-570700e916ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029543, "uuid": "8e5fa9e2-7f87-4ecf-a140-66029c13f888", "value": "822a7bf656726dc5c46c7548783a4ae0b5108b5d0d750849025a61407ae78e57", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f77ecc56-6818-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RiseProStealer)", "timestamp": 1697016693, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016693, "uuid": "93baebfd-ff71-45a4-aed2-5f6293f0420d", "comment": "Malware payload (RiseProStealer)", "value": "da5c006f253c038a2f08b0699d747e41", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016693, "uuid": "15f9f7fb-6360-42aa-9441-d4b0a6436e98", "comment": "Malware payload (RiseProStealer)", "value": "8240610c302e53f894185cda435fbd734c7f926eb142ac6f253eced2266f21f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016693, "uuid": "7823f158-deb5-48c3-9360-bb537c2b4b7e", "comment": "Malware payload (RiseProStealer)", "value": "aa1694bfc2298eaf651a1feed6da3d8bce2bd8a7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016693, "uuid": "c8916528-0e61-45e9-b92b-7d390eb5e35e", "comment": "Malware payload (RiseProStealer)", "value": "5be7270e17c0b43794e75e44b50677d7ba52e820d6c361d60237d30da4bb09f6f491de3cd2c66a4196e6963e904f9ac6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016693, "uuid": "e77c1330-1329-4ac4-9cbc-68868d3c0a8d", "value": "T10666231363310005D0FACC3D993B7EB631F612675F82A8B95699AEC97A965B4F303E43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016693, "uuid": "00734e14-bd99-405c-b128-febf7b02f249", "value": "54e477ec2df77f254834b7d876dc78ce", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016693, "uuid": "dd69bc14-304f-47ab-8a97-b5edada9e1ca", "value": "196608:mrCogE+pabRdrJZlo2bvkGLiKGGA2TvPORTucNr:xgbRdrxMwi0t79s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697016693, "uuid": "7f22bc2d-2938-44b1-9a41-e5646cc92736", "value": 6744576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697016693, "uuid": "48c03818-3b41-4c79-b485-8ec4ed093b65", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016693, "uuid": "0525b174-db66-4031-aeca-a4c2c7bca61b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "118544de-6872-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697054962, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054962, "uuid": "7d9e5282-6470-485a-ac3f-1a63e26fe6d5", "comment": "Malware payload (RedLineStealer)", "value": "0631a312779ffb2c73bba23a79daca6d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054962, "uuid": "8369eb7c-2fac-4b5b-b111-410e98651362", "comment": "Malware payload (RedLineStealer)", "value": "82c040a4f1335d3d601e7b833ad647dbf8051c12e3a71516315584134c2aff0a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054962, "uuid": "8646493e-9a37-4879-a29e-99e44ec935c7", "comment": "Malware payload (RedLineStealer)", "value": "d17e751cb15b86f5deade1febf2e289624985880", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054962, "uuid": "8e1def08-e924-41f6-8ead-e2867d04f662", "comment": "Malware payload (RedLineStealer)", "value": "807a66d2fcd6ea338b6661b3a208041e5d6c71997a1cb554ac48f7aa0b49bb977c8a56c89b24e84f60d8a10e88457212", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054962, "uuid": "4ffe35ef-753c-4a5d-82f4-73bfa99be022", "value": "T1C8652353AFC84536D5F4637028F613832F7CBDF18E75129B6281980B2876AC99D7A372", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054962, "uuid": "c3c1479f-b85c-4309-9318-cbd1bb4e6ad3", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054962, "uuid": "22d032bd-2f35-4b01-a1e8-93990c6b94e6", "value": "24576:cyFB8DDDQ6OEg77mAiuLjWOLob1mtX7/3UZgoSLV7LeIBMEl0MD0sy7GTgCwe:LU3U7Rvcb1mtX7/35oyXqy0l7DCw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697054962, "uuid": "95eb0fc3-0826-4ae9-9cb8-1d4982fe6cb0", "value": 1547264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697054962, "uuid": "ee1c906c-a4f7-4b7f-b750-5cbe10f7c2c5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054962, "uuid": "fa781867-13f5-4640-8f00-5204f16c29cc", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5db97be0-67f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Metasploit)", "timestamp": 1697003121, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003121, "uuid": "f7bb98d0-7128-4945-8ec8-fc9a3276050e", "comment": "Malware payload (Metasploit)", "value": "ea8465175894190a7542d07bcea179b8", "object_relation": "md5", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003121, "uuid": "98b9b64e-71eb-4a40-b4c4-f755b63e498c", "comment": "Malware payload (Metasploit)", "value": "8337953d87cf6a0618e138c9c429764898b01a751bd6506db7bc4b3107a7aca3", "object_relation": "sha256", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003121, "uuid": "77e95a5f-ff21-4b12-a080-a066ae35c5f8", "comment": "Malware payload (Metasploit)", "value": "8ab913932bbf53f734b8c7c665c236a8b7ce3521", "object_relation": "sha1", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003121, "uuid": "0bf1ef41-b0b1-41bc-b164-956235456cd6", "comment": "Malware payload (Metasploit)", "value": "5cdc9a407cb7d6714266829fad4a7944b4e105f3d4dd372fd7ae166479e20000352bb748adcdc5e39e78b96d54816da4", "object_relation": "sha3-384", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003121, "uuid": "dc294bb2-9bfc-4413-b1aa-6a77e907e1f1", "value": "T1E961D0933151B8EA425283BF3D5D6AFA807FC224965A6045F78C4F5CB8DDE233A8D6C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003121, "uuid": "f3b85fcc-e154-48c2-b16a-6e71c6ac242b", "value": "96:0GTqMJ/HuSnWFN+Cfh5L0H3mAiBrVMVNz7s:5tJ8F2H3mAiBrVKhg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697003121, "uuid": "fa275e28-d831-463d-a24f-3f10c13efbcf", "value": 3286, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697003121, "uuid": "fec5917d-e97a-4eb2-bca1-7c4cde4ca74e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003121, "uuid": "ddaf1a35-712a-4fce-9a52-36be07de878f", "value": "KjAvj6Vu.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "90e94309-6862-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1697048304, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048304, "uuid": "d1a06753-13d7-4147-bdfb-a8c4db47852d", "comment": "Malware payload (CoinMiner)", "value": "9722944cb882046ac641417c224a87e6", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048304, "uuid": "c668b1ae-281a-4439-8518-7496c2492c83", "comment": "Malware payload (CoinMiner)", "value": "83ac87c1ac4f2e81e99ef3e8355a3c65be9ff8757ab0be205417a85120ef6abe", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048304, "uuid": "ea2dcf6d-5e04-40b2-8cb0-71815795ecc7", "comment": "Malware payload (CoinMiner)", "value": "5ad2ca70e4d5a42fe6e5bfd8b6255bc62a85e94e", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048304, "uuid": "7e2bbaed-e412-4a3e-bb56-3ffad8bb0504", "comment": "Malware payload (CoinMiner)", "value": "3cfc02ae54e6ed53fab8ca5a3ae6183eb58c2e3303fe3068f7cdb095ab4eff63e2b8fc07f56da86cb26531a3ab21a30f", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048304, "uuid": "191f8d30-1bdc-4e3e-98b6-a3c802ae5bad", "value": "T1C96633A19265FC04F1EF15B400A7B25636103B44D18809A6A27F7BBC9466BE77EF3E34", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048304, "uuid": "de363be0-a7ad-4f83-9e03-65a17c4ead1d", "value": "baa93d47220682c04d92f7797d9224ce", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048304, "uuid": "b081e5ed-9362-4556-9853-5d58c17cb02b", "value": "98304:qLS2YaA3qM2ItvHx4WUK/RnsKuSjvFp6TpTxBqstKbh4+yqxCnxDNZwEWUqG6f:qLSjaA6MfVUARntnLFInBqsMbCxbRARf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697048304, "uuid": "8c516118-6479-48a8-acf8-c3cc0475638a", "value": 6988352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697048304, "uuid": "5af473fa-eaf9-4577-a441-91732ab7aae4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048304, "uuid": "438b7a0f-87bf-4264-ae16-4c30fa749aaf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebabd949-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052321, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052321, "uuid": "5faf5b3e-07b0-4676-853a-a5c546308882", "comment": "Malware payload (SnakeKeylogger)", "value": "63eac08a3dc1ce9b6ae7ba733a73422e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052321, "uuid": "60f29e0f-3e06-4b20-a7aa-ec36f0cfd50d", "comment": "Malware payload (SnakeKeylogger)", "value": "83c7cc2ec5eed8e246ebcffdf849c712f9c6a624e4b8852dbee04d9afefa49ce", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052321, "uuid": "4cd81250-3af2-449f-8cc9-4714b55db61f", "comment": "Malware payload (SnakeKeylogger)", "value": "8cff5e582cf74c799ba4dcde9b8c65d601735446", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052321, "uuid": "499195e4-1c12-4ff9-8e6a-e06380d4ceac", "comment": "Malware payload (SnakeKeylogger)", "value": "cd62e13318126a367b3f5d3e9249b9602d51700ad922bc3819b1d8d528525476260fe83a0b080c8d254690f3892d0d7d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052321, "uuid": "c2e854b7-4c1c-4612-9ccc-452f5c7cd897", "value": "T184D4F141B3B64B17EEBA43F686641A2047F1352E797AF3955CC1A4DFA8B1F014E41E23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052321, "uuid": "f27d6682-f5c3-4853-b4ea-7293a2cccb25", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052321, "uuid": "a8ea548a-999e-47b2-91e0-ebd8d97cb1d4", "value": "12288:EQYX9KUwy1VJyOsHJa1V2JZJbhrz8LWo4Vbjhpm:ot+AVkOkk1yDWW1vhw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052321, "uuid": "84dd152c-e5eb-462f-9371-8b297605b486", "value": 600576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052321, "uuid": "4f898244-0885-4f74-a860-e5f6b5840862", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052321, "uuid": "eaae60fb-aaef-4d3f-8aa9-5c78a07f1422", "value": "PO UAPO00060923.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae8460aa-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050930, "uuid": "69a53ae4-feda-490b-8ecb-b84c173c573f", "comment": "Malware payload (DBatLoader)", "value": "1f7cd9063c92ee7c1258b4673d9f7290", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050930, "uuid": "d8d14401-6b40-480f-abeb-984bc299c4cf", "comment": "Malware payload (DBatLoader)", "value": "846cde55897a66226b2f27e8449a44e2a43104674d4c14b2dd9a937c1d819f21", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050930, "uuid": "8dab9cac-3fd9-491e-8b68-6cb02e4c8cc1", "comment": "Malware payload (DBatLoader)", "value": "5eef64e92eeeaa99a15fceac1f162576a8161732", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050930, "uuid": "ac33546d-4b51-495c-9613-6a7ce6a97e14", "comment": "Malware payload (DBatLoader)", "value": "185e17c1db5de21ceaa9e0a5d88aa574cb39372b99f1257fd6fd22af16456df410ac9bce9d5a52c3d036af8779878197", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050930, "uuid": "70e98b18-2967-4148-879c-5bd411af887b", "value": "T1D6356C34B3B208B0F57976B5D906A7F41DFF27AAAA40288982793D5B1CB27817F1501F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050930, "uuid": "6c1ad0fd-0f71-47c8-a9e5-0d97b23b1480", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050930, "uuid": "40387570-6f70-4826-a3e8-e59212608efb", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5b:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050930, "uuid": "c142c152-4399-46cf-82d4-8f273ba2e6fa", "value": 1124864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050930, "uuid": "95dc8fe6-674b-4767-9e2f-c2e895220b16", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050930, "uuid": "25a59566-fba7-4642-b1c0-9445fcf2865d", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c928ecf5-67f6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697002012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002012, "uuid": "e4d0d06a-5429-4be6-bb53-34ef64ff3f9c", "comment": "Malware payload (AgentTesla)", "value": "551c449271f2c0a9d4dea541a009bc80", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002012, "uuid": "af98fe26-b027-43d9-a147-bf4059e9f6ac", "comment": "Malware payload (AgentTesla)", "value": "849705a2ee1c4c619f46f2314bfd85bc598d6249726cefce499b3e9e870c40c8", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002012, "uuid": "2d312318-94f5-410f-be62-09138f4079f8", "comment": "Malware payload (AgentTesla)", "value": "97170963f1102040a1949633d67cd4d83558971f", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002012, "uuid": "1fb3a90c-d2ec-4f1b-b7f9-09de7ff20286", "comment": "Malware payload (AgentTesla)", "value": "c4ec4e3c28166159c8adbab426ff9af4f0fc2f771de6a2ebd68373f5ccac893eb7b6273b84b33e1f51c7e4f75b95b6a5", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002012, "uuid": "42f17297-9ca8-405f-9dcb-0a8420e8516d", "value": "T17AE4234137F9DF09E1B84BF924E255A197B6272F5292C78D4C9462CE5972B808B08FE3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002012, "uuid": "22bde9da-7aef-4782-b0a6-87f11a990d44", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002012, "uuid": "b646a6f7-d3f3-4113-ae83-625f335352d3", "value": "12288:/+D2iN1BdcRvCdeZflJEDH4XOuEG2+9B1pIw3WNLJ++WG+BsNLLQkBx:/S1nMRvCb4XO+9ZcLJ++r+BsNLx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697002012, "uuid": "1da18692-7f35-45fb-b5e0-cc110601666e", "value": 708608, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697002012, "uuid": "8141ede7-0133-465e-ae31-217fc49f2db3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002012, "uuid": "83f378fa-a560-4b46-8487-050ecd990f4d", "value": "551c449271f2c0a9d4dea541a009bc80", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1cce672-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697052224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052224, "uuid": "06f8d1a8-6225-4666-aa50-946865f7bd74", "comment": "Malware payload (Formbook)", "value": "76ba7fb28158e797d55e24aba593fe06", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052224, "uuid": "7a3b314f-f2e4-4d7d-a1c4-9eab019e300d", "comment": "Malware payload (Formbook)", "value": "84b98954dbed9b7e46fa6740f3352352b1f7a0d2200b2f42c2e319b6bcb2c208", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052224, "uuid": "a17779f7-ecd6-4acb-a711-905b25bf7e3c", "comment": "Malware payload (Formbook)", "value": "84e62cee00a56d0c1fe61fc5d6228217e28e977b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052224, "uuid": "3d73edc1-ae83-4ae6-b878-e494fc24a51a", "comment": "Malware payload (Formbook)", "value": "6773e8dd9fd92fd4683d5168cc9ea57dded45b04109dd9b131bff60a29e73e445f314785c6ae35661576ccce611cf333", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052224, "uuid": "5fb98cc8-d3ee-4a19-b12b-d4850dc71548", "value": "T189F4DE41E2295B9ED47673F90B20930457B6BB7E402CE2096DB2B4CFD271B81F946E27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052224, "uuid": "bf571a20-a6bf-43fe-b970-4b34d6d1f5e0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052224, "uuid": "6154f51d-6d52-43fb-8269-9c48e2b147c2", "value": "12288:kfgjjtgafkabr/iCYmhdQn8qJoHqi7rWUFr6ExebY216Kf/w:kfgjjTfkabjiTCd0Jc37rWUFGyetPw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052224, "uuid": "45851f12-621e-4334-bcf0-7ed38cea4c06", "value": 726528, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052224, "uuid": "870e3ad2-120b-49dc-a1dd-2e6a38ae01bc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052224, "uuid": "804fde66-93bc-4e02-8110-3281bfcd78ed", "value": "Ko Holding-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "abc406bc-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697050496, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050496, "uuid": "bcad136d-266c-4aaa-9db2-64dee3e77450", "comment": "Malware payload (AgentTesla)", "value": "2287b39db96c285a9caaadd7f715e347", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050496, "uuid": "290275d1-640b-4dd7-a364-6ac39d0823fc", "comment": "Malware payload (AgentTesla)", "value": "853fa6034ade647d4330738bc7f9343cd5b2a0caf65ce86bdba79a23fcba4a10", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050496, "uuid": "cebd91ad-7ba6-4130-a73d-259af3e2129f", "comment": "Malware payload (AgentTesla)", "value": "19d47e84980f8db92f23fe7a56d22568bf5618d6", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050496, "uuid": "982d8106-f626-4f07-8379-b41540fc9e12", "comment": "Malware payload (AgentTesla)", "value": "5e18f7ea79555f1a178dc852554ea85551c096b8b7d17e29ca22279777ce25dffc18a80211a508ab5adc539893c5e416", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Telegram", "colour": "#80D9AC", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050496, "uuid": "7d383fac-c892-48e8-b0d5-ecdb99b1ad7a", "value": "T19405AEC692104225FDB65BF090998D5507A36D7A6A70E3FA1C46B2EA00F3FF11763B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050496, "uuid": "41f5f870-60cd-4be1-82b1-6f2e614d736f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050496, "uuid": "699b36aa-f9c9-41df-9836-b19644f969a7", "value": "24576:7t5BkgYm4Ta7YHSkBkhfY0MIdJPy+D+jBz:B52gYba7SS/hDMIdJPy+a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050496, "uuid": "ca8342ed-4154-47b7-ac54-3abc9c9b34ed", "value": 869888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050496, "uuid": "9e3f8c6c-bfde-4ae2-8d38-be89644d6c53", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050496, "uuid": "accc4556-43bf-4940-b00c-33e0f9485485", "value": "PO-PSGC-7798300.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "50ad9b89-67f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697003099, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003099, "uuid": "bbf70b33-7ea8-4b5f-b5dc-28ae7de602b3", "comment": "Malware payload (RedLineStealer)", "value": "b9ca23b0d46f6f127024909e061248f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003099, "uuid": "948530ce-c5af-4792-837e-c08071206a3a", "comment": "Malware payload (RedLineStealer)", "value": "86507a52c46e3678d120f4a42a2fd253f11e1a5a5164b4aa5f0a224f64b7482c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003099, "uuid": "9f10a664-981d-4405-b597-9848298093fe", "comment": "Malware payload (RedLineStealer)", "value": "2ed69df8aa92b1ecc272a0f78a160ae2aa2aa2d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003099, "uuid": "6731173b-76a4-4958-8601-64746c4dac4e", "comment": "Malware payload (RedLineStealer)", "value": "86149640fd76de965ec62065deb8b4767c3f50f507d3abb167c05ad2adb1fb72612e2386b7ca753454e7a3cbb738f0f8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003099, "uuid": "3b9a0333-0733-4530-bdaf-8346abd387e8", "value": "T1E5352346DBEA8472DCF407BA08FB07D32B3978E01A79526B6B02595A0D72785647333B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003099, "uuid": "b1a0e890-6b59-464d-9c51-693145a49c9e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003099, "uuid": "6c11ff12-fc8b-4aed-8f89-a22f9cb1599f", "value": "24576:Gy2zyGe8TxRlGmUATzBI5AF3uiGZ96tFYlLHSuLCFX:V4umFK5MuiGZ9dl1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697003099, "uuid": "607351ab-5249-4bdb-bd86-88ddc544b78e", "value": 1127424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697003099, "uuid": "a38ba15e-e487-43ea-bef2-b9386bd5f9e7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003099, "uuid": "6753cbc6-e5db-4865-937a-54528c50aa70", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db620e7b-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697051435, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051435, "uuid": "0a378de3-cec4-40db-9716-ac6f812d08f7", "comment": "Malware payload (AgentTesla)", "value": "62ac4fc5a5b73de575d193f814cab05e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051435, "uuid": "5fd6b502-1d91-47fa-9da7-af16d5cae935", "comment": "Malware payload (AgentTesla)", "value": "870cab3485ccd3044de362a787d27fde60667472fbe196541ba19e658fef57ae", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051435, "uuid": "bfa35273-d101-4ec3-8072-03d2163823c3", "comment": "Malware payload (AgentTesla)", "value": "34e6be5b347d0248384c31f67cf2b8193540a883", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051435, "uuid": "f6d414f4-d6a3-4bc3-a2b2-c5124a084b3e", "comment": "Malware payload (AgentTesla)", "value": "0ef98d66cf3ccf270d277a2c3382fc71ad32ac69d1869c3a17ecb14c48ebcff37f6ff0196fd476de27b2c1cd688f8fa8", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051435, "uuid": "15a86a45-9ea0-4b24-8404-c47c654e895c", "value": "T103746D2035EF945CB1B37F621BEDFAE94F5FFB611726916D2500030B8A66E80CE61A71", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051435, "uuid": "6eba395c-4d46-4bb4-9015-e9746f0b16a4", "value": "1536:SsRTMfkW3vmoFHA/dyiLJAQHF74GpF7YGL7UdZ5IHLy4PNa6/ql0BtgVt8rtEHtE:SsRTMN3vXuLzci88lH8UeisgqhVvDzg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051435, "uuid": "4c121b89-ce12-462d-9ad3-c715684be8db", "value": 344476, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051435, "uuid": "026f8baa-6497-4ad1-93d5-27ffd82132e2", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051435, "uuid": "5c692b0f-4a0a-47a8-8434-b71d9de879af", "value": "088562 orden.PDF_____________________.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64d0fb3c-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051666, "uuid": "df1c8b0b-876b-42de-be57-56dcd9e9f1a7", "comment": "Malware payload", "value": "9733b3d902601eb1eb1708470a8cfb7b", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051666, "uuid": "f2c72332-ec96-4b98-b1db-4d8ba79a2e39", "comment": "Malware payload", "value": "873b857810477d70682a70fa8f4e5d839609bba27a20d77d27324c8ff7303e1d", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051666, "uuid": "47be57c5-b0d1-465a-b533-055751f7b19e", "comment": "Malware payload", "value": "48f99da68781b82c318191c01298e8f9ea16a2f2", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051666, "uuid": "909459d6-a0ef-4065-a601-c8dee53f31cb", "comment": "Malware payload", "value": "bb940d31843f2a51273e1e7498179e35a3721adc0bd2d3608fc574bf49c25bc1da98dc2eb1d64537f4e808419f34bdd3", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051666, "uuid": "406d4369-5de3-4a1a-bf04-614d277920cc", "value": "T1ECE42306DDE2E17CA958AACFCEC0A51084243BB7C74C49DA61B0DCADF495DF563E068B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051666, "uuid": "6e0aa03f-f24f-427f-a1c5-7ca8d6f1d57c", "value": "12288:3zjaM4GuK4JfJ4gyKk0Mwdyy44nGltsDXDHM3oJSFTc9fXli3bKGgWsJNAYDnjtG:3z2BKEx4gyTZI44nWtsDzM3S9PlsKxFk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051666, "uuid": "cdc5ef23-9624-4bca-93c0-d091b395d09b", "value": 669871, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051666, "uuid": "92a34c1b-8304-41bd-b4d5-120f06ddac83", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051666, "uuid": "13049817-0f96-40ee-af65-e205bce61221", "value": "Sat\u0131nalma Sipari\u015f No. I20220052.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8048db0f-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052141, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052141, "uuid": "110e9253-e9e0-4850-82da-753f65cb1dca", "comment": "Malware payload", "value": "2dedb41180fecd9c537abaf8e23aad0d", "object_relation": "md5", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052141, "uuid": "efcb61d1-aa0b-4c0a-85aa-29491fe344e0", "comment": "Malware payload", "value": "87cdb1c28e0d076b58e2ff53ad115210882b38fb4b3d2494c70884bc6501f6cc", "object_relation": "sha256", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052141, "uuid": "4bb9bf35-71d4-4c08-87d9-d3b2ca3ee42a", "comment": "Malware payload", "value": "7b3ce23128b2eb3ead4e72f0ffabcbb06be36d56", "object_relation": "sha1", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052141, "uuid": "73a5fad4-3686-4b3b-81d9-498123e00df9", "comment": "Malware payload", "value": "4cbaea22d7316d83c475bd7bf76f357b0e26467fbb9ee4bc1e2c81c3ff3fd04658a68296c5c2a7067bd8c70518ad64e7", "object_relation": "sha3-384", "Tag": [ { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052141, "uuid": "92e23c0a-f02a-449f-a321-968b2fb54a43", "value": "T16583E7C6E14E5622D9E94A3AD4B26BB5433FBE37E863E35F5895729027373C106403E2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052141, "uuid": "840de0f2-6408-48c1-8fd1-5b6a1b7f652f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052141, "uuid": "a09d5074-8e30-4f67-8576-af70a2d552f8", "value": "384:TkzDL9bQmw5TycMljEKelDmra57zk+qY/sgKwOZ+nNaeP9CJXfddC7bWaQW:Tlmw55MeNlq25HpR3Uw8r4p", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052141, "uuid": "3bb9d3e6-6cab-4e65-ad0c-a6efb5d4875d", "value": 84480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052141, "uuid": "2d0f7458-4122-4f6d-ac18-a688b1b35883", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052141, "uuid": "0817c7ec-8a3c-443a-bd68-15b694679278", "value": "Dhl_SHIpping.Doc.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3c164b66-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697052027, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052027, "uuid": "f6e89fd0-7397-42af-a34d-0e1656b868b8", "comment": "Malware payload (Formbook)", "value": "9a4e0647f309dc88e1f0c2e688c23372", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052027, "uuid": "7121ebe7-7c9c-4e49-8799-cf4f26439596", "comment": "Malware payload (Formbook)", "value": "881bd1f6b3a38e6e6bf2c43c904b65beeba6a00a109319da26b360e12579ac30", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052027, "uuid": "22c37de7-2c12-446c-9feb-51a6a63c1274", "comment": "Malware payload (Formbook)", "value": "cb806818e7eb79287bb4d58f5a17a6dc67250b5e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052027, "uuid": "2394b1f0-b54e-495f-a61d-0d4662ea5173", "comment": "Malware payload (Formbook)", "value": "1935dd9380cd52612a5e9504007df2d0cbddd4e0014f80b690d2223c516842dc36dac414b159ffe041d4d442e424fba9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052027, "uuid": "ab0ce17f-f165-491c-8508-dbb70122f824", "value": "T12705077C11689A8DF3A482BEB5728CFF17923C1F40B7B5F7A12CB4970EA97D25402661", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052027, "uuid": "8d24b9b6-c157-4357-a2a6-439876f622f0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052027, "uuid": "ec36818d-6a89-4b04-b998-29e6cb83d488", "value": "12288:cLX9K7Y8k74Fj4uTzVkVFFLNnz5Lq9Yq4bq2rvOqTVFeH7I1GAQpE:cLtUY89vIFLVz5ZvOQ2zAQpE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052027, "uuid": "34c0a08b-3d5a-48e2-a422-434ee5c6f28b", "value": 848384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052027, "uuid": "312e81f2-2adc-488d-8c16-f4643657e559", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052027, "uuid": "2bc74491-7213-4a31-a28f-62b7ceb32580", "value": "Ordem de compra #PO358.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "981da3e5-6833-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1697028129, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028129, "uuid": "8282d87a-c1b1-4821-bbe8-e648776d2d6c", "comment": "Malware payload (CoinMiner)", "value": "67732a3594da5cb4e7f30868144390b5", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028129, "uuid": "aad8103f-3443-40c3-b184-1df8fb85e0be", "comment": "Malware payload (CoinMiner)", "value": "88aa882bcd7dfde1aa1b8e1ceb9fb23c596e5244608cad71429d9bf1de8d7c24", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028129, "uuid": "a2833e26-0f40-4529-a9b3-ece9abe48891", "comment": "Malware payload (CoinMiner)", "value": "64c539859b7ce2693e8c6f9aa370b28c596c8a8c", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028129, "uuid": "3507ac58-601b-45d2-afd5-f46ebfca0384", "comment": "Malware payload (CoinMiner)", "value": "e1d6e4942ab856d53e0ac20920a0797e993ba092c7a7f0a34536381162da0ad1ea744d786276b1af74d444dcd9b3e029", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028129, "uuid": "5efaf2e5-9df4-42e7-9821-694009e0208e", "value": "T1E256C075C36859DAF75C48AB9A4CBF195EB9D25841034F4AEFB4821C028833B2FEDC56", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028129, "uuid": "395cafa3-324d-41dc-b82a-be4500a8a3c4", "value": "f7505c167603909b7180406402fef19e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028129, "uuid": "6af328e1-1c52-4659-bf59-2792b7908ef5", "value": "98304:REnSu0YzJE3zh8frRz/p2HO/FvCcVK/sGz3OgIV6pI2l9ShSk+QQGD7vm:ROJezo9zR2HONa+43rw6SSlq7e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028129, "uuid": "602e6e25-13df-41a9-8490-ac84d0ecb825", "value": 6011192, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028129, "uuid": "e049ab02-74ab-4a43-a713-9da7e8ea48bb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028129, "uuid": "ab8bbbc7-201d-4365-b131-3b930947a1d0", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "686134c6-67f9-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Metasploit)", "timestamp": 1697003139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003139, "uuid": "e8ad577d-135b-4503-be8a-c0e21438ae8e", "comment": "Malware payload (Metasploit)", "value": "ee4cabf85331d01dcc5fa75be75b5598", "object_relation": "md5", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003139, "uuid": "78bd7ce2-1b53-416c-b77d-3b6bb677f609", "comment": "Malware payload (Metasploit)", "value": "88bb6fbbc03bf7c832826b69b759d1d77bdb49052bd458a0c1623407f9148009", "object_relation": "sha256", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003139, "uuid": "fde85912-5037-4370-8b12-d06ef31362a7", "comment": "Malware payload (Metasploit)", "value": "8fff6855dd841e35468be9834954890d79b67341", "object_relation": "sha1", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003139, "uuid": "877c3c3d-e451-4631-8149-e03405a694d4", "comment": "Malware payload (Metasploit)", "value": "ad2752675e6b0fcf7429486316c3491a3ef830f0737c053107618b98f65b20a868ab1d29a53aab71c08ffc75908c93ef", "object_relation": "sha3-384", "Tag": [ { "name": "Metasploit", "colour": "#EDFD74", "exportable": true, "hide_tag": false }, { "name": "powershell", "colour": "#FE0F82", "exportable": true, "hide_tag": false }, { "name": "PowerShellMeterpreterReverseTCPx64", "colour": "#BADD0C", "exportable": true, "hide_tag": false }, { "name": "ps1", "colour": "#BE684A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003139, "uuid": "1210242d-2f95-4cc5-bb74-b68536943745", "value": "T10761D0933151B8EA425283BF3D5D6AFA807FC224965A6045F78C4F5CB8DDE233A8D6C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003139, "uuid": "8495ae8a-0342-40e2-8b57-8c22b175a1ab", "value": "96:0GTqMJ/HuSnWFN+Cfh5L0H3mAiBrVMVNz7Q:5tJ8F2H3mAiBrVKhU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697003139, "uuid": "54b280f4-99a5-4c70-96c8-2206bd28c09e", "value": 3290, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697003139, "uuid": "989675a2-e449-474c-9e31-05202e861f9d", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003139, "uuid": "ef503de0-644e-4f92-89cd-b2a02214c440", "value": "BYxYP9c1.posh", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "59ee68c3-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697052077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052077, "uuid": "2641d18e-236b-4645-940a-ed66d15bb846", "comment": "Malware payload (AgentTesla)", "value": "f13b0a6d66a9970c9eb32fd33f418a60", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "crypted", "colour": "#7BD566", "exportable": true, "hide_tag": false }, { "name": "encrypted", "colour": "#F5A925", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052077, "uuid": "bac803ba-ed8d-4793-8014-c5a5a1dafbed", "comment": "Malware payload (AgentTesla)", "value": "89d8498d9a82a1505396158092d7ea645c2b9097b959a4b1095983d2f01be959", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "crypted", "colour": "#7BD566", "exportable": true, "hide_tag": false }, { "name": "encrypted", "colour": "#F5A925", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052077, "uuid": "2f723d57-04c3-4ff7-8758-c0d2553c9639", "comment": "Malware payload (AgentTesla)", "value": "26fd650e559662c0969d2612f0b3a9ca86d9bf52", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "crypted", "colour": "#7BD566", "exportable": true, "hide_tag": false }, { "name": "encrypted", "colour": "#F5A925", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052077, "uuid": "b43a8ebf-495c-42b1-bf29-e07dfebcb87a", "comment": "Malware payload (AgentTesla)", "value": "742325a4cc264046a02504002aca3601dd029d01644d8f219cfb457f45bfa1cb273aef7965d0ddf68910ee4a93545c23", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "crypted", "colour": "#7BD566", "exportable": true, "hide_tag": false }, { "name": "encrypted", "colour": "#F5A925", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "infostealer", "colour": "#288F7C", "exportable": true, "hide_tag": false }, { "name": "stealer", "colour": "#CABE3B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052077, "uuid": "33b319b8-c3ef-4b8b-90de-e3f04e42d628", "value": "T1C894238E476F0D54ED356532A1CB41E00D7DEA444E41A206A62EFE3BDF296FF48E11CA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052077, "uuid": "83b0c240-9c0f-4b7e-b5f6-16614b5010b2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052077, "uuid": "2b2af0c6-6126-47f9-ba7a-f0a8471ef70c", "value": "6144:j4Rss86+jqzhne3XgQeSwZmLCnq8HLnBAKzak3CPnUkM16CkrwgW1tB0DyERNDBK:jyhOjIe3wQ5wiMd3anS6Pi0Tct", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052077, "uuid": "fef3569a-a7ac-4755-b38d-037be2f2543a", "value": 415744, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052077, "uuid": "4acbc369-9d3d-46dc-b622-4caaa7a083e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052077, "uuid": "ac74b4d3-6358-4937-af08-5052821b011e", "value": "InstallDriver.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "934572ef-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697052173, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052173, "uuid": "374e9584-f1b4-4371-ad49-ba196028a921", "comment": "Malware payload (AgentTesla)", "value": "d094eadeb920986a07e7549a3b1c5790", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052173, "uuid": "bb4de5e0-8f4b-4dd2-b6c9-decf350b92d8", "comment": "Malware payload (AgentTesla)", "value": "8a025851510b435a5fe39d69b7d18e1e02e86a5d0a04a60e1b4c53f9575f9d64", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052173, "uuid": "b78c8aa1-b479-4599-9d96-1ccfbada7435", "comment": "Malware payload (AgentTesla)", "value": "2839ea66c24dd51cc757191c590b4ee494634679", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052173, "uuid": "792f6780-89d5-41dc-88a2-8d97f9dbe8e7", "comment": "Malware payload (AgentTesla)", "value": "70115d70750610b39169bd951d982ed1046c1dd28c3dee159126905a8c6ea16cc451ada804ff6ed6142f47231e8fdb6b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052173, "uuid": "f80dd91e-c468-4316-b94e-d32702115c6b", "value": "T13FF4014073B61B67EEBA47F18260196487F5396E793AE3981EC1A0DFA4B1F504E40F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052173, "uuid": "095327ef-c34b-4876-ad3d-48f7c07a57ea", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052173, "uuid": "2b857bb7-e571-4faf-8e31-76557037b272", "value": "12288:8cNYX9KDFpOERhtwFk5iBLFPUgY5w3k2ptiM3ebgKez8/KT9AGXCQ:L6ty31xiVFPpY5wRphSUzB9d", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052173, "uuid": "a675a343-1091-4237-934d-39e4d636ea39", "value": 723968, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052173, "uuid": "ee317c31-e05f-420e-90a4-74c8e8669e2b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052173, "uuid": "d8c70fb9-5808-4413-8dc8-ffd17135105b", "value": "Sat\u0131n Alma Sipari\u015fi 11102023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3fcc6a1c-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067925, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067925, "uuid": "e6880929-85cd-490a-abcf-eadff7dd301b", "comment": "Malware payload", "value": "1f748b8c698897498ad07a6362e780f1", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067925, "uuid": "ba5c0868-6d5f-40ee-819d-a11f38f16a8e", "comment": "Malware payload", "value": "8a271be660b40e3b923bc8ba9479aa54d38cb232dd27e1217ad26e547e3a73bc", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067925, "uuid": "677aae5c-a4af-44eb-afb2-252f8092b4c8", "comment": "Malware payload", "value": "d931d2c1b103b41561db7760cf882c523624d28a", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067925, "uuid": "aaf6bc2b-535e-4ebf-a18c-4c7d0a7df63d", "comment": "Malware payload", "value": "5d4dcade29d4d3006a9eda237e5c038559aea2a2e29fb364be8e3b2c77d7a4e941e2479b1ca736c7e53d147095e88665", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067925, "uuid": "c1c64943-0859-45fe-bac1-b619444fb701", "value": "T120258A3223B22F3CA278FBF600DD155B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067925, "uuid": "d5b2b601-c2e8-4c09-8f12-eaf58903acea", "value": "6144:06OqlFA5GwtqDUJxtl6O2m07woeVIbNMFiczYClIFLCUygb8RII8auz1DJu1RGvg:7AF4hYimSCkAHuGGGPwfCeWz", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067925, "uuid": "33952c93-a30e-4a28-a88a-31b9011fd9ef", "value": 1037306, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067925, "uuid": "bce0ab79-981b-4efb-8b77-c886a83d3078", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067925, "uuid": "5ca4a3a1-74f2-4b97-a495-4ef14d6e62de", "value": "Document[2023.10.11_08-07].vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e6be6109-688b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066057, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066057, "uuid": "9a8146e3-ce23-4d32-9eea-4cb7323739c2", "comment": "Malware payload", "value": "61120ce69cb83e19bdb41f9eea585da8", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066057, "uuid": "362627d8-458e-4402-bfed-07f31f12c610", "comment": "Malware payload", "value": "8a7237e6e32add2e2477058bcfecac9c21502f6dd298ef1d05dd8075d327aed3", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066057, "uuid": "45d8ca8f-1c82-42e3-bbfb-bf6b07b666cb", "comment": "Malware payload", "value": "c3f58f1c4012752afab906d0d80385475f58d1a6", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066057, "uuid": "3ef233f2-0c0a-4e8e-9b81-0f264381013f", "comment": "Malware payload", "value": "fb164e5ba3d73b60fa58be1dd917f4ac5e0ba8319abd35a49525a6a1560c98e8de3cd27bcf60f92a5f1ae4ef862d2feb", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066057, "uuid": "7386ba9c-0247-4b92-beaf-45f433188143", "value": "T19A74236C6BD0B6D0EFE1823BE4A54BDD7037361D7A54265DAA1FFC3067061B88A38816", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066057, "uuid": "5bc73ea1-dab5-4669-858b-f252f0abdf9c", "value": "6144:lhDCVwXCdpK8ZZvVr+oHAe72bKNlysmbWzmehRfUhI6DfnoTE:3+V0SpK8ZtEoHAe7MKNlyspRReT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066057, "uuid": "b872e6d8-8f4e-4302-a831-b1006421f3b8", "value": 365928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066057, "uuid": "ccf22cda-238f-423d-ad7c-ba45933d9940", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066057, "uuid": "7eb1b866-b4e9-4e55-b6ea-b5679aabbd0c", "value": "AUWX1459_6602647.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "78a13916-6837-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1697029795, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029795, "uuid": "71dde4f1-2bcd-4714-a20e-1f3c2e762eb2", "comment": "Malware payload (DarkGate)", "value": "c5d77fec2d0c66bb9b69776942d8cd1f", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "eugelens.com", "colour": "#9E8F53", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029795, "uuid": "70e5aabd-b2ed-400a-beb0-6d4882b8701c", "comment": "Malware payload (DarkGate)", "value": "8a773f78391b298dd5d707a5e0b8bb1a7a6c51e5beb2a1e3a4fcb78465dfc13f", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "eugelens.com", "colour": "#9E8F53", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029795, "uuid": "e01d045d-c28b-44b1-a54b-60ba2975abf1", "comment": "Malware payload (DarkGate)", "value": "ef530be783f30f6a9576d9e4cb96ed0c67ac6c2e", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "eugelens.com", "colour": "#9E8F53", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029795, "uuid": "3cdea97b-fa2e-44c7-8a22-bfb8fd1baf92", "comment": "Malware payload (DarkGate)", "value": "91c01c86df8e5946fb112666a55202c1c861055d6768edf3e9983311503a8ebe2502aa1882b162c7f89be355115a6eb6", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "eugelens.com", "colour": "#9E8F53", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029795, "uuid": "64ff7fea-e871-4081-b464-bbcfa7d291ff", "value": "T175716C74410E7058D1DD763BCA18525A43037FEEA10D2BC8E690DB2D7D8106A287AF0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029795, "uuid": "3c458201-78cc-4558-b897-a7677dd8b1fc", "value": "96:V4vzVjbSiScrUeMjsPhiM2NBmtdtoH1fGthAglNH/eL:+v0crUeMjaPKkobkHg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697029795, "uuid": "e3c1e3b5-19bb-4449-b47c-bd878faca7e1", "value": 3490, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697029795, "uuid": "9186597a-9a4f-454e-944c-687ac753a696", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029795, "uuid": "317a7350-61cb-4bcc-ad03-9a18f126e310", "value": "foeo.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "619ac787-6891-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697068411, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068411, "uuid": "95e849e6-a600-47e8-89e0-ae4f2c248e86", "comment": "Malware payload (AgentTesla)", "value": "df382f435105a373a1f392a397734ab5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068411, "uuid": "4afea94e-ca5d-4dd0-99ce-70a2b67a2146", "comment": "Malware payload (AgentTesla)", "value": "8a7f1d7c33eadcfeec65ceb4636a266c41dbf0657ba21f0e7e9fdfa6cedee6d8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068411, "uuid": "c1245919-4ff7-407c-88a1-b9c77d8d2f08", "comment": "Malware payload (AgentTesla)", "value": "7ec2172e6603659f09351eb92a3cb86fba90be68", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068411, "uuid": "a4ebe6bf-bd82-44c7-ae51-eb9faf9437b3", "comment": "Malware payload (AgentTesla)", "value": "755877d90725d008ea24ed4a7b6eb2331339d68e7789343f50f9490f2a92857d536b8b32d96f79e20f27d583c742c3c1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068411, "uuid": "876b524c-d278-48d4-9f90-e9e32e57194a", "value": "T12D45D04272F09489E4D35EB68CAD92E023717C9F9521CB0D9E01EA1B78BE3C354D679B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068411, "uuid": "236ef9d8-904c-4eb4-ab22-cd5656eb6938", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068411, "uuid": "1bece182-c368-4b66-ab05-0daa0fd1ebbb", "value": "24576:MqC3Hnl/Dcp9mNXc6ng/bDM2b9goS7pSvekd8:UXlLUIdhn8bvgWjK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697068411, "uuid": "b9a1e6c9-eadd-4630-88c1-68dbfe1f8dd6", "value": 1167360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697068411, "uuid": "75e16a44-82c1-4423-a8e3-b02fc4993e70", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068411, "uuid": "8b803584-5ae7-4fbc-b242-1b1903249fd2", "value": "SecuriteInfo.com.Win32.MalwareX-gen.24360.1841", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1cf40bcb-681b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697017615, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017615, "uuid": "2efa5086-3f2b-423c-abc1-316ab2011d00", "comment": "Malware payload", "value": "9ede6327405b85fc0a512df6e33fda42", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017615, "uuid": "e3533305-147f-4b0f-823f-d48994f0e3f0", "comment": "Malware payload", "value": "8bb9ae2a1d3d0b7b6bfffc36d135eabae8878dbe029772bbb469b165a3cb190c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017615, "uuid": "7d13a181-9a4a-4e6e-8bde-7497b5e9f506", "comment": "Malware payload", "value": "68cc44de8d20139c4c8d51d061669886f7c5c9ba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017615, "uuid": "6a9fe6f8-5ab2-4353-867c-c0282dc805c1", "comment": "Malware payload", "value": "67ad4ddf3967c099186b540d7c7363fa681259f10876fb16b91924d56729077a3a5c22f5bbd3a6170b501ff5c64438d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017615, "uuid": "80e598b1-b51a-4160-842f-07594d33ff72", "value": "T1F172184DBE9DC527CAEC177C58A6034913B8E73BB482E70F5C9C957699533C00AD02EA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017615, "uuid": "bd8d63e4-f1c9-4a7e-8b11-dc8174480983", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017615, "uuid": "7435abe1-9a93-4b0f-984c-61d08886e391", "value": "384:SS5mjRR24VNJwvf+2ZyXM0bkDuRkOaXYs12XFbV:S2mjRR/LX2ZyXMIwpYXZV", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017615, "uuid": "809ce08f-27c5-4859-b9ab-3a21b06c9ee3", "value": 16896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017615, "uuid": "ff96ba25-5dbc-4407-b00e-a87f29eafd0e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017615, "uuid": "1604d679-2941-47a1-af2f-9e855a2b84eb", "value": "Order Inquiry.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ed6b65a4-682a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697024407, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024407, "uuid": "857af1c6-5a63-4ae9-93f1-bf6b84ec5bfe", "comment": "Malware payload (RedLineStealer)", "value": "da1daeff2870912155ff73080986739c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024407, "uuid": "38f9a987-e1c6-4184-b746-1d32c8842229", "comment": "Malware payload (RedLineStealer)", "value": "8c5238ac5dfa29d464105a4d416720d46c808d7336ccd2c30783ecc80adcaf34", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024407, "uuid": "c7f01839-ba5d-447f-b5eb-73ac41e1e4a4", "comment": "Malware payload (RedLineStealer)", "value": "1ffa8400f2d07b9dc3a25bb03d21b9a6ddfa66e1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024407, "uuid": "7a6965b7-e811-42fe-a981-bf4723c76d34", "comment": "Malware payload (RedLineStealer)", "value": "1dcab13c170ac0d12ca5409302d95d4e1fb8fd69b182563964ff1acd5d48d56b6a3eca9bf81a15c79dac11df973fb6b9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024407, "uuid": "4e892aa3-4149-45d3-aa87-651bca153556", "value": "T1B6352242A6E44536D8749BB06CF307C70E32BC605D7497A7339898AE5CA2794B4363BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024407, "uuid": "441f55ac-5425-4183-8970-72fe9c3028c2", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024407, "uuid": "0d7f425e-e838-4f12-ad4c-b2dbd2818e76", "value": "24576:IyQTxouSW1S+qKj0aTGbtnNBYPml+2p70zBbKBxnDuUpSnhemRd6DU:PQloK1S+dj0Ndpl+nVGBuBnQm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697024407, "uuid": "d721d127-650a-49e2-ac7b-6171e9b03985", "value": 1062400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697024407, "uuid": "90aa56b2-05d7-430b-a803-39523eec5a2a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024407, "uuid": "e5e332fb-a3ed-412f-ba6b-c7d8c92b740e", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "804750a9-6865-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IcedID)", "timestamp": 1697049564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049564, "uuid": "9019a768-e9a9-4a7e-a192-055b410e3a14", "comment": "Malware payload (IcedID)", "value": "20a3e701e9a1e20c83a8ad5d387ad3cd", "object_relation": "md5", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049564, "uuid": "ad5c63d6-d13f-486a-928b-1ce57947418a", "comment": "Malware payload (IcedID)", "value": "8c5c7a8cdda35d77ae8e90a14e0732b6b48e4efb453434ac4d5e7df0e625b06a", "object_relation": "sha256", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049564, "uuid": "adc51dd5-78b5-4d6e-8ff2-a878a7760753", "comment": "Malware payload (IcedID)", "value": "3b18b70e62aef8d46ba5ad0385d1a0e3d139f2e3", "object_relation": "sha1", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697049564, "uuid": "77c384ed-32a8-4891-869a-7f13a7cb440b", "comment": "Malware payload (IcedID)", "value": "19d1c2d377b10257e3bd8907a4e8e7733c2c10332484237c0cc2d9451c7310b4b3cee7ffd369d4415841d005220e9dab", "object_relation": "sha3-384", "Tag": [ { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049564, "uuid": "0c00494f-a59e-46e3-928b-808282daa031", "value": "T109258A3263B22F3DA278FBF600DD15479E797D631011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049564, "uuid": "2520f50b-c56a-476f-af80-85132fcd1b42", "value": "6144:QI5hC7gl0z9IyjyHUPx9nO3Sd+tw+aN1glujVzB7e1mY1XhnL3Q0zoFIkCMkUZ+b:DNu8C5pNBe1v0lrYvV9V/vj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697049564, "uuid": "c644cb66-0a24-4ad0-b099-ee4e34ad79f3", "value": 1036832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697049564, "uuid": "ef37d6bc-5ff2-4f72-a488-67dbf01ce6df", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697049564, "uuid": "516c47ce-4d12-42ac-8117-c182ab6c5ea0", "value": "New_Working_Conditions_2023.10.11_08-07.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35139fab-680d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697011642, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011642, "uuid": "23ce2786-cac7-4b82-b4cc-5c20cd6ae4f6", "comment": "Malware payload (RemcosRAT)", "value": "955a7deb29f4b03b35faa62100d416fd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011642, "uuid": "3076965b-b3f2-4251-9bc7-9e751ec5fde3", "comment": "Malware payload (RemcosRAT)", "value": "8c71aeb54732d7c292c42820b9b46cd44710c58920bdee797c8c462b22c3569b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011642, "uuid": "0b28f6ea-c2ec-47e9-8bac-19ec9b0e7346", "comment": "Malware payload (RemcosRAT)", "value": "ff754eefbfb2052ebb87ba5df5ba8dfa93168251", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697011642, "uuid": "e7c04252-8f4d-427e-944a-f1499312ea4e", "comment": "Malware payload (RemcosRAT)", "value": "945772e5c5d6aa2f81b27b416e1af8cfe192f46117600cef04146f769fd795d70b7e629656708caa8928f0bef9321edb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "remcos", "colour": "#0EEF17", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011642, "uuid": "d46f1664-1de2-4d27-8e07-1c6d67f9dd60", "value": "T1F83412641721E956F0E0E0BCDA44E9F25AA97C202D8B6E0D43ECFF17F917045A6CE166", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011642, "uuid": "e5ff9410-9e4d-4673-9f14-bac49fd4c77c", "value": "bc4f8e98d1041d53dd63bfb91ed10d0a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011642, "uuid": "2256c73f-d864-4e87-965a-fdbeb76b4436", "value": "3072:EOSI2I7txG68nYrugMZJMfsciIpuKNtrUQlAK3qSjYPS+IAXb3Ixi5eFrgurIlNj:1vG68YrvM80ypnjAedo3qiGUY2ChzI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697011642, "uuid": "c821015b-b4c9-4fb0-b03b-0e794f1850c1", "value": 238592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697011642, "uuid": "f61eedce-5b8f-45b8-b572-f7b2d18754c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697011642, "uuid": "5621ec07-32a5-4ab1-8f4b-fbecc2a2ef08", "value": "bQ6f.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ea27d166-6889-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697065204, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065204, "uuid": "4e927131-2c9d-46c9-aa84-ce79db869d7c", "comment": "Malware payload (Mirai)", "value": "a7adb822aaf01021f8b86575948a586e", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065204, "uuid": "4762acb9-9a2f-4359-af33-27e8fc6c9850", "comment": "Malware payload (Mirai)", "value": "8d2f770c913482873d926133febdcbb24031952c012c5a378a3f6a921bb24bcf", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065204, "uuid": "8e098f36-c193-46c4-bd23-ec6420e32ece", "comment": "Malware payload (Mirai)", "value": "7e7842b92ecf1f56c23a98196c0cd9eabb09c2cf", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065204, "uuid": "a8395b47-cebc-4de2-9977-679bfaaf91d3", "comment": "Malware payload (Mirai)", "value": "b035cf44a0c76e8fc8a65aab4a0a81d5aa9c1dfd03283ac7969f3797721d2502f1962e7cf4ee479d2051ed07cf010b73", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065204, "uuid": "5d0f4f6e-a631-4a32-8aca-cef64e7aa9a2", "value": "T13333F155B0047561C6703637F82615D3FF4A1BFAC6E23833052943E8A8E94A33AF6CA2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065204, "uuid": "49518a70-fa7f-4cd1-bb09-60968574154d", "value": "768:/Mte5B4PACtw/YcmRIe18D9q63TxZQbSORe7Su2QJnKE79TLruJkddvi9q3UELbi:/M84ISRX63dZQbS5rzZhdvXLIVmWjh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697065204, "uuid": "64fff017-59d1-4021-b836-999bda1a89d5", "value": 53620, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697065204, "uuid": "fe736fb2-91f0-408b-9559-44485206d6d4", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065204, "uuid": "a25fec74-9dc7-44ed-a3a0-6ea4bc4bd498", "value": "xd.arm7", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "16a2ca08-688e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066996, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066996, "uuid": "fc4a7b5c-7e58-4db7-a16f-f2388c98abd4", "comment": "Malware payload", "value": "48886cc11e59d2e9f18a2638de18b5f7", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066996, "uuid": "4c265888-ae37-4118-94fc-5b131c403808", "comment": "Malware payload", "value": "8d52d3e8e810ae5a4ece315807edd7ae3d442269377675482b7129639c42fab1", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066996, "uuid": "91a5707f-30af-4bb9-a298-1cc7fadca7c3", "comment": "Malware payload", "value": "86e3c3f3341f894ce1c33080e5528b71b919b072", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066996, "uuid": "6dff9c53-7ed4-4cbf-95cd-963b1b3487c0", "comment": "Malware payload", "value": "81b3061ae28b3cd95977efe1c739b1ebfa0f6bd84754fbab1b452ba7a2fb2e9c4c93660ee93cd4e7e6ab01a4f7687468", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066996, "uuid": "7eacb0f4-7a20-452d-9e51-d5c827f0a555", "value": "T16874239D57FA252BC33911AB783B491813CDCA44810B987A2ACF88E5DCFE5D39737A41", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066996, "uuid": "ec3140dd-43e5-42d1-954b-e831400a320f", "value": "6144:EClfuYQYM8yX64ChLCJIRojxmUbDGsACHyV5SNLxvf7STkVyN/EwjX:FGYMkhhsxnbDGs3Hy38LtfmTayH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066996, "uuid": "7ebb2882-d4e9-4de8-9e84-ffe5dc0cefae", "value": 366271, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066996, "uuid": "bf7ad66a-2cc0-49ca-a4b8-0e53293c421e", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066996, "uuid": "451ca918-20cc-4d97-bb2f-fc12a33e43a3", "value": "GMNP1456_9976206.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7dee08e-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697050570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050570, "uuid": "9f2ccfdf-eeb1-48bc-8f07-fdf52410c730", "comment": "Malware payload", "value": "6546844f130e761aeb34029466409553", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050570, "uuid": "b2e6c291-4dfc-42b8-bafc-b0b1b8cd7540", "comment": "Malware payload", "value": "8d5bd2b247ca7d188c082e08e7a90034110482919e7b737b838c6dade6b4d644", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050570, "uuid": "da9c4973-cc9a-482e-92ae-68026c7b72b6", "comment": "Malware payload", "value": "0aeb09a39e97d2526fe8ff8467129c8b48506fef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050570, "uuid": "835169ce-4936-4d99-894f-b944dcd7bba6", "comment": "Malware payload", "value": "cdf1f6efa4233016c94b2d13ad8269f6aa8f959dae08a3b3a757b753f6bafe78c079d6b035176deba2a1408230c1b094", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050570, "uuid": "7e800d1e-7d69-424f-b056-4070180137b2", "value": "T1C434BE117592D4B2C7478030C824CEF97939BC669E4B8A8737AC3F6FBD31692A366254", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050570, "uuid": "84b2947b-f079-4a9d-8ecd-07cb267153d1", "value": "ee230306e1cdee7eabfa559def68f41a", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050570, "uuid": "342970d9-06da-4b2b-a070-6676714a0da8", "value": "3072:3X5VL2484h6kCiEjjPv1S9Q7QikIPXV9tEnYufioL26FzYxL5yMzuTy:n/Nh67iEjjkQMWbufs0eUMyT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050570, "uuid": "33ac62f9-6c2a-42bc-ae2b-08e64d9b84e2", "value": 230912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050570, "uuid": "63992e1d-0a30-4890-bbed-000bb14fe9f0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050570, "uuid": "763d5b83-c57b-43fa-b4d1-5de4f0487f4b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fe530a96-6839-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697030878, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030878, "uuid": "ec890bad-975d-4bba-8804-c64bbd5b26f0", "comment": "Malware payload", "value": "c6cfb883b5b0ee686f4688134acbce60", "object_relation": "md5", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030878, "uuid": "865d8f07-ad74-4069-86dc-4095f40b3718", "comment": "Malware payload", "value": "8d864cfdc49b7930718cb9c2e6e08324b7df6a5e1860897b8c4d9cf88bd64020", "object_relation": "sha256", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030878, "uuid": "c71cfa42-31bd-4ca7-a29b-05f38d8b4ad7", "comment": "Malware payload", "value": "3f132a74707fe1493843f64ea2c936a8ed22d755", "object_relation": "sha1", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030878, "uuid": "523b8fcb-af57-46a7-b6df-a6ee12d1fd35", "comment": "Malware payload", "value": "07615af8c47e0c819e53cb0d311444cc9ef5cc5a7aaf992101d72fcec51a77092b8f36ebb7ac283f03da111a957182ad", "object_relation": "sha3-384", "Tag": [ { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "docx", "colour": "#0DD1A9", "exportable": true, "hide_tag": false }, { "name": "stager", "colour": "#684D81", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030878, "uuid": "bbdaa0bc-de56-44cd-8b1c-334a8185b033", "value": "T1A5F24E16B2D6CE57F16656324ED3C6D67338BE199E02C30B32447F1EBCB16B18A22745", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030878, "uuid": "74b3a580-03c9-42c4-9bbe-3329f5eff6a3", "value": "384:wxSiSwvxjk+tr2zWBmVDggP50j9qtJGVx6M0R:8Vxw+tiqwBKXVx6M0R", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697030878, "uuid": "d8a17ab6-a7d7-41e5-8c92-14e1e4258ac9", "value": 34816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697030878, "uuid": "ea460039-a199-42f9-bc52-f3da0b4397db", "value": "application/msword", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030878, "uuid": "6c3111a1-cab2-4d69-8407-e35b74bddcbe", "value": "c6cfb883b5b0ee686f4688134acbce60", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5cbfe6f0-682b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Vidar)", "timestamp": 1697024594, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024594, "uuid": "3161d641-3807-494e-bd55-998d9b1b3c49", "comment": "Malware payload (Vidar)", "value": "9650be960fcb539276cc746d87723647", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024594, "uuid": "993751ea-6168-450b-991c-119a88db9a86", "comment": "Malware payload (Vidar)", "value": "8dc76ffc3b12c7451d84791c96594733d191d9b459c3bac6d447464fe411942b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024594, "uuid": "4a6330ac-7455-47e4-ac0d-f812d901dd13", "comment": "Malware payload (Vidar)", "value": "d64681683ef4ea4923f5a652ed4385e06299fb23", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024594, "uuid": "86be7d73-c546-4e97-a36a-5b80dbd08304", "comment": "Malware payload (Vidar)", "value": "4fe494c799890aa3a74a4e3587c1628da9f69ddbc4a413f0fb027debfdb5b57031242605bb3393d27ea09ee841bc9cc8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "vidar", "colour": "#BA40B3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024594, "uuid": "97be9579-7303-474f-bbd8-052af5a045ec", "value": "T17CB4BE07E9F66FAAC69381BAD473149174BAF8083F484777239DA2213817A504FD3F69", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024594, "uuid": "05b41c7d-c268-4ead-90eb-9b4172d1c7fe", "value": "e13b76733f330939a47e46f320016e1f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024594, "uuid": "ece8f275-246d-4978-84b8-415e1c3790f0", "value": "6144:luhHhsOFaHbK0xe/OmFLrBaGykfm+hYYim6QXpJoWfbq2J/yQtyN1Kiy3q:IhHhsBX2pThFJX/tTnJ/yQYk3q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697024594, "uuid": "e9001421-40b7-4226-af11-9c17a66eae15", "value": 510976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697024594, "uuid": "748036d3-27e2-41bd-b067-39d2dc82791e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024594, "uuid": "133924fd-71f6-47e0-a06c-529078cb8849", "value": "SecuriteInfo.com.Win64.PWSX-gen.18282.2346", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bfb2cc21-6849-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697037645, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037645, "uuid": "46ab5906-8328-482c-bafe-b31b121b0790", "comment": "Malware payload (RedLineStealer)", "value": "4307f0fe774e9f5894e430807f994917", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037645, "uuid": "b11259c5-d4ac-4705-9ad0-867ee5b9066d", "comment": "Malware payload (RedLineStealer)", "value": "8dd4225be0bb99ecb275f8faca209eb738d22a48ee277978a062a8e89cf96b1a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037645, "uuid": "611da068-90b7-4dcf-b64c-8c49a8f4e4d7", "comment": "Malware payload (RedLineStealer)", "value": "69afa0de08ab52e2be05259a490270c7185111a8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037645, "uuid": "4005044c-1fb5-4911-b90a-67061eb82bbf", "comment": "Malware payload (RedLineStealer)", "value": "c1ac494b4d1f79cf4bdaeb2cd1c59e5c153bed30ea2bbadef5a6ca91087e2fc8215fb590250cd48b8cc5f9a0ed3e855b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037645, "uuid": "cd0dfd63-7544-410b-936d-4ce6cfe19ff9", "value": "T165352353F7EC51B3E5B55BB058F503931E363D810E6887AB328AAD1D5EB3890A432367", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037645, "uuid": "1b0b2a2f-3b3f-4049-bf8c-53f9f1bf2c28", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037645, "uuid": "872d4213-de05-4f5c-8fad-e85540215ef6", "value": "24576:5y+tByqxCRQYPW02m7fDjivGTvXBFp3emD3aNphF2:s+tBVxCqzwf/+wXBjOuopH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697037645, "uuid": "1fbc573f-f884-4790-8905-4618f852e4fd", "value": 1090560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697037645, "uuid": "7ccf0d41-135e-4a14-a63f-d4bb059508e6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037645, "uuid": "6843515d-f9bf-4fbc-8fb8-2267609e83a6", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ba0537c-681f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697019465, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019465, "uuid": "936bc024-dfe7-48c0-a86b-8c8f46787604", "comment": "Malware payload (RedLineStealer)", "value": "47061877c9b10cf48d2899edcca2de9e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019465, "uuid": "74d86ad9-4c83-4a3e-bf39-9dc44443214d", "comment": "Malware payload (RedLineStealer)", "value": "8e0068eb77e3189a06f882b781dfb1d3ee76d89a84b8d9cebd7f80d2986e63f9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019465, "uuid": "81501b4f-d6a7-445d-b54c-0ec991f8f7ba", "comment": "Malware payload (RedLineStealer)", "value": "32e5c9ae5395f448f8c41e117450def24389983e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019465, "uuid": "e01d9226-7153-4345-906a-7ba75e449845", "comment": "Malware payload (RedLineStealer)", "value": "f874b1985169bf5b4795017869eb5ad72b84de3e0f91e8d8456c8abae74ad7e4b4c2133cc6d29f92d913719f61de4d72", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019465, "uuid": "fcdd3dec-f5ef-454a-a661-e5f8523bb2fd", "value": "T15E352253E9D88472DCB21B3498F602972B32FC598CB893A76752F1DA0C63998D831777", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019465, "uuid": "28e15c48-70d4-4465-a653-641893013cab", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019465, "uuid": "c29edf7a-fb47-4efa-9c4c-a0d3f8656efc", "value": "24576:XyAwZo5Fr4lhgpd+J0vjcu8rIFqDpbYpMx+tmrEU/Y:iAw2rQg2KQuaB/+0rb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697019465, "uuid": "9950bb8b-eed6-41f7-afde-9ebbaed2bc65", "value": 1077760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697019465, "uuid": "25c2fe87-251e-4ba9-b8f9-9a7960d7070a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019465, "uuid": "a7b66bb5-81f8-4428-a912-c1d81b4b2725", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "695e323f-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066706, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066706, "uuid": "fc198ce4-6493-4fe5-8d6e-de46749f6379", "comment": "Malware payload", "value": "a78d8a2a21bdc809883c18586fb45fb5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066706, "uuid": "2c07b261-233c-4000-9dd3-13b6872cc240", "comment": "Malware payload", "value": "8e783584b07993a462b8fa08ec4ba90ee0d09265814f175fe57dc4785785d80f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066706, "uuid": "f69993a6-5696-4990-ab3d-85caa54b5d76", "comment": "Malware payload", "value": "874e7aa8d4c64a02a1d4c18fd05d88568cb92962", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066706, "uuid": "1fcb4dfd-7f14-47d2-b376-4bbcfcb7496a", "comment": "Malware payload", "value": "b9123af237c09c1e15a64c66436f64b62773d3726237e7bd9eab11fa434659d1dad4e35dab080610f7a40f4194979603", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066706, "uuid": "d794c81e-18db-4fc3-b988-845a2b433688", "value": "T185652362EAFDA133FBB427708CF60B938A397C228D7942A73346885B5DB25455631337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066706, "uuid": "8284aadf-3667-427d-8bc2-3c589e5d7e6c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066706, "uuid": "9f076711-7819-4c67-bb74-9721d2be53d3", "value": "24576:ryn2VKJLKsSB6gVUmEWe7y+/idLoJF9sT871SSq+nhTAx7Vz4JnuTXKcBaOZjE4x:en2kLckEEfyoiMF/71L/nFMplTXKclhl", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066706, "uuid": "0f88da8e-7726-4e9f-b882-5c03a2a75860", "value": 1548800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066706, "uuid": "f058b967-d3bc-4897-8016-6f46aa51e615", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066706, "uuid": "e3fdbab6-aa2a-439c-b6e9-b1b091dce1eb", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0840f4f1-688e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066972, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066972, "uuid": "0333096e-5c4f-4cac-bb30-762795e422ad", "comment": "Malware payload", "value": "a4b461808e67ac5359976299d99165a0", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066972, "uuid": "47a0c5e8-c78c-4a35-aa0d-b03684f375e1", "comment": "Malware payload", "value": "8ea34fe052f0bec25ced84dddb76b5da6178ec77ca78a975e472550a67e3d55e", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066972, "uuid": "d52e243b-f288-4866-8be2-75d4749a44e5", "comment": "Malware payload", "value": "78531effe64906cc08d9a154a2bdcab07a405d9a", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066972, "uuid": "6ecf8137-d357-4d64-ba59-72eec5d00c1f", "comment": "Malware payload", "value": "ab82b816226c7ed432c5080df46743a719481f9a1097a26e6dae550fbdcc8e118fba4255c1ca06db55b0de65dbffc7ab", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066972, "uuid": "f5035a96-3bad-417c-b98f-66b02fff19c4", "value": "T1B0742315C390D925893B215A7AD00AC9C7D7A7A93B11A3563E1503C3A0DFE71BEA2F1F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066972, "uuid": "20f57cef-e60f-441a-90d4-588f8f0430e0", "value": "6144:jWIv3MgqIFdUDW7qrento2t7LJ6WAthXPO3USTpFsg4OibdoXXj2dlshxBwfdC+K:bPModU6qrQi2t7F9EhXPyFVJ3kd6K/+b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066972, "uuid": "88075a07-dbe7-4c23-82f8-11e0bff3c27d", "value": 365647, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066972, "uuid": "5fdad326-1f2d-47ef-acaf-9e9ac74b69d9", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066972, "uuid": "cf5d0a8e-204e-42e5-b6ef-7fb01274d537", "value": "BCNO2478_6257299.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08d0a68a-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052370, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052370, "uuid": "4872d842-5626-40f7-b6a3-1cbd1e46e46b", "comment": "Malware payload (SnakeKeylogger)", "value": "5cdd4d9759d692c0f101ac4a4cc3ff1b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052370, "uuid": "8d0fb410-4800-4862-b845-ec98274362d1", "comment": "Malware payload (SnakeKeylogger)", "value": "8f2fb872277b6270dc478a0a5fba9a19031317e88ba3bbccfc6ab134d27ab675", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052370, "uuid": "16a12890-efb8-41ad-b3a3-328d9702fdac", "comment": "Malware payload (SnakeKeylogger)", "value": "d396f1500c93da233e7853197c1660a1f918bb80", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052370, "uuid": "ec1e1db1-c696-4a12-8fe5-a7ee33db8ce0", "comment": "Malware payload (SnakeKeylogger)", "value": "736f9e68dcb3bee985312cb47a886f0a8c691e5da139b57ee2b1dcc2057dd500dfba14508556e77f05bdc25f0396dcf0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052370, "uuid": "b316f7e4-3b0f-4838-8c54-9597c5a1b8e9", "value": "T12AC412103290D247DB5903364FA6C6B043E09D2AA568E6B229F57CCFFDFDB039599A43", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052370, "uuid": "ef1c2635-4a58-4e43-ae62-b2944d586b26", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052370, "uuid": "781c562b-144c-40b8-a4f7-5c4369890db1", "value": "12288:9V5gdfX9KNP5XQ4IGivFoKlfp5whynumZcQ/+7V:Qfte559ivWApAyup", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052370, "uuid": "9b4e4d1d-1c06-414c-abbe-8b75f29067e4", "value": 564224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052370, "uuid": "76bea530-9cbb-43f9-a1e1-0fd617a1ad38", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052370, "uuid": "e7c3d2e1-1271-41a2-a1d1-2704150a1caf", "value": "REQUEST FOR QUOTATION E230830F2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c8f911f8-682d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697025634, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025634, "uuid": "6a1cd986-b4ec-45e0-b972-f735465f9346", "comment": "Malware payload (AgentTesla)", "value": "bb1a5fbb0aa39969bbcfe9000b5e85b2", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025634, "uuid": "382550dd-46ad-46f6-b4d7-981ae083b5ff", "comment": "Malware payload (AgentTesla)", "value": "8fbcb6fe1273fad413927c4e603b76ca39fe31c28cc962de2cec1ce18865f331", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025634, "uuid": "7cd917ad-740d-49d0-88c6-0dafb0fd8bd7", "comment": "Malware payload (AgentTesla)", "value": "01afa618029fd7b6db3f8f27770b3fd206b59533", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025634, "uuid": "43959347-f002-4bb4-961d-f63885de7907", "comment": "Malware payload (AgentTesla)", "value": "d55e2bb33168990049f7950461126bf00b54729456762a1e28e4ba04d2fb4ba9b652163d6b5c4cab0a875a220cf72a56", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025634, "uuid": "4668a89c-1548-4e2e-89e5-f67db9902f02", "value": "T1B08402CBB93E90F1CA9D977AC59640040660D79EB293D7767C4E139608033EDCA4EA7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025634, "uuid": "a5628198-8b91-428a-b9f3-b02ffa9de850", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025634, "uuid": "a908073c-a51c-420c-989e-4cf506add9f2", "value": "6144:KGwhVmRSLxK/4Qgn4CkCTDrcLlmNAkc23244TmifHzL9wgJd/jX+SK0FJOuKR9Wx:KxgUhXkCPo5mNAkc23244Tmifdwgr/jb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025634, "uuid": "182f4d7b-d55d-4963-88a0-17f763ed55b6", "value": 371712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025634, "uuid": "d3a3cd20-7a90-44aa-a7e2-e1cd4aa5dd39", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025634, "uuid": "03b5f91c-6160-4106-9d92-e4ac5cc8e221", "value": "8fbcb6fe1273fad413927c4e603b76ca39fe31c28cc962de2cec1ce18865f331", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f2488119-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052333, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052333, "uuid": "09ce4ff5-60a6-4b9d-a86e-3edf6930909a", "comment": "Malware payload (SnakeKeylogger)", "value": "5636aab70daf85f7578b60fb7e504c6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052333, "uuid": "95f06b22-82d4-4c2f-b7aa-2e217bc698aa", "comment": "Malware payload (SnakeKeylogger)", "value": "8fdfe5bcc7f4ae9810621398a1a46fcf84e93c71c2c841b3c2d8463e9627982f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052333, "uuid": "07d30635-d70a-40da-8423-857f47cb1759", "comment": "Malware payload (SnakeKeylogger)", "value": "bb65bdf417bce4de922db81a6e99d509a1990236", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052333, "uuid": "d366c480-0e5f-448a-ac97-1c2e2c813ea7", "comment": "Malware payload (SnakeKeylogger)", "value": "13a2605d03fb626651dfa0e65b9b5996465e63778ca73db8faa2ca3ad4ba4fd15a1122088a1fee4b730dbdada361b3ed", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052333, "uuid": "396f68a8-6b2c-4507-97e7-d4661923f9eb", "value": "T173D4F12933AC8B26E23E8BFB15B5015117F57527357DE3589ED228CF2E21F824524BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052333, "uuid": "93cada20-ead6-4430-8055-8052f5d39d2d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052333, "uuid": "d3546061-faf5-4de7-bf36-e2d5e0e0d21f", "value": "12288:ecX9Kn46dkpV8SFZL+B0j6SHPn2WhqoK9:ectY4x8SFIB45/2Tb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052333, "uuid": "2d5a3bb9-77ea-499c-b82e-80bc70d299d9", "value": 625152, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052333, "uuid": "003bc07a-3edf-4c2f-99e1-c2c9bade6eb9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052333, "uuid": "8b908003-1b19-4113-90b2-9b6781ba38a8", "value": "08A347B6-6FB3-4B5E-9A49-9EC1E49DF8F1.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8894f02-6831-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1697027298, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027298, "uuid": "faf575b7-580a-42a0-a8a2-50e9586ca702", "comment": "Malware payload (Loki)", "value": "fcc77de74364440a6aec94c1d283ac40", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027298, "uuid": "d1cfae0a-043d-4dba-93ab-ad7574f8d23a", "comment": "Malware payload (Loki)", "value": "91bff23f123fb307a7baebb69281c6d17f65fc7d3c7891bbbe7df3b486e4d10c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027298, "uuid": "37ffc8d7-366e-4495-9549-934e378e5708", "comment": "Malware payload (Loki)", "value": "4abb3f76dddb852bd310b6b001a3e9ec8ebdd38d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027298, "uuid": "23f35992-da4c-4649-a5e2-980f52211e6c", "comment": "Malware payload (Loki)", "value": "af3e5181ce420a9bc0e5962c0bd8c9147dc47452c60765cc6e63fb9cfcd4959f84425251f2a65dfbf580519c20c83bbb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027298, "uuid": "2757b278-4f69-459a-b9ec-c273276d0c09", "value": "T1D5C4B76A347A420AF2619D7C5FBCB170A1ADF3F555B50C3B4CF6470A13826F08B9C66A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027298, "uuid": "a064df9b-75ab-4a16-b537-afb505a49b00", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027298, "uuid": "4948a1e5-c127-4553-a6e5-13c0ee1b0154", "value": "3072:9z88Ptd2epEFbMkbNZG46Xz3kFE0bFd+m0de2fcRMBLEFx11Hiv2MN+NFh8jG7Q1:9z88BjkbNNhNHG+96+NFh8LKi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027298, "uuid": "06fff757-a6bb-4bf6-8686-d1d22cedf8b9", "value": 594432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027298, "uuid": "974ce2e0-8016-4d87-8250-1a45c69c41d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027298, "uuid": "15c2556c-e224-4149-9f06-5bc9b38d8206", "value": "Dekont 1001929 11102023.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c9263ea2-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052693, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052693, "uuid": "062e464c-b6f9-406c-b44a-1478624db68f", "comment": "Malware payload", "value": "156fea0ebb063654efec039da3967453", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052693, "uuid": "7d5cef3d-ee10-4a7d-92ee-a29f7a28e3e1", "comment": "Malware payload", "value": "91c73aedcbfa2a3726a63259aafea1f73a89b54ad5ba5c2a1747d3927713449a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052693, "uuid": "3e901746-18e4-48a0-ae69-c86700c4cf0e", "comment": "Malware payload", "value": "346308aee4ce44f3abffb893ee662892595deb89", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052693, "uuid": "74e15291-dcf8-4344-ae09-62f97a47acb6", "comment": "Malware payload", "value": "04fd013e3b5c914c95d0fd7f95dbc776d649115d29433793ae7ac7a3c5f5cebed677e808f0b87f9d2303c89ac1225148", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052693, "uuid": "c17d7a04-af59-4197-af3a-9e19ab59a65e", "value": "T14324CF11B88ED8F2C8474135C825CAF8A93E7C769A98798737A43F6F7D313926766310", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052693, "uuid": "79b8ecf4-710e-43d2-88c1-731dadd8b9a5", "value": "987d26efaba6f21b1152f94099a2d2b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052693, "uuid": "9d563194-c754-4466-84fe-16ccbca5554f", "value": "3072:eX5rH1q6QQjTQi/IWiEzKFQ7yrpF+4ob1CB0XoTh25w1eTy+:m+6Q4TQigWioMQ6pF+B1CCX6IT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052693, "uuid": "ec08f5e8-d61f-4f68-92ff-6061a6ac29a6", "value": 229888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052693, "uuid": "61159292-fdeb-4521-a7e7-0d81feb57d33", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052693, "uuid": "33ded3bc-6b26-4388-bff4-4b4567170ddc", "value": "156fea0ebb063654efec039da3967453.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c414a3d-6837-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1697029801, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029801, "uuid": "e840351e-15e6-4132-9025-7cb2f4de1263", "comment": "Malware payload (DarkGate)", "value": "97d180b87924abffff58b5a6e2fd7ca4", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "eugelens.com", "colour": "#9E8F53", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029801, "uuid": "e89a6bab-3915-41e4-a0fc-a5cd6d8191b7", "comment": "Malware payload (DarkGate)", "value": "926a875b17007ab99572ca73c670148eb964f5d9dd9a2abfd496a9c109f4db60", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "eugelens.com", "colour": "#9E8F53", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029801, "uuid": "f7a0f886-2ddf-4da4-90b4-a7fce2d23bcd", "comment": "Malware payload (DarkGate)", "value": "177acef2abed4ec8973313d5ede03831e32e35aa", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "eugelens.com", "colour": "#9E8F53", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029801, "uuid": "3421d5de-a565-40e5-a4ae-3160dced475d", "comment": "Malware payload (DarkGate)", "value": "86b3dab987276676ba3f482b596244ebc0557f4f4eaecfbf8d19e5963843d9a22da8fc28214d5d34dbe1881b57d2dbad", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "eugelens.com", "colour": "#9E8F53", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029801, "uuid": "4c5eae02-eb85-4618-a267-ea8d343d0c18", "value": "T17B12BA52FC4B8E38F156DE8A2D47A4D2C9320442FA44A5D4BA8CFBDD57CF62494FE260", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029801, "uuid": "c2c9ef63-d556-432a-94cd-1dd9f8055091", "value": "192:f8IMu0Cp4EmpXUHg4KR/oNQsKMKiWSDX4X:f8PzE0ig4KR/aQsKliWAIX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697029801, "uuid": "26473509-cedc-4177-841b-c2b92bfbe9fc", "value": 9548, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697029801, "uuid": "6c262630-8f8b-4093-9bed-64a75a3db55e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029801, "uuid": "79eb24a3-7f07-4358-adc2-3aa41f215fc7", "value": "HH-41.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "977497d9-6834-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697028558, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028558, "uuid": "9abab83a-3ef8-4a2b-8e65-e5a279dd9996", "comment": "Malware payload (AgentTesla)", "value": "476662d0e6239f14a0a696ca3c937a07", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028558, "uuid": "2bf91446-f2e9-4aca-b184-d22eac43a0ec", "comment": "Malware payload (AgentTesla)", "value": "92a24f21d3606ea93a6c26db85a9053d3d542fe185a301a78ff55b2863bedc04", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028558, "uuid": "45c4e5b8-222e-45c4-b456-eea905a3aabd", "comment": "Malware payload (AgentTesla)", "value": "1685854a2cb8abc1d6a6c76eb9232aa340e51787", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028558, "uuid": "df183dc9-4d88-4896-8075-2027b8f5b771", "comment": "Malware payload (AgentTesla)", "value": "c56009b530da36d4ede59548d3e1720d09e7c45123e41b4d02781438534c6913865aef990ea36ef8c7520e8aacfa1f5a", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028558, "uuid": "ae420cda-f2dd-4234-a3c5-6a0aa053a4bb", "value": "T1720458F0317D83C3E1A58EB11FCA86B079F136ACA8D0560DA0F59B2E93D2355149D9EE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028558, "uuid": "5ea73eae-6ecf-4963-acaf-c84368f49eb0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028558, "uuid": "b81caec1-2207-49df-acb3-ad8a44803d66", "value": "1536:4qAY1c9wqvnAv77vvvvv7vvvvvvv7vvvvv64+mhhhm+DtqOg:B+9wqY+mhhhmitqO", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028558, "uuid": "a1f07cbb-418e-497e-844c-efaf649aed6d", "value": 174080, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028558, "uuid": "51437775-1ef3-43a3-ab65-ffdd192e31d6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028558, "uuid": "be7cfa82-ffeb-442f-b341-957a0d2f5273", "value": "3VA20256JQ320AA0_datasheet.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2c6130f2-67f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697000461, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000461, "uuid": "53206f08-76e2-4b71-8766-8b334019190a", "comment": "Malware payload (RedLineStealer)", "value": "93a0c97dc63b3f62141bba415b0c16e2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000461, "uuid": "aefe2e34-0cea-489b-be88-754231a8b64c", "comment": "Malware payload (RedLineStealer)", "value": "92d5f9c1143f1fa9360241353a34fbc81d9ac7a15ca3105678201b278895343f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000461, "uuid": "07d85afa-0eb2-4b46-a7db-341283bedf6f", "comment": "Malware payload (RedLineStealer)", "value": "cf38d63d62e78380568faedf7e88a06ab8755237", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000461, "uuid": "4f05a255-786f-4b98-aae9-e8e86c27ca12", "comment": "Malware payload (RedLineStealer)", "value": "984248bc5fb5c575ce775c448238b02a9f145835d769b15852646193668f908d46d677bfb34011883b3ef2f97253a02e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000461, "uuid": "5bcc7beb-dfa2-4133-9faa-75da87be5c26", "value": "T1E3548D0074A0C032E87319378EFD9ABD663DB950079965EFA3D90E7ECF606E1BA30556", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000461, "uuid": "5e5c738e-b7fc-4f2b-89dc-fc48969df3ac", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000461, "uuid": "4228c1d1-592a-479b-9adb-0637ad2b1ba8", "value": "6144:Dzrrpma56Phj9vgGQ9LaN3d0uIiCAOx3u0+71aOen5:DXr8aIPhj93Q9LiQLkRa7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697000461, "uuid": "adbc713c-eec3-44c2-8b74-0ea30050cff7", "value": 301832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697000461, "uuid": "f83224bd-cbdf-4cb4-8b77-35bbc90f0d71", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000461, "uuid": "b7e8ebdb-b334-4392-87cb-27ba4b8e731d", "value": "93a0c97dc63b3f62141bba415b0c16e2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "043d9a70-6834-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697028311, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028311, "uuid": "9987e8ec-bb6d-454b-b8d8-bab1e6546f25", "comment": "Malware payload (AgentTesla)", "value": "25a1350eb6df51b9c6b5e9d4a667044c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028311, "uuid": "5cd60b41-76c1-4009-9534-6992a5d632bb", "comment": "Malware payload (AgentTesla)", "value": "92eb663b3bbcd78b4ae6cf54bb25a0a1d9815f7eb8468a7ea7185099ebc94ead", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028311, "uuid": "766779b9-bdc2-4aa9-96d6-afa578bf16b6", "comment": "Malware payload (AgentTesla)", "value": "10f044ccf5a34974fa52c4b778ead80c3f5e6a15", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028311, "uuid": "1d6b7cba-802b-4974-bbf1-6527c6c31be4", "comment": "Malware payload (AgentTesla)", "value": "90dc1ab79d22968708d62e2b574c05dffe5610134a615bb0e37e478db03c5d31c9613413a904c7128f58425afa61d4d6", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028311, "uuid": "cd284686-f2e8-4189-bbca-1212b6684067", "value": "T18034EE537E88EB15D2583D3BC2DF6D1413B2A0C75A73960BAF48EF6229512436C6E32D", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028311, "uuid": "e94408d6-7d1d-47d5-9971-018c945b0cd2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028311, "uuid": "8a3b2e26-de38-44ce-abdc-d370dcf65650", "value": "3072:yW+KFXMX5x6Vkgl79Oqrp3kgLeE0lnqjKTtc6EZS7EGkKs:KK+X5x6VzkgLeE09qGa6EZS+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028311, "uuid": "6cd90897-930a-44eb-b48d-e9b6e67814c9", "value": 248832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028311, "uuid": "78e37f63-cb29-4948-b989-6d1c8c132d4f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028311, "uuid": "f8ca7ee7-6cb5-44c5-a0a2-7e4c8df6a1c2", "value": "92eb663b3bbcd78b4ae6cf54bb25a0a1d9815f7eb8468a7ea7185099ebc94ead", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "84334ea5-67d5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696987723, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696987723, "uuid": "fd195e82-0497-4e58-82ab-63588f0b2c97", "comment": "Malware payload (RedLineStealer)", "value": "b24279cec861f4b6b9485bf0b1bc6a10", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696987723, "uuid": "c83e4a41-42fd-45b9-b9d9-ba1dcc40e9fe", "comment": "Malware payload (RedLineStealer)", "value": "93424b2d1bf755167a7a572e42a58433bcca29eebbe4ee133c57d5bb5a16b566", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696987723, "uuid": "54f8d63e-58b8-464c-ae09-d88dfa5a7612", "comment": "Malware payload (RedLineStealer)", "value": "95662248252a70f925d2d61177d106b3b071f61c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696987723, "uuid": "6f168442-7a62-48ce-8bf8-8a5d93724ee9", "comment": "Malware payload (RedLineStealer)", "value": "82ee20d48709ff31acb75757e1ee7ce856ab65cb3568d556e08c73e39f5f19cd49f7e9c6ca92c419dcaeaa5988656116", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696987723, "uuid": "3d942d78-dae4-44fd-9546-1bfe324bb871", "value": "T1FE352392ABDC90F1E4F65BB024F903430674FD5298788F7B37A5589B8DB3984A47133A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696987723, "uuid": "dad8bb88-54cf-4f22-afb0-6b7da1dfe36f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696987723, "uuid": "340e4fbd-ced8-44d8-a3e6-040af798e3c3", "value": "24576:Hyh34sw7CRScxjB9WLsTd636jFTwrPI27QBXkFkFa91NC6cGY:SxtwLcxB0ATk3MQQ2OXkdNo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696987723, "uuid": "185673ec-15bc-4f5c-8494-8042a25da74c", "value": 1130496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696987723, "uuid": "6bdc632f-4793-4b8a-8bba-54080485c2a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696987723, "uuid": "322ca9e2-c109-4cc7-b036-16a0fab3cb46", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3cb4c5eb-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052457, "uuid": "49557db6-3575-409c-9447-6eee30b77e82", "comment": "Malware payload", "value": "00b45b862808f5114fe2c1d1a4100289", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052457, "uuid": "9213e2b8-8da5-42c3-95de-dbaf4f332d89", "comment": "Malware payload", "value": "937b940dc7c745e94499dfd6c538fbd502213bfee1764667fe59dec65de3917d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052457, "uuid": "4ddde623-c8ed-4d04-b337-1cd510c11128", "comment": "Malware payload", "value": "7c85d15701a1675705ba16d233524af53c858250", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052457, "uuid": "f9c4ba8b-be54-4747-befa-c55c9ff8e0a3", "comment": "Malware payload", "value": "0853fe8131755c9f39aec8dbfe379326757b18d4480b45d6289e1bb6b1d201fb23b883b802184ed4fc56bbc635d0a60f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052457, "uuid": "87120f41-9253-4d51-a423-9fd7e1a1d493", "value": "T11315A403BA4789B2C148173AC59B08241374FD817393F71B79AE2369584B7B66F6DE0B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052457, "uuid": "67e4ba75-231a-4096-bffa-9d5a86f9a9f5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052457, "uuid": "1d305b6d-da07-4735-b3ab-69e170aacc33", "value": "24576:IMzvitio1FypaCziiZx8awPvwH4icAMn:LvFpaQ9H4jA", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052457, "uuid": "c966d845-37cc-4f26-b055-53a3727d3b34", "value": 891392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052457, "uuid": "d855d375-0be1-4edc-be47-758a6c318518", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052457, "uuid": "43185bb3-5558-4f05-81ab-778f4ceaa433", "value": "00b45b862808f5114fe2c1d1a4100289.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3301250a-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067903, "uuid": "7d0c9147-488a-4217-af8c-aef01447e2fa", "comment": "Malware payload", "value": "4c985d2908c33310a62a43655daecd1a", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067903, "uuid": "2a0d4f70-bf95-4604-952b-89dbbf2e1359", "comment": "Malware payload", "value": "93d1e2cb11d3c40ce8f90faf5168e72b2a246688255b12a22c17dba101cf79b3", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067903, "uuid": "5c952629-a525-411c-a7a3-ded75b740c32", "comment": "Malware payload", "value": "9cb3bc3f35e7b3ae8ffd9d65522391b1ee1ca816", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067903, "uuid": "65ad836c-1a04-4476-af56-0d84fdf06554", "comment": "Malware payload", "value": "10f793362a8cff72b0e0ae1cccfba7d42a289e56845fea6181b98d0efe7f65c57d7cd53af9116626758ab29f9acda35e", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067903, "uuid": "ae061f10-7573-4a31-93c0-82d0f587222f", "value": "T1E9258A3223B22F3CA678FBF600CD15579E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067903, "uuid": "ceb5c0a9-c69a-4ace-8289-49ddc90f7050", "value": "6144:WcbBAYe11DSXXc6iD5mhg19cDproukuwHlqwYxTpu36+sFkA390SY1J5kdazfPgo:DK4gV1SAkTxTpsu3uJ2oyAUB/0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067903, "uuid": "9e480889-e88b-4802-963b-94ce11d51f00", "value": 1036683, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067903, "uuid": "304b8c9f-c4d9-479d-ba6f-3b493bbf569e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067903, "uuid": "eb9e5193-adb3-4a53-9a3d-0dc202c534c4", "value": "document[2023.10.11_08-07]_3.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e29621d-684f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697040139, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697040139, "uuid": "571689a1-08cb-4a7a-a808-b1e36951fbf3", "comment": "Malware payload (RedLineStealer)", "value": "66596ba946a4081ce2555ba8cefc0bd4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697040139, "uuid": "5c2141d0-e9f5-420b-ac72-5c4a515902af", "comment": "Malware payload (RedLineStealer)", "value": "942caf3a3bb906a4230264e1907a3089e67757a091498f2cdf3804e202894dfc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697040139, "uuid": "a276f595-53db-409d-b5b2-503e4a58fe4d", "comment": "Malware payload (RedLineStealer)", "value": "e8e48b4ee78751d5066f9ac426e228fa37263e9b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697040139, "uuid": "00b3a48a-4e22-4030-821a-9a6486f8cf23", "comment": "Malware payload (RedLineStealer)", "value": "8c96f4eb2962c55a519d76b048a8acb673af6a00145b02ca00979204ca7729d8f95d9ef49ebe8a05b27b1a9ca73ad3c3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697040139, "uuid": "19b856dc-f670-4ddb-bba7-066cfeb312ea", "value": "T175352313EBDC5922CAB06BF07DFA07530B367D739CA0411B2687A96A0E725C45472B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697040139, "uuid": "b0c7a39b-f23c-4ad7-9ee5-c5182830d60f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697040139, "uuid": "20fb6bcc-71af-48eb-8a9e-a2832bcbb486", "value": "24576:dyDJwF+d5t+iOJi7sFAiqkxtGChTpio1SkG+j45IC:4DJPdaiDs2utGoiFK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697040139, "uuid": "5563a47d-df1f-46e9-b430-2c3fa3b7e1ed", "value": 1088000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697040139, "uuid": "f93918d5-2caf-4656-85f2-d94ea2328fae", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697040139, "uuid": "d81e73b3-f5ab-4371-984e-9b8a1638e917", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7c7294fd-6833-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697028083, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028083, "uuid": "7d8e37fd-987c-46bc-baee-6aa77f2d9d18", "comment": "Malware payload (Formbook)", "value": "e1e3a47bfc74d2078d4d1a9a9e6cc044", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028083, "uuid": "c041c43e-c6d4-490f-a43a-8ccda914a1cd", "comment": "Malware payload (Formbook)", "value": "948c9b868e733196f7ee76f792e1fd0f3fb244799b3628c6560338354d434001", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028083, "uuid": "067ee284-b2be-40f9-9ade-bc10369c7421", "comment": "Malware payload (Formbook)", "value": "911c1dd3eb97fc6306ed2ba18bf19cfb4a26a91d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028083, "uuid": "1640d190-c197-4d5b-bece-6685f70f0ec1", "comment": "Malware payload (Formbook)", "value": "057fab99ec371bdf237ba6b15fe7a453047cce0f4383f1db8559d3289de63567438b9f606420cabed24ce7385f1fb943", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028083, "uuid": "a91f4610-bc61-4a09-80b6-f9d22de7bb87", "value": "T1AD2412516AA1C497D4721F732EFD466E5BBFFA0600A8A70B13101A5D79B9383C88E773", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028083, "uuid": "f8cc69df-2a38-4728-9fef-924f3ee8257c", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028083, "uuid": "4223e304-7d83-4954-8cb4-15b90a746b89", "value": "6144:PYa658UM+kV2Rp/azKjeYoRuEKhGSWQ1B:PY78UNFaYokuSzB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028083, "uuid": "2f1a1e77-af34-40ca-99ba-892cbd83fcf0", "value": 218186, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028083, "uuid": "4f9e3ddf-03d6-47b6-849f-7b547d122ffc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028083, "uuid": "f01ee807-24e8-41c7-9c83-375ac4d9a69b", "value": "948c9b868e733196f7ee76f792e1fd0f3fb244799b3628c6560338354d434001", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "342fef41-67cf-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696985012, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696985012, "uuid": "74312c2b-254f-477d-91ab-ec1a831ad134", "comment": "Malware payload (RedLineStealer)", "value": "8f7e6b9e1a973bcb6e650f592ad733b9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696985012, "uuid": "be2d8800-7e4e-4c94-bf9b-16a66b83839a", "comment": "Malware payload (RedLineStealer)", "value": "94b6a54fbe1ab6c4a2fbbcffc97b1c2a828a2d16a08f8e7c0d5de452ba3ffd73", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696985012, "uuid": "0cecd970-72d6-443a-9d99-67bb494d7535", "comment": "Malware payload (RedLineStealer)", "value": "c3301a5d384c9e497fee677a711227ce87e875d2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696985012, "uuid": "835c5e40-97eb-4beb-8457-d40b39b04f58", "comment": "Malware payload (RedLineStealer)", "value": "5687d558130b1706350eb5b29b283e26bc41881056c7ca95d7c6053ec9af128f118958dc3ce6da5aae3c718bd4fe0934", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696985012, "uuid": "22dc86a9-9ddc-4fad-9dca-9894cb45104e", "value": "T11C352346E7EC5135D8FA2BB019F712871B313C926531DA1F1B499ACA8C33790E93636B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696985012, "uuid": "21f116e6-34db-4f35-894a-603c0a9ee78c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696985012, "uuid": "4bc4c600-4fa6-45ca-b830-b62607499432", "value": "24576:eymmTzGmqhbTVjpYVbRDLz01agr7LQqBLX3awxrSXtY:tmmPETHgRnz0VHQqLrG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696985012, "uuid": "276bae58-c4a7-4c95-ab67-4fae97c50f02", "value": 1127424, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696985012, "uuid": "18742682-9600-43be-a848-f4430e92f270", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696985012, "uuid": "7b2e8c01-af1c-41af-ba22-8b6e5cb2f066", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "651a7761-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067987, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067987, "uuid": "7db98ad0-ebe9-4cbf-bceb-fd073e281759", "comment": "Malware payload", "value": "534c0d5a4ee8bc4c852d447258b75d4c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067987, "uuid": "f4aa0255-eee8-4575-8b5c-7163290368ca", "comment": "Malware payload", "value": "95034c4297060fec52a1fe4b7d1145eadb12f4f30f826498ba62981d8898355a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067987, "uuid": "aa166383-06e6-41e8-9c51-1063ec284ff1", "comment": "Malware payload", "value": "5421e6d3a1b85fdc2990bfcc586921a72c606190", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067987, "uuid": "358d2d7c-d386-4763-bbe4-fb2af1ee284b", "comment": "Malware payload", "value": "1f7b64d6b8bea24ad2f9024746d7065cad2326e73736296726d7232b7c519f8885eddde9515c4e93bcff009eaf423e36", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067987, "uuid": "740ed570-7b98-400b-b7d4-75ea2aa6ce08", "value": "T1336523727BE92636E87733700CF202E31F363C795D38826B269599890DB3999E631375", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067987, "uuid": "030f97a9-86a3-467d-81a7-ab900c233e1d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067987, "uuid": "2d15e0ce-40e4-48e6-ad10-7618edc149ba", "value": "24576:4y5jQeBsiUeTAqOCL2eyu7JH/iLgzc6ne8xR3lnOi6Q3T30ofLWlfw7ULE7gstK7:/5ZBsgAqO22X4Jf0gves3si3JYvtstiH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067987, "uuid": "298427b3-add5-4535-b4ed-596355fbe9d3", "value": 1548288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067987, "uuid": "0617448c-9778-4dce-b921-a71c54eac112", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067987, "uuid": "a298bb3c-04ef-40de-98d2-ba29ae36ae77", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc232714-6860-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1697047517, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047517, "uuid": "0504dc90-fa8d-4f3c-9581-661aa3f43c8f", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "aee2916c7a3bbda1d1042f61c9179477", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047517, "uuid": "3d951167-a468-45d0-bceb-ac88244e05aa", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "96174095d5cbc3e0f8dff85f73d77d9fafbd59d753d350f603d58796525d3bb8", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047517, "uuid": "5d361ffb-2af6-4f19-8d43-f1f82076a445", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "4e97f97874518be69694318163cd1f13c218beec", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047517, "uuid": "59303d50-1589-4acf-9696-fd70f23a1969", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "e417e648667ee1e9fae04b1f076454fc2a62ddf999deace43e8a07b780ad27953fe07b59dfc9c26cc8906e7217714f94", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047517, "uuid": "005fe379-4415-4d37-ba09-beeebe78d242", "value": "T14644AE11B1E1C032C572253609E0EBB65A7EBD300BB199EFA7A40FBE4F303C59675666", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047517, "uuid": "9e96c3da-3a97-4478-864f-5e7d4950c081", "value": "9854fe208003549216f1ebd6ea57c6a1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047517, "uuid": "6729c9a1-67c3-41ab-996a-87900c9ae6d2", "value": "6144:Pamako1I+ffSbJ8/rADV6ga9DG4u4AO9bDQyoGn5:PfaY+ffHT9y4rw9w", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697047517, "uuid": "0ddb6ccc-40ab-4cd7-b097-5c04ead8ffe2", "value": 264456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697047517, "uuid": "39dc645f-1a71-4dbf-8333-1c08d2c4e7b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047517, "uuid": "2412443f-ce2c-44e5-aa02-c7379f27da6a", "value": "aee2916c7a3bbda1d1042f61c9179477.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ad50a757-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697050499, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050499, "uuid": "f337f678-0142-4eff-91c2-5014a5cdc315", "comment": "Malware payload (AgentTesla)", "value": "8d648228155569c24528c387c666f91d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050499, "uuid": "b07994db-b613-4627-8ab3-c3ff2594e7ac", "comment": "Malware payload (AgentTesla)", "value": "9661f2075ff6572dcd35ed7fcb74c4ba11771ddba99f230815962a43b90e907d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050499, "uuid": "72824f8e-465a-493d-b98a-4c8e2fa0ec6f", "comment": "Malware payload (AgentTesla)", "value": "6e2d9d9511e21589f619fa5500d7366fb032210a", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050499, "uuid": "ba0fc9d6-fbad-4bd1-beb0-1688fefa78d4", "comment": "Malware payload (AgentTesla)", "value": "60f62663aef8482e49914873f88d1920fe1ec6de375b64046809a4ddb9adfa0c2e7c28a81e0d55aa5168c354bf573500", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050499, "uuid": "3e4f4a9c-65b3-4546-8674-ee8b0e0aae1f", "value": "T1A805BFCA82045164FCA79B31E4AACD5602136D756E7167BE1D1EB2E900F3AF22373B17", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050499, "uuid": "bded3081-59e8-4cb0-95ad-982360c477a5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050499, "uuid": "2901c28b-7b31-4676-afb9-1080650688b2", "value": "24576:ulX1LJ1na1B5m+ncj4MrJeYh1y+ZPy+D+jBz:u9/1na1fncjjY6PPy+a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050499, "uuid": "f267b8ca-931a-4a54-87cf-aca3effbda3a", "value": 802816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050499, "uuid": "365fd8de-c87f-4c50-ac66-ec6a714ed846", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050499, "uuid": "a6ee47b7-9715-4390-8aba-ae2bd6cb7ce3", "value": "October Order-0028290.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d757add9-6826-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1697022652, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022652, "uuid": "24d7e335-507b-4191-a0e5-eb18f45e780d", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "3fa008e2f3937f018fe85b5a0e49f048", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022652, "uuid": "6338dc53-e9e8-4644-9ebd-8c657972470b", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "96a8fc693eb17083f2fc31beffbbda57741ddec7b3ff38d29554a55bac7909a7", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022652, "uuid": "dd58882d-9b3a-4ab2-8ad3-855d77b48437", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "98dc8cf2dce8ebaeca34c04e755d98997a19d316", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697022652, "uuid": "e008e2a2-71c9-4f92-b594-81a8dc1f8658", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "9ac17277c8dd92811d4748a93a297aa059f793d1f4b9a12e274427cbd83e22bdce3b10a1c42f7f142defd4489f7a0e94", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022652, "uuid": "f257f94b-60ef-4ef3-9416-bc88c54c50f9", "value": "T196C623FFF4E60855E0FAC604FD3361AABAB679A92773255914F760E936301383857E80", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022652, "uuid": "d00b1d66-f3fa-490d-9a49-091cccf41b9e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022652, "uuid": "85983a12-5f35-41fc-830f-66938209c16a", "value": "196608:pIsBeykHCP+Wb9S15gFtt6k4h7DP2G8VcTCQw1USwS0X6DckUHVeOmDVBW//c1M5:i9DHCK15M5U7j2FgCQw1zD0X6FkVeO6H", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697022652, "uuid": "4a7850e0-8a92-44eb-91d7-9cd36d25c32e", "value": 11906560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697022652, "uuid": "238ec1f4-1148-4f76-9020-2d355c93904d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697022652, "uuid": "0da2b809-b76a-4d12-a5c3-da9b760a8093", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2d8dd8ba-67f3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697000463, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000463, "uuid": "f9a52b93-e2ec-4e32-960d-3c428ba06dd4", "comment": "Malware payload (RedLineStealer)", "value": "7df97952cda214885bcfd407bdba6385", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000463, "uuid": "bc5d00c8-2b20-4bee-b8f9-411e0b8af9f4", "comment": "Malware payload (RedLineStealer)", "value": "974e3119fc1763989827ed8aeb943dea07e220ffa5293ea293bb28963bf03be0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000463, "uuid": "60f24a4c-fe74-4a77-ad62-7af9ff2e0f07", "comment": "Malware payload (RedLineStealer)", "value": "cccc53eb4b1c8fab8f71d601a15db7cb4a6c9888", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697000463, "uuid": "552700b2-e997-4e66-82d9-2f81db65091a", "comment": "Malware payload (RedLineStealer)", "value": "4b9539cd24b98b34203ab491e24ca8a055e03d994baffba7baf2ac4d5e70ca20ba8b2d27f2b7841bbaf19ebe3cc60648", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000463, "uuid": "365e8826-a9f0-47cd-82ff-f80178d5789d", "value": "T1E8549E007491C032E8B315378EFDDA6D963DB950079A69EBA3DC1D7ECF20AE1BA30556", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000463, "uuid": "bf77114f-4a78-4a8d-8d78-9a00111f5c19", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000463, "uuid": "f20dd277-0dd8-460a-ad2b-7846b808404c", "value": "6144:DRmeexgmadmJqycWr36fqGcFjoYL1AOtbxhYznHn5:VmdxBa4JqyP3GS5FuTZ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697000463, "uuid": "5c396859-65e5-48e5-a312-0802777381a5", "value": 302344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697000463, "uuid": "c58b91fa-dbb9-4f7e-a835-4403de79d2aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697000463, "uuid": "caa7d071-3659-4d85-9528-4dbddc2dc297", "value": "7df97952cda214885bcfd407bdba6385.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6b0a863a-6818-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Phobos)", "timestamp": 1697016457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016457, "uuid": "f3c1c813-899c-43d2-b7fb-7d57069c73c1", "comment": "Malware payload (Phobos)", "value": "0a2f0447233fa3f8c754fc8142ab6f7a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016457, "uuid": "ee337788-9929-4a85-be84-68429baf09be", "comment": "Malware payload (Phobos)", "value": "97a4d094f86b757b3fb0e189f2843a7af8d0ec43f9805214e89992528e83b5d7", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016457, "uuid": "fba1de37-966e-40aa-ab93-19b493b44e15", "comment": "Malware payload (Phobos)", "value": "57ad4363343ac0ac26e953bf5473e50327ce3994", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016457, "uuid": "907d6bd9-8cbc-4ad6-9e27-3e5527b7a324", "comment": "Malware payload (Phobos)", "value": "c182218496e370e21eb75f8e76ae3832f3f3be95580e2cc8eee3356170a218c5708d227e08bbf4c008136407e62f0482", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Phobos", "colour": "#19849F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016457, "uuid": "5e7aeea8-fa5b-4f3b-a312-48ddea4e392d", "value": "T1AE44F10CFA888855FA77CE73925512A4473D43FEB029BF6B190C592C3D07DDB1E42A6A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016457, "uuid": "f62b389e-9568-473e-91ac-c4097b179f61", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016457, "uuid": "c7e556c5-854a-416b-861d-bb3ea914c7d1", "value": "6144:Vnc5VNMxG6QK8HwEFd2PTwwfyb2lMIw6Ou6AiC:VgN2G6v8HwQd2PleKVONBC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697016457, "uuid": "4c67c7fa-b7e2-437a-8fd7-888d791af0ea", "value": 276992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697016457, "uuid": "ae55d6ee-07c5-47e8-a553-1c7bc67fd730", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016457, "uuid": "b9276ce4-7c6f-4373-ab6a-96c7f925a360", "value": "0a2f0447233fa3f8c754fc8142ab6f7a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc8b9506-67d7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696988677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696988677, "uuid": "6a84891b-c786-4225-9b6e-5559d80798d5", "comment": "Malware payload (RedLineStealer)", "value": "82a36d40192619409f6fc67b9b1c46d0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696988677, "uuid": "47eea10e-9a34-4b1a-9af5-18df2454327f", "comment": "Malware payload (RedLineStealer)", "value": "97c0965de508af9ec588303c726ad7e43e2ad32859df326d1e2ef1ffc98a5fac", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696988677, "uuid": "c087d410-5862-4127-90e7-f3543095f2a6", "comment": "Malware payload (RedLineStealer)", "value": "052a8016b13f574fc2c2902a4b23f51055ceb0c8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696988677, "uuid": "2a20276b-1c1d-4ff4-a12d-69f488f7369c", "comment": "Malware payload (RedLineStealer)", "value": "39bcda7d6a57538e075be63d58dea1ecf53a013f5d79ccd0ece04632930fa08b7fd2d18af6b3aab69dfee448a28bea01", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696988677, "uuid": "9781f7f5-f80c-4ae0-b1e0-9a1f3da8dca8", "value": "T1B035234366DC89F2EAB95BB014F5068307397CA7AE2896FF2305909D0972289F43577F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696988677, "uuid": "3b62e270-3e17-41de-a779-47f0127059e8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696988677, "uuid": "ad4e879c-2d23-4d7f-98f6-dd9349796c42", "value": "24576:9y7TlnlB1ZUM86rJfrLJtrPcoA7A+dHWDPtYtdzLv2:YHlnlB1Cne3L4okZdHq1Yt", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696988677, "uuid": "6a8b3e26-6024-4a82-9405-11421983a91e", "value": 1127936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696988677, "uuid": "5433a192-a36a-4d3c-9576-43c66ecf42f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696988677, "uuid": "e19aa4aa-a129-43cc-8024-d942641f8aca", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c193afd0-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052680, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052680, "uuid": "52e540ba-5d43-478a-a4a8-d6ed1cbc3f11", "comment": "Malware payload", "value": "b2202de5493d8399b78ee46a36993963", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052680, "uuid": "e99baea1-3c0d-4a7d-a6ab-826fec172009", "comment": "Malware payload", "value": "99063294db6384dbe30caa07b0dccca9a8c62276f2987d0c643d0ea7bb8b4ff2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052680, "uuid": "422e3836-9d34-47a6-b121-cfb88e3d7211", "comment": "Malware payload", "value": "2e46f96db9952f94846e11dde210f9fc478bf1af", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052680, "uuid": "1c1244d4-e00d-4687-8c2d-36187313215f", "comment": "Malware payload", "value": "ba46aff833c8f56dd1131eb218d177f61a17c80c9a3ab183db2578238e7af9293ef1ec5c38fa84ff3d40205acce31c56", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052680, "uuid": "d337ecba-566f-4c9c-923a-ca2552728166", "value": "T17624CF0EB642D4B2C84640309825CAF8767ABC769B5D498737A83FBF7D323936767211", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052680, "uuid": "02f79905-1844-4c6f-8504-49a8c97f3582", "value": "c8b7da62a536f23a0b3169f49ecdf603", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052680, "uuid": "a17d4ba0-cfee-490f-8c9a-1a9ef0b975ef", "value": "3072:BX5uEk4FUJhBX8Px8mvQDZMdtH2HmP4t+GgHvcVqmQy5y4hTy:l5UJDsPxBQDZMb2+FZ3UT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052680, "uuid": "0b69fc8f-9558-42d4-9e28-be6f178130a5", "value": 229888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052680, "uuid": "7974dae2-a4fa-4b5b-9c97-ef6f66fa0b37", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052680, "uuid": "fb6b9796-855b-4fed-92c3-dea312c91324", "value": "b2202de5493d8399b78ee46a36993963.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "358b77a5-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052445, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052445, "uuid": "f5ce04af-edf9-4a43-b312-8a650cb16654", "comment": "Malware payload", "value": "cb66d2b9c73d40d02900d70ce3d82258", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052445, "uuid": "8fcd13d3-1006-4564-9545-68edc1893845", "comment": "Malware payload", "value": "9a1dbf5e16c97c24952aeba6484d093dec1cf25e49ba1d1faf004972b58622d7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052445, "uuid": "5a90e60b-aeac-4b01-8aab-86c2b6321676", "comment": "Malware payload", "value": "ddfc56b3f9c34db1a8124471835a5a7280dcf360", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052445, "uuid": "69b11bdd-795c-4448-9e25-127df0f62cdf", "comment": "Malware payload", "value": "966d89df122b30e9526288080d3f85fad70673a1ad6ca6e9d2f62bf3f7db38b0420bae3da802b6ffe345a57c40b2f866", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052445, "uuid": "d0cc03fe-552e-4f09-b52a-0b7d3b54d5a6", "value": "T16C234B586B8CA632D77C697E8CA6108403F5A6F73E13D34B8DC1716C2D627E89502F9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052445, "uuid": "bed43504-2e17-471a-9871-9039baa37363", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052445, "uuid": "d63da076-fd01-4c6b-be0c-7f514440a260", "value": "768:V/eWH8Zwtlkjwc8dlU9BvRkLASCjsbyYHBy6JQy9WD8ww200XgT8fFOMp2DviK:V/z8ZwtlPVdGEL3byId6tOu2DviK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052445, "uuid": "4cd5e573-713f-4752-a9c7-b65ded20fe95", "value": 47616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052445, "uuid": "6358c668-627c-4ada-8388-24073b766252", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052445, "uuid": "823a21c7-5789-4963-a380-5be0cd4852d1", "value": "cb66d2b9c73d40d02900d70ce3d82258.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a34bea26-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697050912, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050912, "uuid": "a125e619-d795-4335-9976-91a9a0a6230a", "comment": "Malware payload (RemcosRAT)", "value": "4f6921a36baacd8880a978f61953de55", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050912, "uuid": "1e3f4621-ea62-49db-9b37-31472df84526", "comment": "Malware payload (RemcosRAT)", "value": "9a58cfffad0cd6dc31da5ce2d58da98c35d0e6be3461db38b78fe11692bb37a1", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050912, "uuid": "ddb18a5c-df8b-42fc-8474-a9804b24e5a2", "comment": "Malware payload (RemcosRAT)", "value": "c9689e36ea1dc69c44e62538fe0c1e713cf68901", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050912, "uuid": "3c4d5a29-5e31-4328-8874-e25ded999909", "comment": "Malware payload (RemcosRAT)", "value": "72119532fe4af87268788e9928ec7d4ffe36f37b5dc535e1664ef98e8036ed9c33f0ee21ea4592d6dcbccc6d6c9817c7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050912, "uuid": "b4652a2a-d9a9-4bc5-9f37-0cbe27eeb115", "value": "T17A355B34B3B608B1F5B976B5DB0667F41DFF27AAA904288982743D1B1CB27916F1102F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050912, "uuid": "5e2c977d-087a-436f-aa8f-e9e7d301893c", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050912, "uuid": "f95bb46d-9d62-473e-b4c9-1e2429dbf285", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5C:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050912, "uuid": "299a512b-b761-438c-8f50-98ce9c97e0ab", "value": 1124352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050912, "uuid": "c5d87310-bdd7-4db0-beda-4c80aa4ad241", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050912, "uuid": "74052a80-1499-4553-b3c7-3413ca333a39", "value": "Quote.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9ef03237-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067655, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067655, "uuid": "38274936-9030-4d32-b0ac-da7320cd68b8", "comment": "Malware payload", "value": "44f86ec5a50f2e53296ad05f42b7083e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067655, "uuid": "696b8a8d-5f0b-472f-a116-e7763141d02e", "comment": "Malware payload", "value": "9a58eecbe942138dbbe3015ff7cb1ca7a96382066c93183beb3dff94f3364378", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067655, "uuid": "dcbdc3ab-0c6b-42d7-8023-7e1c68eb9ac8", "comment": "Malware payload", "value": "6250f9be07a896fd0c250d8aa8a2b95789014296", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067655, "uuid": "8cdaee65-88f2-4620-8709-3d991b58560a", "comment": "Malware payload", "value": "547f4ea8640545e776d3cb21cfd85322a96aa5df3d9fb1a6c2e6d8c7b76245613f935072ca022a8cb174888abd40c9b4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067655, "uuid": "7ff2fd98-0784-4e56-b80c-c4310ff586c2", "value": "T12124CFE1B582D8B1C8074034C825CAF47AFABC769B595A8773A83F6F7C312D26763254", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067655, "uuid": "820c01a1-7b4d-402c-ba30-50832766634f", "value": "663ba44f646640153ef02cc3bc6091c7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067655, "uuid": "f4cdbe6b-a0e3-489e-a30d-5fc6d5a644ad", "value": "3072:pX5iSQ4nVrCLKVsoSQXCM9pwlj+3SzMnTTY19S18M5C9TVe:N9DrCWVsFfZOSgTTwrb9T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067655, "uuid": "7138e0d6-6a55-4c14-9bca-ae11128e0521", "value": 229888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067655, "uuid": "9e742c51-a8d3-4098-b173-8d9c71c90d3b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067655, "uuid": "e1ed513b-b49f-4dce-b9dc-d870f8c74a42", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2dfcead1-6838-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697030099, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030099, "uuid": "9b44e7e0-a139-4775-a3df-f235ce7fe815", "comment": "Malware payload (GuLoader)", "value": "021a6a0be9499c68e91456bd8eaef56b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030099, "uuid": "6f9a61a9-63b4-4e1e-8104-4c63bdc988c6", "comment": "Malware payload (GuLoader)", "value": "9a5c4dcfc97835d873cdc90242c1fcd7ed1a69836a4a856491d9f4b560eb1f7f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030099, "uuid": "2a4e2b34-c30e-4489-9102-86f976554a09", "comment": "Malware payload (GuLoader)", "value": "ef75bc38a6444a980b681e5bd162bd1b4c40058e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030099, "uuid": "47e97ed1-29c9-45e9-b317-27fffab20837", "comment": "Malware payload (GuLoader)", "value": "901676caa2af2890be77f399551e53676d5aa789644f1d17cddf6d313c07c4da435af561fbce61fae37203d0ccfc4259", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030099, "uuid": "b650b9a9-f385-4e12-aaf9-3a506c64c041", "value": "T116D412406645D9F6E51400378CAA770AEB30FD161E6EAF4B7ADD37687D3224EBE06306", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030099, "uuid": "0a6a5e97-465a-41d3-951e-d28bd6700333", "value": "3abe302b6d9a1256e6a915429af4ffd2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030099, "uuid": "9f52e68d-9d37-4476-b10f-f636438b4dca", "value": "12288:34srNeq4ZbJBWrwk8mBH4IzJD1zHhT86ipqcwHUYh8TPxiaHZ:rV2BWkmBdfzBTjUg8TYM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697030099, "uuid": "da64d668-1764-47fb-ae69-0f5bfba2a227", "value": 625678, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697030099, "uuid": "ae4a22df-d5c5-45b4-b0b2-61d3a71f3e3d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030099, "uuid": "0b107c76-10c8-4c52-8e2a-8431fd7a62da", "value": "9a5c4dcfc97835d873cdc90242c1fcd7ed1a69836a4a856491d9f4b560eb1f7f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ebc52dcf-682f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697026552, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026552, "uuid": "72362281-e9e6-4357-b602-742c04c890c4", "comment": "Malware payload (AgentTesla)", "value": "5869b519a2ccb89f10567b53853a4d22", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026552, "uuid": "e06f20ce-9a33-4e6b-b41b-ed3de0e89674", "comment": "Malware payload (AgentTesla)", "value": "9acb3802e7f15ac9c240749ff8c3ebe7a7cd660bedf4b6a6a1edef4de714aa43", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026552, "uuid": "4048ac10-3bc3-4807-b5fe-a392789d727d", "comment": "Malware payload (AgentTesla)", "value": "c9e9d335d1a2413ed5aacfdc41ff1cfdbb0d899f", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026552, "uuid": "bf9c677f-4a2f-4b0c-bb32-f1cf0e3094a2", "comment": "Malware payload (AgentTesla)", "value": "c256e5ec852a9ed7ee2a2b0f5a0bb6619da08a922b7e76d0bf625f1cff49a19ab1515ac739008854392bf83c7d0cab98", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026552, "uuid": "29e69d8e-563c-4ddf-b7b4-df62ac1df9bc", "value": "T155C4CF5534EB56D5D237FFF343992CC897FAF236560EF81A2B85078A902EB00AF02565", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026552, "uuid": "3bd845ea-4352-4139-8eb7-e0ea8dff07a8", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026552, "uuid": "1f80ca40-5176-474f-89de-01df8fc890f0", "value": "12288:NHaiZscgfKciEpjetvBGtS1gIjVrKVXug+0lnX:+ViUub1RjVre+g+0l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697026552, "uuid": "4013e8b8-12c7-40d2-9389-1677f8b1f772", "value": 578560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697026552, "uuid": "8a86bcb5-d37e-45a3-889e-827a2b66105a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026552, "uuid": "49a8a7f8-de31-4366-8225-60eccc5b1a23", "value": "SOA-FROM-AUG-SEPT-USD8050.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c48bd6c2-688c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697066429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066429, "uuid": "91cbea7c-15c6-4aa2-9d3c-367752517cf6", "comment": "Malware payload (RedLineStealer)", "value": "5a846e585b408a600e69ade8bf12199b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066429, "uuid": "397feac2-02c2-462c-b40d-30b9f561a0f8", "comment": "Malware payload (RedLineStealer)", "value": "9b2086a3c2f6b76986bd2adfcbb55f88eb1b585d2a86ea6307feda72b7c0f926", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066429, "uuid": "75701dc2-a597-4173-91a6-502c9cf0f327", "comment": "Malware payload (RedLineStealer)", "value": "af419d0af685e957b2bc183de22bc65229976cb4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066429, "uuid": "b5d0eccf-e90b-4a66-95ed-2e317d31adfe", "comment": "Malware payload (RedLineStealer)", "value": "4e23d5d53cafcd40f25269b7c04fb0a980118208207412548c86278f3a30d7e8b8877da7d010a1a2c751b4a5c4f5e02f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066429, "uuid": "24b31228-1bbd-4dbe-bedf-4d74f5636154", "value": "T1D69533466BEF50A2E8F4A77458F613430E36FCD1E47413AB2B6195070DB22AA7235B37", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066429, "uuid": "d3d50169-cd7e-4301-b4c1-f5d09b592bc6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066429, "uuid": "6a75ea15-d09c-4927-91f3-667150ab9ae8", "value": "49152:P5i1cDO4G1Hir2AfpgsXt+YVClSlfRUOD:DDOhNUXd9w8lfyOD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066429, "uuid": "a794b01c-f5f8-4853-b63c-65c0787800d2", "value": 1920512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066429, "uuid": "fc411f4b-2993-48a5-b191-70438a6b2a05", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066429, "uuid": "61380afb-523d-4cef-9b77-bc9798b78911", "value": "5A846E585B408A600E69ADE8BF12199B.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e34ace54-684b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697038564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038564, "uuid": "4ea1312d-a3c4-4ccf-9054-106adeaf544c", "comment": "Malware payload (RedLineStealer)", "value": "82c98767918f792ec04191738d739e74", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038564, "uuid": "df5fd4db-8cac-41f3-981f-1e8c12687dd7", "comment": "Malware payload (RedLineStealer)", "value": "9b33471ae3f41ccc3cea5ff43a12dcd511f61e91db1eae857fa8ba19ff51612a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038564, "uuid": "42a5380e-744d-40e9-8b47-3e8b91f87724", "comment": "Malware payload (RedLineStealer)", "value": "8443637ffcce91ae76aa724d92ed9feca3a4287b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038564, "uuid": "7223838e-013c-43af-af45-6b0cf6fa0392", "comment": "Malware payload (RedLineStealer)", "value": "82803ed806c79d3a5fdd63904050caf1542070ddf8bcdf4264526df32fc3487ac2838e8e4d7e3fad2a8c8d85ffdd63cc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038564, "uuid": "c25c30e6-c01b-45aa-b215-619865a51d54", "value": "T13335230317DC8532DC766B70A8FA52D70A3B7CE288651B5F1686AD9F5DB2984B032337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038564, "uuid": "bc9faff0-32fc-41e6-9eee-23384e453167", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038564, "uuid": "d14dcbe4-5d5b-4610-bb74-bb9cb7ebb655", "value": "24576:Oy91qptpx7crGH7ErlixtU3VZELVLO7q7gv+f:dKpTlcr2EhitU3VWqO74+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697038564, "uuid": "06bfcb49-378c-4628-b17e-a76e5b6aaaa6", "value": 1089024, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697038564, "uuid": "114711c5-e14c-4cfe-8cda-526eb3d6b664", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038564, "uuid": "c4fcb25f-29f2-4954-87db-ef8d950c7b98", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5f45ea6a-682d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697025457, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025457, "uuid": "692cbedc-39ae-407b-a626-940940cf9832", "comment": "Malware payload", "value": "87558dc3cb1467b7cf5149eb7a6b3726", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025457, "uuid": "f2caddfe-d040-4409-8b0f-a9864e23227d", "comment": "Malware payload", "value": "9d7a2efb2cea6a9a4cc36cca44e01675bfbcf4af699da71cb9c9116e5b44223e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025457, "uuid": "25c09106-0acc-4221-9e4d-4596311b690c", "comment": "Malware payload", "value": "4ab292952961593933b476f59bc7c223342efd68", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025457, "uuid": "7516364f-852b-4852-a71d-2516bee3513a", "comment": "Malware payload", "value": "fb3923a0bb2d281efaa69f5ba92a0789bfe09dd7ec5eac4b84c6fb2694fb167a26be993d9fd1e3735bc5778a067a1fca", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025457, "uuid": "c54ac3bd-edb3-48a2-9462-43195b9eaafa", "value": "T136659303BA4B89B2C1881737C5DF159443A4FBA17323EA1A798F236E54437BB5B49327", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025457, "uuid": "5d3f24ef-687f-4d15-8bf6-52ed4369d4fa", "value": "24576:x2xSri29fi7wYKDUH3Zh9gd5xdqW0AR/hr:xyWiufiUYKgcxdqW0A7r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025457, "uuid": "e6cfe61e-4ee7-4350-8070-de2e7431b42c", "value": 1508352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025457, "uuid": "f71d1610-6d16-427b-bd91-9659061bb224", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025457, "uuid": "e0c8b5f3-03de-4ad7-8524-bb5ca167e3fa", "value": "9d7a2efb2cea6a9a4cc36cca44e01675bfbcf4af699da71cb9c9116e5b44223e", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "739192e2-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051690, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051690, "uuid": "11a71bb6-72d3-48a4-aa61-675dec591a0f", "comment": "Malware payload", "value": "71d9c2ccce9329ab512ad1e1c90a4685", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051690, "uuid": "c97aca69-f38e-4246-8d73-871287e0e27d", "comment": "Malware payload", "value": "9db18ffe6271289faa0f5b48737b70abeea7b8ade16c29d224ee7d859db5974a", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051690, "uuid": "92833f2e-95a8-4be9-872d-566a94b49362", "comment": "Malware payload", "value": "43dd45bef2e463968bc8f7502e4f7a31e72040d3", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051690, "uuid": "c2c52643-741e-48ca-af97-789feb7c5d88", "comment": "Malware payload", "value": "7ffdc2aaa1de32d5cb4eb0111f662fbf59336445dd8945810e434de6c3242816fc5d7cfd8805bb410ebaa6ceff16f5aa", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051690, "uuid": "8b447063-6341-4f05-8d43-48f16aa9cced", "value": "T12BD42327C869D21941F9927D6905C4E22413DE6C5BA2F4A2BA744B3FEC73A6F0C3D427", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051690, "uuid": "95b9bf04-79d9-486a-8ba2-fe1d3acb23a7", "value": "12288:F5PRyo6eOxv1n1KR6598QnKOPcrWRREsaENI0/rKX17TBRIRv8jsYHzmXZAT9a:XFH09n1KA1PWy7zM9T5jtzAAT9a", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051690, "uuid": "385c2598-3dfb-446a-8207-826268c98f7f", "value": 641650, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051690, "uuid": "82bdc941-af38-418b-84e2-4fdc00010fc9", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051690, "uuid": "abe66a96-73af-4f19-9b60-27b57058f65b", "value": "ProformaInvoice&PL=PO64783.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3b223531-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052455, "uuid": "684ec1c2-3e77-4384-8ac5-5bd685317b94", "comment": "Malware payload", "value": "06e753eb254b695d605333e0e6072b9b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052455, "uuid": "ec3ea71f-d5ea-42bd-b27a-4fb9c9884ca6", "comment": "Malware payload", "value": "9e0d041d9eaf6bac04faf0a32244b9d53964d3bc064fb53d751e94eb193368ed", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052455, "uuid": "4c022a18-7b55-4a78-b95f-844811804c7a", "comment": "Malware payload", "value": "5e726e520c298ec758c4b40fd5b78354e115fbc9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052455, "uuid": "5f7d4e05-5d29-46ef-895a-79928c520a09", "comment": "Malware payload", "value": "50dfaae19fcd6a4f5339fc05b556356b771794797ab721dece21a629e7a36d45792b8a5c3f878604c03f66ce7001ee32", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052455, "uuid": "3fbce149-336e-4fb0-a2b1-5e19d15d7dce", "value": "T1AF93D60BF95A89F2C644577AC79BC4041365EF82F663E70E3A8E335A1C077BAC90650B", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052455, "uuid": "d775d958-41d8-455f-9b82-ac945cc4f36d", "value": "1536:saW+EPbFqUjH0mjP1MtHHs1Z1p0+A9CeN04JIp3kUjTZTvCKoqQ:o+EPbQctwwpZA9CeBIp3fjTC7", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052455, "uuid": "e8d3fda7-5e0d-471a-8455-33113d051b85", "value": 96768, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052455, "uuid": "1e7089e6-fe18-4f65-a6c8-9a90ba4d5c2e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052455, "uuid": "579b7a1e-1196-464b-91b2-5e3b4a4c8816", "value": "Fuzyqwxplpm.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "652d3c28-6858-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697043935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043935, "uuid": "a470b168-45a4-4234-a404-6ebcd8b001cb", "comment": "Malware payload (AgentTesla)", "value": "7f6feed7fc881b9b450fb7f3b726c2ae", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043935, "uuid": "ebee6619-be6f-4662-af0e-13bb4c1c2e19", "comment": "Malware payload (AgentTesla)", "value": "9e2f5bad6acb0454f71026526cb9d5d78985ef6e566b433b04ba7aba5b277ddb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043935, "uuid": "8384167b-2742-4b9c-a035-3535cb5c662d", "comment": "Malware payload (AgentTesla)", "value": "0d1f269c5d37ec74426a002da7e2641b176b3f6d", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043935, "uuid": "f78add81-0b81-490f-8c6f-d07e43635882", "comment": "Malware payload (AgentTesla)", "value": "c62936f891aaba2bc75880c7110485314fa11d55908383072f212ff738c32e8f15df758e9b5bfdf70a1a46b8803b3dc1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043935, "uuid": "c766ef77-c90a-4ee2-973a-4ac828ba2d23", "value": "T11B05087C11689A8DF3A492BEB1728CFF57923C1F40B7B5F7A12CB4970EA97D24402661", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043935, "uuid": "b5ff85c8-07f6-4d93-a350-c9db219fa511", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043935, "uuid": "719a603e-4008-4472-b695-290697ef91dc", "value": "12288:s9X9K7kl8NqOEuWtQhI6AB7olCcK6coBoQqVkGnXpE:s9tU68AOytQKUIr6v5GnXpE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697043935, "uuid": "524b77d9-0a82-464a-860f-021ed26b7709", "value": 832512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697043935, "uuid": "ef0751f8-ad30-418c-aec8-b242923a2684", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043935, "uuid": "bb5d50dd-8b5c-4e6a-8112-af65b4876b8a", "value": "sihost.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e3e1bac8-6847-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1697036847, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036847, "uuid": "cdc96573-1f0e-4086-b18b-6f14f516dc10", "comment": "Malware payload (AsyncRAT)", "value": "9fdbcb969104691f259c6841e4e69be9", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036847, "uuid": "e545380a-4666-48d4-876c-b6e60af4c611", "comment": "Malware payload (AsyncRAT)", "value": "9e8d48b2e481955031b79a7d7b5e41cad46456f87e23b35872384176b4599ed0", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036847, "uuid": "386759fb-32d2-4534-bd07-1440cac81ff5", "comment": "Malware payload (AsyncRAT)", "value": "12343cc58d53ffe74c67be1c4d8d293ad2bddf5f", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036847, "uuid": "adb5c502-536a-4f24-8b72-c7c5f7dbb05b", "comment": "Malware payload (AsyncRAT)", "value": "08ba5d9e4fe77864366a3011d7ad53b0d4772748c5833d85cf6b748d985f6735b2571e72ceac9aa8d626136b0c1f60bb", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "DCRat", "colour": "#0366C2", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036847, "uuid": "9f537856-288d-46fc-8e35-55abc8ac7627", "value": "T1BB235C003798C136E6FD5BB4ADF2A2058675D66B1A03DB597CC811AE1B03FC696036FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036847, "uuid": "7d9d8288-70fe-4327-92b9-4755d623422d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036847, "uuid": "c2d16bac-259c-462b-96d5-02f9456e28e6", "value": "768:Eq+s3pUtDILNCCa+DiP9dkRuBLVuOqpijC8YbsgeYUCwNOkwpv5xyvEgK/JDZVcD:Eq+AGtQOldkiLIACzbj9gOkw1KnkJDZI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697036847, "uuid": "2ada8aae-5b5b-49d8-bb36-fbc635b5fe7d", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697036847, "uuid": "18f2abaf-2dae-4bab-8de9-a7e494747754", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036847, "uuid": "273ee0a2-821f-4ef1-be72-4b03742222a3", "value": "bQ6W.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "47a88a43-686d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697052905, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052905, "uuid": "7db0c4d8-bf4c-4468-a046-4b84bfb592d9", "comment": "Malware payload (RedLineStealer)", "value": "62956d949a573d0c0eeb15e1e5c6803a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052905, "uuid": "a90023dd-deaf-45df-9fce-8af9a6d4a4fe", "comment": "Malware payload (RedLineStealer)", "value": "9e9c82b31e6348a0ef9a6da0bdccd3dfe91073693be406c0ca2d9d1b02190bec", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052905, "uuid": "66d10c8a-e1f5-45fa-937c-13a8a4f55e91", "comment": "Malware payload (RedLineStealer)", "value": "3bef91a92f61a3267f616f01b7560fb754720f25", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052905, "uuid": "a08f3f5e-7789-4d29-804f-6e83677a08cd", "comment": "Malware payload (RedLineStealer)", "value": "ed2842c18cf9bdfc43c0da80367c0c2b55bdbe7a75dcd41db8fb09fd2456d1ab59e5ce90bd0a6b7e0c35a0500330e833", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052905, "uuid": "051e2b3d-d0fe-4509-ac3d-124171b05557", "value": "T19665239397E5547AF97A137038F643E30A77BD818AB8821F77465C18093369A64323BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052905, "uuid": "5f5d2a58-fd7e-402e-8e0c-d7dce1a852e8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052905, "uuid": "2098d452-504a-4062-8af3-b4d5faaf068d", "value": "24576:hyn9el2uVtdUmD87Ptcirlw3CpNDMz4pcRaQeJp7ciprwn/ndeUCu9mVvaRD:U9G2ujdraPOAwSp6CVbcWrw5Cu9m1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052905, "uuid": "864e41f2-0963-4953-8b8d-1783f9c1ddce", "value": 1548800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052905, "uuid": "39437d11-9f5b-4000-90c6-cdbce455f6cc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052905, "uuid": "1cfcb695-628e-4e4c-85f2-e8a3ed56e992", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "22e8dab3-680a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Babadeda)", "timestamp": 1697010323, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010323, "uuid": "244dc95d-b7d6-49dd-a2d0-92678ed9af8e", "comment": "Malware payload (Babadeda)", "value": "04c723246241003f4051f660be8a07a4", "object_relation": "md5", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010323, "uuid": "9ddfb949-ae14-49eb-9a79-7419b66df217", "comment": "Malware payload (Babadeda)", "value": "9f6cd8a4af7972ee7d79fa2dadcfe58fad7ebbcde5b4ff1810a17a0044a718c2", "object_relation": "sha256", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010323, "uuid": "ccf3c15c-e283-472c-8ef0-feffa662b612", "comment": "Malware payload (Babadeda)", "value": "bc9581677702fb915a922aa65c87dbd95314386c", "object_relation": "sha1", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697010323, "uuid": "67bb1b52-537b-4d73-8194-2e721be4da38", "comment": "Malware payload (Babadeda)", "value": "6119a6f9b5320787e4d9f49c6cdb7a54b5fd800b42adaa95de36d158e0c37cd293db166e785989e263ffea48aa77c2e0", "object_relation": "sha3-384", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010323, "uuid": "2e4d4835-4f79-452c-b8da-ba83d75c2c23", "value": "T195D3BF41F3E242F7E6F1053100B6722F973662289724E9EBC74C3D929913AD5A63D3E9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010323, "uuid": "fa58e020-0517-40e0-8c38-c4b1e8791c1f", "value": "2c5f2513605e48f2d8ea5440a870cb9e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010323, "uuid": "9866a259-12a4-4f87-be6f-ff7aba2186c9", "value": "3072:G7DhdC6kzWypvaQ0FxyNTBfFJmhwsouzMSE5YL:GBlkZvaF4NTBt0PUf52", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697010323, "uuid": "568fdf96-0707-4cc3-83bc-df5e0a43a105", "value": 135680, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697010323, "uuid": "fd254a9b-2f1e-4e14-a156-41e48c60b91f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697010323, "uuid": "3bdd6d73-707b-45b4-af11-1ece8619771d", "value": "OGMode v0.4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6c6f8cd-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697051374, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051374, "uuid": "c863379d-e938-439e-938b-c09e1bc35d0b", "comment": "Malware payload (AgentTesla)", "value": "caf9223f60b5d0f402fd4b50b822c5f0", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051374, "uuid": "4f6b2ad0-65e6-4f7f-ab89-bd949fa65acc", "comment": "Malware payload (AgentTesla)", "value": "9fafb36829ae320d92e38bc56a1833a96a7529416b12bd2ee0cdad178ddf36d3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051374, "uuid": "cb4b49fb-2422-4b98-8257-656250d4dab5", "comment": "Malware payload (AgentTesla)", "value": "89c564c11d25ae1e55f74d228c56bd80890fdf33", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051374, "uuid": "6e715109-038f-47ec-a022-7631a20ff46f", "comment": "Malware payload (AgentTesla)", "value": "9003d508a4067cb994aee117a51f5a1c282e24fd4bbffdfba22b8edb0aa91dede1ce5d395e41e2ff90d1f3b14784ff72", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "rtf", "colour": "#F0EC83", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051374, "uuid": "7d24cd23-c6a5-4e79-846c-23f8a5c0966c", "value": "T1D153D06DC34B01A98F525336AB1B0E5542BCBA3EF35562B1346C437933EAC3D91292BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051374, "uuid": "bdf1c84e-1265-439a-bfd2-61d5b5ae9efa", "value": "768:5wAbZSibMX9gRWjGo0AKw7kLGiIg4/gM7H:5wAlRM0GQyj", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051374, "uuid": "4edd0260-da18-4650-ae01-78324ffec400", "value": 61206, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051374, "uuid": "f817b67f-2fbb-487c-8b12-dc122a6975f3", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051374, "uuid": "21101f5c-83ca-47f4-8875-221403f0e8f2", "value": "caf9223f60b5d0f402fd4b50b822c5f0.rtf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18da36c2-687e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (njrat)", "timestamp": 1697060128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697060128, "uuid": "8d6567d1-c6bd-4855-81c0-c1aabe9bbb29", "comment": "Malware payload (njrat)", "value": "1af7daeb2c2f549d0755c36956c599da", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697060128, "uuid": "65da7141-39f6-46c0-8553-bc50aeeb6e9c", "comment": "Malware payload (njrat)", "value": "a0380cdbb6ed01cf08e65c66314c034eb710ed7bdb2e2235357ecf5ed0bb6a92", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697060128, "uuid": "20c5c063-61c5-45ef-95c8-1eb239ae0345", "comment": "Malware payload (njrat)", "value": "2081af2ec8abc78ee2f3a98dad74be4b23198d9d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697060128, "uuid": "b468609d-c7c6-4700-9bf6-0210b9623bec", "comment": "Malware payload (njrat)", "value": "cada3cfdbd31ae0e92bff8d953504a76c42deb2b6afdd1c0e61aae1c5bbd29748e13e24aea6b6d3af8c7bcda464b3ce9", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "NjRAT", "colour": "#E5B690", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697060128, "uuid": "5d3a2d19-5cdd-4907-9726-e71a1504c188", "value": "T125B22A4E3FA98856D4BC1B748AA5965003B491470423EE2FCDC560CBAFB3BD91D4CAF8", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697060128, "uuid": "a6d8fcbb-cf8d-412d-8434-f53c89e03021", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697060128, "uuid": "ca6e432a-71e8-47f3-b22d-653f7f1a8922", "value": "384:d3gexUw/L+JrgUon5b9uSDMwT9Pfg6NgrWoBYi51mRvR6JZlbw8hqIusZzZROO:xIAKG91DP1hPRpcnuo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697060128, "uuid": "01184cdf-eb88-46aa-96c5-0fed3f4b6390", "value": 24064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697060128, "uuid": "eb84e22d-08b2-412a-afad-38f8d9727594", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697060128, "uuid": "123bfc6c-9eeb-4ad9-922d-0f21d67df7f6", "value": "1AF7DAEB2C2F549D0755C36956C599DA.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6ee77f22-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051683, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051683, "uuid": "a1515820-ae46-4d72-953f-75a2af3fade3", "comment": "Malware payload", "value": "4ea2fc328591f18e46749e401cf007f8", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051683, "uuid": "aaeb6e3a-908a-439f-8ff0-b1ff8686fc87", "comment": "Malware payload", "value": "a06366b0fa7d5744a507ef1afdafa02d81a4315bdba697993b7ee4fce76f1d7e", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051683, "uuid": "6cd6d337-e3df-43e5-becc-3d9e864557b1", "comment": "Malware payload", "value": "9d2bfb5eb1041fa098f80297aecec848984004a6", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051683, "uuid": "12d6f769-878d-430d-88f9-68e5150ee7f0", "comment": "Malware payload", "value": "04ce8001ea3ac1fead54b759ce47532ea8d2692d13c40512dd8054408996a7cfa7fd9af8424dfbf4e3a16f8753349e03", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051683, "uuid": "2854188a-9cdb-4988-a089-164ed18c5938", "value": "T1F9D4232AD1D86BD2E90E64F6D3B81F38786EF8290D07079AC5AFCE917B776F65004205", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051683, "uuid": "b0164b80-0d43-4e54-80e7-ef03887b5cd3", "value": "12288:9V9P7PT2LpgTUUUU5g1NlMGZRY3DOq98i5qUkLGrZyShxpIT2C:blPa1sFy5MGZcOSdqLMQOxg2C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051683, "uuid": "98316c5f-5bb0-41a5-8588-5d07651dc8c3", "value": 654287, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051683, "uuid": "a2d06847-a764-49a4-aecb-77c9f5ac2146", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051683, "uuid": "215f2402-776d-41da-a38b-98addfa36a88", "value": "New Order .xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1a8d5044-6859-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697044240, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044240, "uuid": "23c3357e-55a0-4324-8b75-025146acf0f2", "comment": "Malware payload (AgentTesla)", "value": "5b111640fcb0a5d04cb799078fe90bad", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044240, "uuid": "21a23737-ea23-4072-9ea6-601fc2ab418c", "comment": "Malware payload (AgentTesla)", "value": "a0a83c6bc77fa73e06bc77a6bdd2e7d3b84319cff7f009d7f6ccc7fca5c48820", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044240, "uuid": "5c0208e2-543d-4443-85c8-d564fe0c3646", "comment": "Malware payload (AgentTesla)", "value": "80870524c77d40a9711a8c120bac5f27957617ec", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697044240, "uuid": "4a2e4193-3110-4a21-a1d9-e20505bdca99", "comment": "Malware payload (AgentTesla)", "value": "44296e2c0ec67d85a0d189ab95c9d001f7d720e4df42ccc8af5c58f44166c9a48b73781f0b7979f257fbd012e84a9c1e", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044240, "uuid": "9b5dbc26-c894-47a7-abf4-87bcf403c19b", "value": "T1D2F40238236C8B66E67E9BF751B4024217F678273079E3AC9ED114CF2F61B818525B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044240, "uuid": "cc9568c0-66e2-4179-b652-e8afce61fe5d", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044240, "uuid": "afd59c43-b878-41bf-b6ae-cb0ac9570f4e", "value": "12288:o4X9K94CKeimRxlZSbr2Y7BSP93oxIUhB4+XWKXWBhO:o4tMHKiRxHSv97O3RaG+XFGD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697044240, "uuid": "c8a7de3c-b427-4280-9bf9-a432336e8101", "value": 748032, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697044240, "uuid": "7e702dbd-21e4-42e1-8be4-38e48527c4a0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697044240, "uuid": "3e61f5b8-683d-40ea-86b4-3b6bdf264deb", "value": "SOA pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8e89a50c-682b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697024677, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024677, "uuid": "111be655-0da5-407f-a36c-1c8799259103", "comment": "Malware payload (Formbook)", "value": "190c8dd17ba27d04bab550da77fcd20c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024677, "uuid": "182b75a9-2c18-4273-8793-2ba2de0967cf", "comment": "Malware payload (Formbook)", "value": "a0d88c0383d588f01ff78a04b9512917e0e1d27aef0da9fcdbaf88b5aa83dda0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024677, "uuid": "e242a53c-73c0-4fba-bbd5-bca2b190d64f", "comment": "Malware payload (Formbook)", "value": "ff00b8aaa57ae91cfb86db30eb2f841ed287c029", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024677, "uuid": "561d4d16-7408-4528-91ab-f58ea9487cb2", "comment": "Malware payload (Formbook)", "value": "f1a255840293bb291b86369e0222717d45dab22b7cabec3af6fbd357092dcc2ac245bbce45044b57926f70df10610b14", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024677, "uuid": "fdf5de09-9762-4f80-83bc-a00171fe6a30", "value": "T1B2E4DF9D765076EFC857CD768A682C60EA51A4BB431BD203A02726ACDE0D9DBCF141F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024677, "uuid": "cf663f32-3017-4ae4-8394-35c42c2f6da0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024677, "uuid": "75ecaf1e-d279-4bc7-97f7-bfe810d246e5", "value": "12288:jozv2iNzEisUH/EqcQ+I6BL/9Aqy1DAY5qIsXNLSNDUwgq8TKELPFo1gnOBnQtBd:jAv1hEWlBDkiqy1DAc2NLS13z8TKELdb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697024677, "uuid": "560cf8ea-fbff-4b22-935a-a01087e00a53", "value": 721408, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697024677, "uuid": "a30f6800-13f7-4a02-85f4-409deaeada28", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024677, "uuid": "09d97cc8-dc79-43fd-95f8-b9112165ed0f", "value": "a0d88c0383d588f01ff78a04b9512917e0e1d27aef0da9fcdbaf88b5aa83dda0", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2062af40-683d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697032224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032224, "uuid": "c7f434a6-a937-482f-8e70-a060d904bc88", "comment": "Malware payload (RedLineStealer)", "value": "eed0fa9617fddcec179cdbd0a72b5fd7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032224, "uuid": "c7730964-dd5d-47da-82ed-d79bae3c5d44", "comment": "Malware payload (RedLineStealer)", "value": "a0f80ba613a4a4c4d9d13c4558474c59fcbacbb97bbb1346676e862005591936", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032224, "uuid": "ff06bf1f-bf85-46a8-9434-c24ff595e34b", "comment": "Malware payload (RedLineStealer)", "value": "4ad057b08de73dd227ed2a7446b4fd18909255c9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032224, "uuid": "7793f4b6-6d5d-4906-bf2a-7c1aefde4c0e", "comment": "Malware payload (RedLineStealer)", "value": "69ff1a9b6d3c74043792b77dc23b1f898e8ba835006d5923e04e1fcadf0ecf3535a419d89d61d0249495132a750192d7", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032224, "uuid": "7c822b92-590e-4412-875a-5061fc259a06", "value": "T10144BF91B0E1C073D972153609E4DBB55E3EB831C9A199AF63F80FBE5F30281D721A66", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032224, "uuid": "76ce7833-c9c5-41b3-adde-726d0bf2a989", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032224, "uuid": "074591b4-a48d-43b7-9316-434b77699695", "value": "6144:2eLvmaL3cEowTX/JbXatntmPr7VYPAOh2o4opz4an5:uazcEoiX/YBbmJs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032224, "uuid": "966cf439-db41-4078-afe9-7190d9ab0f4d", "value": 261896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032224, "uuid": "8f801fa2-4777-463a-835d-c98cb07ccc66", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032224, "uuid": "0e9f8fc0-8365-44be-95f3-ad385a5eb0b0", "value": "eed0fa9617fddcec179cdbd0a72b5fd7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c4434f7a-6861-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IcedID)", "timestamp": 1697047960, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047960, "uuid": "7590996c-7f8e-41cd-8d00-a164b0ece218", "comment": "Malware payload (IcedID)", "value": "510e0f061b1c3ff84f4cc810ff1dc6b2", "object_relation": "md5", "Tag": [ { "name": "404tds", "colour": "#C36DA6", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Forked", "colour": "#36B140", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047960, "uuid": "29f10bb9-926c-4485-accc-1288aaebd5fd", "comment": "Malware payload (IcedID)", "value": "a12045a6177dd32af8b39dea93fa92962ff1716381d0d137dede1fc75ecd2c0c", "object_relation": "sha256", "Tag": [ { "name": "404tds", "colour": "#C36DA6", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Forked", "colour": "#36B140", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047960, "uuid": "0c3d1723-09d4-4118-9bff-a011aed88384", "comment": "Malware payload (IcedID)", "value": "6c0cb0d21dde5ec87d30c4d15025f50ab293c062", "object_relation": "sha1", "Tag": [ { "name": "404tds", "colour": "#C36DA6", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Forked", "colour": "#36B140", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047960, "uuid": "2a974bc5-98c2-4e2f-b96d-0f3f77875b34", "comment": "Malware payload (IcedID)", "value": "9c65aeb0aabf89d3570ca5fdeaeb3e31977538f8e6a56a1c6b4738d1ad7d9754f79bb00722063c4d1c5fa01109cdeb02", "object_relation": "sha3-384", "Tag": [ { "name": "404tds", "colour": "#C36DA6", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Forked", "colour": "#36B140", "exportable": true, "hide_tag": false }, { "name": "IcedID", "colour": "#819B92", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047960, "uuid": "952e9f52-89d8-4a99-b900-67ff20bc230c", "value": "T1C164AE0936D80CB9EDB39238C8576945EA72BC560375D66F0360871ADF2F790A92FF21", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047960, "uuid": "d800ae3c-6305-47fc-ab52-465734591208", "value": "e7125b885fcd1eea77d2881eaaa53c4d", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047960, "uuid": "62b119fa-8dfe-45fa-9cb9-4f7de59e2fbf", "value": "6144:tN/F41OWGRkFtwxW6spj/JbUaeboh6EReEUHFmUAkHecHYKjrygmsp:t5FCOWGRayW6sAowXFmUALjKjryg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697047960, "uuid": "467e5cf3-a5cd-44e3-a8dc-c8f17c34b664", "value": 335872, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697047960, "uuid": "9374f40d-c298-49b2-800d-8e7b01e924b1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047960, "uuid": "2a2eee99-cd7d-45d3-93be-678903180512", "value": "0050-1.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "125d12d8-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Babadeda)", "timestamp": 1697050239, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050239, "uuid": "7e144ffe-789d-475e-9424-078b3ceab240", "comment": "Malware payload (Babadeda)", "value": "51bb66a110e05f095c3bb299e6895975", "object_relation": "md5", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050239, "uuid": "bcb7010a-8927-412b-b3ad-f2e6c96d5ee9", "comment": "Malware payload (Babadeda)", "value": "a3b50a3dea6e37222365407b71e279291a82dd38e6492ae936692845a3077a09", "object_relation": "sha256", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050239, "uuid": "ca7b5ced-9669-4b92-8b40-82017f6c01f3", "comment": "Malware payload (Babadeda)", "value": "0e0596caa18ac3952ffce7c56dda0006e0640faa", "object_relation": "sha1", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050239, "uuid": "9c0287dc-440e-4af7-84c7-1cbefd0e6d7b", "comment": "Malware payload (Babadeda)", "value": "9c446a3469be6fbaa594819293613ce519a0380766cb10de879777529fa6c40423ffe44d375a763af12b2a8d2d134c6c", "object_relation": "sha3-384", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050239, "uuid": "63fda95c-d44a-4288-b179-b528b12a13ef", "value": "T11FA36C41F2E241F7EAE20A3110A6712FA73677245724D8DBC34C2D429A53AD1AA7D3F9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050239, "uuid": "6d08f1df-5f63-4b3c-95b8-91aaa4a2e330", "value": "5877688b4859ffd051f6be3b8e0cd533", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050239, "uuid": "1449db38-81a9-4f31-b9a6-a8ec9721f546", "value": "1536:17fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf4xZO779tx:hq6+ouCpk2mpcWJ0r+QNTBf4K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050239, "uuid": "febf8222-b0b6-4384-9ea1-ae38e3348628", "value": 100272, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050239, "uuid": "0c5f8492-ff48-4005-9af1-f1891f79f249", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050239, "uuid": "56d2fcb3-90b7-4006-8007-3b3c55a4e4cf", "value": "51bb66a110e05f095c3bb299e6895975.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "89317033-6881-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697061605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061605, "uuid": "59a10844-450d-4d71-ba26-dae334785bbc", "comment": "Malware payload (Mirai)", "value": "2e62a2f99a90d786a12fd7c326fdd805", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061605, "uuid": "2f10a061-7fc9-4217-8664-965c6b4b23c6", "comment": "Malware payload (Mirai)", "value": "a3d0a411d1c3509552684413e83622cff89c1f4fcd57b75509336e5f02f1637b", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061605, "uuid": "cbb7d103-f659-457c-b4c0-8dabb5843e5c", "comment": "Malware payload (Mirai)", "value": "e1b0958b3d0900a58dbbf89f0cdd9cd4b5384588", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061605, "uuid": "51395304-8b2e-4eb9-a799-dea9d78fae22", "comment": "Malware payload (Mirai)", "value": "75f3b174add00652eb9e3517f84bf0d8e716ba844fb16ed30c38f2f61b3f5e90c0c7c79cd2fd0306418ea0a6bda5603e", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061605, "uuid": "8542707c-3dd5-4478-ad74-d648527daa85", "value": "T1BC334AC8D583D8F9E81605B42163EB328A72E57E2169DE97C7DEDA37BC42511E20738C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061605, "uuid": "dd441a75-e7aa-4e2f-a7b1-3cb1a129c058", "value": "1536:eY7iKvDpQTtGdHBnKFehA1JHmf+W+LIBa9wnL62RDBkX:9HdeehA1JTW+MBa+L6KDS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697061605, "uuid": "f83672eb-7888-4c1a-939f-4eed4bb1e49c", "value": 54120, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697061605, "uuid": "9c018239-2847-40df-afcc-e5d5ae23c67c", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061605, "uuid": "c4466725-c6d8-4ca8-9a93-32dc907a0091", "value": "jklx86-20231011-2200", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d3abcd89-6837-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697029947, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029947, "uuid": "f4463d0f-2552-429c-b700-c8cc476052b0", "comment": "Malware payload (GuLoader)", "value": "3fdac92dc8aa9d90caf58983e8cbb1a0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029947, "uuid": "4655e177-e369-4176-8240-66097c969967", "comment": "Malware payload (GuLoader)", "value": "a3fba721814f24b0ee8b64277079ddead0ea94b5eed98939aeac6efc11948157", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029947, "uuid": "5fe8bb5f-a8a1-4ea6-aefd-eec8b4cd2d7e", "comment": "Malware payload (GuLoader)", "value": "9d3519eab68480548d6e24bde76630d408306a2c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029947, "uuid": "daa542b4-bb5f-41e8-be53-48215fd22f96", "comment": "Malware payload (GuLoader)", "value": "4a5fc75e5e99cfcff0ffc3dae83ff7fb524cb57dadf3cb57b752ddac2871e963b841faaa58c7b29dd1491e23084380c8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029947, "uuid": "4c9067e5-59fa-40d2-8711-957479065497", "value": "T1ABB423DA3EE0D89EFA02637015F84E39977AFF115A728E4BE36427213E026694763117", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029947, "uuid": "8e580bf4-3efa-49c2-bd4a-74bdec47d4a9", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029947, "uuid": "3c030a06-1317-43d0-995d-f24c4b5c80a8", "value": "6144:1z2yP2Jut+p66ct6dVbai/WXAZApCzJ4v4oMnXsUrk2fUJaZqicB3oUJfW4uMuuJ:YuudVbrLAozJo4VQvJEUj0UQPK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697029947, "uuid": "e0b12965-ebf0-4934-bacd-08bc2e7e6e60", "value": 525591, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697029947, "uuid": "1d2c61a2-0a37-415f-857a-003c6d14d34f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029947, "uuid": "900e0c1a-1e23-4f7a-8191-a8fa9b778a24", "value": "a3fba721814f24b0ee8b64277079ddead0ea94b5eed98939aeac6efc11948157", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e2a0481a-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066909, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066909, "uuid": "0785fe68-da9c-4156-9d69-c52719b4c5b4", "comment": "Malware payload", "value": "4c93f47d1b0e4d0c70efbb36842493ff", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066909, "uuid": "4bc60b2f-b121-48e0-9e60-e184aa2ceb10", "comment": "Malware payload", "value": "a4482fdcc04dc79395d4d2a0023f8725004ac1708fd4e59652be5d53776f6260", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066909, "uuid": "16003b3b-9d53-44ca-9b87-a9a7b81152f9", "comment": "Malware payload", "value": "edc9de85faeb2655907dfa47049ded50137304e4", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066909, "uuid": "7641a42f-6968-4fbd-88d7-ae01b40418a4", "comment": "Malware payload", "value": "a4ef70108da48b3f9d35bc98a61146f6e5fa6dcbba139413a56e343d963300d45f5c5fd573a7394e9ce54ad73870f4db", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066909, "uuid": "73e6134f-1494-41e8-afd1-5f30c3bc148f", "value": "T117742334FA84CBF05B81815D8018380C15975953F0E5096A7A148E2ED9F87AFA7DEAFA", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066909, "uuid": "6b473bbf-3cd1-4a7d-a016-a8c393ce5d0a", "value": "6144:4Y95FFpo7VRyzkibgMmT2UstCKYAr9GORhyFyDWwNR3k72f2qmdyLrtzW1fNZFzb:79L3o76zxmT2Ui9/h5noyLrtzIb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066909, "uuid": "2a5f07fc-eec9-439e-b451-6fc72715a872", "value": 366464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066909, "uuid": "6cca65d5-c20d-4ef2-8682-85a83c6b1273", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066909, "uuid": "84585091-5ca0-4de2-91ad-ec64a4bdc07f", "value": "AEHK5679_5966189.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "28ba8fb1-6834-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697028372, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028372, "uuid": "541e864d-4dd7-4d27-a135-1afd8cb58912", "comment": "Malware payload", "value": "35c96637cb4c1474a28d1a2c33ae8565", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028372, "uuid": "e14752eb-6452-431d-81b6-6cf970aaf527", "comment": "Malware payload", "value": "a4f07f055320520a7da6d800afe871b12d36433df4a230581243541c686dec32", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028372, "uuid": "e0f2e1e4-babf-444a-afd0-315f16ea8887", "comment": "Malware payload", "value": "28314d71a56d8618cb806385f6701851c2773587", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028372, "uuid": "9784b682-edd3-4641-b246-9ac4709b8f3f", "comment": "Malware payload", "value": "6c7ca966ab95d7ba3e60a5302e860f43f2aa17cd810f17a7765128ed8c6dfc4b712ea6116978cef05c48cbf01a60d04e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028372, "uuid": "701b7165-8a8f-4332-820b-effe1c3ce168", "value": "T16A65A50FBEC789B1C1481737CEDB048443A4D7A17213E60A758F236E586B7BA5B69327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028372, "uuid": "d684dfaa-d115-40aa-a64f-301309c9dba9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028372, "uuid": "b503fe22-20bd-416c-ab58-476a3d2ba64f", "value": "24576:BfW9ovpjpjQFftLZahSfo2bS7MwFYhz16siFQT3wg:P5lP+h6siFQT3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028372, "uuid": "e3a46373-29c8-4312-b089-2d6d0f5ed1a2", "value": 1526784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028372, "uuid": "ceb52b75-b8ee-4b04-86ec-ab907e60c202", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028372, "uuid": "620aaaee-7948-47f4-ac8c-c17ceb3e7e91", "value": "a4f07f055320520a7da6d800afe871b12d36433df4a230581243541c686dec32", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b76dab51-684e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697039778, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039778, "uuid": "2b0b18f2-fd4b-4280-b28d-dd903556ab14", "comment": "Malware payload (RedLineStealer)", "value": "884ec70de10643b30ef560484b0d5dfa", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039778, "uuid": "3a1e3668-efdd-4c46-ba67-b6b330dc6084", "comment": "Malware payload (RedLineStealer)", "value": "a5b29e405c60e6050ce6d4be4178a6d231d9c38b7a175950c73c260dd8943b9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039778, "uuid": "8d7b300a-f880-4730-a700-293e068fec75", "comment": "Malware payload (RedLineStealer)", "value": "02fd237ba9fba39b469b61204c3e1271fa5c0a3e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039778, "uuid": "28ed56b8-88f7-401b-ac3e-640eef9ce339", "comment": "Malware payload (RedLineStealer)", "value": "efbae62784fa677051f2cbfa6bde1a019c2803e339ba8c694f5f5b42f3b4bd2ce5d81d964efc45e77e30de7e88e19b0f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039778, "uuid": "179706ba-1bad-4dc2-b639-79ce83e856d2", "value": "T14844AD91BDE18032C532153609E0D7B65A7EBD300BB199EF97D08BBE4E303C1977566A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039778, "uuid": "09f317bf-9af0-472c-a996-4943daa2815c", "value": "9854fe208003549216f1ebd6ea57c6a1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039778, "uuid": "3fbbadb6-aa45-47cc-88bb-04c436c07934", "value": "6144:8Umake1I+ffSbJ8/rADV6ga9DG4u4AOKbF10Gn5:8tau+ffHT9y4wMw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697039778, "uuid": "e46b547b-95f6-42ef-8839-8e1c263ced72", "value": 264456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697039778, "uuid": "b666e425-d04b-440a-b90f-5b34d6400559", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039778, "uuid": "91207d87-2d5d-48fd-a4f9-744f154be31b", "value": "884ec70de10643b30ef560484b0d5dfa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df50681b-683c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697032114, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032114, "uuid": "670a6b99-6b9d-47aa-97e3-806062045d3b", "comment": "Malware payload", "value": "dcb25b714a28a41ede9702038f861a6d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032114, "uuid": "d4840fb0-a189-415c-91e7-c094cbbdc66b", "comment": "Malware payload", "value": "a61d12c7ec9bba5d651935f5702f7c7ad22ee8985b74fb3a4a9f19e8e127c255", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032114, "uuid": "33259bf6-12d7-4031-bdef-f89aa9e5c2b8", "comment": "Malware payload", "value": "2ca3b2710cc6eaca9240b28f15bcceedc9c232de", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032114, "uuid": "1d596239-66fe-4140-b900-1b92456a8c19", "comment": "Malware payload", "value": "f77bc5382ef32f4dc12f42bae355fd61746984f1ae68bfce5321aae95bf406e96099bf8f130fac600245767f4e4006dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032114, "uuid": "8b74f43e-7f75-45db-874f-faae530e8afb", "value": "T13D04182417898320C6CE8179F6B387055FB0C253E64EF7A769FAF5F01893783992B1A5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032114, "uuid": "68bf3e47-290c-4adc-9346-4f526b0c0239", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032114, "uuid": "91b35979-03ce-47bc-adec-64d4ca8f161c", "value": "3072:mDdFcfJkYYHOarCjLgRtUshglCSWBIbQPVQhfeAewdNFeERVXvo1Up8c2X:mDdqfuYsiCU9lCrSbKYdNQEbfcUe", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032114, "uuid": "c6d2b26e-249f-4522-9d0e-5abb4b252e14", "value": 173056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032114, "uuid": "2c00ac59-cc94-4411-b855-7576e00ac424", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032114, "uuid": "ee72daa4-2648-4441-b46a-a5704eb2c61d", "value": "a61d12c7ec9bba5d651935f5702f7c7ad22ee8985b74fb3a4a9f19e8e127c255", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbe7f783-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052698, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052698, "uuid": "3c25200f-8cd7-4b3c-a84c-d111411738db", "comment": "Malware payload", "value": "e213c3f30b9240882e38fab18d54d7e0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052698, "uuid": "054ad82c-5a5d-4fd6-a425-60570435eee4", "comment": "Malware payload", "value": "a675a625f52a13b54c0e28dcccbd6a4004ab262c841f42f9099d7e1b2d8091ff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052698, "uuid": "368e83dd-5897-482c-b1fd-9b0a6799eb0a", "comment": "Malware payload", "value": "b7e1e12b5bbcd944a3c68c403f23c73e2b09a5c1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052698, "uuid": "ccf52bf0-8467-42e8-add7-1e633e8f0577", "comment": "Malware payload", "value": "20a255d9df416a43d6e02457a41242a12aa2efa04bfa64f16db694e666dbba7330b79a3cab43bc8647128af2aa2d3aef", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052698, "uuid": "c87daab9-649a-454f-a0db-8a5d5749c928", "value": "T10524CF15F582D872C44680718820C9F47A7ABC76CA49CA8337AC3FAFBDF13926767251", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052698, "uuid": "d0d55801-8491-4ae4-bfc8-7d962de92f81", "value": "278ee3575c149517e1eeb3763f842b77", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052698, "uuid": "713ddc7c-8873-47c7-bc6f-ebec559718c4", "value": "3072:PX5947+RkzsxwzWCB0eW94qJ7aemEgpbCbpp8Q6O5HF1Ty:/VkzGwzW8Ts77aeNyObppuMDT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052698, "uuid": "0af34f85-9554-4ee3-8654-ac22eb2952d6", "value": 220160, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052698, "uuid": "e9f8914a-6826-4e15-b013-668fab28eaeb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052698, "uuid": "43d746f3-1abf-4b62-92c1-7e499b1036e6", "value": "e213c3f30b9240882e38fab18d54d7e0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f12d33f-67f7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1697002291, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002291, "uuid": "1e7aff77-c990-4d50-a85b-a2788eac7a63", "comment": "Malware payload (Loki)", "value": "dc533a0eb59e0d32b6e72743b6bc0a97", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002291, "uuid": "de693dc1-d120-411a-8deb-1ba5992de8b1", "comment": "Malware payload (Loki)", "value": "a72c0d696fba8a092fe459d85ab642b49529b1b156e597da55dceb8cdf579cda", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002291, "uuid": "457ba153-d99d-486f-9319-3ec6cae5c431", "comment": "Malware payload (Loki)", "value": "9c1216b9ac7388a927b208e15024abcaa560bc6e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002291, "uuid": "13823174-6f5e-4998-9d6b-eb65fe795c29", "comment": "Malware payload (Loki)", "value": "2860575e8e9b2a1a92e006fcce35c553f0218ad969d62fb50f8c780b432284d8e97d5e19deec666ae70da2100906b985", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002291, "uuid": "cffafd87-0cbf-4e4e-b8ab-79e4bd758aa8", "value": "T1EBD4F02176B8AF67CC7993F2052555400BF27D2E5434E6989FC232EF2D71F81AAA0E47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002291, "uuid": "5865d17f-dd9e-4534-bf23-a0bae99747b4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002291, "uuid": "5da91937-b70f-4311-a975-30525bf721a3", "value": "12288:Dyaq+X9KQ7qWM4PM8Jsw7WwGHtFuo+9MPScP53:Dyaq+tt7qCPM8Js8bYHuTmPScN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697002291, "uuid": "2a18dcae-da3c-455d-a9ba-e14141570ce2", "value": 627200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697002291, "uuid": "92ff74d7-82f7-423c-9d54-bd233db9b627", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002291, "uuid": "b1d99f47-0e5a-4a52-b5a2-00ccf5794ac1", "value": "dc533a0eb59e0d32b6e72743b6bc0a97.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13a1cd3b-6836-11ee-a6f9-42010a9c0055", "comment": "Malware payload (PureCrypter)", "timestamp": 1697029196, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029196, "uuid": "85a46201-bd81-4147-ac7e-968b225e3683", "comment": "Malware payload (PureCrypter)", "value": "653884a8e7ef6081b4d7320cd0fc66c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029196, "uuid": "fc714e6f-fd65-49cf-83fc-392b6daed3ec", "comment": "Malware payload (PureCrypter)", "value": "a75544522b73246b0e503921eebc40936f6d17512e3297e843a6e5c787d23908", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029196, "uuid": "5497207b-9073-4223-85ae-f3d956856522", "comment": "Malware payload (PureCrypter)", "value": "58adfa71d02771d39451c5a3bf4a53cb7601abe8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029196, "uuid": "f89c0099-f158-48ca-a3ff-a73cf01ba72b", "comment": "Malware payload (PureCrypter)", "value": "cf594e53be1468cb13b1dd4686d16ac4f3d00bc93619b6de7c7687a2233348233f6ef66360f3dd76d563ab7d9d15fa0a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "purecrypter", "colour": "#93448F", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029196, "uuid": "d8102f65-1b6c-44dc-a85d-1eb9fd696d3a", "value": "T1B573D672D1854336C5634F74C5AF7A1E0716AE29AC62AB0FE8DC73BA1EF33D64811912", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029196, "uuid": "aab8bb45-e785-4aa8-94d5-995ca4d5a2cb", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029196, "uuid": "c36de59c-3b6a-496a-b1cd-b28e2882ad53", "value": "96:0wWWCTi+o3BPk4tqS72wO5DEyLzw5xU9eoW9/UvzUh4+6e7ezuGE4H0JL1JZOLzj:DmBwBc4tN72dOthlebUEpzup1pq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697029196, "uuid": "839cb814-3c72-4bb5-a85f-8e38bfe37c97", "value": 73728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697029196, "uuid": "7c73eb51-736b-48fe-8262-72578cb8ea5e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029196, "uuid": "0273778e-b403-438f-be45-67c0ebbca739", "value": "Q614-TX897- FM- MANAGER- One International Pte Ltd.scr", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "60edaa78-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697067551, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067551, "uuid": "8ae5725e-7289-4d76-ab0b-468c0c70d6ba", "comment": "Malware payload (Mirai)", "value": "f5f0aace189c9efb0f7bde029baf4e6a", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067551, "uuid": "976bb0e3-60fe-406c-9502-53df33e1e030", "comment": "Malware payload (Mirai)", "value": "a7688702aaf4979f0cc17887b48b543d38d0a421e6ab65311bbe703ef38016d0", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067551, "uuid": "8825297e-4924-457d-bdf2-437069d4de8f", "comment": "Malware payload (Mirai)", "value": "c79bb60cd330fe52f7f820857ea3a7c85695140e", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067551, "uuid": "cffff543-d38b-411b-b871-728da42624e0", "comment": "Malware payload (Mirai)", "value": "bdf1a55690d60c3d23b77c371a3977f14887e938fe17bb0d4d6b2031e1a9cc16c125ba17014eddf98e7136174bbe81d2", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067551, "uuid": "7df885ed-77ad-4511-889a-619d23db3c8c", "value": "T151C2D0741815B5B0E370023DFB9D868B5BA790F082E831051A905BFEA60B586B977B8F", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067551, "uuid": "40e5cfc5-ff7a-4771-9b68-523fd08d902d", "value": "768:4RSa8ZS/L6rze3OXrFKg9KZrqoDuEQjMQs3UozY1:eSjFJXZBCJDupMFz+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067551, "uuid": "714b0b78-7a5f-485f-b906-775006ef6a74", "value": 26292, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067551, "uuid": "6221646f-8835-4f69-923f-ff8da0d8b6b1", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067551, "uuid": "85b2b21b-c8d5-4781-8524-52810e9663bd", "value": "f5f0aace189c9efb0f7bde029baf4e6a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ca27b70-680f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697012514, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697012514, "uuid": "9c32a100-5b43-4d5a-adc2-dba42e5502c0", "comment": "Malware payload", "value": "9dcdb576ee270eb3fe07a96f1046a60c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697012514, "uuid": "9e381a26-2dc4-48b8-abd9-a009f2f25db5", "comment": "Malware payload", "value": "a7c67cc13ac4a798980cbc474816cb29ccb6bdc1992bc13b3961e1c8987f7e15", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697012514, "uuid": "4be5ed86-ac06-4f7f-9618-81032eec6e6f", "comment": "Malware payload", "value": "b4dd870f35d5ae9bdba9a465f5547fa97bd17c58", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697012514, "uuid": "2bd98b86-8c40-4444-9555-a950088103e1", "comment": "Malware payload", "value": "10af79449074710796317bbcfff0036b23a6a8b181fd1e983f8f98749e5efec64e7d80ee1ba04610b7804c05ece2e89e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697012514, "uuid": "a6411c34-a91b-487b-9252-dadfdc3f12b5", "value": "T18D083328F1E99C0BC404DAB6CB999A2474E710495790CE7CF39DE20316C22D79FD9EE9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697012514, "uuid": "87793bc0-220a-460f-af41-b9c8809bb8be", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697012514, "uuid": "f54d91ca-e577-4b52-9fde-f1e741c2bff9", "value": "1572864:IigP5jt4/07YqIj8eFmRhvTAKpKn6w1mmYRpTFy6nIDZfdzH7QpS7bCJ:exDY5oeQz/pKnemCBkZKsCJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697012514, "uuid": "5697cd33-4515-496b-81b0-65b8c7f81227", "value": 79690560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697012514, "uuid": "c71fc701-90b5-4a4c-ba0e-ceb58d27e9b3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697012514, "uuid": "f92f15e7-b522-4bd1-8e87-9c629b635cc4", "value": "np0811.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "371c07b3-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067910, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067910, "uuid": "0b74a393-7ecc-4016-b4ca-e2eb25632319", "comment": "Malware payload", "value": "21c91fb18ed6855a0afcf49a20001eca", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067910, "uuid": "e71c2df2-7175-4038-b83f-02b133f9909b", "comment": "Malware payload", "value": "a87cf1ec49b5791bd9d22875563eb6589d0d96a148317e0b7fb5256609fa3ebf", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067910, "uuid": "479a8fa4-c2a7-4702-b799-d575389a322d", "comment": "Malware payload", "value": "e8c74cc27324d6960cd3b7dab332454646f04217", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067910, "uuid": "a21b4ea6-de6a-47d3-a725-769770b9582b", "comment": "Malware payload", "value": "961c28f23a573768093d9ecfbcb54bf524975b9cae4fec568d7cbdd82b92aedf470c9252d6bfff206a39141176c2d061", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067910, "uuid": "a72505da-803a-476c-a7d3-732597588b40", "value": "T190259A3223B22F3CA678FBF600DD154B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067910, "uuid": "6d33f228-6119-4309-904c-9d9120001502", "value": "6144:tagJgAaNoObrWVOULW3A1Z28e6t/7L62oug5qThN3atdt+zqJoVAcMeNbUqxvzDU:jkMEA/cv35qTH4YooAmiJXfVF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067910, "uuid": "d6310872-703e-42fe-969a-2ff27ad93c21", "value": 1036375, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067910, "uuid": "2927e786-ff4e-44fb-8527-7a889f0b7d64", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067910, "uuid": "c0a1c4f0-9cce-45c2-a8b6-4eae9a1ad503", "value": "DOCUMENT[2023.10.11_08-07]_2.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4f3596e7-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697050341, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050341, "uuid": "70dfb3ec-43dd-41b2-b092-3845fbd17aa9", "comment": "Malware payload (RedLineStealer)", "value": "07a6d287de86736c5626defc4b865a63", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050341, "uuid": "730e468a-0d52-4525-92ab-95d08213a10d", "comment": "Malware payload (RedLineStealer)", "value": "a88e7b540804c4b2ed5e179ecb15ae52f5dfcb742fe62763205ab7beffaeb311", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050341, "uuid": "ac7bca5e-0d59-4540-8b59-12b25a5291e0", "comment": "Malware payload (RedLineStealer)", "value": "278676224a3c2b7d16af37cfdc7090b9aa34f86a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050341, "uuid": "6f36cf1c-2ade-4c1e-9e29-9445a0121229", "comment": "Malware payload (RedLineStealer)", "value": "41260bc1eaabe09a35aaf985df892641253c089eb4461d71629cc1c6e13a4e60d2225b4e8e89afcd6acc171bdc6bfd58", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050341, "uuid": "2f683039-4d7c-41f5-a452-c075e9d2d968", "value": "T1CA552303E7D89421C8B00BB44CB3039B0F7ABDA55DA8D2BA7659590F2CB3590E976377", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050341, "uuid": "edc76c37-3807-4292-892d-f03728d3abbd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050341, "uuid": "8f5ae114-6cea-4c4d-b392-dd812acc5600", "value": "24576:Iy0JAftbjqvIBl6mFpOHcSlgxHYr7hLvY/BlT9iMKhNJu:Pdt3ZBldkcSlYYr7FEBlkMez", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050341, "uuid": "8a507adc-d86b-4b35-9a33-a17c5292f8aa", "value": 1282560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050341, "uuid": "09a86308-e1ac-42f5-bee9-c207de0c9ff9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050341, "uuid": "ab1c14c8-dc43-485c-a2d6-742e2bf78af8", "value": "07a6d287de86736c5626defc4b865a63.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e1368401-6832-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697027823, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027823, "uuid": "a9a0d26f-bc0e-4907-b831-1c787b344ab6", "comment": "Malware payload", "value": "76e778cfe5e3726158630fd741157b4b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027823, "uuid": "95c7b54b-2fcf-4c92-b34a-2c4c7985abca", "comment": "Malware payload", "value": "a8c9f96df49b240122c96c14ee34f8400c1cdd0ff49660cd7deab66df6828821", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027823, "uuid": "a94a4e75-822a-4634-beaf-a5ab2eb419f4", "comment": "Malware payload", "value": "949684968375d02ecfc7ae8b9ef97b90796de9bc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027823, "uuid": "6b640aa0-03ee-4181-96d5-dc63c09169cc", "comment": "Malware payload", "value": "e905e14ed9d2695b7d4a23a3df921843cfbf915e637bc83705ccda7002226b2e703fdfeee8834be574abfc6aa1ef545a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027823, "uuid": "f22e9cce-b9e3-475f-8ea4-9b7cab85f083", "value": "T1D42733B9D6B907F0D8E3503D9280846F87627C171374C75B1BE896A68F972952CF8FA0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027823, "uuid": "4213dd81-ced8-435d-95a2-423e2f972b87", "value": "0b5552dccd9d0a834cea55c0c8fc05be", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027823, "uuid": "19168eb6-3c47-4a7c-a1eb-4e79f36e18db", "value": "393216:F0121xSufvjts6K5B8BDFcC2o39EP+f3yQtsuk3meWcGfd0/rc:CONtzK5GICda+fiQtsuag5F0I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027823, "uuid": "9f51a3f1-3969-40ab-b6ae-bf1bf57e4788", "value": 22134331, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027823, "uuid": "3d60f7f1-56e0-45cd-814e-67ed995bc96f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027823, "uuid": "2885e1b4-ecd7-4403-9266-07dd3444a140", "value": "76.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d32c4607-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067742, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067742, "uuid": "5a6de4d3-e4e0-4d76-add8-6bfad8c51138", "comment": "Malware payload", "value": "7fa3ce941b93faf5118a375b3dba6567", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067742, "uuid": "7cf14962-d377-4304-a5c2-d375b7f5c883", "comment": "Malware payload", "value": "a9060e9aef4561a0f7e04e867c884a43fa13d59f15a6d673945f8c97806381f8", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067742, "uuid": "d5adf34c-dd08-4d9e-9495-546f198cdd07", "comment": "Malware payload", "value": "b5fccb9008803f332338eaff5306c98ba7ed390b", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067742, "uuid": "9b0c5c6f-7fcc-48d3-9cc1-0ef90a17cf69", "comment": "Malware payload", "value": "dd9ef75fece2836f5ecb8c58626ae082cc33273e4a8a96c6ba11bb62ee9d2f9e23f284546a092bf8ff852e1121568132", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067742, "uuid": "d2620acc-c868-4765-8674-fd49dde3c875", "value": "T15C258A3223B22F3DA278FBF600DD15479E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067742, "uuid": "7c9ab158-b3b7-421d-820c-29486bc5f3c9", "value": "6144:v9Eeab8x65l0/ysr2Kf+UV11W1XPUvsqfhpZbq0zxHuNrZv/GInQ0Qi9V8ERwKDS:5RGUhPJq0zk9VpJRKQzSAdk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067742, "uuid": "59c95173-cf0f-4f25-b523-fd083d772028", "value": 1037088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067742, "uuid": "b789bd32-5b0c-4f35-933b-7f3d7f4b2c03", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067742, "uuid": "e471b5a3-c31c-472a-8e96-c4151129f1c7", "value": "Offer[2023.10.11_08-07]_1.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdad361a-6839-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697030877, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030877, "uuid": "509eb9ca-6614-4fd6-bffc-59580eaa307b", "comment": "Malware payload (RedLineStealer)", "value": "e972b594fc94b20a826a601c6d318d6b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030877, "uuid": "bed05cea-73d7-46ff-b0b0-0786196ef992", "comment": "Malware payload (RedLineStealer)", "value": "a9500655eb6b3bdd6869e452081d2ba9b9cbd3d5a3c59ccece8fbc9d4d4bb287", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030877, "uuid": "abcbcf41-768c-4440-b0f8-89f057ed806b", "comment": "Malware payload (RedLineStealer)", "value": "0411476e6ff1d7fbd34039c1475d497823d8132c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030877, "uuid": "7a041ff7-35fd-4deb-a241-3d1bbe499bab", "comment": "Malware payload (RedLineStealer)", "value": "1ddb46608f181c4a63d5eb8f7b8f5e7cf691934172413ab9525ffc4b4f216ea7bd27978fcb50892298f8a0cef52de46e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030877, "uuid": "9d97ec4b-b42d-4847-856b-191d5abdc24d", "value": "T164352353ABFC95B6D8F56BB46CFA03C30C397C559CB053AA2722995A0CB2284E574327", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030877, "uuid": "b1882d07-1fdd-49d1-8736-9723d9eba578", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030877, "uuid": "ef9575fe-704d-4510-b9bb-6ff7f1fde302", "value": "24576:rySiIa65s0zOea7Y4Ei4nLUvnkkkXy/0MRkjHtF4F:e5KGYZ7Tw/0MRkjNF4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697030877, "uuid": "64f39760-6207-46c1-b5d7-229bf43be250", "value": 1090048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697030877, "uuid": "62926ea4-7480-4cfd-99d9-ec91cc5b8660", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030877, "uuid": "b8580803-8e0e-422d-b407-97e857dbbc4f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0bc7cc7-687c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697059578, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697059578, "uuid": "34b47172-6d54-4172-9698-f2fd9e5e0460", "comment": "Malware payload (AgentTesla)", "value": "daa6927927e1bca2658f418b63a1627f", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697059578, "uuid": "1c676c1e-83f1-460b-aaa9-5c2d9fddf15f", "comment": "Malware payload (AgentTesla)", "value": "aa31b24befca53c1843d8ee23cf97c35c6b18d270072c9086de0358969d4c450", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697059578, "uuid": "8dd44938-4ceb-43f3-9157-85804ee9a531", "comment": "Malware payload (AgentTesla)", "value": "00dd18b9778b0c8347c37b91f00c63ea8b7bc780", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697059578, "uuid": "c329cfe7-4a25-488b-a668-fbc70980b8c5", "comment": "Malware payload (AgentTesla)", "value": "c82b9574ccbe6c764b83db4c7c0465e1ddb9afad1fdbac5d161b92d6894fca350198c93ad4aa07527838f558703908b0", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697059578, "uuid": "0383483a-4612-404c-9efb-b8f92ee77a6c", "value": "T133753305CD92BCC2F48AC43BCEEEEDACDB03C9994B4878F516AA149B051A85DD06F7D1", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697059578, "uuid": "66f4d35c-33bd-450c-8df5-7029459aafea", "value": "baa93d47220682c04d92f7797d9224ce", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697059578, "uuid": "805dc394-d703-471c-b5ff-0160e308edbf", "value": "49152:XObGmGUc5YEsYNdV4jzHEfbhMEgeMcwN:XObG0S4kf+Kf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697059578, "uuid": "75a0ac8f-6fe6-4a03-8116-5136ebf96c69", "value": 1576960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697059578, "uuid": "aca21675-0901-4fb9-a290-3c3d8b84a221", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697059578, "uuid": "146ebe87-8a4f-4ed2-904a-cea3bc4510f8", "value": "1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a0533de7-684e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697039740, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039740, "uuid": "d72a8adc-f26d-4398-b38c-06515820cd64", "comment": "Malware payload (RedLineStealer)", "value": "999671cf5d4abd2bfe4da0b4cef31546", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039740, "uuid": "e76e686a-953d-4610-91b5-d2e79b8b7a86", "comment": "Malware payload (RedLineStealer)", "value": "aa3e3d564212818031cba727b35dff00101fcd60e6d6e0304f3e51a43a17d2b9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039740, "uuid": "0f72a244-7f73-437a-aa75-24f8aab4a37c", "comment": "Malware payload (RedLineStealer)", "value": "c6b0d28217a2d2f8477625e678aac51de7794bad", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039740, "uuid": "fa113bf7-f692-46b9-9cdc-a735e35ce7c3", "comment": "Malware payload (RedLineStealer)", "value": "10d982ccee28c531da581287f526e5208e9d592982117074396b6903fe72176c029b3a61616da99cead05a455f439115", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039740, "uuid": "09d771fb-f6f2-4c9c-a54e-7b84d148dfc0", "value": "T11E3523536BD8A177C8B523708CFB17970B377C52817D83AA7B82D56A5DB2250A832333", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039740, "uuid": "9cefd733-eaaf-4f68-89da-2be9403d461d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039740, "uuid": "362ef4ac-aaf5-438f-83d2-7cac5b061131", "value": "24576:9ycT617HZ+g7fpSTPamxQ7at5i35U4SJq3x9wdGdKwwFYeei:Ycm17HQg7fI1xOa36/B6MyWee", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697039740, "uuid": "bbfa7b73-2336-421f-98a9-f8a46b6095e0", "value": 1089536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697039740, "uuid": "7eb6d36b-614c-494a-b0cf-678163499575", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039740, "uuid": "c54e191f-bb2c-40fe-bb59-6ccf15e6f8ec", "value": "999671cf5d4abd2bfe4da0b4cef31546.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64e97aea-6854-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697042217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042217, "uuid": "5d4c45e3-2fda-40c0-9072-bf8e8f9c36e1", "comment": "Malware payload (Formbook)", "value": "d81296bb24619db09e065adf00ee9b23", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042217, "uuid": "a6f5844c-7104-4d7c-bea1-2038ed5bff79", "comment": "Malware payload (Formbook)", "value": "aa4c81166470cd543efb4e58aa06de47264113d015987918f3499008698685b4", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042217, "uuid": "cd31eb9b-c4d5-4afc-a4e8-4e11212fb4c1", "comment": "Malware payload (Formbook)", "value": "8fa4da85c674dbc8a35236b3a7bce6922193f883", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042217, "uuid": "7acdb4af-d501-4fc5-8d9b-8f3b4c39eb30", "comment": "Malware payload (Formbook)", "value": "66a24cbb5b889d543c9e8ed188dd8fa39e750df74ba46fdadba3be9622cbdb2fe022bfe9632907c8269e6f5e1cea96e3", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042217, "uuid": "93a2de3c-3da1-452c-9af3-81abfbebd74b", "value": "T1C2714CB04DB86D05D29D46E7A965FC500369F31BCFCA3ACD94CDD9A2117B219D5BA000", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042217, "uuid": "b9d7d99e-b60e-45c6-84c7-d39e78bd3cbc", "value": "96:SHmcx/GijK8Lvyrq6mfVpu4EoY9DcAsIdKIr1bFElqu:Ix/TJLvybmdM0YDUoAr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697042217, "uuid": "8dc04c19-3e0d-426c-9e45-6c593d584065", "value": 3664, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697042217, "uuid": "5153e8ad-e0d2-4604-bb20-a4fa1a419dde", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042217, "uuid": "fbb22462-2ac0-4958-9edf-a1a6002c3d3a", "value": "Quotation.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9cbff080-67f4-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RecordBreaker)", "timestamp": 1697001079, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001079, "uuid": "18489fc7-bf67-452b-b540-a69f6ab236b7", "comment": "Malware payload (RecordBreaker)", "value": "1d8335d00f69c2d195ef13993c862af1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001079, "uuid": "c153c196-45e9-43d5-8e60-3660e63bbf64", "comment": "Malware payload (RecordBreaker)", "value": "aa9f12fd49254a9abce5cbe72cd428b8376f0da76cfd4361709ebe7f8bfb26b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001079, "uuid": "5c44b50f-1ad3-4ee7-a15c-59ef25b863a0", "comment": "Malware payload (RecordBreaker)", "value": "f340e5a5a36f698de8f36b580fae61c782206713", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697001079, "uuid": "cc5d1872-942f-4b46-b2b3-136207cfa05b", "comment": "Malware payload (RecordBreaker)", "value": "389ade715b2309079d62ec61ff261ed092b1a722126af4810218e878c45898e4900d0719d93605f1348fc8791246b46a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "recordbreaker", "colour": "#EFDCC0", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001079, "uuid": "eb02d182-b92c-40c2-b7cb-26520d727ea3", "value": "T13E24CF117982D8F2F44640349824C6F8697AFC738A59858737A8FF7FBD31392A767224", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001079, "uuid": "dd37494a-1313-4643-8ebf-5805ad85337a", "value": "1779cddf5976b55ff16f4e4d4c8ed385", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001079, "uuid": "207d16a1-4559-4533-95cd-0d7ebbedbafb", "value": "3072:rXpMcSCgLTI5Ym6W4krKFXn1ZoLV+/ZEc5D8T7fvm8H0AdTS5X8Tyh:D2jCYIey4krgQLQ/Zr6f+fAdTw8T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697001079, "uuid": "902b2c21-58e5-4c7d-a833-2f33701f8ff8", "value": 229888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697001079, "uuid": "63021322-6148-4d16-bba0-6a70fa4c3eff", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697001079, "uuid": "3306b87b-8fef-4408-9f41-8a4b858d1fe8", "value": "aa9f12fd49254a9abce5cbe72cd428b8376f0da76cfd4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7a71b3e9-683a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697031086, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031086, "uuid": "6ae9a000-79ac-4774-aac7-5ff2a3f0d1f3", "comment": "Malware payload", "value": "6e3fb71214123b19f8fd692c615c1577", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031086, "uuid": "4606cf06-1d71-45b4-b085-4e69d794cf27", "comment": "Malware payload", "value": "aab4fc1afb94b7a35cad44aa926be0b28eeb52efc4746a49632f9f4427d96416", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031086, "uuid": "c8db5e5a-70a7-4cf1-bed9-10163b3e9cd1", "comment": "Malware payload", "value": "c30d85fc8d702705bcf5e6e7d9dc499733eaa03e", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031086, "uuid": "8c8456dd-f186-40a2-8b32-b33da2600d93", "comment": "Malware payload", "value": "cdfa4b46b3d6dc2604098427b3f0aac74766170cc96a3ea13b21457ca7cba2c66f072e601eb87f8db3c15c017bff2159", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031086, "uuid": "4ff966ff-17a0-4b81-a418-4c22ed086507", "value": "T13E2523341D6C2DAE466CB22CA09E7F0F2836C5E05414D95E1EEEE1CB056BBD31F87895", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031086, "uuid": "29c7525b-2917-4706-89b3-e09e9bd46f4b", "value": "24576:DsCatJd8cOo5xYunVTxt3T7B4FvxjenbLz2D8qw:F4VHH0ebXL", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031086, "uuid": "a2f99317-7113-49c9-9da0-9787a42d3ada", "value": 1038618, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031086, "uuid": "8f9fcfef-4adc-4e82-9afc-fd0415adf812", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031086, "uuid": "d5c0e553-f830-4352-8c8d-37ae523bd80b", "value": "New order 500384851183.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d3a82a4-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050767, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050767, "uuid": "93af5779-41da-429e-85b0-774d3511d000", "comment": "Malware payload (DBatLoader)", "value": "b45a311fff20e49d970a4f1a026d8d80", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050767, "uuid": "97c041bc-6fc7-44ee-b333-43e929665180", "comment": "Malware payload (DBatLoader)", "value": "ac2fe475a33e913c4173ad6af1fcd8acd6e51fd66ac6c65c48db29d680521171", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050767, "uuid": "b3214ff4-9541-4967-ae5c-4b3c6d17e88b", "comment": "Malware payload (DBatLoader)", "value": "df12e31567dc662f10bb71de88cda5914ee1a884", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050767, "uuid": "eacf1fd9-3865-4cb3-bf9f-0b1b147f3cf3", "comment": "Malware payload (DBatLoader)", "value": "e8d0be54c0ce915b9f18bf024f6b80aa9a34f6cc73d41789ba4405b2ed3141c4e822aadab42420d786af5ccc84d2f803", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050767, "uuid": "286c159e-9515-4f7e-a650-22f0c9d33791", "value": "T1BAA5E162A6918C33F53236788C1F96991C1AFD243E54EC9B76D42E482AB67C03D3D397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050767, "uuid": "4496b46d-074c-4db0-a6ac-9abcb4ffb6f7", "value": "f48d9fecb191a3f4fc9501cb4eaddebd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050767, "uuid": "26e0b365-e91d-4e66-99d5-cba2104dbd68", "value": "24576:sjZWxAnwlVih2Pvhs6E/Hs63YeXb6id8UYeDRXCgRHCZezBQu7wR5VNUAJOw637m:sjZDwe6Evs6oG6mYoYWQuDHwgP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050767, "uuid": "22b10f51-a2b7-4a8c-884b-e014be7ca4f8", "value": 2234880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050767, "uuid": "ba7c4913-fa94-45cf-b379-9a75c6ce5bab", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050767, "uuid": "4c25d81b-1aca-4ab5-a667-651d7c30f6f7", "value": "MT-OC201011023_jpeg.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7d432bc3-6830-11ee-a6f9-42010a9c0055", "comment": "Malware payload (YellowCockatoo)", "timestamp": 1697026796, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026796, "uuid": "1436b2a6-c46a-4973-9266-f5185ae8fa9a", "comment": "Malware payload (YellowCockatoo)", "value": "2ded709e695547859f801c71faad74d9", "object_relation": "md5", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026796, "uuid": "3e5ffcd8-ded9-414d-96ac-b38e7f0a967c", "comment": "Malware payload (YellowCockatoo)", "value": "ac84687b68b105f87c791f2fdf12edb1ca41db3ef1d3cd6d4ffcfb28ad979e9d", "object_relation": "sha256", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026796, "uuid": "882ca6d2-42ce-4396-9186-aaacb97b4915", "comment": "Malware payload (YellowCockatoo)", "value": "3cb3b67b216591c0f8a43a77532451d8b1817a92", "object_relation": "sha1", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697026796, "uuid": "d26ed952-7326-40e2-a601-06b718311514", "comment": "Malware payload (YellowCockatoo)", "value": "97d8aa69fe6a836ca2671eda0fb3de48da83d5b98546090e5b034b0d65a05ed310ee0594b36cc6fc940286868e6c0dbc", "object_relation": "sha3-384", "Tag": [ { "name": "file-pumped", "colour": "#D06044", "exportable": true, "hide_tag": false }, { "name": "Jupyter", "colour": "#301341", "exportable": true, "hide_tag": false }, { "name": "Polazert", "colour": "#2F56A4", "exportable": true, "hide_tag": false }, { "name": "solarmarker", "colour": "#1340D1", "exportable": true, "hide_tag": false }, { "name": "YellowCockatoo", "colour": "#C3007C", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026796, "uuid": "16e9b297-6666-4277-8c48-8b0558de9d6d", "value": "T1C70633D340E40ED957BB699420539F22BABC9685B170D30F7D829CE768EEC90C61E7B4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026796, "uuid": "f524bb85-dafc-4763-87b5-5e14e829a48a", "value": "24576:Ch0Eu/oH08ABJECCCELBo8kjW+tgZ8uAdzFrxt7pSyx/1sGqnyiDCqVL:CeEuQH08OEC1uo8eW+Tnhxt111Rct", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697026796, "uuid": "6bfaaad3-1c5d-4139-9a3f-c4583f80ed45", "value": 3825234, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697026796, "uuid": "b0f41699-a431-4290-83b7-89cf17f69d34", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697026796, "uuid": "43647186-3bae-4ef7-a4b4-052106b6c6e6", "value": "installer-build.exe.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "92ad2adc-6841-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697034133, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034133, "uuid": "4cae3367-4b5f-482c-a3e2-0e7748a9fe83", "comment": "Malware payload (Amadey)", "value": "7132f43f7844ec2f54c03608349c207d", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034133, "uuid": "b940f7cc-db51-4375-8ce6-72bc00454446", "comment": "Malware payload (Amadey)", "value": "ac8a0b26c1e12ab28e77751cadbfd1ce920733f9f2e73b2cc071273b7695affd", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034133, "uuid": "b3ca729c-b3ff-4500-b6a1-7dc2259c3794", "comment": "Malware payload (Amadey)", "value": "b2bc99e09ec4f889963e0d8ad96c109918d59194", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034133, "uuid": "6dc6b6e6-ca22-4f94-a437-340330f2a98a", "comment": "Malware payload (Amadey)", "value": "299c4abd7fd0436d90c2fe680b4b0e51ac56e4a0719e03fd82b899be5c70d3869a4aa0b0fb893ffc111fd775db0c1931", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034133, "uuid": "82786e07-d2ee-4712-ade8-4afefaa99cc5", "value": "T174352387D6E82033EBB8977168F503830F327D619F2487AB79927D9E1D32950A931363", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034133, "uuid": "4a1c8dcf-0a62-4294-81f1-287852b3042d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034133, "uuid": "f9c65d16-739c-42f7-b809-8af0707c70e4", "value": "24576:wybvcZl/rSRvX7j+5igwxG42aAMBtkIdxfoj6r:3OrSRvLji/mRAMnkQRou", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697034133, "uuid": "f8f1f9fb-2b9a-470d-b1ea-3110578cdc49", "value": 1084928, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697034133, "uuid": "af35369b-2710-46e9-be4f-408a76f503ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034133, "uuid": "f86431b7-798a-4f10-b765-8fdaed656a97", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ff4a1a01-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067816, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067816, "uuid": "f9ffa3d6-c762-483e-8db4-3ce50784a54e", "comment": "Malware payload", "value": "8499ced1659790a9c571bb6e95af2b13", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067816, "uuid": "8416966f-7ac4-4c9b-9c70-37292c724ab3", "comment": "Malware payload", "value": "aceb5742ec615a86a038e90b61c518e2a239b94dd9f34dfe1e035225f6aadac7", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067816, "uuid": "b9daaa00-79d1-433a-846c-be4381b4d656", "comment": "Malware payload", "value": "ca750659b38bb3c3215be6cf24213a5bf52a333e", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067816, "uuid": "9faf3763-6886-417b-843d-cf62ffcf2ba4", "comment": "Malware payload", "value": "8395c06aabd92608dd78c985a6f57cb660d31bcc77e280e4bb72fdff5285cc64d9ce77f839ed15cf02e4a7f0ad1fe93b", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067816, "uuid": "8e966ef4-deeb-429e-b87b-8c88f19ee65c", "value": "T121259A3223B22F3CA278FBF600DD15579E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067816, "uuid": "b1be8c08-22fd-4f1d-be25-bad3f014c121", "value": "6144:EgNO2EJjysEBKBWwItD4tCbh/S1qR0Jt3sw06/AmRqAaxvXZFFDxr24Yl+aW5+Vf:1Lbp25Hf06Nu98RK7FgCiou", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067816, "uuid": "659e7564-585d-4012-b5b7-1097e1cdec7b", "value": 1036932, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067816, "uuid": "ad56eefe-faab-4124-823a-4b021132298e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067816, "uuid": "31f31f1f-4e4b-47a1-8e14-c1f0ddc974e9", "value": "NEW_OFFER[2023.10.11_08-07].vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "341291be-6807-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1697009064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697009064, "uuid": "8996a15a-ae39-4932-8dc3-4808fee9eb0d", "comment": "Malware payload (Tofsee)", "value": "821f285e63e74aafd0304b3b269c4391", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697009064, "uuid": "298f3cae-838c-419f-93ef-2aa016c4ab78", "comment": "Malware payload (Tofsee)", "value": "ada6b9d3f0f7a7d8e7abc8f1fd0e6bded05497a50941d3f8e13fecc75381903a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697009064, "uuid": "399b7083-6879-4c9c-9e15-73943f02f35b", "comment": "Malware payload (Tofsee)", "value": "aaf9efbe16946fe8271f6132e28a8c5bdef136f2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697009064, "uuid": "6612b7fc-24d1-4124-b1dc-5aa2f2ef7447", "comment": "Malware payload (Tofsee)", "value": "422a7a4cc0f90490df4c26a76c05388641adfa56382010053727b3c3501d915575f90bc8c68b176372465b70a26ec579", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697009064, "uuid": "5448e5f8-0fa8-4597-9a8a-7cf78742cf77", "value": "T1BE24BE117982D4B2CC4B80758824CAF46E7ABC729B9988C777683F7FF9312D27676214", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697009064, "uuid": "c633a3ac-e120-4696-a926-3974ab00e6cf", "value": "1779cddf5976b55ff16f4e4d4c8ed385", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697009064, "uuid": "2fd43663-b4e1-429c-92a7-6ee634b4e927", "value": "3072:yXpHg2ndPjCqnums7sdGFJqJJAh8VL9AQtL2CkzDMdG15bBTyh:yxTn5CkumORKAuL9AQt6p3BT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697009064, "uuid": "490fde8e-af49-4175-b631-ab4ec3c95006", "value": 228864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697009064, "uuid": "24013b46-2daa-467a-b082-23da9f33e177", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697009064, "uuid": "5e67299e-231e-48ae-aed3-0f3c6a92a214", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "df1e2e28-6838-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697030396, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030396, "uuid": "093e0081-d244-4dac-b983-6c174baa6b7f", "comment": "Malware payload (AgentTesla)", "value": "46e19dc067159272d3c34e9206c0c4fa", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030396, "uuid": "a6844868-1d13-40a7-80b9-357a6e2dbb5d", "comment": "Malware payload (AgentTesla)", "value": "ae1a9131c9f7d3b5f261c4f95dc348076c1c0be47fcc1914a428e47576fb0b9e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030396, "uuid": "70ac0ef9-5a90-455e-b361-636532af8119", "comment": "Malware payload (AgentTesla)", "value": "648c8acb981a2b3dae2bd535221586ff702f9397", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030396, "uuid": "7c71b176-269f-462e-9018-75614db9f35b", "comment": "Malware payload (AgentTesla)", "value": "e9ea36cd815f1c1da2ffc6418301f8e7d7d3832465f847e18bf09f79cd50b773c56887c04194a5340829d2294d53c323", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030396, "uuid": "565a965b-6845-468d-8a43-fbf83e553080", "value": "T13D720A04F66E592BCEFC4A3814A353579378E633BC83E3DE9ED4A5D666033C529012E6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030396, "uuid": "ca167251-8779-4d7b-b35e-4ae7ca6acb59", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030396, "uuid": "2b423c7f-164f-4bfb-b0a6-672e5a7a893b", "value": "384:WznLTUyx2ozsynskMeFjEKzNbO+72k+qY/sgKwP6hm:3e2qsoMfyO+kpRJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697030396, "uuid": "ee23eec6-5802-4ca8-b7cd-e54c82569d14", "value": 16384, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697030396, "uuid": "c5180a32-4e69-4c2f-86a6-c25eefb46a06", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030396, "uuid": "9b7109fd-c672-41b9-8c7e-2244435cc134", "value": "PRE ALERT NOTICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "211cd953-6832-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1697027500, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027500, "uuid": "9a5aaefd-4b64-47d8-a189-c6ffd5250b26", "comment": "Malware payload (Tofsee)", "value": "fa356338002d1b87c910cab375fde646", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027500, "uuid": "a8c92dd7-57c4-444a-a9b0-43e505bfdd6a", "comment": "Malware payload (Tofsee)", "value": "ae2c592c61f9e6297fdd2572b2cd066b6c7ddc7ebd0bb77d2be89cf352274eeb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027500, "uuid": "36fce3c7-a3cd-48c0-ac18-476a1345661d", "comment": "Malware payload (Tofsee)", "value": "cde9088fa0bb75ed61da44c0a0f770d64b62353c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027500, "uuid": "a06d5d8e-9f90-4c9a-83a4-2fe8df590ef7", "comment": "Malware payload (Tofsee)", "value": "99f9f38af046ddc1940f28933590eae38328a6e3681253af3ac2aba78e86d9d7c1f42fe5be6cd271f39750073c73bc8b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027500, "uuid": "34acf253-701f-402a-b801-f6536667fa97", "value": "T19834CE237642D8B3C8468034982CCAF4B57EBC6F9A794D9773583F6F7D31292A766210", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027500, "uuid": "12d82fa9-71c6-4227-86e5-0d799a238f7b", "value": "c8b7da62a536f23a0b3169f49ecdf603", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027500, "uuid": "529207c5-5afa-4d1c-8168-e8cbe6898005", "value": "3072:1X5Ri+KAibhzYyEQY//RyBJdsQ5pB6JyMDHEt0aXko/KIJFD5D7Ty:xWBtzVEQUIBgQ5Hok2aXkoiAFZ7T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027500, "uuid": "82add4b7-9610-4bf2-8359-e34501ea4047", "value": 230912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027500, "uuid": "e65f5bd1-67f2-481c-b647-f1cb61301e56", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027500, "uuid": "a1559916-9bc7-4f66-89ad-fd200e3eb5a1", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eae92356-683b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697031704, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031704, "uuid": "d2266159-2b2a-4da8-8069-5bd999e8a5dd", "comment": "Malware payload (RemcosRAT)", "value": "da6ccf92344d2b32a97f25102fe5ffda", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031704, "uuid": "18e59c65-4aa1-4610-9384-00db318a9997", "comment": "Malware payload (RemcosRAT)", "value": "ae4fe958548afbb28c3f48839b5dc112887cc48f832d251ece8a20953c7060cc", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031704, "uuid": "5853c6aa-40b1-4651-adb8-16da62679010", "comment": "Malware payload (RemcosRAT)", "value": "7b42bf6c44bb11f9f0381e0d903cbefcd4436e3a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031704, "uuid": "86511887-5928-49a3-8365-c75536f21780", "comment": "Malware payload (RemcosRAT)", "value": "b37abda9f97981d7cb5330a54b79a85fc6d008fbf4731e5c71c4c01f25525a64802089a307878f09d0e7ac6e00c9dc22", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031704, "uuid": "a5c64446-2ee3-4187-a470-615a5966d920", "value": "T1EF45020923899B60C1C91938BDB957941FB2EF936387A36FF981F9E3147378196130B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031704, "uuid": "369f382d-580e-4079-8b7f-e4cb56d209c5", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031704, "uuid": "0e512c77-c437-4ad2-8286-3c73b04d3e29", "value": "24576:+OHwySlwQfcZu5r3xDyDjerQRKQDC5NsP7t1HNKMwK:aRlwQqw1WoPQDC50zHNa", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031704, "uuid": "ce8a06ec-069d-4250-92f2-eb1ce5943383", "value": 1263616, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031704, "uuid": "f0212a12-0eaa-4f41-9725-f39e1f0c405a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031704, "uuid": "8d0827d4-e209-4583-9c1d-8d7f13a39b73", "value": "ae4fe958548afbb28c3f48839b5dc112887cc48f832d251ece8a20953c7060cc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7bff638-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066918, "uuid": "fd62182e-6610-4d6a-a3bc-078c26f65fd7", "comment": "Malware payload", "value": "6c5a14edbba4445293d98f0d7f2ca39d", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066918, "uuid": "41a5ca66-ca60-4f5e-9a05-e0a26e3b657c", "comment": "Malware payload", "value": "ae7c379c4197624920f2eee97acfd7e2146f5e19786de464d074d3cd27669d2f", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066918, "uuid": "9a5120d6-6ba0-41f7-98c8-13800cb02412", "comment": "Malware payload", "value": "798d3f9ed4f28be7eca9ee18cbf89ef4cdbd425f", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066918, "uuid": "d170a464-e064-40d9-8c5d-f29750e019d8", "comment": "Malware payload", "value": "21c073e2f715c3b7aeb7773aea2960cc969d16094225de7930e89c76eb165381b1b4052b30a3b84661816f09bf86d35e", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066918, "uuid": "262f1a22-473b-4f81-a0d7-9c3c5597a6b1", "value": "T12B74234D2D2CD787E2DA9759D2F43638DF6A924F8F6127B8913217B0BC42176A0FC894", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066918, "uuid": "84ea9e71-3289-49c3-929d-45c15aa269cb", "value": "6144:GOcCU7lQq9raXXl2dLzQN4EOZHSq/1Ph/pxMz2/OK1VGypEimBpMK7joce:G0O+EUl2dwSEOxh/H/px9/OKbTpEP3hw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066918, "uuid": "27c4564e-4b62-45c2-bf1a-a0ecd1c491cd", "value": 366066, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066918, "uuid": "494c9094-64d4-48bb-bb8a-3c118d80f3ee", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066918, "uuid": "87b9cdb5-aaf8-405e-80fb-3b59d1c32986", "value": "AIKQ2489_9904664.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07f924bb-6886-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697063536, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697063536, "uuid": "88dca291-927d-48b2-8307-833b577696d2", "comment": "Malware payload", "value": "2b1a18932a494750bb35c142cd6f960e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697063536, "uuid": "db722500-c761-4ae0-86ee-d18bde72bd2a", "comment": "Malware payload", "value": "ae832cd5030dfa3487567b4493e9a04945c21377b57d75c2ca9f5e3757fbfa4c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697063536, "uuid": "06203b20-8b6b-4249-9ab8-dccf1ae7589b", "comment": "Malware payload", "value": "05eaea71d2355f60f5d1f6ddbff3e09b2cffdc8b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697063536, "uuid": "6bf3b1f9-b3ec-4221-9bcd-3f9bbc185883", "comment": "Malware payload", "value": "7e6a85e7ea1d182fe9402f98c6690d903699323d88675dc4cd9428b048428d7d811243975003818c782307059dd7b2a3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697063536, "uuid": "e2e73339-ff2d-4c1c-aaa7-2558d92df538", "value": "T1FD65238297EA4462C0B1377428FB13D30E3ABDA05D3453AF7F46E64B65729958C207BA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697063536, "uuid": "f5a978c5-49ad-4e74-8c6b-8d603d8bfaf7", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697063536, "uuid": "f5e5dfef-5440-4355-b87c-424444074fc2", "value": "24576:sy/G00J3Zdw93AwRMV5NqqV7FGSixLEUE8rjmMQjBswjmqoLkgV5aMnzXdOWh2qS:b/oFwg5Nqq9Fd0pEWqT1swj/udEMnzNH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697063536, "uuid": "c03d8aa0-c377-41f6-959e-3b091ae68049", "value": 1546240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697063536, "uuid": "bb28605d-012b-4f65-a558-21fffb3798f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697063536, "uuid": "64b60dbe-3333-4055-b3dd-78efa33a1258", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3997edad-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052452, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052452, "uuid": "fc181628-be25-4db8-8e2b-948df4a9eeb0", "comment": "Malware payload", "value": "930626e3fc480126141adff9a3596d58", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052452, "uuid": "16d5c22c-ba13-4b3f-8d3b-31487eb732eb", "comment": "Malware payload", "value": "aed0fea634bbbf598a17de39c0689767fc82ea531a7b54a85cc373d8d9128402", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052452, "uuid": "b86fd8bc-f576-43c9-b6a2-c0b3ea91df38", "comment": "Malware payload", "value": "8c1e9dfdb6d25335f21b92a88b4431d5cae8cc23", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052452, "uuid": "f9abc1f1-7c0c-4a32-86ab-e79bb52a39c1", "comment": "Malware payload", "value": "d210cf17b1bf9f53430abf289eec5b0a1e39d5cd91221fc4347ff66a9e7356613160d56cfd8b4ddab94a3d79bea90796", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052452, "uuid": "8572b2e3-e82d-42ce-8592-d5bb7adfbdb0", "value": "T152C25BC1BB844236EF780A71A13B8D20073AFE5B8722A74E27C5735E3D83642573B556", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052452, "uuid": "7db31c3f-39b0-42e9-bc30-18eca781d383", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052452, "uuid": "49a432b5-af5e-4405-9198-76d584fba528", "value": "384:ij40CWFbKbCjP4bgs9+hQjNmpEMRxNPnbn+b/AeH9F9wGjEnAtNCSGFqUKsV:f0CWsw4bPyPbn+rLXiiEnuCLFqUD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052452, "uuid": "dafdf35e-8ebd-40e7-86a6-372e0b946e3e", "value": 26624, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052452, "uuid": "f49e20d7-1629-41db-baee-e6ede995e7f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052452, "uuid": "4b7ef6f7-9bb7-4cb3-b8c0-c76ae0cefb8b", "value": "854F1E97-5DBB-4A87-A566-33D9012B05E2.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4bc728ee-6837-11ee-a6f9-42010a9c0055", "comment": "Malware payload (NetSupport)", "timestamp": 1697029719, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029719, "uuid": "5e505c5b-6f9b-491a-938d-89f01942ed32", "comment": "Malware payload (NetSupport)", "value": "09d88faac1936f9eedf60a38687a2e98", "object_relation": "md5", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029719, "uuid": "2fab7de3-286d-4075-9260-24208860d670", "comment": "Malware payload (NetSupport)", "value": "aed65d871462732e8b6c0e0eec513c770255b1dd2ad8ac5688655b9992a4d1f8", "object_relation": "sha256", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029719, "uuid": "405e4169-addb-4e84-8381-04ae0ba8ff0f", "comment": "Malware payload (NetSupport)", "value": "61199db792873ed65aa6124756a52c4780230f55", "object_relation": "sha1", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029719, "uuid": "b5ad208e-b6ba-4375-922c-b66181e6817f", "comment": "Malware payload (NetSupport)", "value": "bab78274313ccb52baeef598f55a7a2a4a04e048de660f268f56b6b553c7b2ec853dd3d75cacd1e5909a1450c503c3c6", "object_relation": "sha3-384", "Tag": [ { "name": "NetSupport", "colour": "#A33C43", "exportable": true, "hide_tag": false }, { "name": "SmartApeSG", "colour": "#C06213", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029719, "uuid": "b811b188-b66f-4cb3-996e-cb7d6c97a801", "value": "T197F533162693FBB6C0E1F67BE0ACE8154A6D747CE4F7B476592EA543E93E431982F000", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029719, "uuid": "df322581-465e-4ef6-ac03-73ae620b81c1", "value": "98304:t11FXamhRFY89YYc9jh23redpmQRiXuYESBZFR02jZPl7e:r1HxYoY59V0redpmQRiNfZN7e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697029719, "uuid": "a0896afe-b9d7-4baa-be02-86af2538991f", "value": 3429420, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697029719, "uuid": "7e466ad7-e709-4b4d-a6b4-90e695f39cf0", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029719, "uuid": "d5955992-e422-4f0a-b963-8e6626b690f0", "value": "p.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "eed7e4b6-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052327, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052327, "uuid": "c4b61cc0-876f-4a76-8f49-b4071eaebecd", "comment": "Malware payload (SnakeKeylogger)", "value": "0471cafa2fb22e58abbf82b1654e7e77", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052327, "uuid": "450242bd-d351-4e82-a5c0-f285d040e6dc", "comment": "Malware payload (SnakeKeylogger)", "value": "afd8edfc94e0adb401cd0bef4f8319e494f82fba491a782d000e622118022267", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052327, "uuid": "b8c9591f-b8ae-4ab5-a592-6e88f229e412", "comment": "Malware payload (SnakeKeylogger)", "value": "7a3d8e7fe99d456400b02b46fbd96f4746a972d6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052327, "uuid": "5fe0288b-89ec-4938-b379-660956ac24e0", "comment": "Malware payload (SnakeKeylogger)", "value": "3949f9740b38c824ab160def5750240a8797850914ab6352c1abd7bd8a2e87f888c2a170525b33bcf5e53e70d3995d46", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052327, "uuid": "2876d531-9355-4ed7-b3e8-c6eeba90a17c", "value": "T13CF4023923AC8B53E27E9BF712B0025217F5A527357DE3988ED128CF2E60B518564B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052327, "uuid": "13c9d96c-11eb-469e-a1f6-0dcd93b5e436", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052327, "uuid": "e31f3e70-76b4-425e-979d-83b15c741687", "value": "12288:4sX9KJpkV31ZBrPEZuVoy/WviZt3h9+rFKEJj/BG2b+K:4stGyV3PtsZuTWviHR9+AEVh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052327, "uuid": "93547fb8-44eb-46f1-bf3e-165195b69a2b", "value": 739328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052327, "uuid": "925f3b99-965b-4534-ad4c-1b00658073ad", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052327, "uuid": "c9cace5c-82e1-4d90-8864-9c9a4ad31aae", "value": "CK.P.INVOICE.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7b5ead68-6818-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697016485, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016485, "uuid": "30ea6061-fcbb-4693-b71e-41eb51f852a0", "comment": "Malware payload (AgentTesla)", "value": "c73386c385eecf0efe8b3cc5ae86ef2e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016485, "uuid": "70a274c5-2a60-4a34-bbd2-bd1ce1451e37", "comment": "Malware payload (AgentTesla)", "value": "afe5135752b85c16c88f34f960469dfe28a0d6cc05ab6b66cf2e47676c087f48", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016485, "uuid": "c2254593-8080-4d4a-91e2-a2e1fbbdbb12", "comment": "Malware payload (AgentTesla)", "value": "f12cd9cf1d90eaad599678039133e65885afa23c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016485, "uuid": "8c23073e-2912-427b-93bc-6b6bb9ab9a3e", "comment": "Malware payload (AgentTesla)", "value": "c497f7e71f59347e21987d79fda634f8900ecfff5e4d3a6728984f0e5290cb41f477949dc1256f3f0e18126f013c497f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "base64-decoded", "colour": "#89156F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016485, "uuid": "a89b7d86-09b0-421c-be16-b042e054bc76", "value": "T12553132DED50D986CC54F93BC8F6B100C37921C71223972E6A6A9DBA25D772B45CE0BC", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016485, "uuid": "cfc06607-7a27-4f99-b9f7-2d5b83677291", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016485, "uuid": "7d94d10b-1565-4e79-abf3-afb77b6b233a", "value": "1536:g+BALBQBF1B5BIBGqBGBpBKntuUGOY0HYErqtiAuI:TBaBQBF1B5BIBGqBGBpBKXGyI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697016485, "uuid": "344805f3-cdd3-470f-a8a4-7db27c310c38", "value": 66560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697016485, "uuid": "78968613-918f-4799-94b4-28a3bc15e1f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016485, "uuid": "c8d7c32d-947d-418e-bdd7-2f91215c9df8", "value": "16970164832f46ccf1ed8cbfb3a428dcf1a37a26fdb5f110b9d4713c4435d7b67ec0a18b61185.dat-decoded", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8762ae3-6824-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1697021822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021822, "uuid": "ffdcdefa-08bc-431a-9764-dbc72ae82704", "comment": "Malware payload (IRATA)", "value": "c4e478d5db7a7fc082e5ea4d08815a53", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021822, "uuid": "a8ec6a72-8c50-46a5-8c9d-9c00a087a50b", "comment": "Malware payload (IRATA)", "value": "b054406ec8cca73b7b95b76d883b06621d7fd6b1248eb5b343ae520b085a1fa8", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021822, "uuid": "f18e05c7-940f-4404-a808-09e7a8ee0c77", "comment": "Malware payload (IRATA)", "value": "fdcef0a07b0e607cc752b25ca82730b94728a6d7", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021822, "uuid": "9e01d818-2c3e-4987-98c6-c837abbf7dc6", "comment": "Malware payload (IRATA)", "value": "1ebec4f4c279f0df486723f628b2c807b31d223781aed3ebe1ad3294e9398fc143b1f9bb2fb22e0dba72f03b100f951f", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021822, "uuid": "00639bc1-87f1-4994-8d20-6d3bca6b8b2f", "value": "T1DAC52253F366A867CAF2C33222B6133555774E29CB479A4A294D73BD38BBDD48B901C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021822, "uuid": "9b6715d4-ccf8-42b8-8272-eb5acaec99ad", "value": "49152:v/wEDpsKYu/PlfCj7232pdTEtla3/0TwWhHpVp2kiT1tB6oIGYiu5hL+TUwnXVfg:nwbKYAPlf27232pdEtla3/BKHpVsBkG2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697021822, "uuid": "5e8abd08-6d38-4edf-b36d-73230589fa8b", "value": 2733525, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697021822, "uuid": "79f7f597-8351-4bcb-b4fe-03e181c6b2af", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021822, "uuid": "82f77b72-8fc4-4566-8a32-742583c96bd7", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9c08500-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051459, "uuid": "9061dd4d-b068-458b-ab80-e0a96ec18189", "comment": "Malware payload", "value": "1d804c707e82e967ce7e47519f292d49", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051459, "uuid": "93e19204-e542-4b3f-b682-74f263a83056", "comment": "Malware payload", "value": "b116b683c17736feafd9b3d20bb58b8e45fd2cab888145fc3891f46e38ef0f2a", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051459, "uuid": "327eec4e-4ce2-42f4-9945-fbaedbcfae8b", "comment": "Malware payload", "value": "45571fbb7f244f8a31fa6f3faeab7fcaae3035f2", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051459, "uuid": "ceedf7d2-3166-4bb2-b65a-aa92de753161", "comment": "Malware payload", "value": "15d21e36e942e54762709b2b50aec7c9e3f09819dac83a568bf3c2ce0b3a447120f8b0522915b70be9d659d74a45542b", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051459, "uuid": "65902047-6792-4876-9ffa-2f5bc88b8ef3", "value": "T14054991036FF945CB2737F421BF9BADA8F6FFBA21629519E2504430B4A62E40CE91771", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051459, "uuid": "a091871a-f9d7-4281-ab86-621ec524fd05", "value": "1536:GA4xi/NbR0k4NkOhXCcsBsrsT0sGz/razpazpNz2zLzUzTzpzqvzSzazSz3zbzTI:axi/NbCk4NkOhycsBsrsT0s0ruuw97", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051459, "uuid": "e9f5dc7f-b1c6-43d1-ab2e-7cfa6c6849b0", "value": 299492, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051459, "uuid": "7e49d09f-f5f0-4426-8c92-ad2d4d8d06dd", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051459, "uuid": "c02e20c3-c98d-4dc7-a3f0-d2f0ad0dfc45", "value": "orden 77100.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6f9b7822-6861-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697047818, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047818, "uuid": "0acf2843-8005-4451-94d2-c4d2f945708f", "comment": "Malware payload (Amadey)", "value": "f267df680cad0eefc33d94b35c5f5f88", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047818, "uuid": "f5b267cb-3b6f-4d95-b91e-c234e3a24976", "comment": "Malware payload (Amadey)", "value": "b14d9c50821c1910217eba4e16155a44e896a6055e40a1b3c7a564643abb3fd9", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047818, "uuid": "66b6be32-4a49-421c-8b44-42aea4457ee4", "comment": "Malware payload (Amadey)", "value": "5674123540e35358f53db11510d0399d86a4c40e", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047818, "uuid": "7cbebcf1-12b3-48f1-a55f-4077303f5208", "comment": "Malware payload (Amadey)", "value": "f50ba34147f1f237a818bf32755b3bdc2da829771090989ccd0b44bcad10f5ade603d10bbc5fd2b4d93b9866bcab0483", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047818, "uuid": "22f95d08-8717-4cca-a44f-b8c24be30c77", "value": "T108449E1175E18032C57215360BE0DBB65A7EB9300BA19BEF57940FBE4F303C1B6756AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047818, "uuid": "c8c5659b-f982-4e28-ab49-7b63e6c9b90c", "value": "9854fe208003549216f1ebd6ea57c6a1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047818, "uuid": "d5b612dd-99e3-4953-84b7-8beeef57ccff", "value": "6144:UWGmakM1I+ffSbJ8/rADV6ga9DG4u4AOebB/GJGn5:UWDak+ffHT9y40VuJw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697047818, "uuid": "1c21cb10-a2a8-4b5c-9425-4ee6d7fa5354", "value": 264456, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697047818, "uuid": "4036f43a-8826-417f-9a66-6f95415ddf88", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047818, "uuid": "baa41660-fcc0-47c2-9178-066482c89cdf", "value": "f267df680cad0eefc33d94b35c5f5f88.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "94bb4fec-683d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1697032419, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032419, "uuid": "6fcdc45a-810d-4815-a24d-074618955258", "comment": "Malware payload (LummaStealer)", "value": "1a6d38a9dfaf650971d6522f3f06ba12", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032419, "uuid": "9927fad9-8adf-42bd-8eec-e1b761fe03cb", "comment": "Malware payload (LummaStealer)", "value": "b14ddf64ace0b5f0d7452be28d07355c1c6865710dbed84938e2af48ccaa46cf", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032419, "uuid": "3f71033f-c23f-4f61-bd13-68b573a233f5", "comment": "Malware payload (LummaStealer)", "value": "ea606f7b695c8826e291136423e8caa100dbca73", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032419, "uuid": "84e3352a-c805-45ac-8aa9-0cebe6f4e99a", "comment": "Malware payload (LummaStealer)", "value": "001ed313369d80f3250deb5390541c0d93e445b336422891c048ca62fb9e3c5f35a93d7cb48305aaa4dba07e7f399d96", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032419, "uuid": "6162ad7b-e79e-4ee0-919a-4ce6b9b7451e", "value": "T194C4BE430B3B991AC91D307E9C7D4125D8BE7CF81525BE297CE848268D72BF939503AE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032419, "uuid": "e4ecf7e9-6d92-4f42-8373-059d0ad7c08b", "value": "1dad3e8a25605e3da6c89bdbab10b2a1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032419, "uuid": "567c8938-26b1-4129-a33c-974cd0fba5ec", "value": "12288:TfErJilsB4eDAmK+roPD0TM5XM8/56Bhu1K:TfErIlMw+0YTAf6zuE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032419, "uuid": "ad8ffb7b-ff1d-4da2-afce-4dd9a0673dfb", "value": 550400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032419, "uuid": "d2773dbe-185a-4885-a685-b27f33e0e4e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032419, "uuid": "ed85b962-f238-4a23-92b6-53e44f0a8ff9", "value": "b14ddf64ace0b5f0d7452be28d07355c1c6865710dbed84938e2af48ccaa46cf", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b52c1df5-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050942, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050942, "uuid": "7850dba4-644a-49e7-9831-28c1556f587d", "comment": "Malware payload (DBatLoader)", "value": "2e6d90fb9fb763f7ee8213ff90bf663d", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050942, "uuid": "8e05c81f-b30e-4efb-b570-889d5d46df22", "comment": "Malware payload (DBatLoader)", "value": "b15a8668037928b4cc574506dc96518162693d531de044e7adf67461a123b1e5", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050942, "uuid": "ffbe173b-037c-43a0-8617-675a057ee130", "comment": "Malware payload (DBatLoader)", "value": "c766b1375aa220c3107b62a6cc350eba2f212d0b", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050942, "uuid": "913e14bd-8440-4668-80ba-1fe974414055", "comment": "Malware payload (DBatLoader)", "value": "f0cc368df345369549fced04d39f24415ea35fd4f5a93a9886fc71277684efdea0dcab2132c881518eacad4f011ab997", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050942, "uuid": "fb3181bf-ec59-4970-8047-388f1d4833a5", "value": "T178355B70B3B208B1F4AA7A75DD0667F41DFF27AEAA042889C274395B1CB27517E1106F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050942, "uuid": "ae8e5b60-f8ff-4051-b025-f73b9249fb42", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050942, "uuid": "92c87dfc-f19f-4d0a-831f-9d8cfe355d07", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5W:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050942, "uuid": "bdfb3073-9a8e-4d45-b937-878d924f1fc6", "value": 1124352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050942, "uuid": "a5e37a14-b3c3-4760-9a77-740bfba2e4d1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050942, "uuid": "829fdeb3-5b64-49d9-bde1-80bf2cc1aacb", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6be14991-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051678, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051678, "uuid": "c53e713b-422f-47dd-a1c6-3a8b889a6434", "comment": "Malware payload", "value": "62f0c80d826e3333c9d30801ae7813bd", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051678, "uuid": "b7656d81-7204-406e-ac9f-3321588806ab", "comment": "Malware payload", "value": "b1dfb4c85cf5cf2424acc1d7745bdd95b0fb3751fcbb9f0d07b91195667984c5", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051678, "uuid": "29e8b25a-dda2-4e60-adb9-39e2255c8e78", "comment": "Malware payload", "value": "b49e04714b128e0a1569c1323653c67755fb3d60", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051678, "uuid": "3f0f13ca-c78e-492c-9ad3-aec0a0582fcc", "comment": "Malware payload", "value": "7e882d0e1606f42352fecfac1082cd8a30afe14ebb0b9e190dd5b50d268bdc7fe8d197acd70cf0841bfe14fb48d1bfb8", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051678, "uuid": "d40c7e3f-08c0-4690-95e8-dc7f16623c8d", "value": "T18DE4234AC0EAA77A56346C18E7583842ED8C9C74ABA2D41A33FDE17C696F4D101D1FCE", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051678, "uuid": "2541e3f7-3c65-48af-9a5d-32acf44ed515", "value": "12288:WOylSY+ZpoXh2hXURmuLrPftQRNq6Nq+lig/qEB2mDEpril7x5Rn6Nq:N06pZXemieRNq7+lG7mDV5n6o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051678, "uuid": "e4f1c3a4-8639-4f39-80cc-233822c55a76", "value": 659047, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051678, "uuid": "fdbec54a-ddb2-4ff6-a3ec-9502dbb341e0", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051678, "uuid": "3b67c4a0-6a82-455a-bbb6-d8ff15561ac5", "value": "Solicitud de cotizaci\u00f2n.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9e4dab08-67f7-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697002370, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002370, "uuid": "74dd49f6-2df2-436d-a0d1-315f92929144", "comment": "Malware payload (RedLineStealer)", "value": "2613d8b962413679073b9c0c6f34c00c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002370, "uuid": "e5abeb03-9c76-4b96-a054-dae6378cc47c", "comment": "Malware payload (RedLineStealer)", "value": "b1e5a512bef2237f6d9d1639a861e154ec1bf374a1e543319c2d7f035182990a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002370, "uuid": "c281c756-f903-4dde-b268-d0ede91f052c", "comment": "Malware payload (RedLineStealer)", "value": "88569f656335ada35e363a5d8dd0a4a3a4b93618", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697002370, "uuid": "c561c18b-2d9a-42ef-b9ae-9238b98b8927", "comment": "Malware payload (RedLineStealer)", "value": "a3364c01a8ef601d3b672f53448d668d79c6ea63070252665eb47311d698d4ae929d6949331dd65f8c1ca6974450e5c5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002370, "uuid": "e5e26325-23ba-4cb0-8fdb-58f46a599774", "value": "T1EB352317F6FC6532E8BA2B7460F643AB0B387E51697823061B81BD5E58F36507832727", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002370, "uuid": "6ec35984-f85a-4dae-8258-99264c369c7f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002370, "uuid": "404e5d8d-6b92-4dbd-bc20-af5935d7f737", "value": "24576:wybTUtGGvjhmQ3qE3vjh+5LpxFwRuOJIm8ouSAnC05:3wG2TqY+VpVOJIm8ouSD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697002370, "uuid": "014fbb86-d509-422a-beab-1a74b0c1c7e6", "value": 1129984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697002370, "uuid": "eaa19e60-0a85-454d-b441-d81b582d6d7a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697002370, "uuid": "9ecde24d-00d6-42a0-afe9-a9c4f479ff2c", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8815e541-6872-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697055161, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055161, "uuid": "3de44761-409f-484c-9fbe-20433101fe4a", "comment": "Malware payload", "value": "3b4a06d2140de5f09fb5eeee39c2dcdb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055161, "uuid": "a7e15d6d-df1d-4cdd-8326-ea6fc501647f", "comment": "Malware payload", "value": "b2088d46a565077851637156df7dbe9bec63545b39fa704a585fbec4392a4634", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055161, "uuid": "df2fdfb8-0813-480a-89d5-d7a64e5298c8", "comment": "Malware payload", "value": "8cec277f25167027315177118f4fb911d0707047", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697055161, "uuid": "b991a800-22f8-4397-80e3-807beba382d6", "comment": "Malware payload", "value": "1587e1c73184052bd7979e455a831f9bd0244dacb024a785edb2f971df536b00efe44a9a43aeadd30e0d47ee13f16c4c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "HUN", "colour": "#D5C697", "exportable": true, "hide_tag": false }, { "name": "Redline", "colour": "#71EFB8", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055161, "uuid": "12099551-5be8-49d3-b69f-411c3cd32fc9", "value": "T18A4507D9B60F79ADC60EF238C4EB434A716A2D400767DEBA21D9F1729C326D05D21B27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055161, "uuid": "3095547a-d9cf-4247-a0b6-51877ee2fa08", "value": "9435e925be59048ca2f286fa032ea831", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055161, "uuid": "595573b0-782d-4c6c-9724-d3833213327f", "value": "24576:5Z0NbfJEWMCUI55h1fjkNGRYu+CviflSrd2qdsocx5L9:cLkNA+CwL9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697055161, "uuid": "9d53a9e6-e897-4447-bf56-8479ed6a3402", "value": 1240707, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697055161, "uuid": "2cceec5b-59ab-47eb-ac47-985eb595d33f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697055161, "uuid": "a984ed84-84f9-4885-b2e9-2d72f25e7af8", "value": "3b4a06d2140de5f09fb5eeee39c2dcdb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5de0b7e0-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697067545, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067545, "uuid": "7d87b86b-65ef-463b-af38-cc79af146535", "comment": "Malware payload (Mirai)", "value": "5295c0df8373fc5acb38c76ed1e22dda", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067545, "uuid": "5ad9640d-d818-42af-9fbf-ed1399ff28b2", "comment": "Malware payload (Mirai)", "value": "b2574afad493f9c1bbda9173699aca796cfdc1c88bf588b9b1e66f04b86ecbe9", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067545, "uuid": "5b01295e-ba98-47d5-b61c-3cf90b9242ba", "comment": "Malware payload (Mirai)", "value": "606c85e9e7ebbca4f4fcb540ed2f026bb02e4158", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067545, "uuid": "11a561e5-4788-4f3f-9cca-e44129706da1", "comment": "Malware payload (Mirai)", "value": "15e87e5c51fa1741e17084d38b5de4bd4ff24ff6ee4ace06df4df43b6fa4313f742d0c34acfa2ff559b80ec75e81d975", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "arm", "colour": "#0BD886", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067545, "uuid": "e36cc467-e9f9-45c8-a4ac-97e02671a296", "value": "T140F2E0214327E571CEB8CABB9D3181E4291B87B4F5BF70A467A0C69D4CC1F02C0FA54A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067545, "uuid": "d0f7516d-21d8-453f-81e8-f1f0f295965b", "value": "768:VYVgAxkU1RHz5poClGL1aMnXha7WBNoWhSxHjg9q3UELCf:VYyAxdRH9zILLBBrodjpLU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067545, "uuid": "4ef0eca3-f458-4c7a-a122-f1688bfde219", "value": 34484, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067545, "uuid": "ae679037-ae10-4a09-8e7b-90042c835fc5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067545, "uuid": "5cb0e4c3-8be9-42ee-949c-7cfb15772f5a", "value": "5295c0df8373fc5acb38c76ed1e22dda", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec1f9eba-6889-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697065207, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065207, "uuid": "0c4bc440-1151-4543-9d9d-6271bc77fe4c", "comment": "Malware payload (Mirai)", "value": "cb28ecb4bfde9f355b07be346ade5b89", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065207, "uuid": "9ff9939f-895d-4394-b913-0175df975b92", "comment": "Malware payload (Mirai)", "value": "b370ae99b763a931620e970759f42720a32e9de0417f8ac5613f512108301ee8", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065207, "uuid": "1ace3c38-7434-46dd-a018-a10d3fdbb9d5", "comment": "Malware payload (Mirai)", "value": "7a1064b857a2b1aacebd103fbb02f9efdc350292", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065207, "uuid": "ac4f03f8-b46f-4e0e-92a4-45231ab4f095", "comment": "Malware payload (Mirai)", "value": "97ae17cbf1221cbc505e780bf37d0738f2c0654413381fcaa9b903e32e37e8f6c28478abc7508712c3e12d12ad2fd62c", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065207, "uuid": "26f527eb-0676-4603-a8d3-0a1faa960727", "value": "T1F3D2E16096CB39B181B00131FBDC57EA46871D78D0FB7677662018A5BEF71CA3BA01E5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065207, "uuid": "bfe95069-dd25-406e-a878-d9944dce12fd", "value": "768:BA4uBc0T/nVvqV072G+IFYoXHZCx3GvEs3Uoz+C:BPuB7/nVMYn+Kf5Fhz+C", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697065207, "uuid": "be53b2f7-0b30-4888-9c41-d2d39a027d58", "value": 29944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697065207, "uuid": "457d82fc-c43c-4228-92ac-bf5f25e0d8d0", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065207, "uuid": "85dda1cd-8bdd-443a-9a61-8d26bd252b71", "value": "xd.arm", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ce4af5f3-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1697052702, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052702, "uuid": "02c50533-7bb1-4958-8d28-2cc0f69440fb", "comment": "Malware payload (Loki)", "value": "f936355d0e45747d7ef907b5002c07e2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052702, "uuid": "5c618f65-40ff-45ee-962a-6ab4d7f26d10", "comment": "Malware payload (Loki)", "value": "b3b2665341f40d711d7f22a2260bee10e1c8db95b1c105bb1a5977a68c2ff933", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052702, "uuid": "1801761a-93dd-4605-835b-d4d8138fd2c6", "comment": "Malware payload (Loki)", "value": "c85330bafed4f8bd879a9e3a7c8e550b6321c8b7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052702, "uuid": "d75b1c9e-7a9c-426e-9488-4eaada2856a7", "comment": "Malware payload (Loki)", "value": "1b06ec6dbd52449a66a33a27c49431da229420c7aaa96efdbce687722eee1cc1909690ca99f36d2b9d7547d77ebd6795", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052702, "uuid": "b98ad953-cf73-4796-845a-94d8be575661", "value": "T146547C1373A0BC23E5624A325E2EC6A4372EFD918F69679A33446F7F0C711B1D662712", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052702, "uuid": "a130ee8c-7ab7-4344-9d85-b4550f4fe728", "value": "c0a3c238d9ecfd3e9ab3d94bcbfed84e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052702, "uuid": "b9f6761b-0046-4014-8f8b-2b2eb3d113c7", "value": "3072:uARZxvz6W6/HkNaKrTiypbOX+bgedjQu2F9uZ5JCL430:v5vz6r/grGyle+bPjnu9qG4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052702, "uuid": "896d94df-23be-46cd-87af-1559b3aa3178", "value": 300544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052702, "uuid": "2b045a64-bbd3-471e-83ac-3e63a0d20c93", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052702, "uuid": "8a1a11d2-9ae5-43d0-a30f-bb6485cdb193", "value": "f936355d0e45747d7ef907b5002c07e2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f9aa0906-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067807, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067807, "uuid": "b4bfc1ae-47b6-4ae6-a7f6-e01207583e24", "comment": "Malware payload", "value": "bba98072bd5b8c373bea0777f14f87f5", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067807, "uuid": "d78d6551-5617-4735-a417-85ec671cab74", "comment": "Malware payload", "value": "b3d93ea5acba35ad48b26124a42b0706b05b3c063a309089dc15d43f308a9167", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067807, "uuid": "7670aff6-7693-476a-a32f-ee20d75c841a", "comment": "Malware payload", "value": "dcab79d8588206cfeb9e616c9f98fbfb003f9e09", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067807, "uuid": "197eb6b9-9896-48c6-a565-6f5198a00651", "comment": "Malware payload", "value": "511dfa99ae8e147306e39b7150407faac4c294bda5f50c5cc4fd6a09d84a794a163de56c09ce43daa92407ca24b6acc1", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067807, "uuid": "9e1fb482-ecb4-42da-b5c6-fe652806f1da", "value": "T1B4258A3223B22F3CA278FBF600DD15579E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067807, "uuid": "baad4d3d-a91d-4274-94b6-2922ce84e3e9", "value": "6144:fXK8l0FJDhD+mtLJXSDQO35gya5RHU50kEARIDX5QFt7lQ78hpuFdvcOll0H4n/h:Xsy0OJf/RIAJ5TtrO29CyKOUYnI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067807, "uuid": "14f42b07-df9a-4bd3-8c3b-1ffcda11a1b5", "value": 1037000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067807, "uuid": "4688dffd-0e5f-420a-beb5-41194fcc4918", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067807, "uuid": "8a620b06-72a0-43a7-849b-e5257d82c3af", "value": "New_Offer[2023.10.11_08-07]_1.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fb953100-6844-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697035598, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035598, "uuid": "aa9bd2fd-0e14-47f0-9fed-870c41cd9e52", "comment": "Malware payload (RedLineStealer)", "value": "9406ab734cb49dea289e039f912b47fb", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035598, "uuid": "b27da075-7ad9-49fb-926c-fbb0443398c6", "comment": "Malware payload (RedLineStealer)", "value": "b4992346572fbce523f10b2fed41c2b0ed360106acc70f437aea0e830fa2d716", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035598, "uuid": "d8bfa902-1269-447c-8e35-4122486aa310", "comment": "Malware payload (RedLineStealer)", "value": "8948999b7ccfb5d5347afe56a9f9ccf257aa9e67", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035598, "uuid": "33406cad-81e0-4e03-91d1-7864b53ffd5e", "comment": "Malware payload (RedLineStealer)", "value": "4dfdb6283aef6b62b275af55d9f68f9e4c7a7e018af3ab6f7ab84a08f7affc46183efc493287dca8f7ea2faf7cb26277", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035598, "uuid": "8f6ce012-1693-4ba5-9074-43f9179ba792", "value": "T14235235377D80066CDF42B706DB78A530E32BED25B6442671756A84D0FF3A88A93372B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035598, "uuid": "fbe21d89-5a70-40a1-8947-298c62381aab", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035598, "uuid": "e848febf-9284-4965-906f-7d82608c149d", "value": "24576:6yFOSX80ajc7Pr8i4frVrstqrzWEtyynf:BgSX/06PoXfrVotqvWm1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697035598, "uuid": "25a49a64-3f32-444d-a977-d25a3372d6b0", "value": 1089536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697035598, "uuid": "6c982054-ce36-4538-ac86-c75c340334fa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035598, "uuid": "621d2f6f-7aad-43a8-b895-384a344356f8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "26dc0aa3-688e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067024, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067024, "uuid": "6d75b220-d352-460a-a2a9-27b8591cf1ac", "comment": "Malware payload", "value": "1db9dab75716138d46e827d8e26bf322", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067024, "uuid": "9c6fbb0b-7e73-4a88-b2a9-7cacdf6102f3", "comment": "Malware payload", "value": "b5602c0cadf38532065b6ea9d2565a1fcceeeaa61f9c14ca5d58f935e8ca82f3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067024, "uuid": "fa51b8a6-36a8-45f6-8ba6-a23661443731", "comment": "Malware payload", "value": "e3a5534c6a77c3048462e356454eb6a094ca535a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067024, "uuid": "c1397d52-c78a-4baf-9f1e-51ddce226f2a", "comment": "Malware payload", "value": "c58dc1542fd1e5b6187fb95232553307858f9abee0dc305444eb6233658d3762f015512ba75bad389b8b0252bb3cf628", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067024, "uuid": "5d8449ad-7816-4bc9-b8a2-77128c40d2ce", "value": "T13C34D0227982D4B2C4478034D824CAF575FEBCF79B59498333683FEFBD31292666A215", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067024, "uuid": "30803955-55d3-40c8-bff2-ae46c89e32c4", "value": "663ba44f646640153ef02cc3bc6091c7", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067024, "uuid": "d90a70bc-d0a1-4c74-b422-f6a9aca052d2", "value": "3072:8TX5p4vHKnFNc9oOmNtdY95GY5IIPQpd21tpAcv1y3yx5FNTV:yc+NcKOmzG95n5IIPQm1tpf1IsNT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067024, "uuid": "beee7914-549d-4365-9f02-d1483ae09af0", "value": 230400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067024, "uuid": "5ef0680a-af40-4db1-aa6a-a4325c2ac0e9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067024, "uuid": "79bf1c63-fc15-484f-9eed-bbdbc2c4387d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3d802d4f-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052459, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052459, "uuid": "4f9e2274-cc22-4837-92dd-18215c42fc82", "comment": "Malware payload", "value": "e108e53314a7c20c0d00086fe19d0592", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052459, "uuid": "6ecdd02e-3ad1-4294-8cc9-37f07283080a", "comment": "Malware payload", "value": "b57502b1a68dcc51afe254827624e49890835966af13e6b3cc2262940c4bc5b9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052459, "uuid": "cffa08a0-ade6-4410-8030-d127d3974605", "comment": "Malware payload", "value": "2dcee53480bf86d87157f51c1057c7a689bd0fc6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052459, "uuid": "31317fa4-f3a3-4920-97f6-7ca11eb9d03d", "comment": "Malware payload", "value": "473525eb4ca017305ee8598095bf02a793cdc904b5826c6ba6ff1524aed7e205329de3ff55b0e5f2a2b8e55c8ca7c239", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052459, "uuid": "3d560707-1335-4ae2-add1-4fb67ba23e56", "value": "T1A2E24AC5BA48D623CE6C0A74B12B0F4013B9EF2BE113A34F4BCC77562D4B6D156AA4D6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052459, "uuid": "ab74070c-c5e7-410f-a294-6196d7a06b31", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052459, "uuid": "a188d086-3fdb-462d-a0e5-7cd93d532af2", "value": "768:NZ0IL3OmQvtHkFHPbn+rLXiiEnlCLFqB0:NZRLemEtkFHCKoqu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052459, "uuid": "4b7ea499-7c6c-4e74-a28d-26c68ced5120", "value": 33280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052459, "uuid": "51c91d30-d609-4059-986b-31805dabb293", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052459, "uuid": "b03211d8-1724-4d5d-94c3-4074720b4336", "value": "Kmjryxa.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c732e120-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067722, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067722, "uuid": "69996501-78aa-4838-8126-6fb1d8859502", "comment": "Malware payload", "value": "b4b825dad434b62c41475ba1f199cb26", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067722, "uuid": "320a3a3c-586b-4328-8881-c9dd8c9f8236", "comment": "Malware payload", "value": "b5bc094bbd3cc9ed9642938c98a480fa36e45d7d6e13adb8fe73f4315831291f", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067722, "uuid": "59159fb2-f14b-4cc1-ad44-6dd4470f8a71", "comment": "Malware payload", "value": "4aa6cfe476eba9f65dd9a50fbcac5ba3f562ab9b", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067722, "uuid": "16580c68-5aff-432e-933b-4dfe606b69a9", "comment": "Malware payload", "value": "82b8c3e58a88c2557f17f80dad3ef3cc6a0f79387c487d83906beb4981c7c1e15217ac22528f0d8adc77aa666b99baaf", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067722, "uuid": "223b0934-1752-40e1-a197-ac49b7811a89", "value": "T198258A3223B22F3CA674FBF600DD154B9E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067722, "uuid": "559a4011-1c21-48e5-8b88-316dde69b089", "value": "6144:221xuSxineQmvNB0DiMtHww9VkatAq8YVRudNgCTF2OkOPyorMMWui1ha8sioMWz:RMtLna6CTF7ZrM6wExkZ5ugsLf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067722, "uuid": "e4fb67e0-7336-489c-9634-cb01b435eb4c", "value": 1037304, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067722, "uuid": "10226184-0ba9-4b74-9847-2e86b3a067b0", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067722, "uuid": "b03971e7-bc67-47c9-a182-bb7ae353d1cb", "value": "Offer[2023.10.11_08-07]_4.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dfc4b9f9-6847-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Healer)", "timestamp": 1697036840, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036840, "uuid": "a1867531-2486-4d75-af7b-44cbb7452b97", "comment": "Malware payload (Healer)", "value": "e097be295f35b05aa29c034d54fc95cc", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036840, "uuid": "ecc347cf-d96a-4385-bd34-237cbf554134", "comment": "Malware payload (Healer)", "value": "b695ad94565fb8b3e343f4d8636369f6acf45a9d2081c4aef87dff845c092a94", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036840, "uuid": "f5c7a87d-3640-444c-8629-e8399dea4100", "comment": "Malware payload (Healer)", "value": "29446ae9538142fe4c6c8d8df5b488352296888a", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036840, "uuid": "bf48bf94-cfe4-40cd-808e-32cacc9b3f1a", "comment": "Malware payload (Healer)", "value": "9b3ff2579376010e129d023c8031afa47ac00b6cf517f594e7079b5efe892feae5c6ec25af81209865b688ef35bcb487", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036840, "uuid": "c223a92c-9d63-4a80-be7e-65ae9c01cb00", "value": "T1E2352317ABD85172DCF80B30A8F502435A767DF18D38475F2A83B96E0D726D069323B6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036840, "uuid": "84ee6342-e66f-4061-8482-22d7e721a8cb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036840, "uuid": "eef06b8c-f015-4021-891b-bb7219a10d37", "value": "24576:eyUNimDolVLEW6EWe7kfWi+Oflhr4CQvERtbiVeecVSw1K218v:t6QVLL6EWIkuJCzjME7oeeQ58", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697036840, "uuid": "f5e57ec7-c850-4d3d-a9af-09ff0651af31", "value": 1088000, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697036840, "uuid": "4db3afcc-1299-4280-b7c7-27bd0f7de30c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036840, "uuid": "8243a714-9b87-4c5c-ae14-1d90e0b7e847", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "49020d67-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050760, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050760, "uuid": "f4b17551-ae89-4633-b83b-b0d8a46bb456", "comment": "Malware payload (DBatLoader)", "value": "cc269041b0323aacc38b7953c7600c8a", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050760, "uuid": "61b8d61e-1ee3-4e92-9bef-89964606e7fb", "comment": "Malware payload (DBatLoader)", "value": "b706a171ed0c9db2b82a3fb16390e8f2716bd256f79182fdd8a76291a1078a5e", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050760, "uuid": "291ad151-708b-4f80-8395-18714d7e85aa", "comment": "Malware payload (DBatLoader)", "value": "ec676063bf7e75f9b7b39e7474be24c1753726dc", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050760, "uuid": "753f0803-7b87-4d70-9178-5f42e0eae061", "comment": "Malware payload (DBatLoader)", "value": "e267d66578930f97f7976f4d36a319e13525fa40fb2ed5a56aa2cda6ce8ba413edc1422084cbaf3cab243fb3421d10f0", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050760, "uuid": "bf24a346-18d0-45bc-88b7-cb35907d43d6", "value": "T17EA5E167A2904C33F1323A785F1F92E95C1EF9202D64EC8A76D45E482B766C13E39397", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050760, "uuid": "945716d2-7358-44a7-ba40-8e10bcd6ac6a", "value": "f48d9fecb191a3f4fc9501cb4eaddebd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050760, "uuid": "72226db5-e66c-4264-817c-8776f825541e", "value": "24576:UdmBgngV1ChWfve6E/5s63YeXb6id8UYeDRXCgRHCZezBQu7KR5VNUAJOw637yFh:UdDgu6ERs6oG6mYoYWQu5HwgP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050760, "uuid": "757618f2-8a91-474f-afa2-de14a3821e4a", "value": 2235904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050760, "uuid": "a0e2cec2-c633-40ba-a302-239a248855f6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050760, "uuid": "c206eeed-fd2a-4d97-9efa-2f2ef4731c0b", "value": "PO-EN12929893.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5759c830-67ec-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1696997527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997527, "uuid": "8d5d9c5d-5e87-4537-8d19-3db1f10f09cb", "comment": "Malware payload (LummaStealer)", "value": "568446479714dd1f0a3853292efa9368", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997527, "uuid": "35099a60-60f2-4738-8bf4-9aa4fc0b2b81", "comment": "Malware payload (LummaStealer)", "value": "b7a8713e933eef0ae8bac227b4fae10c764f4cfae76052423ed818b7cb464d51", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997527, "uuid": "7e3c2e1e-4253-4983-bccc-6477a73357b8", "comment": "Malware payload (LummaStealer)", "value": "3ce480ac40e42354ced287eaba04323f8f1b18cd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696997527, "uuid": "e8e76c47-539b-4aa9-b55d-c7648a6d013a", "comment": "Malware payload (LummaStealer)", "value": "2d7ce6f8cd825411182e4b2871d2a48fd33746550a05e125182ba02125d0ee1c7b552c9b417560a88d1636c27024119b", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997527, "uuid": "746c2de8-0479-4d6d-ad91-6466941b3672", "value": "T1A6547D13B2A0BC23E5665B324D29C5A8362EFCD1CF59679A32546F3F0C711A1D672B23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997527, "uuid": "331f9932-9138-4906-8076-391dcb7090ad", "value": "c0a3c238d9ecfd3e9ab3d94bcbfed84e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997527, "uuid": "ca6e1a29-17ad-4d51-959b-817dddae09e6", "value": "3072:GeWftIz6/DAsX2xP8n/rNxB1daTG56rZhcxCLCwB30:9aIz692x0JVdRmhlCk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696997527, "uuid": "268b0b0a-8e75-469c-b670-237e62da2808", "value": 301568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696997527, "uuid": "b182ead9-be10-4ca0-9acf-f454c6d7d4f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696997527, "uuid": "b8426686-6a46-411f-be65-f2e5ef3f7d68", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "98b71a51-683f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697033284, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033284, "uuid": "32847a91-684f-44b2-8e4d-2040ffc1761f", "comment": "Malware payload", "value": "6909f62ba85f31cfb21398a12b0abbef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033284, "uuid": "2049b0ac-0143-4734-9eb1-956d3208b7eb", "comment": "Malware payload", "value": "b7f3d85fc66f301be89b8df9ea44f53ddbd498e8806b576ccba3575c53a29304", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033284, "uuid": "10df7122-a6be-41b3-9700-1a812bf79d21", "comment": "Malware payload", "value": "d2413fa81662824636592dbe38267088c239f772", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033284, "uuid": "2f806046-b5ed-4dbe-8d21-7341042a6ac9", "comment": "Malware payload", "value": "d57e60dbde19a05af6661d2567f1161291cf88cc1d14639f302b970e71a078410c77dc2bb450931dac6951d6b226f9c8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033284, "uuid": "6273634a-e755-48e4-94b7-95051e5ef6dd", "value": "T1BD451208B38A4331C5DE5779B4B12B4947B0C60BA35EBB6BB9F6F4F01887790651B4E2", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033284, "uuid": "2e44d9e2-8831-4bfc-95f1-a665626d4527", "value": "24576:wbt0MroGB5p7Aky4ReL8OKWV1IpEWdkNOm5x56G9KtSv:sb5xy4RenV1m9dkT5x3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697033284, "uuid": "1fae1cca-8ad7-49ef-b8c2-c69a1389a876", "value": 1225216, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697033284, "uuid": "ec4f129a-7107-4c55-9f3e-bed6b9b3fd06", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033284, "uuid": "97b44755-9cdc-415b-af40-28ff156b7f01", "value": "b7f3d85fc66f301be89b8df9ea44f53ddbd498e8806b576ccba3575c53a29304", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cbc43f85-6820-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697020056, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020056, "uuid": "e1059481-ebe0-4232-a519-13d8bae28c7a", "comment": "Malware payload (Smoke Loader)", "value": "3280a9e4386db8c223948c3c59a2eab3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020056, "uuid": "bf044462-f9a8-470f-8ade-13889a8b0a6f", "comment": "Malware payload (Smoke Loader)", "value": "b82612f185ae6af3c5acb702afc006e8afb39aa9d8db0aead91d2263439a407f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020056, "uuid": "e5cfc55a-2407-4742-8177-bdd30c8d58a8", "comment": "Malware payload (Smoke Loader)", "value": "0757b91d1dc6be33d3b351156960683cfec964da", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020056, "uuid": "29910b7f-4cda-4c16-8d64-4c3a8cf5caac", "comment": "Malware payload (Smoke Loader)", "value": "74285354ce1e313e99799d3aff91c6818b61596fedbb6920209d41148b970a5a9cbb84e0c7731bfedfd423f3a79f005c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020056, "uuid": "93cdc366-5e26-4cfa-89b6-0515150f5c50", "value": "T1CE352356E3D684B3C1B22B7464FB02831A377CB25E74976B3B45AA4B1CF26909472337", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020056, "uuid": "b2d1655e-8f63-4473-9e4b-1fff9026f4f6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020056, "uuid": "5e03e2a3-bc70-4ab1-9c31-1b8533947e02", "value": "24576:Ry//QDMeaqBz9kPXjtnj4i50o+WzOVrj3Ph3lUkT/R:E/zeaq7kPx4i50+zs3P/BT/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697020056, "uuid": "4dc1726e-3f12-4e2b-8efc-a8a5d1ef3a0e", "value": 1075712, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697020056, "uuid": "54183e9c-9421-41e2-847d-0cea55c11b13", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020056, "uuid": "2dc75271-1910-4024-b79d-67af289f825b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bf0b2319-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067708, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067708, "uuid": "882c0fa5-07fe-4ab7-b664-62db73bb5107", "comment": "Malware payload", "value": "c2ed082344dfcd3ef0a19785d7f19bda", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067708, "uuid": "2f380347-3cc5-4098-bace-b123bea752d0", "comment": "Malware payload", "value": "b8c26e94d120e5193d02e67b46313427744398e3654c9c0f43b6e517d89013b4", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067708, "uuid": "107bd12b-b10a-4923-a0b4-e8901051b917", "comment": "Malware payload", "value": "68e4dccdf926a417d88bd3e17e6d3b93d58f0401", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067708, "uuid": "24bb06ef-b8ca-4481-862f-45cb9bc6f78a", "comment": "Malware payload", "value": "5dbed10b11cbbd5c7a998c685eb9e411a3bf1778323748fec161801d106920114ecb2c5f1e8394999deeafd70ea5a23a", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067708, "uuid": "72f2d186-6052-4264-ad6f-0f06bf671e0a", "value": "T1B1258A3223B22F3CA278FBF600DD15579E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067708, "uuid": "39b42229-0143-4659-a450-3b73a51ab3b3", "value": "6144:dpMZ7yVsu6JErWErEb1ZcaE+oCZowQlroOdqHvwt5hi4IrOU3RqULOSPOmTLGnkF:3AE+JoGP65hQJRmk0ckVu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067708, "uuid": "18ba7a09-9127-4e19-8e39-43c3c8aea2dd", "value": 1037246, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067708, "uuid": "706bf67a-eab3-46b9-ab14-e26fa5f97012", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067708, "uuid": "3ca1d11f-3775-4ffc-80ff-6e650b98a06d", "value": "statement[2023.10.11_08-07].vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "83f9a3f5-683b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AZORult)", "timestamp": 1697031532, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031532, "uuid": "07a7fccb-ed50-4475-a4fc-50ed344d9949", "comment": "Malware payload (AZORult)", "value": "3677af6efe1ab490f3283553d8d74150", "object_relation": "md5", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031532, "uuid": "d675ff97-fb71-43ca-b09b-4033144511bd", "comment": "Malware payload (AZORult)", "value": "b8e098e3a5020420dfb206916b4a7dfb2c998d363360bf916bb95b277185f219", "object_relation": "sha256", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031532, "uuid": "7ca79cc7-5d50-46ff-9859-97b8b86a8eea", "comment": "Malware payload (AZORult)", "value": "9abd308a0e082a3de763364f88c503b0da211cb1", "object_relation": "sha1", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031532, "uuid": "16d69580-78f9-4e9c-b64d-7bec466a5b5d", "comment": "Malware payload (AZORult)", "value": "e2d62611bcc479bf526485e20d19d696ea6dc7871d1a187f443b81cc4903863c8d84cc6c0b84e06f627312fb5357995c", "object_relation": "sha3-384", "Tag": [ { "name": "AZORult", "colour": "#403640", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031532, "uuid": "b7fa756f-fb84-4893-8acd-46cfc0b08ea4", "value": "T1DCB423CA1AD0C899FA07827114E45B3DD77BEF015B728D0FD3652B2939436AA176334B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031532, "uuid": "27594f6a-712c-46e8-aa73-3869964a134b", "value": "b78ecf47c0a3e24a6f4af114e2d1f5de", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031532, "uuid": "0216ccb6-834b-41d2-ba31-e0a96e428fd9", "value": "6144:1z2yP2JfKozsWLxNQsHL3/1Qtrolzi763N7ZNnXsUrk2fUJaZqicB3oPMafEPJfo:YSoz7MsHruOlzi76fFQvJE5MPj0UQP/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031532, "uuid": "529506af-5cc9-4d80-a6b6-cb67bb0d8567", "value": 535585, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031532, "uuid": "70fad441-1b88-41a5-9ce4-cc2070a5dcef", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031532, "uuid": "ce1800c3-6d15-46b7-9526-348e6c889efd", "value": "b8e098e3a5020420dfb206916b4a7dfb2c998d363360bf916bb95b277185f219", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "341aeec8-67ef-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1696998756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998756, "uuid": "8e39c0ca-0935-4983-9def-27d39f00d8f9", "comment": "Malware payload (Formbook)", "value": "8e8683b5cab62c86bcde45395187f97a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998756, "uuid": "bf556b23-49d2-42da-9deb-09a84288c828", "comment": "Malware payload (Formbook)", "value": "b8e44f4a0d92297c5bb5b217c121f0d032850b38749044face2b0014e789adfb", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998756, "uuid": "14c142b4-5587-4c89-a5d9-f9d5f70469de", "comment": "Malware payload (Formbook)", "value": "b88c7b66084df935e07eb7ab91df94695122fdd2", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998756, "uuid": "1743e99c-0db7-4d33-be76-f9e42e4c5448", "comment": "Malware payload (Formbook)", "value": "cb3cfd8de9e8d9a82a553697d163726f87560ee21f2b35fde01b50843f76c02ac0ab60ba703fbb9063c85ed0b7f8c808", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998756, "uuid": "cb62e879-7237-404e-9023-0198edca6fed", "value": "T11AE4F14073BA5B2BDEBA47F10661256887F6392E783AF3941DC1A4DF94A2F405E01F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998756, "uuid": "235c90b0-9516-4e61-9b1f-93603d29f75f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998756, "uuid": "dbf44cbb-6cd8-4ced-b05e-a1cf7f0925cb", "value": "12288:T7YX9Kx0RDyzxJjEqNT3v+VaMPA6WllBQWWr2vPWFkIM9sSa:wtBJCxJZN3v+VaMP9Q4rEPWWNm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696998756, "uuid": "cf5d6668-78a0-4d6a-b1ac-3548b3a21d02", "value": 663040, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696998756, "uuid": "e7058cae-c803-4185-b197-474aac7545cf", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998756, "uuid": "23e98eda-140f-4f87-982b-e9ce4504f1d7", "value": "SecuriteInfo.com.Win32.PWSX-gen.14038.17638", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac88ac5e-683c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697032029, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032029, "uuid": "962baa48-2c2a-4520-807f-2a0d1b294829", "comment": "Malware payload (RedLineStealer)", "value": "11038cc2513d7d4c924159ec25167083", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032029, "uuid": "22cda580-f9cc-4cc0-b467-fb9a4592f9ed", "comment": "Malware payload (RedLineStealer)", "value": "b91e194b54f8687fcff406fe9755ac5e4c9349f782c93221eae5f74ddb6d9ed7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032029, "uuid": "e517cb54-73f2-4e04-980f-29d6610466f9", "comment": "Malware payload (RedLineStealer)", "value": "3fb85453b48509f4fee9cb09531226141c6d5986", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032029, "uuid": "f7cae955-0028-42f2-8b97-8de119d288c1", "comment": "Malware payload (RedLineStealer)", "value": "47de2e4da4b3e46ae756b869cb30ffefd328fd71eac7494033acb72050125653f81000f69d6333e1dd2ace4dba2eb8dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032029, "uuid": "178a1264-1869-4408-946d-a30cbfabe39d", "value": "T16D352306AADDA572C968337008F617F32F377DF28974C267636B6E4B0CB2684A471761", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032029, "uuid": "be564a98-e5b6-4a6f-93d1-16f77411d13c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032029, "uuid": "3a1f4643-daf6-4ca2-b849-353b6cf47923", "value": "24576:8ywJT/qEaXG7kkdi0eY+JBGyOAgFGZUpO:r8TSDQkspZ+rGyOZ2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032029, "uuid": "9c582b26-75d4-4283-b8d4-bc24e0b70ff3", "value": 1089536, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032029, "uuid": "9975223e-2824-42ba-b5c2-5411852c41a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032029, "uuid": "8920b768-5327-4847-a632-026722af0f2d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "07b15e37-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067830, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067830, "uuid": "6f57a8fc-f2ac-4ff1-bb47-09b71ed74f75", "comment": "Malware payload", "value": "5a1dc1c02275de90b55b41e134f76895", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067830, "uuid": "618757b3-3c47-481f-b231-2a8671901ed3", "comment": "Malware payload", "value": "b9fdea30fcf81e4ce2084f86cab813c5fa46a40d5a6b666a2c77e86fbe49a513", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067830, "uuid": "491c9ebe-2130-40f6-8410-961628360c7b", "comment": "Malware payload", "value": "0b938da0e5a3857c0d03e9a415299dbbddba4ba1", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067830, "uuid": "ef3e5491-bee9-496e-bcd1-76a7309cb892", "comment": "Malware payload", "value": "6bb62ff300bf68f5db553136840c86c86fb010899263f1e48cecc74e4ac6b3a8daf61c11b1c691efc8d1ea88675ef47d", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067830, "uuid": "56a6ce23-932e-4184-a349-9aac7aad29ad", "value": "T1B9258B3223B22F3CA278FBF600DD155B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067830, "uuid": "23b89aa9-ba83-4fa1-9093-d998522a4374", "value": "6144:5osxfC4ie6B+nHUNaWeXLic0l9/Jmb8r/tozVEMIF5A8TUiTnWuEw5/HtXApyN3j:tQ4TqaZEMGf/rW7my6fqTNmGl8", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067830, "uuid": "1f005f53-2258-499c-8b53-f765df57932c", "value": 1036649, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067830, "uuid": "3e4b65e5-2de9-4d46-ad66-7e8f7b35dc7c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067830, "uuid": "b8cdf897-f682-4861-a677-c2a564f7da69", "value": "inquiry[2023.10.11_08-07]_3.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a3a081d-6841-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697034039, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034039, "uuid": "9efb098c-ca8b-4ba1-9ba4-60122a8b80c4", "comment": "Malware payload (RedLineStealer)", "value": "a1a421723a1344677bbacf47a22a5571", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034039, "uuid": "7583fba6-83a4-4f89-9e1c-7a86c44b4298", "comment": "Malware payload (RedLineStealer)", "value": "ba1f0cd9ae7a48c67c302e9e80873b3e98e064c6bd28dcea0411d8f9c48804f6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034039, "uuid": "858f1730-f83f-41f7-95e4-4db8c8c63dc8", "comment": "Malware payload (RedLineStealer)", "value": "21ce20f38775c9c781619d266ce7e8eb3d3bc48e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697034039, "uuid": "07403fdb-b73f-4373-a4d3-7917437f871c", "comment": "Malware payload (RedLineStealer)", "value": "3ffd55df187301372f3ef8db61c8f256c33b6d3c36def95ece1db05c91a1d4a7e394d94de07a593061357b0a63d1f618", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034039, "uuid": "10d86b5c-8dbb-4842-a4b5-1598e9be0f3a", "value": "T165352322A7DC9877E874277058F207C30F337CE64DB887AA2687581A2D726C4647677E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034039, "uuid": "6caadc27-3abf-4d6d-a137-b022c215618c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034039, "uuid": "86b10ddb-4a36-455b-9b93-52be2bb2d45e", "value": "24576:Wyu0LsvNOtS7Ql1idGkU37yOulCiGwP6Sxv8/6fg:lu0LsFxQ/frziGcd0Y", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697034039, "uuid": "ba9bfcb9-ae2d-403c-9ef0-ecaabfa1116f", "value": 1088512, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697034039, "uuid": "cd1a9592-8b43-4010-b61d-637ae30458f5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697034039, "uuid": "bffb55a3-c88c-4fbb-9de5-6392f92e51a0", "value": "a1a421723a1344677bbacf47a22a5571.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9bcf8e33-6882-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697062066, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062066, "uuid": "6096bcf2-7186-4bfc-9808-e22eb393b467", "comment": "Malware payload (AgentTesla)", "value": "8b69115d1abcf1379c5047f8e408f359", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062066, "uuid": "433e993e-66bd-4a8f-9727-b432a5842509", "comment": "Malware payload (AgentTesla)", "value": "bafe48bb81775d723528b1d0604dd8cc754117e4f8a23bf5e4c589d00bc1dd0d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062066, "uuid": "6a0b07dc-93d1-43e1-8f6d-69b8828133be", "comment": "Malware payload (AgentTesla)", "value": "a5171310d0a4524f2f9bd84a4e04e35acd3894db", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062066, "uuid": "dd1b234a-954b-487d-a107-fa66244e1c64", "comment": "Malware payload (AgentTesla)", "value": "339666ab1456e6f80facad6c78c21b229eb04ed329bc7f63a4af32e2bce37bbcac7117ccfe089a5b0a0dcdcee04e7dd1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062066, "uuid": "3671e9bd-bb43-4a45-98ca-613f6ad3e70c", "value": "T1AFD63329461C9CB8DE13103C06614B6492BFEFD2515BEBE609EA3746C7269131CABC7F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062066, "uuid": "ef925c06-dc8c-46e6-b2a8-2c9f3271018a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062066, "uuid": "7fe1fa75-453c-4988-9598-f9faf8a91a5f", "value": "196608:CqYvmaThVTWNty+8Pw54kqhkOxvJ9t1nPMtjxAHvLEd5VJK:Cq6ma9VyNow5skiffn0ZxAE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697062066, "uuid": "bb0c7521-b253-4a95-809a-ff267ded84b9", "value": 13621760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697062066, "uuid": "4954911c-d3a5-401c-8815-876f435dbd02", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062066, "uuid": "6d84e82d-cd33-4484-a7bb-f1a38fa93709", "value": "pidgin-otr-4.0.2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e845f0c5-6824-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697021822, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021822, "uuid": "8c2e6ce6-a90b-4088-9844-41e7bc553a45", "comment": "Malware payload", "value": "3fad6c3e0604ee091f2b2a61a91e2b4d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021822, "uuid": "b5e6a0f8-77c0-456e-bc4d-aefd95951ef1", "comment": "Malware payload", "value": "bb8113640ad4bd3f9b3637997f2c802c4a1706eae58ecde74d819cb8ad0eab06", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021822, "uuid": "79ac9a62-3f0a-4539-9401-f0f74857f85e", "comment": "Malware payload", "value": "63e2e8dfe1564e8e42823fee7c68c5dae612d690", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021822, "uuid": "48c38e1b-6adf-4299-b892-961d99ebb8a8", "comment": "Malware payload", "value": "1507c3c552dfe3b614337b66792503c5459f4a0adb8505d206afb0fd7fef818cabfab151e4c6821866561db6b837a5d0", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021822, "uuid": "58b74ead-9b19-4272-95d1-3da28b706d59", "value": "T112F5EF0669E700D9E0AB97745FC8F9FF47B9D4171A2DB6B61142D391CB31BC88A638B0", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021822, "uuid": "f8cc9c09-2516-4d0a-85f6-6ea4c167c6f4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021822, "uuid": "cf922763-3e61-4ae7-9f1c-32f390206ca3", "value": "49152:QUbowEOvygS7/1sHOqJ02nTPFdRPqxMai6ocdMvkyAGJ3o7dMWvQa7:QUcwti78OqJ7TPBxcavd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697021822, "uuid": "14ed6783-2e99-41e0-93f3-9445fc54015d", "value": 3362816, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697021822, "uuid": "4e9540b7-79f3-47ef-b5a6-2e658a99b47d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021822, "uuid": "b3bb346d-d1e4-463f-b52d-dc36880f734d", "value": "3fad6c3e0604ee091f2b2a61a91e2b4d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dcf5e9ac-6871-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697054874, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054874, "uuid": "476ccd6d-c028-4b49-a7de-4368036493d1", "comment": "Malware payload", "value": "cd513cdaa84b429353b8b57c2fd5ef1b", "object_relation": "md5", "Tag": [ { "name": "php", "colour": "#5D0626", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054874, "uuid": "516e9032-7690-4d23-a40c-390a6323234a", "comment": "Malware payload", "value": "bbd025aae4e033e81d47ca56fb10f12524487f8ba8dc30e1adb3513de1a5689f", "object_relation": "sha256", "Tag": [ { "name": "php", "colour": "#5D0626", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054874, "uuid": "628107dd-ffaf-42ef-b087-c38a49f532da", "comment": "Malware payload", "value": "038d719c8ceb772b59ffaa7e1a2e4eeaf8cfaf2e", "object_relation": "sha1", "Tag": [ { "name": "php", "colour": "#5D0626", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054874, "uuid": "d8542677-8a10-4157-9253-23e0a5746049", "comment": "Malware payload", "value": "6f6018a15eff32f0feb6493fa4b952a939cde1d99b4b37aa5fbf577f0eda2a8b704fd4f16ff9a9f0d985db443dbb37aa", "object_relation": "sha3-384", "Tag": [ { "name": "php", "colour": "#5D0626", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054874, "uuid": "5387c2d9-3971-49a9-9c29-d01ed822c7f9", "value": "T1C74155BBE53B042250B457385F4A5C04FDA5A60B45892E42BC8D43FD9FF830CAA60FA5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054874, "uuid": "5cdd33a1-f5d4-4db8-8411-4752c6990cbc", "value": "24:AZgLZ/U4U1bHUqKhL7pZvW7PZISTvTZLSr+v9qZh6uZTZFPGKhU8EZdKJU4xbdKW:io8x1APhL7p94hfQPyuhzE1PBfgw2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697054874, "uuid": "9283ce3e-4e1c-4f33-880e-d8b8255f8313", "value": 2307, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697054874, "uuid": "84f0b720-b18f-4e92-8725-cca7d13b2b60", "value": "text/x-php", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054874, "uuid": "812cdc94-44fa-4047-b1d5-4b60bf506079", "value": "virus.txt", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e340b5e6-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051448, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051448, "uuid": "008cc265-7bc0-4355-b5df-0096bfbb1f0b", "comment": "Malware payload", "value": "eaa263484772ed520b3fd20b98e59c25", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051448, "uuid": "7c245e89-3df0-43b8-850b-4950b51eac2d", "comment": "Malware payload", "value": "bc157b80a736d69552add6f62c41207926a1016bdad22b4b358f67d0fb5a4613", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051448, "uuid": "67534da7-8f5f-447c-9b8b-4f78513d8ef5", "comment": "Malware payload", "value": "f5ade32907f36786839c7e6de6fa02c9aa797282", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051448, "uuid": "03b6e568-4099-4a40-9936-077f5bd510f2", "comment": "Malware payload", "value": "789b842a1c2d724a7f2dee44158a998060a88c5d2d9ea61fa67d2e1d3520ed1fe4d389c69a498e01847a92019b468ff6", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051448, "uuid": "fd45af36-a193-44f7-8685-e4c82b7ee615", "value": "T176E068C11D0FB4500077D9B38AA6784DD99C3062031C5810FE0E4BE91F39863ABFA28E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051448, "uuid": "4b47fe25-18bd-431a-b643-5a21213bf702", "value": "12:9vWdCaojoiJFM3XEagdkBDL9CQTcf35rsXv:9AsUiJ+3XEsB035o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051448, "uuid": "c79484f0-ff5b-41cc-8b4a-8a6a1a5f262b", "value": 391, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051448, "uuid": "a4977758-8fdb-4a9f-b3af-a5ad4a621ec8", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051448, "uuid": "6caa545c-cef5-470a-8bac-3b5de3d14591", "value": "ini.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68c5b7f0-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050813, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050813, "uuid": "01a9ed0c-b9f5-47f2-9c7f-7ec34c3f3a23", "comment": "Malware payload (DBatLoader)", "value": "11766b1b697689b90526340d9074746a", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050813, "uuid": "fb36f45a-ab11-4452-b59a-ed376fd3f67b", "comment": "Malware payload (DBatLoader)", "value": "bc6ad0214e356e543684e62a978f0a9c64bbe3282b2d11f31243e7dbde017664", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050813, "uuid": "9221b4b1-06f7-4a4c-a9ce-8456df917629", "comment": "Malware payload (DBatLoader)", "value": "98432b08da28cb24ab0cd61ab28204abe0bebbe7", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050813, "uuid": "e007b9e2-3d1f-41b9-8be6-4e66a2af0661", "comment": "Malware payload (DBatLoader)", "value": "ad65c6f0b3a4681ee174a8a78b02d25fca62320375f97f1d7ecf8f1f4ab22694c40e2852190befab528630ecf8a93e9a", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050813, "uuid": "b22bd860-8ad6-44ba-b7cd-acaa1f648072", "value": "T1C2356B74B3B608B0F5B976B5DD0A63F41EFF27A96904288992793D0B1CB27917E1102F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050813, "uuid": "d25ced99-7632-42e4-882d-203ef50d962b", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050813, "uuid": "b60a9a5c-3320-4a3b-b648-157cdc5c1857", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5f:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050813, "uuid": "087a3341-c9df-4ed5-b013-5a40c778c58a", "value": 1124352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050813, "uuid": "1b4c274b-5e0e-4536-821c-b78840465a56", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050813, "uuid": "cea473d9-6bad-4cab-ba12-edce14393e26", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9ec0916-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052319, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052319, "uuid": "65c747c4-52fd-4336-b414-7bc1853fb234", "comment": "Malware payload (SnakeKeylogger)", "value": "04cb26da2d9222bf9204ad1f2307310c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052319, "uuid": "ff3c325b-f31c-4dd4-9d7d-5ac9dd31659e", "comment": "Malware payload (SnakeKeylogger)", "value": "bce910742ec10a1cdffe6c194b65c2a66980dff76b5fdc56c46a6d9a9f41d48a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052319, "uuid": "206bf7d3-58ee-459f-bac1-3f2482e52897", "comment": "Malware payload (SnakeKeylogger)", "value": "e80af5a2284c9cc5ec51315b8b95a5aecf62b449", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052319, "uuid": "50ae1196-0d9a-41d5-a7f8-003b79220d94", "comment": "Malware payload (SnakeKeylogger)", "value": "10a2fc7bd9a751462fdde4b6305b3eb6e547725eef533cb676c5d6f220b42702827b7536b8cef7d781c64a51f11a63d5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052319, "uuid": "d4fad2aa-4dc0-4d64-8514-fbd15c0abd50", "value": "T15BE439385CBC362AC434E2F2CFBDD420B250956A3D64CE2B1DD269D9075BB4225D7E2E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052319, "uuid": "6f77826f-b625-4548-a5f9-65e307013769", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052319, "uuid": "e6c2e302-8e0b-4999-9237-848a156bfd70", "value": "12288:Kj40L5klf7Lr0QnQ3Ei9PyMHpEIKUFO2xgOZK7YDeCNAmC:KTLKjLr0QnQ1MoECksCCNAmC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052319, "uuid": "18524d63-285f-4a78-8c79-81725bcab89a", "value": 695808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052319, "uuid": "66f8cadb-e9d2-4a8e-988a-0982e4de6d68", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052319, "uuid": "09021ac8-7d44-4cfb-90b0-8e47ceafcb57", "value": "04cb26da2d9222bf9204ad1f2307310c.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aa10d829-6803-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697007544, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007544, "uuid": "79b2a5db-0984-443d-a437-2138c9da700b", "comment": "Malware payload (RedLineStealer)", "value": "6b043f7b06e1cd30fd2cb9c027c2e49e", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007544, "uuid": "0fc278ce-d5f6-4cf2-8775-93fbd409550b", "comment": "Malware payload (RedLineStealer)", "value": "be9d5bb1cec536aa80f16fcc1f9c5d4245d2e9bda7c8c15ca417a12526d43c2c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007544, "uuid": "af651b9f-cfb9-46b9-851a-097f4800ad35", "comment": "Malware payload (RedLineStealer)", "value": "0f43fe7998c933a625ef9415599c3fc30652fb3b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007544, "uuid": "58d06b08-1dbc-41c1-a97e-51b328ff07e8", "comment": "Malware payload (RedLineStealer)", "value": "3954da0b658608b6c9195cbc34a5c6e334e21b566b3b4a2a8f6f958f9dc21fa558aeea0a4d34eecee3ff4b139e59f531", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007544, "uuid": "0183a98f-70c1-45c9-8921-8504533393fa", "value": "T17E352352A2C585B1EEBA23B014F705B30F35BC211C3817AA3645EAAE5C731C5E97276F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007544, "uuid": "c1730473-b39a-47d5-bca0-0eb6a3769cd9", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007544, "uuid": "7bb18ecd-825f-484a-8408-a407d9ac4b75", "value": "24576:myFOdL0IdHppyQOjw/f2i5hnZiYKVp793JSXz/LK:1FOl0IpyQZfDfY/v0z/L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697007544, "uuid": "77ee62bc-8738-413d-a03e-c79e5fdbc3b8", "value": 1081344, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697007544, "uuid": "5f3e1a24-1799-4a78-a661-6cedf8f41bb3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007544, "uuid": "162a78f1-5c93-4584-b1c3-53e039832d9d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4dca2c08-6817-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697015979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697015979, "uuid": "c219bdb1-60b4-4baa-a931-b1e953cf53a3", "comment": "Malware payload (RedLineStealer)", "value": "e0ca5f835881f008e90f09dc0e245dc7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697015979, "uuid": "989b5a49-56c6-4527-be63-a6ee91f3065a", "comment": "Malware payload (RedLineStealer)", "value": "beecfa67960928cbd5b0b6520982d13289f4ea2d703773d21aba01fe015703f6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697015979, "uuid": "2071f146-8434-4b02-aa93-7389dcd22bb6", "comment": "Malware payload (RedLineStealer)", "value": "1732bf0a6e51b7f6f7a83ca4ad39be2687ca1205", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697015979, "uuid": "f1a2382a-af73-4bea-95f1-e99ee8cc5c4c", "comment": "Malware payload (RedLineStealer)", "value": "6cfd99e3b79f23a61f7b7470b10dc2d7d141f9c6b3b75e53ee0ab2974b7fc19d543e212182aef721c1788700a0e217e1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697015979, "uuid": "cd4a285f-437e-4601-9766-b38c636a7031", "value": "T1FB352316AEDD81B1E9B567F008F303D31B353CB649B4535B6246C31E1CB2AD4A6723AB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697015979, "uuid": "153a2b26-3b9c-4c19-8d2f-c0ae8d979537", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697015979, "uuid": "965c3825-4359-4f56-8071-c8e55eae7dfc", "value": "24576:uy853MLMctcNo3I3zagupSmGRGjAVBd40Aa6hUnA:985QMcKVDbUSm9eBdvAm", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697015979, "uuid": "101b1200-e693-49db-8a18-e8e37bff9196", "value": 1075200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697015979, "uuid": "09ec633b-05d4-41f0-8a23-34333de73b07", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697015979, "uuid": "1e817a82-adc2-4ff7-874f-c35a52766c39", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4d2f30f3-682a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Heodo)", "timestamp": 1697024138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024138, "uuid": "2cf4542d-bbcc-498e-be79-f07af0e1cbe5", "comment": "Malware payload (Heodo)", "value": "19b0124f2e4f223113bb11a84765a6c3", "object_relation": "md5", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024138, "uuid": "1e560eb4-2a06-4f03-8fa5-3ea6381230af", "comment": "Malware payload (Heodo)", "value": "bf274f8c9ba0a2e9b51cc341688a1bc827e21e3d52f152bf49380123f70b2a59", "object_relation": "sha256", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024138, "uuid": "93d64596-4a53-43a3-a73d-0c1cefe03b86", "comment": "Malware payload (Heodo)", "value": "d27bfe2481c74fe0c213456ad3906e96097ab4c6", "object_relation": "sha1", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697024138, "uuid": "759dacc8-7e0b-4c21-9ed8-2919f18c3cca", "comment": "Malware payload (Heodo)", "value": "af6afbc7264824b4c1325d9d8edf1bcc584170d8f39972a77eff13507fbc19a7aa3144d2bd1fc8efa4f599ae5d724ebb", "object_relation": "sha3-384", "Tag": [ { "name": "dll", "colour": "#4717AD", "exportable": true, "hide_tag": false }, { "name": "Emotet", "colour": "#E58E90", "exportable": true, "hide_tag": false }, { "name": "Heodo", "colour": "#DF76D4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024138, "uuid": "6f5c67e8-8933-4081-95b2-e990c493196f", "value": "T17A14D0016B91C8BDC48942345C22BA219E7D7C718EF5ACC77F9A179B1AE02C1EB76353", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024138, "uuid": "817e832a-cf01-4fbf-a3f1-49167720fd4b", "value": "af052c4725f15ef5f03ed3c21ebd7090", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024138, "uuid": "6377066b-1075-4b19-b9b2-8a4c094a13af", "value": "3072:7zrlNwFBuQ+i2ro9Ux4huw/mY2EeTyDcqsAX8QaCQ5IS39mLSnwKl:7zPkBvoroGIRe+7sAXMCQL3ImwK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697024138, "uuid": "52ff6078-0535-49ff-a3f5-36f78c49939f", "value": 201728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697024138, "uuid": "2fed849c-de4f-41d7-8975-abd9843cbaa1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697024138, "uuid": "2592bb88-5adb-4e51-8143-ac0d24f1a034", "value": "19b0124f2e4f223113bb11a84765a6c3.dll", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec76b721-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067785, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067785, "uuid": "2d8a5588-502c-4cee-8f08-25ef421ab304", "comment": "Malware payload", "value": "ad5758d7325bf0a3f10b7124904569d0", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067785, "uuid": "6d103ea3-af9c-4ab4-bf80-b77767ec7a4e", "comment": "Malware payload", "value": "bf51efbef9813712f82853e75ceeb111310155505c00e8ba03eb5250e1ef2e73", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067785, "uuid": "bd017131-82c1-4817-8d10-ffd54e3bf5e4", "comment": "Malware payload", "value": "f0e63517543a2e852ed0c08b18def9bf92f663fd", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067785, "uuid": "ef2f2eee-cb6b-4fc3-9292-d87b18eefd47", "comment": "Malware payload", "value": "58684f57fd9ed362b276e8715e184a8961ff100c5f33b335d3274a91a62afc5df45376c3985b03d53a0296c201fbc088", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067785, "uuid": "c7751ed4-f368-42ff-a6a3-db0d585266f7", "value": "T1CC258A3223B22F3CA674FBF600DD155B9E797D631011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067785, "uuid": "f6da1db0-cf0a-4f92-8cc2-64872f4b78b8", "value": "6144:pMDsulkWuDXd9Sa1Arz2nTkEAFTX1bBQ53EvThwSNuxdnMunliyMRsGpXE28GV4w:M1h32QEP0vTh6blqRw1Lk8M8O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067785, "uuid": "188fc872-2b9a-4e95-b614-b3584a0aacfd", "value": 1036663, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067785, "uuid": "3b2fd763-70d6-4b87-bc84-e4ff44a9d03c", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067785, "uuid": "6683386b-323c-4ab7-913f-f99cbd2928ff", "value": "NEW_WORKING_CONDITIONS[2023.10.11_08-07]_1.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bee1c0a8-6846-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697036355, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036355, "uuid": "d43d7569-f314-4bbc-b9d5-8692b90b1f2b", "comment": "Malware payload", "value": "58a375ddb704b0276229ebc7ab4a1883", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036355, "uuid": "61a44010-879c-43bb-99db-2d0d52479a58", "comment": "Malware payload", "value": "bf98ed9f11287725a0aee62192eb6a515b0107d34d2bdd1bb64a6cfc59d2dc99", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036355, "uuid": "15a601d6-a21b-4b39-9c88-12a74d525d30", "comment": "Malware payload", "value": "69781fcb488e40a4be5d6652854f1f410205d34c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036355, "uuid": "a3448b83-a4e4-4f2c-8451-9b4c1d91560f", "comment": "Malware payload", "value": "79b04b916cced37f3756fc2e059aa4f82a7603ec34e215a37ea0e71fd49d2ae791c2d48d50409e337b428e9f1b768bb0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036355, "uuid": "40d89ed4-e7fc-4af2-a6ac-aec4e6500d1a", "value": "T1F1E7CF0733E501A5E5B7E2388AA79517E7B3B8674331CBCF329D06151FA7AD05A7A320", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036355, "uuid": "f7e4bea2-d7f3-4d51-8ef9-c0173085d93b", "value": "4d0fb8dc9ee470058274f448bebbb85f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036355, "uuid": "2188c7d8-da25-410b-8914-a6929bd15f1b", "value": "786432:fMguj8Q4VfvXqFTrYsqkXlznZ28pKX3vQGnZDDnZkG:fiAQIHXkHi+lznZ2863vNnZHnZkG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697036355, "uuid": "2d408f72-ffd9-4981-a493-c72275fa1ce4", "value": 63848876, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697036355, "uuid": "dc405e3d-eee0-404c-82a4-644118574300", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036355, "uuid": "ab56a99d-5e91-4a52-b906-1a733ea94d90", "value": "ecos-dhub-ratter-win.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8dae36eb-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697052164, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052164, "uuid": "96c551b1-d6d9-4852-aab0-5191464010b0", "comment": "Malware payload (Formbook)", "value": "646dff7c0306e264370fa02b5abe86d9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052164, "uuid": "4b306eef-5396-45d4-8aed-de0af6013670", "comment": "Malware payload (Formbook)", "value": "c1aa65f7c2cc6beb7052c8ada46a3139fc01da66890f4153a7c5761292b71d61", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052164, "uuid": "191dd21a-68a6-4cdf-b3df-1a49dccfcd84", "comment": "Malware payload (Formbook)", "value": "0847d01dbf839431a9a0ef5a0c66ecacca44ccd6", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052164, "uuid": "2f901b14-5bab-46fe-bc44-f92c4b6a8f4e", "comment": "Malware payload (Formbook)", "value": "d21c859e40120abbd8e194baef5f3e32a701981749ec2a5ad346ceeabb109715e3405d6aaecc28d48f60c3c0d82716dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052164, "uuid": "10e45080-7874-47d4-8f1d-8cba432ddf5c", "value": "T1D964122AB5E1CA72CA5707700CFD63E20B76FB6115B4570B33A0635967A3DC26B1E293", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052164, "uuid": "9d82c0c1-f4bf-4eb0-b0e3-c8fcf00c0b90", "value": "f4639a0b3116c2cfc71144b88a929cfd", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052164, "uuid": "8c2e7ef0-3bbc-4877-a62c-be40b6f2feb7", "value": "6144:pXFKo5l1eRtyTFeQxlgmfW2N73P/8K0LF5L6NfMqq7yaGbd:pXRQOZeQxl5MK0LPL6NUB7yau", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052164, "uuid": "927e8db2-665b-4801-ac90-6408687b3599", "value": 315635, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052164, "uuid": "f817cccc-90fb-4175-b87a-a836d4b65386", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052164, "uuid": "2735fa24-955a-4ccc-a924-ec9ecf6e16bb", "value": "sipari\u015f onay\u0131.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0bf4c31b-688e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066979, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066979, "uuid": "aab00ea7-dd03-4da9-84a4-3619802dd4f2", "comment": "Malware payload", "value": "5243baf28b80254dfd06ff874757af97", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066979, "uuid": "aacfb35a-222f-4dc7-8e77-882525986315", "comment": "Malware payload", "value": "c1b12d66898d1f2e43ec61f84b660ec4e581a8de8cca469e88267bc6b000cdda", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066979, "uuid": "19e4135a-187d-41cf-a39a-846e832a8069", "comment": "Malware payload", "value": "596ff115474595515976ad552ebaf7e6f62f067d", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066979, "uuid": "b508320d-4dc3-4296-831e-6a6ceaaf4146", "comment": "Malware payload", "value": "64ab556e7dd808946b01292c9f182d92f117cad4ae75364729fbe3911525a676a085f65e23fd6e820bf68bffe68c2fa4", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066979, "uuid": "3d88b1ee-80b6-4329-9fbb-a0cc6c5cc37c", "value": "T14F7423E4A27202DAFDAC21B4314F7B27DB1D8BA52B90571991892B78CE29D1C7C4F5C0", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066979, "uuid": "f124fcfc-7c74-453c-9ea3-b11a306975ae", "value": "6144:ToISCeXRYDABauEbxRMd8ueQrZqb1Qs/+NdlWdPP/pnpzantYjvMOFmAMjX:ToTSDJfxRMd8PQrZsx/+FsPP7antYj2b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066979, "uuid": "8a8b1ff4-006e-42d3-bca4-d9e1b1484623", "value": 366072, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066979, "uuid": "233dc3b6-6c5e-4523-b689-1e88e5cb2561", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066979, "uuid": "53905a58-1676-4240-b436-6d929a288194", "value": "DJPW1238_9724292.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "25d1e410-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067881, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067881, "uuid": "fc25523e-d678-417c-b27d-8aabcbf43ce3", "comment": "Malware payload", "value": "76461b5f5b53971ee56faeb25cdcd9af", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067881, "uuid": "d92b9b40-5b20-4dab-8603-d260ccfffd57", "comment": "Malware payload", "value": "c1ef40e8ab20ce2ae541a4b2a21de4ccedd94a212d049b39ea392959cecb0106", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067881, "uuid": "48588fb7-29fe-441d-9bd9-425c4430d4cc", "comment": "Malware payload", "value": "cde5434ed5f46e711c9c2a30ce195e3c8cc7d590", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067881, "uuid": "9cc8ccb2-a3d9-4190-b48a-7d63249ca862", "comment": "Malware payload", "value": "0af3846f7a9e221522ce7eec2d4d17b9f2345381ad1c30e85cd283552220b6c1a15ab8b3797a44a4da9181395d0c53d1", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067881, "uuid": "b0f62d9a-b077-4930-88df-d6baba99b309", "value": "T198258A3223B22F3CA274FBF600DD155B9E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067881, "uuid": "5028c122-340b-4f41-a2b8-23068491641f", "value": "6144:HoyDeQWPJ80bynilzMLwDaHhyvHr82Vqx+DBtBukOTWa1s/zGup+9n0Ixpfj3tla:jxTMW74c2BtUhm0ZL9O/jTLb/cXo/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067881, "uuid": "f9862543-7886-4438-b113-c5c579532035", "value": 1037263, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067881, "uuid": "8889bfb5-4562-4deb-b6aa-67054c6cbd33", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067881, "uuid": "d9b17855-4dc5-4991-acc2-f409b7791074", "value": "document[2023.10.11_08-07]_6.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4af8e163-6882-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697061930, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061930, "uuid": "24c8fcef-1826-4941-ae0a-900751e59c21", "comment": "Malware payload (RedLineStealer)", "value": "bfc55c93babb2fdbe8e1679f713f1d04", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061930, "uuid": "f4a59a8a-d9d4-4024-b9d8-67a1da6e3144", "comment": "Malware payload (RedLineStealer)", "value": "c26d93b2dc38db64e470819c16d1432046989f1e6fd4cdadfe319536333d7195", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061930, "uuid": "7fc4fe24-0d64-4e7a-a4cc-8462647f25fc", "comment": "Malware payload (RedLineStealer)", "value": "c18f51842c2dd332096c758f47782be0389f278e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061930, "uuid": "c412bfd5-e93b-4289-a65b-b92a051e0d50", "comment": "Malware payload (RedLineStealer)", "value": "7a8b220c3a6b04fe750aa9b548459f46e5ffcb697655c063413b1e3f71041fc665fcce4272c34f678ea8c9f63f74162a", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061930, "uuid": "9842acc3-c086-4f33-a6a2-2944687b44fc", "value": "T1B134BF117582D472C4478030882CCAF47979BCB29AB9CD9737683F7F7DF12926B6A264", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061930, "uuid": "7eed0805-b652-4f70-aac5-082a28d8b947", "value": "672b81f1197fb8c01c300e40d940875f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061930, "uuid": "fda94c46-d30a-462b-978e-0a9063c5c5fc", "value": "6144:nPiYHdpZG06NqGskIbTju+dRr6sMRR7T:nn9pZGb5skYdt6sGRv", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697061930, "uuid": "2342a68b-202d-41d6-b3e9-b9c5b688c3ca", "value": 230912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697061930, "uuid": "66450be1-2f45-40ea-bf2b-e547d709faa6", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061930, "uuid": "f6831095-a5bc-4360-abd4-4ed286428e9a", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae5a4bd4-6883-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697062527, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062527, "uuid": "85036ea2-7be2-40c9-b2ba-2dda38b8b470", "comment": "Malware payload (RedLineStealer)", "value": "4e48816d6f26b50eaee3457fa7556fc3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062527, "uuid": "451c319c-56dc-45c6-8d9e-3528059a69be", "comment": "Malware payload (RedLineStealer)", "value": "c2ccbf9609bd92c1fe8d4f2cfe8650bef40c22f1cdf081e67c3975c79d176e9b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062527, "uuid": "6384a12e-4f08-4a9a-80b6-fdc06f606b71", "comment": "Malware payload (RedLineStealer)", "value": "fd732fc3b862c0f59deb654855dc0e2e69823e8c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697062527, "uuid": "6cb8f6cb-5dad-4092-a0b7-6edd8b1c221f", "comment": "Malware payload (RedLineStealer)", "value": "34a857c6e91334c70254807ca8d8f7c7579031ccc80712c2c03570bf1fe42b062ba1cbf66ec12989d3e15c4d7ea58901", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062527, "uuid": "4fdb3c2c-454c-401f-bbd8-82f0c9aece7e", "value": "T16E352302DAE05136DAB93B3069FB03C30B7A7CC05674C3AF2B55EE4A1E726949435B67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062527, "uuid": "a0135fba-2e9a-4537-9899-f54b31a03b7a", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062527, "uuid": "300c221e-3d88-43a8-a9b8-fb8e9953a8ee", "value": "24576:MyroAPZ5rOTgbNg2O1YlnUQs8r1GQFfWRgJlKI18U9ZXFMAQ02ttb+N:7roAiTwO1YTfGYNJNd9V+lJb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697062527, "uuid": "18b6693b-775d-4e5a-a493-91e1c1ed2c07", "value": 1163776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697062527, "uuid": "e9c183fb-b207-4020-81bb-bd366410fa3f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697062527, "uuid": "a3ec2179-bfe7-4e32-8eff-88902331f925", "value": "4E48816D6F26B50EAEE3457FA7556FC3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "33695f0f-6828-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697023236, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023236, "uuid": "8e058c35-2632-443b-93e3-1d69b94f540a", "comment": "Malware payload (RedLineStealer)", "value": "1baa0dca1b70f7c5ee9e67951e778784", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023236, "uuid": "8bdc5808-4764-4f12-b753-5f1ed8823978", "comment": "Malware payload (RedLineStealer)", "value": "c2e862c769e4797864d4c6052d8434425584d07d964860c6aff1b8e3db898045", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023236, "uuid": "9b54d2ba-79f7-4a1b-8c1f-dbcc008b1f05", "comment": "Malware payload (RedLineStealer)", "value": "209b187dfd2c4b4a2d4a35e7eeb969296be7e200", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023236, "uuid": "30c88022-96c5-4c25-b0b3-b2f493a49f01", "comment": "Malware payload (RedLineStealer)", "value": "af63c074d00a4bb1a3033979246e2196faadf9f45b6ee017bad1c236f40b57f0eee66c77a084933c222bea6c2e01ec2c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023236, "uuid": "fdc4703e-0d92-4941-ad38-5a941c657dea", "value": "T199A48E607BCB62B3CA941EB1C8B3927CEC752AA8D273197A33FC4F275BF654441605A4", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023236, "uuid": "a68f4f8b-1d1c-4bad-98f4-0d4c5e7b1417", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023236, "uuid": "0ded5218-74e9-4c26-a947-721634e9554a", "value": "6144:9LvmaBP3cxSq8QoOCbxaG0hs4oJV2KAOE/1LnOKHSDWXVuF4jq/blw0TAfOHpR05:oat3cxp8Q91wO/AhDOuF4jO5w0ZLC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697023236, "uuid": "0c72074c-c070-49e2-9564-3e8a3f111a20", "value": 457992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697023236, "uuid": "67687718-ef0d-43c0-9665-e9b90e80a118", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023236, "uuid": "2bdbc77f-b65c-4217-a7a4-c8f29e05f0d3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bbc916e6-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697050523, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050523, "uuid": "2f68f96e-858b-4709-8be3-01dc005d508b", "comment": "Malware payload (RedLineStealer)", "value": "aac0a1ee7cde7e6678a3697eeef76fbd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050523, "uuid": "366de1bf-27fa-4947-983b-6ea55ff925bf", "comment": "Malware payload (RedLineStealer)", "value": "c354434052b81685bbe715d0bd0946e477e09a44bd0d80924738c0c94b2b884c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050523, "uuid": "ca920e76-6e42-480f-a878-bcc753e61013", "comment": "Malware payload (RedLineStealer)", "value": "d2477217feef285ea994de8699af345a131d01d5", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050523, "uuid": "f6c1a885-dc46-4ccf-b52c-1039ece357eb", "comment": "Malware payload (RedLineStealer)", "value": "1eea528099f058eeb52e9123a1b33ce3e9a491ec3c7197e95589687f1f389d76d12919739c472ca5a4446b621034d3f6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050523, "uuid": "3f37dcfd-20e6-4815-be97-67ac3f9108a6", "value": "T1B8D41203FBE44532D8B42BB168F903D31F39B9A5AD38836F2B466D5E09722945933736", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050523, "uuid": "c5737077-62cb-4582-9728-4e46a48b5239", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050523, "uuid": "6dece52b-1ae4-4704-a76b-e1ac061aa5fd", "value": "12288:/MrHy90Nm1WDfH9Op3jwzaPZc6fLzFS4l3NfI:wyj8F4zwmPZTz5I", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050523, "uuid": "cbfb0d58-30b8-404f-ad3e-d3acad0c37f7", "value": 620544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050523, "uuid": "5048944a-126f-4f95-aa8d-49880c77806d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050523, "uuid": "50a8ae95-f6fd-431e-9e12-115c520eed50", "value": "aac0a1ee7cde7e6678a3697eeef76fbd.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6d470916-67e6-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696994986, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994986, "uuid": "4ab0995f-2042-476a-9f58-893e6d107db5", "comment": "Malware payload (RedLineStealer)", "value": "5cfba6ccde621b849fff80ffcf6c4e0c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994986, "uuid": "0d2e0f61-9862-42b8-92c8-30caba26b87c", "comment": "Malware payload (RedLineStealer)", "value": "c397a0773d8166b6e95b01e0dba9ddf2beb30aad3ad16af4de13de6ec0eb32c7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994986, "uuid": "1f960f82-2723-469f-a02e-45e681b70717", "comment": "Malware payload (RedLineStealer)", "value": "760d5b975df9c0318f36c710f493d4fbf4608052", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994986, "uuid": "454f929c-4c25-4dcd-a2c9-581e4840d0f7", "comment": "Malware payload (RedLineStealer)", "value": "56a31943bb5cd8bca12719ee9f373820815652afe89ea7554b76b3a4222fb7ce32b9ce7c61af4bc1949420ee9df12476", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994986, "uuid": "d3a57eb5-0713-4748-a0f8-7de686772fe7", "value": "T1A6352352F6D844B3D9B677B458F103971B3A7D60193D83AF2398694A1EF2390F1313AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994986, "uuid": "1cc8fd0e-2ea4-4ad8-9321-5eff03c67929", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994986, "uuid": "b45b4b31-560e-44af-8383-10bc5f860770", "value": "24576:jyCbn1SgfHsDonsxLX2VRUhGyjzGt09irC7rm2n8:2CD1eDonsxLX2V+GyjB9irGln", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696994986, "uuid": "40f44fd2-5ded-4bf6-8da7-35dad3f45b9f", "value": 1132544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696994986, "uuid": "6c8f9a8c-362c-41bf-ad2d-2f9cb612f1e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994986, "uuid": "6c74dfc9-0778-4371-bda1-eec594f96ba3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "42624b99-688c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066211, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066211, "uuid": "587210a6-8aba-496e-8e3c-b6420b2d1c0e", "comment": "Malware payload", "value": "d6d24944526a4d2e37da13b71ea72e7d", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066211, "uuid": "32bfb9f9-eb99-4905-890e-7c4a12788451", "comment": "Malware payload", "value": "c3cfabfe54884ee0bf1d2f990571c5accee775e1d76f28c1b891893ad2e2382e", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066211, "uuid": "f73513a5-dc38-4717-8761-feb0c1ab1c74", "comment": "Malware payload", "value": "983ff2281b402f707af6304a2ca78df38999a21a", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066211, "uuid": "dcb65021-1a0f-4504-a4ec-b78134dd9da4", "comment": "Malware payload", "value": "27f0a6506f6681ae4c7589bbd84ff439899a5f6d0a57f238e0a283ab1a958a2156d1354f92f179b355b1f673ac1173e3", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066211, "uuid": "7da5d444-105b-4fe2-b3d0-c01740c9d6d3", "value": "T148258A3263B22F3CA278FBF600DD154B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066211, "uuid": "04dbcaed-a378-4c9f-8ac4-aa9b11f83051", "value": "6144:nXfOzE9jUGcxOHFXXz60fbWgidkgDoONlZUMqMxWeZYdBNSYUgyTu2dskb3thOyG:PoEDuzOMq3v1ZS6lUGsokGI2h", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066211, "uuid": "f2832891-8288-4b0b-a972-2e834beb3cc8", "value": 1037251, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066211, "uuid": "86314e08-ecca-41ef-96fd-49ca2637ef38", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066211, "uuid": "cb8efa6e-06b3-49ea-b929-ec6c57eeec58", "value": "New_Working_Conditions[2023.10.11_08-07].vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "72f24509-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697067581, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067581, "uuid": "989ef6bf-c8b4-4ffb-bfe4-abd2d7be605e", "comment": "Malware payload (Mirai)", "value": "d0dd52e950c5ef253afb2424b45b2121", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067581, "uuid": "c0ddee75-f3c0-4516-822a-f195276b8f33", "comment": "Malware payload (Mirai)", "value": "c46351bd331ce2c335d36b5713025824211e1e70610268d91093595c41a7ec5b", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067581, "uuid": "3dd54254-697a-4c33-b896-dff68a9adc81", "comment": "Malware payload (Mirai)", "value": "c337479196f06c226cce137ae1e392508d941a6d", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067581, "uuid": "e9d35a40-5eff-4099-b310-51c60fce4f79", "comment": "Malware payload (Mirai)", "value": "459190839d3945eeaabc8bee49d8b25c7826916f56b63ed36f2ca5f3c03ac60db337b6b1ce2afd4d3564edc9e572371b", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "powerpc", "colour": "#AC591A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067581, "uuid": "38241027-1a4b-46b2-9c78-38f1fcd42d75", "value": "T121C2D044D3103F85EFDF7CB49E1A81C47B27175F6B8B94A3B27895236563D2BA8009C8", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067581, "uuid": "cbb9c49e-dbde-4978-804b-42cb32e0a2c4", "value": "768:DUbgeS1f8Dnz+AHyRas6JAshPVpfxt4uVcqgw09U:DUbfaAQGAiNN4u+qgw09U", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067581, "uuid": "104c113c-4375-4a2f-bc2b-d441a3420a4a", "value": 28280, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067581, "uuid": "5ebe67ca-9f4c-4578-8ece-c1bcc3b94782", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067581, "uuid": "d5462308-b8ef-4369-8fce-917f34bba1e9", "value": "d0dd52e950c5ef253afb2424b45b2121", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6059f012-6891-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1697068409, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068409, "uuid": "d6c7d919-b7d5-4079-95d6-5827913ad1ce", "comment": "Malware payload (Loki)", "value": "f8d440894e3727534deaa37a58bbd21a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068409, "uuid": "e94f06c6-bfbb-4a3f-846b-724d562ba1ed", "comment": "Malware payload (Loki)", "value": "c4d2bf8ec402392579176bff484cc2bbdbfce553b256d191baecec16c37f3676", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068409, "uuid": "27fdd994-456e-49c8-ae4c-74a2a4da0d38", "comment": "Malware payload (Loki)", "value": "fd41ba0a9e50f1289f046aca57ac5471904d2e2d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068409, "uuid": "d54660c2-1070-4077-bc28-6ef8534acf34", "comment": "Malware payload (Loki)", "value": "802cbfd1df6b60020fcfd5301e521d94f95e544be32e527f67ae4714383368742b1238baf86d72f698270f67aee8b98c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068409, "uuid": "b9ab65f5-ff2c-477b-9a0b-cb3218b8baa4", "value": "T148C4F12423A88B66E23E8BFB55B4024207F5752B343EE39C9FE119CF5E61F518550BA3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068409, "uuid": "2ef131aa-f361-401b-9f7d-6734099fefbc", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068409, "uuid": "cb25f5cc-8cd4-4971-8137-95087c963efd", "value": "12288:MnX9KaUdIV65uCjvWWePPt4CPUlVFQms+HUqz:Mntaq+jWWePPtjgVFQmn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697068409, "uuid": "25ed864f-e5bb-4a69-a374-744033c56365", "value": 594944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697068409, "uuid": "a85f4c69-632d-4fb0-a7b8-9fa9bd716a89", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068409, "uuid": "230bc935-8141-48a5-851e-289de5435cf9", "value": "SecuriteInfo.com.Trojan.PackedNET.2370.23617.11345", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d090ff89-6870-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697054423, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054423, "uuid": "953a78f7-b48d-4456-b0f1-1742ef5e6878", "comment": "Malware payload (RedLineStealer)", "value": "340fb8e45f17b972a524c0f55b670d92", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054423, "uuid": "e411c90a-124c-4738-866e-8fc9f56f4540", "comment": "Malware payload (RedLineStealer)", "value": "c52c8c60c2e4d14db1ae71d0bec0f3aee11100604af68812b291b863dddf7218", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054423, "uuid": "57fba171-b7e2-4513-b32c-de0188109d1d", "comment": "Malware payload (RedLineStealer)", "value": "914be32c2c492f7fda1d62c247ab585044066d01", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697054423, "uuid": "e117a012-f0cb-4332-9b1d-01642a47fed4", "comment": "Malware payload (RedLineStealer)", "value": "c4afb100b2d2cb169fca89d6905390d0c4bf0637278e363746cd8d93084fa73214de6dc36eaea8970aff280ffe422d69", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054423, "uuid": "fb6d4e09-35f4-4bc7-b204-325d5a4db29d", "value": "T1E4257C2138C18176EEF220B646FCFA3A46ADD0B0072916DB16D857FEE7206C17B37596", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054423, "uuid": "233e89b7-6047-4b1a-a004-7767380a0f85", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054423, "uuid": "8a37cb01-db8c-4954-b777-c378a21bd799", "value": "12288:a59vHSylVEepsxylL5dPM7xj1Vc1jBAhEQtt7kxI56u99lTVOFXa+nW:anGepsxylL5dPMdj8jqtttlTROo+nW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697054423, "uuid": "a7d5952f-354c-4f92-941f-fda84dcedae8", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697054423, "uuid": "ce2b94fc-5fa1-4ea1-b109-35384ca9053a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697054423, "uuid": "57cdc4fe-fc83-4a07-aac3-070c7f16a44e", "value": "340fb8e45f17b972a524c0f55b670d92.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "514a63ac-682e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697025863, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025863, "uuid": "02afc7a8-3a46-4698-baf0-5c1f4ca7bcef", "comment": "Malware payload (GuLoader)", "value": "47a8ce34453f08adb9ac47926f25ad3d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025863, "uuid": "0416dfa7-8aa0-4e01-9d06-c81ae7b48db2", "comment": "Malware payload (GuLoader)", "value": "c57b071eb2736fe072a9eee152f697471a68ea89ce107de5e5721dfba2031d47", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025863, "uuid": "22aafe20-81eb-426d-a5ac-a037b4d071db", "comment": "Malware payload (GuLoader)", "value": "dc0e80737188979d7364f4e0a0dbb2d732cdbbde", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025863, "uuid": "cfbac8c6-87f0-43a1-a38e-58fb47728d95", "comment": "Malware payload (GuLoader)", "value": "9eb8417553b388b909ff9aa63c897bc9452066b3237f524e6c1d084f4d8c689bd84d32f51161de27951521d7b6205bd4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025863, "uuid": "6772e602-e96f-43a0-8d33-7f8a49d9911c", "value": "T1C715231BB50C639CE3599AB538390632879CEF4302D1BA0ABFD6FE6F607254D78026D5", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025863, "uuid": "72f53ead-ecc0-46f2-8162-9ee35d0d6050", "value": "7c2c71dfce9a27650634dc8b1ca03bf0", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025863, "uuid": "23a43aef-a85a-4ed3-9e9d-21e4743f6198", "value": "12288:ZFiIeN/ZuSjykr7Ei8SkAikA/0y2sXq3+p36bR4BnRvSTbTI2Wnq6nOKE:uIGBuu6i8SkdYAq3+p3kwnR6fTI2gjE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025863, "uuid": "8eabd330-1c52-429a-9f79-86963d80127d", "value": 920385, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025863, "uuid": "d1d783ab-e3a7-4964-8650-c755190863fd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025863, "uuid": "04ac34a8-c818-4f95-a11e-99ad4aeef668", "value": "c57b071eb2736fe072a9eee152f697471a68ea89ce107de5e5721dfba2031d47", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e03b3bb2-683f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697033404, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033404, "uuid": "90ed0123-be2a-494b-a946-361e12e7009a", "comment": "Malware payload (RedLineStealer)", "value": "6ed49cb6d6bebf6a40690ba33490aae1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033404, "uuid": "ed2b2c5d-1cf8-430f-9975-b3240b04cd43", "comment": "Malware payload (RedLineStealer)", "value": "c62a42d1b9a25205c267477964669c0846a58e4f72c391f3c0c42c90e8f521e6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033404, "uuid": "c7c687a4-8138-4913-b182-8ebab36c1df2", "comment": "Malware payload (RedLineStealer)", "value": "b0293bf214df9bb8a977ce16c04321f842045235", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697033404, "uuid": "82a5892f-9f1f-4def-ae64-75ed550b1a2b", "comment": "Malware payload (RedLineStealer)", "value": "f74946c6d8fe5343ebf7774bc491e7c8a3638afe706114229214d03a645bd2963fc78a0893c77dcebab6fc3e852fe646", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033404, "uuid": "2b767f80-f322-4708-a21e-d60a06fafa5c", "value": "T1A5352393E7F48173F8A0A7B0ACF712830B35FD958AB4926F2685DC1A1471AD07C76726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033404, "uuid": "0efdb0c7-ea5d-4502-9de3-f3dd25c7b2c8", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033404, "uuid": "46d16eb6-993b-494c-ab8d-2d0a87a87728", "value": "24576:Wyi0Z26zdiGbrV17vaOiRIKak1AQtCy9K99/+f/+jTI:lXl/dvhqIjk69f95oWjT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697033404, "uuid": "74095807-215a-4c26-b3cc-dd0c783a2c6b", "value": 1090048, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697033404, "uuid": "9fae5a7b-3a82-466f-bbe2-d8eff3e7c7dc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697033404, "uuid": "347a5916-7d56-43da-b361-25f27f42a5bd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6a3a178d-683c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697031918, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031918, "uuid": "a1d2a02f-fe2f-4d07-9a3a-6aea818c7838", "comment": "Malware payload (SnakeKeylogger)", "value": "f0683bb61a43a8dd7061dbd8ee3af88b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031918, "uuid": "d7285d6c-df6c-4ac6-a40b-5157720a07cd", "comment": "Malware payload (SnakeKeylogger)", "value": "c9f2aae3eae18a283ef2a868116c01d80c9e0e9588ae125c7e842f928d31acff", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031918, "uuid": "62ee1ae1-9ecc-4159-8ee2-b63e3af618ac", "comment": "Malware payload (SnakeKeylogger)", "value": "c94587218dc3ce9bd66e7ebe23c720ca50afd989", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031918, "uuid": "34b2ba1c-0128-46c6-90a7-aea715c1bdf2", "comment": "Malware payload (SnakeKeylogger)", "value": "94316f22f5854062cfc3e78beab59fcff39fb86f794354bc26f719e47795a911f3c750072484092fbb287284505da520", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031918, "uuid": "ef003bec-a848-4d06-9fe1-e71a9a248da2", "value": "T16CE4DF50EEF59149E1EE45789D20A2E79272AC73FA12D216FC40F539FC2D6C78AC0276", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031918, "uuid": "ba1a3408-00b1-4da5-aa0f-ded41c47e0e2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031918, "uuid": "d7032e5f-76a4-4d0f-b40b-8ef3ec85716f", "value": "12288:x8avfjKnHHYHq03Lytq3SRlW5cY26RTTmsp2TDNJ0/el69Q01ZLkrai9i+Plb5py:x8ef8HCbB2W57/TTmq2TDNJ0mM9NipgH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031918, "uuid": "79e4af0d-2dbb-4a08-a191-15ca3d7bab79", "value": 709464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031918, "uuid": "e470b5d2-7b6a-4c31-89dc-c53b44074829", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031918, "uuid": "85d29c29-d9ca-43cb-bee1-0212cce12921", "value": "c9f2aae3eae18a283ef2a868116c01d80c9e0e9588ae125c7e842f928d31acff", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bef2f0d2-6801-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1697006720, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006720, "uuid": "eb696e9b-85a3-4f7d-9859-998fa6c7924e", "comment": "Malware payload (LummaStealer)", "value": "1b1f18ea5bd95db54c0c7b1e47b76167", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006720, "uuid": "0635d176-9e9a-4ffb-9244-681f40cebd6b", "comment": "Malware payload (LummaStealer)", "value": "ca0ac59f3beafd481e8bfe6a077a104ce03a75a17b629274d3b0cdf638f0b1df", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006720, "uuid": "2a7504f6-3f36-4c57-b94b-40fad00a2449", "comment": "Malware payload (LummaStealer)", "value": "29b51caf307880a0265f3ff66ac487d87dd37041", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006720, "uuid": "35deceb5-a01e-41e4-b192-c342ab04a6f9", "comment": "Malware payload (LummaStealer)", "value": "7b48d5fa7a1c1e29b4c6c30b882c6d1c9eea0e21f53b1a03683709449aad14c8df227219d5f7f0044913f43bdc1a7660", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006720, "uuid": "938c25ea-7da6-4797-bed7-3da98849bb4c", "value": "T182548D0174918032E8B31A378EFD9AADA63DB95007D565EBB3DC0D7ECF206E1BA30556", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006720, "uuid": "54dcf8b4-7467-4c06-a74e-c74662f5a4ea", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006720, "uuid": "fc076729-3cc5-4fa9-bf35-531fbbe75789", "value": "6144:mFa1cYLmaIFOemR3SFs7Eq+SZYAO/Blhx5baVs31n5:EaeYSaWOT3c6mVeC", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697006720, "uuid": "c6b71769-b390-4e1b-ba5c-2a3b3b94a6d9", "value": 305416, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697006720, "uuid": "9424009c-7a45-4fe3-a60c-6bfe5b84731c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006720, "uuid": "b234a07e-c6cf-457d-aa08-f205ad4cc484", "value": "1b1f18ea5bd95db54c0c7b1e47b76167.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9adc32cf-681a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697017397, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017397, "uuid": "4d04be9b-1d8f-4b62-a54d-1514942fcd71", "comment": "Malware payload (AgentTesla)", "value": "8a9220abc8ec870ade5af35e7ddb0f2a", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017397, "uuid": "5389c589-d173-45eb-aaee-971c84428feb", "comment": "Malware payload (AgentTesla)", "value": "ca252b35e2990236439a68ed10fde3093e30390a14f8efc89f16a648b9abd2d3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017397, "uuid": "27ebf664-750c-464b-a5e4-ba14ca204adb", "comment": "Malware payload (AgentTesla)", "value": "e7884180208bc57e40bf516dc878ca711220d385", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017397, "uuid": "6d6c4ee5-43ab-4e72-a2d9-f9eb99f39860", "comment": "Malware payload (AgentTesla)", "value": "31e0e713784031f4293f2644cb95eae07fefe79845bdfa3feaf8f723ab17bd33ff7acfe0a20e56c4e73ec8623364699b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017397, "uuid": "48bed767-48d1-47c6-bb6b-05c6785750fe", "value": "T1CBF4F12433999B73C63C05F2646110A20BF8618A39DEE3D8CCCAB0DD99D178F9E5579B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017397, "uuid": "76fffe29-4672-4d40-b942-e05acaf222b1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017397, "uuid": "f9167865-e12c-461b-ae53-df26031c1dbd", "value": "12288:1/FrX9KI9t6LKt3OxbA8CJArHZ+MpWzMogW1OtgoQkMmsoF9K:1Jtj9QLPq8CJArHIMIYogZgoMw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017397, "uuid": "5c7d7b64-accb-47a5-a450-c3d55a2f683c", "value": 732672, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017397, "uuid": "fb7e1da6-0e32-47f3-abe4-f646c799ac4b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017397, "uuid": "630f5d6a-c337-4b02-b268-19253f4e812e", "value": "presupuesto_factura_justificante.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8028be49-686e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697053430, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053430, "uuid": "3b57733e-6723-40e5-b997-6c6f4a820b6c", "comment": "Malware payload (GuLoader)", "value": "ced4af5a976fb361bfded06260f5985f", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053430, "uuid": "96f952f2-63da-4069-9f0f-3a1d27bf5658", "comment": "Malware payload (GuLoader)", "value": "ca26fd8d4675cfec9eee79a402ce93024e4b817655df0307ba3d9dba93f918b2", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053430, "uuid": "c83bcc3e-c0e3-4417-88e5-a73579bc6cfe", "comment": "Malware payload (GuLoader)", "value": "a4d8b6552d82bf400bd2c5177263d37d044b079a", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697053430, "uuid": "b9ca66b9-142a-41cb-9571-5fd864f9aeae", "comment": "Malware payload (GuLoader)", "value": "4eaa7ac331569f0cf65661e450b2790a04ab3d9ce03700f0c457ca5239204860db0b1225ea8f1353654c8738b8dd7ee8", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053430, "uuid": "7df254e5-ad6d-4135-b030-a0a20826d87a", "value": "T119452351A7C0C82DFB4241BED5772AF219B0DC96CD658B5BC7003FA07EB32566E06AD2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053430, "uuid": "ff383003-24d1-4454-9057-6874d4ab1e2a", "value": "e9c0657252137ac61c1eeeba4c021000", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053430, "uuid": "78527fd3-67fd-4216-aba9-ea7477cfca9a", "value": "24576:jQ3IGH0kofhzE+S/MG5woa+2LvDtn0fEcz2raO/bwntZKozPOPCnsoO+LY:jQ3I7JzE+I5pCDJ0++O/bw7K8uCnsaU", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697053430, "uuid": "a6afc260-bfbc-4ba5-a9f3-05c68497193e", "value": 1239576, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697053430, "uuid": "461980f2-578b-4461-8fdd-9c3cefbf68d9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697053430, "uuid": "f239ad28-5155-4f88-aa6d-41cccbc5962d", "value": "ced4af5a976fb361bfded06260f5985f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "08857160-683c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697031754, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031754, "uuid": "1cfe6ee8-dde3-400a-a2e5-b48bc2e88b34", "comment": "Malware payload (Amadey)", "value": "1c576ece1cb918832be3d9e5f665388b", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031754, "uuid": "d05d148b-0235-414f-a6b5-12f9a70e5072", "comment": "Malware payload (Amadey)", "value": "ca9a8dc4c6b60da3ac7b512dc2cc232ee5b09c2035eecf2185277442f884c432", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031754, "uuid": "e773907d-d3fb-4780-a861-d7a06f4b0705", "comment": "Malware payload (Amadey)", "value": "3963f72cb133a1a7479c58caa582cf19040dfe3b", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031754, "uuid": "f16a8da1-cdd3-4c04-ad20-b374f5bfb765", "comment": "Malware payload (Amadey)", "value": "794e3c86aebec89f0dc614e0e168f8e47db61afb0d1ae9265c359ce69b2457c02d2f2e2cb67b72087c06b24182707be6", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031754, "uuid": "5002b332-1027-473a-9722-72819d104112", "value": "T170B533F2A0A11793E2694EF69A580EE209F0392DC7D46C2CDB6EEB355D4B311070DE5E", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031754, "uuid": "0c143321-8bb9-4ea5-8ca7-c4c4a1ec5775", "value": "370a609927075f6307bf7d0abed7608b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031754, "uuid": "76a6a431-63c9-4783-a3c2-d8b07cb1fbe9", "value": "49152:6IGvbWIAw+DUeVbZKTGcuPjIdM4ehYLB52UACew:8bVUxZKTGb0dM4sYLb2UAi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031754, "uuid": "76602106-9ff0-49ca-aa9d-e3c341788b58", "value": 2317328, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031754, "uuid": "9729205b-bcb1-4d44-9597-8a30691fc9bd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031754, "uuid": "e8b64c92-59b9-46a4-8674-d0a1094b31dd", "value": "SecuriteInfo.com.Trojan.DownLoader46.4223.7080.25873", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "db29c6f9-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067756, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067756, "uuid": "96792547-4b72-489c-a50c-a53e5ca8722f", "comment": "Malware payload", "value": "27905cf030aef8a4a66fa7398b6b71c1", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067756, "uuid": "7fdfdac7-fa89-461c-9383-049ffa7e0355", "comment": "Malware payload", "value": "caa09099489dc5dcd994adf43661f299a8ef955e0077187ff1a529fd57337281", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067756, "uuid": "def8e8e1-d985-44ec-8839-789a379867a2", "comment": "Malware payload", "value": "ada694be1fea12b0f49bbee8b47702c7866d9f31", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067756, "uuid": "ccd9d726-e78c-4342-85c3-a9f6f54754e4", "comment": "Malware payload", "value": "75e9a67c644f053708568a85423345bbd5f1cb4099f4fd6e813a11c9b165689c588453f63d41f8e29fb2c1440c5c1197", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067756, "uuid": "a7a7255c-f915-421a-99c0-3be7ecf7b242", "value": "T194258A3223B22F3DA278FBF600DD154B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067756, "uuid": "3870eb9d-82a9-4cf9-9537-9e204627d329", "value": "6144:XbfM/x9XwhyDn1IZwWiY7Sd6993+v+GH5GuAhJGd0xX7/RP7GEcZZD10rfheUCDH:wbs7A6+1EJjlieylks743vy0J1m", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067756, "uuid": "db8ef28c-62ec-4113-a09d-b9fd438524f5", "value": 1036925, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067756, "uuid": "1c96deaf-8524-4f87-bc1f-958dd53a46f7", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067756, "uuid": "2a8a8408-456f-469b-9c26-b9ab5a27f212", "value": "Notice[2023.10.11_08-07].vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "11452bfd-688c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697066128, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066128, "uuid": "f42a3b9f-5344-42e7-b218-78f03f3dcc1e", "comment": "Malware payload (Amadey)", "value": "c6f765e9b47c9eabb6180cd1afad0ada", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066128, "uuid": "46bdc097-34bf-4f86-8c5b-9a8511dc4c08", "comment": "Malware payload (Amadey)", "value": "cb072024f8c4a564f7b6416939b182cc9e8e3006cf342fbc16907659ffb405ab", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066128, "uuid": "95f43782-50c9-49b5-807a-7611d1cef16b", "comment": "Malware payload (Amadey)", "value": "d4c367090c4167da69ec4de6b7b590e9461932fa", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066128, "uuid": "b8396fa1-528a-44cd-95ad-05e1a5e0d9d7", "comment": "Malware payload (Amadey)", "value": "e702e2d22c72a0905368934e1f927862aaf9a74f8681e2c14caacdde1b95d3443dc1fb66bd1acc94d1cd4df64d979416", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066128, "uuid": "d923557d-b2d6-4bb9-8988-54840a65cac1", "value": "T19A258D2138C09175EEF320B686ECFA3A46ADD0B0072A51DF16D857EEE7206C17F36596", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066128, "uuid": "d498e9d3-ba87-4fb9-9a08-375667080433", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066128, "uuid": "5e3eea59-1276-43b5-a64d-0143cb527f7c", "value": "12288:2iC1WAVpsx7UgJCSkZZ7gFEZfAhyCgetFQ+3iByRoiu99OOrRn2:p2psxIgJCSkjQAKyC9I+30xn2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066128, "uuid": "845c7378-ebb8-4d83-9415-64a76e4ae495", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066128, "uuid": "63174478-9c27-4b19-b82e-1c5da051094e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066128, "uuid": "d88355cd-260b-4d3b-acc2-47b014e21fcf", "value": "c6f765e9b47c9eabb6180cd1afad0ada.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7dd18d8d-6800-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697006181, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006181, "uuid": "0e3f9479-e6ca-493c-816b-b8914add3ba4", "comment": "Malware payload", "value": "12c26ab43202d2ef17553eeb17376c2a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006181, "uuid": "f79eba35-04bf-4573-9c20-c9b901c0c785", "comment": "Malware payload", "value": "cb56bffb224d9bcff0753d58995c25f6f944bcb075560019cd87283e3b443aa3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006181, "uuid": "1666f255-1e9d-4935-99af-da7f5b88549c", "comment": "Malware payload", "value": "0b6226071ab1711bbbfaca2cdad6783d2658d797", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006181, "uuid": "025ba163-12c8-4005-baca-c07c12dffbb3", "comment": "Malware payload", "value": "2d7dff100c6688c268f4787d63d4e36058547cc79a0c3b14c16d3dc5f16e0894135bf5af12988b2a0fca2a809be99ed2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006181, "uuid": "9de1e6a6-24dd-4dc6-a5cd-b80f7e902784", "value": "T1D3D40109A99590B6D0713BF07A48D0605527BE482E208505B1FC7E9F3B7E583EE4A7BF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006181, "uuid": "01ccc1f9-38eb-497f-bf81-a9b64017dbdb", "value": "884310b1928934402ea6fec1dbd3cf5e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006181, "uuid": "292c06a3-36bb-4f2a-af77-256932696a93", "value": "12288:RQi9zSYMvrOK9BOKjHol+yFnWVOjTPlxsU807BN/9+FJeyuAJMX7QYQ:RQiE7eORaEOjRxsUrLUoJi", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697006181, "uuid": "42db6619-ccf3-41f8-bcec-a6252e6da2e2", "value": 653833, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697006181, "uuid": "f15283c1-b955-4f0a-aad3-ac032a9840e5", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006181, "uuid": "f979f248-fb1c-4e7f-a44c-9181aefe8716", "value": "12c26ab43202d2ef17553eeb17376c2a.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "55c61fbc-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697050352, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050352, "uuid": "553a384f-8c45-4c8a-8257-53250566e2df", "comment": "Malware payload (RemcosRAT)", "value": "c7c09ee92f929654eb182af90abec952", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050352, "uuid": "09d999d5-0306-4068-8191-1b358b569176", "comment": "Malware payload (RemcosRAT)", "value": "cb772b73e0d867d11872c40f7f25fead438f5647e73b401efb7a721ba423dfe3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050352, "uuid": "41df6695-0c9e-4c30-b056-f7c913b261a7", "comment": "Malware payload (RemcosRAT)", "value": "274056d3eddd2699acc74610040cc4f2fa69f22c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050352, "uuid": "b7a97800-bd1c-4cf3-a7cf-974b95e1fca6", "comment": "Malware payload (RemcosRAT)", "value": "d097a861740140435cf9ae959c2b79df97899f6643be4dd7d4892e8fdd157340dcbd7f053fe6fa292ac825141b85f0cd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050352, "uuid": "c456b981-7a42-4e42-a385-de9eac908684", "value": "T13885F006D3CEF932D33881F664E6B09BC2A5C7A075BA8145A800EDD7A366745FDB017B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050352, "uuid": "822d46d0-a2bc-4456-813b-db641c7728d7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050352, "uuid": "80363cc4-a910-403d-bc4f-2e3049f79d56", "value": "49152:UThLAW2J0Gqu71Qgjrh8t37LEg2sy7Pm1RNvCf2MDHy:2Dux5C3kgf4e1rMDHy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050352, "uuid": "8a4aab40-23ae-45c9-82f3-1d2a09889afd", "value": 1835008, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050352, "uuid": "40a79457-59aa-4452-8eb2-1729de9e3060", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050352, "uuid": "db066eb6-b2e9-4e8a-93af-f1b0ddebc59e", "value": "MT-501011023.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e664ab76-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697050595, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050595, "uuid": "79947fde-aeed-4fc6-923c-b7085a368b2a", "comment": "Malware payload (AgentTesla)", "value": "51f839810ce0ba1728127d41e39afffa", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050595, "uuid": "36d91da1-bc08-42c7-8121-8618cb6cbc90", "comment": "Malware payload (AgentTesla)", "value": "cb8c35f6c10b9fa1b3646cc0c231ffde270e01fa67e21ac7145687169fc81e50", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050595, "uuid": "6138886d-e4ff-43fb-8630-43a5c80f2a43", "comment": "Malware payload (AgentTesla)", "value": "e0accff644b9a36bf39c6af187160ce34d485048", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050595, "uuid": "35e6b6ce-e9d2-46c3-a069-8009b50fe441", "comment": "Malware payload (AgentTesla)", "value": "a0c1517c5a35f2ea72e6087b5322d5a06060c9d59f9bc0d2e4143726925977758eca6ea606604c17c393d14e6c504d39", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050595, "uuid": "cc74e0db-715c-43c5-ac87-c22abbb65a68", "value": "T1F4E4015E7F94AC96C4301935BEAAFFD2722E7D42DE85528B31447BDDAC322801E75283", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050595, "uuid": "b6359388-1b69-46e9-a5e7-c26cc3a264e3", "value": "7fd61eafe142870d6d0380163804a642", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050595, "uuid": "cc2f473e-524f-4fe8-8bb2-5a4017c27cd5", "value": "12288:Yt1WPmvQx0Fh9nwB04Tyzx5yfS/a+Meyp7nZ02N2+XKWN9+SpHe7ZF4W:c1Wn2wB04Gpy+b07nO2NlXN0SpHeNF/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050595, "uuid": "ee52f5ce-6112-467e-a900-920281da7468", "value": 715632, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050595, "uuid": "b0297479-5bc0-4a0b-bd02-3ef4bf8246b8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050595, "uuid": "48b2938d-c8d2-4812-8eb5-0f3460185e08", "value": "S\u00d6ZLE\u015eME-pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ae23de5c-6819-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697017000, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017000, "uuid": "b5e3b19f-4e31-411b-a6ae-263f5c44ecc3", "comment": "Malware payload (RedLineStealer)", "value": "186f0b0e577ee0de7389aa8b8ac8223b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017000, "uuid": "b7d7a2ec-5b40-4a54-a39d-e0440abc14f0", "comment": "Malware payload (RedLineStealer)", "value": "cbbb926af06daaa52b3b6c626b16678cb08fa900a28c13f0c43c4e6728bb81d0", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017000, "uuid": "522581b8-8598-4598-bf7d-2b2dddefecd2", "comment": "Malware payload (RedLineStealer)", "value": "1d4a79f2ae84228e6c18b4b074671a1b8a1171fb", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017000, "uuid": "68295ca0-acaf-4ed9-94aa-f8143e51a4e3", "comment": "Malware payload (RedLineStealer)", "value": "b73d6a69e1502f50400d4787a10ebd8cd7d7d49ae784cd8241b6f8169b0ccb4254af873a4e16011b499dea8693d70dbe", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017000, "uuid": "a9cbde24-a401-4822-ae17-392deb38e698", "value": "T15B352346B3D94032CDB11F32A4F202C71E7A7D765EE88787176198175832BA4DA323AF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017000, "uuid": "8fc830c5-af95-4352-bfba-dab69c254808", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017000, "uuid": "b48b5621-8e57-40d9-a0dd-55edf669683e", "value": "24576:cyXfgxFo7F6ydpGTWBhE+giaYLWSLkwCWdMRyLoaLST4:LPghZcla3SLRCOMRyLJI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017000, "uuid": "7afd0073-1fa0-45de-afbc-930c0a375f32", "value": 1080320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017000, "uuid": "bccd1a4c-7555-4c1c-a0dd-6adc8ed4bff1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017000, "uuid": "cff8c9fc-0952-4327-9ff1-11aa5eafc7e9", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3476a3c5-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051585, "uuid": "3f17db19-be46-425b-8ffd-85db3890d0ac", "comment": "Malware payload", "value": "8b0c6df9cd84145880a2ad29cbeaf109", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051585, "uuid": "9b1c7744-c10d-4e02-b8c6-07375eb0ee32", "comment": "Malware payload", "value": "cc54f04c71ae9d02b3741a2f681e11cbb9e4fba1c29fbe3b0df2dcfcd7ada7c3", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051585, "uuid": "722438ac-e6e6-4f20-8a62-69c87a556554", "comment": "Malware payload", "value": "bbeaa71a35948b724dbd9e0d1d33672ffa492d6c", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051585, "uuid": "1c278ac4-a356-49e7-acab-08da7b309707", "comment": "Malware payload", "value": "f506b6e76adc04315267b2dacd9388ae1e4223f410baa05f2bca43afceeddb5699cbb9bdad25194d4be73b78028cc4cd", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051585, "uuid": "1ac4e70b-d437-4321-a416-e311a0015c10", "value": "T10905FD83F3C2789106431BB1B71B7AE5ED2E0AE870C814AA9115FC85B9B96ECD5F1C71", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051585, "uuid": "68c33502-22b3-4412-ac31-abf65a87ee3d", "value": "24576:40x2kBiOwIf/jEOYw2JiplDvKzqjL9wRN0lQ7og1+O8V8TPQX9ROBC/t9OhRSIso:2lsu/vuJPTGI2433QNObrW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051585, "uuid": "94e4b257-85d3-4505-af3e-3b4f78a7368f", "value": 808249, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051585, "uuid": "27784640-f25f-454a-b66d-698dceef932e", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051585, "uuid": "d4d5a7b3-a401-4eb4-88b5-26e23d55804f", "value": "tt_copy_pdf.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9690f425-6833-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Amadey)", "timestamp": 1697028127, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028127, "uuid": "7efb3dbe-d147-4419-bfd5-2b3b9f5d575a", "comment": "Malware payload (Amadey)", "value": "a38e39cfe409a847b1252327796dd499", "object_relation": "md5", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028127, "uuid": "61cef560-f38c-48ae-9108-35859cdc959b", "comment": "Malware payload (Amadey)", "value": "cc710918467e4b28f04f27dbec45cb6168b4828de5771233f1ef0c5a485a55ca", "object_relation": "sha256", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028127, "uuid": "e39f8332-80db-45c7-9755-690d1405ee09", "comment": "Malware payload (Amadey)", "value": "ced9a956fea03e4def5fb8f5cdcdef814554f2a0", "object_relation": "sha1", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697028127, "uuid": "f6916ded-f6dd-414c-a056-f5de44bf5ded", "comment": "Malware payload (Amadey)", "value": "abaf648d9629fe3b14d72549c7a29aa16825f558662bd2c4269c027984da6a33e8b7fd2e49150499a63897d028a5ae5c", "object_relation": "sha3-384", "Tag": [ { "name": "Amadey", "colour": "#BFD88D", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028127, "uuid": "5e8183dd-ab35-40d8-a4aa-b9885c58dc5d", "value": "T10C16F654B7CA6740E59D07B30996AE45DB32F893C3018D0A7B9B86189EF33E62D51EC3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028127, "uuid": "4f471d87-e1b2-454d-b887-10f0c86dbb22", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028127, "uuid": "0026b04f-a0e9-46d5-870a-c67386c5ab2d", "value": "24576:0d+yabNjLQp8+qlArd9+5l7OuB7S7THKU4eEO+wbbNny+1dZNd/eMvey:0diZvQp727OuBenKLbnwFNZeMvH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697028127, "uuid": "26c59a6d-2b92-41f8-a8fd-dbed6c33ff94", "value": 4240480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697028127, "uuid": "50ef4cbc-7369-49f5-a4fb-dcb70ff5f6ac", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697028127, "uuid": "909cbf0d-7897-4b12-9667-56b753dfed90", "value": "SecuriteInfo.com.Trojan.KillProc2.21114.21425.31726", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bcd4f82a-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AveMariaRAT)", "timestamp": 1697052243, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052243, "uuid": "ebb9a5f1-2c9a-4b8d-801c-e41b893e7d9a", "comment": "Malware payload (AveMariaRAT)", "value": "5bb8a8ece2806e5f7e5f552a5013cb0b", "object_relation": "md5", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052243, "uuid": "3b08ecf9-14f1-4dc5-9c66-8b0751272ced", "comment": "Malware payload (AveMariaRAT)", "value": "ccd43ffbd361052165d6573e81e3a68a4cd3debe840542d12d3564687a9e4494", "object_relation": "sha256", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052243, "uuid": "79a622aa-13ef-4ada-ac9b-02dd942c15e7", "comment": "Malware payload (AveMariaRAT)", "value": "96d5578f919c22e5a70120860fccc19ada240cf4", "object_relation": "sha1", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052243, "uuid": "58a1ee7e-3709-4ca1-8de0-d7b96d1db8ff", "comment": "Malware payload (AveMariaRAT)", "value": "35ca41a85ac88d247106a0d27bc1c11f7c8791e93cabc37232d8d92aa1b6bf84688fe46416209783cd4aca38e686b863", "object_relation": "sha3-384", "Tag": [ { "name": "AveMariaRAT", "colour": "#8ACDA3", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052243, "uuid": "d2d6606d-8691-4dec-9739-238e385b061b", "value": "T139C401A82390502FF0BB7371AF30438106726EBE7595C39EAAB134CEE676740F951667", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052243, "uuid": "dd3ca2ad-8aa4-4408-b01b-44bde944d535", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052243, "uuid": "a5866545-3eb2-4e9a-967e-f3cbfde18e26", "value": "12288:ng7JhdE0qkAdWMZahFwl72SysgDxko0HZy63aSNiRe1OA8:ng7Hd1qkfbhIWxv0VKSNI6e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052243, "uuid": "3a263473-273e-4a1c-8d77-3ef491bfe067", "value": 588800, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052243, "uuid": "63369056-b591-4028-a147-a2887c4d2662", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052243, "uuid": "315891a0-2a88-4d70-9a5b-78dace9ec20d", "value": "GONDERI_RAPORU_GUNLUK.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d19a87ec-683a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697031232, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031232, "uuid": "e0ae7e39-5a7c-4ea3-b742-efd47feb7c64", "comment": "Malware payload", "value": "c47b267a11aaf34abcf7ceec04e629c1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031232, "uuid": "8e423ba7-7e4e-448e-9c14-5281cdb3efb1", "comment": "Malware payload", "value": "cdd242949c27e36165097665a7c381247579401853b06e88d2e430b55e115105", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031232, "uuid": "bef5dc39-c5d5-475b-bacd-09e13538d3f7", "comment": "Malware payload", "value": "e9f125bd5966d91ffd866ad7ebd430b59e2b47cc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697031232, "uuid": "ba2f2334-85c7-4bb3-a7c9-c8768c80181b", "comment": "Malware payload", "value": "f66190ea93b168a94ea2aa0bde8376ed6769f04207df8848ec79b4ed428243cfc3f0c24e0b6e3329bf1b55b602f67ff8", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031232, "uuid": "d37efac3-5fba-450b-addc-1066d0f9aa17", "value": "T1EA267C06BBD445E5E06BD630C92FA732D6B1BC5E1B35E34F0811D25B1E73AA18F6B221", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031232, "uuid": "cb4a3a38-3506-4212-9d70-0a8975981027", "value": "8b609662a1bb2ab7e471e49c70dcc22f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031232, "uuid": "2b5a2e18-6f01-4341-a618-98a882baa134", "value": "49152:rxjExlHWRF3fK9D+dXbk9BDkIG3uhgFt6kppmmSkHpf:rwloVT3zmil", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697031232, "uuid": "a2dd5e42-8f6b-41ec-8da7-26c03681a103", "value": 4482784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697031232, "uuid": "2083958d-a8d0-4f6c-b696-c670781d9e99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697031232, "uuid": "8d8a677d-a00b-4cd7-8648-f811dfd8b3a3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "163dba95-6856-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697042944, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042944, "uuid": "6809f9e5-2dd2-4ad3-b414-9b8ae8803206", "comment": "Malware payload (RedLineStealer)", "value": "6572806ffae09c8c40ae5c09e655e32b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042944, "uuid": "933493db-c064-47fb-b3e9-2e2f72751451", "comment": "Malware payload (RedLineStealer)", "value": "cdddecd9cdc45e16119dd3c20a02e8b164ca9ab59aeee93173c969fb27a45c28", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042944, "uuid": "99a6a7c2-4194-4876-a6b2-e522057518bd", "comment": "Malware payload (RedLineStealer)", "value": "d3d8d27882407f4a87fd1de1cadf73619b43cf49", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697042944, "uuid": "a66ed232-c66d-41eb-a54d-00c55e2f1430", "comment": "Malware payload (RedLineStealer)", "value": "73a63005a5bd0bb58c3cb23d58364d68918c3fec6ef3be1d02332b1ad14b051693029978d12cc985a627b47ebd1f4548", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042944, "uuid": "39ee2d66-27b8-4a30-9d6e-5f119ae385f7", "value": "T185459D2079948232EDA71EBE469CFB25C37CF5E1075901CF25C416EAEB743F2AA32195", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042944, "uuid": "b8be7107-23e7-4b57-97f7-a8952dd1eac1", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042944, "uuid": "bc96a804-3c5c-4999-9d3a-6c9634f4f617", "value": "24576:pHgryc7xvgf9X3fDX7Rk4OUjWyb1Nzd3CFo7nE:Uxvgf9X3Rk4O2Wyb1dd3CFunE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697042944, "uuid": "3c2d6cea-1bb0-4ec1-9c61-c2ddc9c26918", "value": 1225480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697042944, "uuid": "c0bdcd13-86d6-4c0b-b670-bd2c8f8e25a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697042944, "uuid": "da502eb5-50d6-428a-a649-ae5c9d4cd263", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8962c68-6819-11ee-a6f9-42010a9c0055", "comment": "Malware payload (IRATA)", "timestamp": 1697016990, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016990, "uuid": "75070ba0-3450-4a98-9517-22535d240e07", "comment": "Malware payload (IRATA)", "value": "f4cc94453bc5224012702d77dd3b1502", "object_relation": "md5", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016990, "uuid": "1edba3bc-856b-4238-a5b9-b16928f93b0b", "comment": "Malware payload (IRATA)", "value": "ce5062be8ea28fc973c9c26e4af44978dd70af92b866166acd2fab6bf0361811", "object_relation": "sha256", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016990, "uuid": "3c409ba8-3dc6-47cf-b656-f2aa21d6a892", "comment": "Malware payload (IRATA)", "value": "6cedd69f938f1fee068116cc0d62977f5d171708", "object_relation": "sha1", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016990, "uuid": "74b042b8-a64e-4d66-878e-36becdb55207", "comment": "Malware payload (IRATA)", "value": "5da07f1d9329587c43de896ba8d5def10510f00a14a4acc46ab3d87c4a995dda86fe0563814e6e47e655369767699997", "object_relation": "sha3-384", "Tag": [ { "name": "android", "colour": "#E876A5", "exportable": true, "hide_tag": false }, { "name": "apk", "colour": "#344CAB", "exportable": true, "hide_tag": false }, { "name": "IRATA", "colour": "#874CA1", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016990, "uuid": "704dbea5-3795-4e22-8ee3-bf67c3c4dfea", "value": "T1CE951243F766A457C9F1C3322074263611364D2ADB43B68A395C77FA6BB7DE80B842E4", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016990, "uuid": "ac5e8e3a-6019-42d4-9fcf-516449cc0835", "value": "49152:k/jsWekkbeXfQwDVIky15M3wp+lp8BEEbiPdhnwhjn2aHm:yBekk6XfB+kC5M3wp+lKF8whT2om", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697016990, "uuid": "3ac6ddba-c981-4bee-8be0-247b78b8bbfd", "value": 1883357, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697016990, "uuid": "e1b61a7b-3f16-4fff-a246-81132bc76bb3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016990, "uuid": "8455ebe3-e0c7-4fc3-ad1b-bc83a0856d8e", "value": "saham.apk", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "18f13733-6875-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1697056263, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056263, "uuid": "b6d195d1-eff8-4415-a379-34c3c25500b9", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "1cf828731729327b1649576c78b3c0eb", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056263, "uuid": "9a59404e-3c23-4aeb-99ea-fd3d1a531cf3", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "cef2bd1b1b01dda513421bb2cee542c016b3d25103e4086f6c5684e687f48ae8", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056263, "uuid": "1f9accd4-82fc-4cf2-8fd7-87c777bed62f", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "ab6496e3746be5b561b2b1d6d9732f8d423237ee", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056263, "uuid": "470a3725-0eda-4ba8-aa12-8aacf7897bd8", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "0350eaa8858b6ab97ca2322362cd96ec96153bb4c6c8ae7676ab483a324c06e338bf0def28feb6d8c8018af0a45bc8e5", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056263, "uuid": "4a9a1892-af33-45fb-b7c6-401603993760", "value": "T1ED652343F6D85172E9B11B3088F346834B3E7D31C96893AB7A85ED994E72AC4F231716", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056263, "uuid": "bf97488f-bd22-4bbf-975b-342f6bd508fc", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056263, "uuid": "2b090d46-1cea-4e94-9092-f60ddee461fc", "value": "24576:uyZmM4jHGLSp+XmwvY87x4EipROnyFPsXQg2Lz4CGrO1bDPpdeFZsFj42rEEfJFJ:9ZDtLSp+KaxnGcn2EgjGrO1bd1FjUEfc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697056263, "uuid": "cfd8be98-88e3-4925-9213-5d69028ad5c7", "value": 1547776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697056263, "uuid": "709fdb97-e690-4cf0-bf0e-901bcc5822f3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056263, "uuid": "e855bd18-c2fd-4fc4-b61b-0c7afa87eeaf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aacfd32d-67d3-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696986929, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986929, "uuid": "52b939fe-9718-460d-b187-9dd67de7996a", "comment": "Malware payload (RedLineStealer)", "value": "bd94c15b15b9d866ecf30476b5bc61f0", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986929, "uuid": "9df61499-0e5b-41c5-9f3a-a8731bb87dc6", "comment": "Malware payload (RedLineStealer)", "value": "cf8bc1b4c5bcb25f20b8e357afe36586ec312bea01a1b9ff0ffe16d3d2860317", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986929, "uuid": "0e9c0e46-ddef-4e13-8523-8e6949271ea3", "comment": "Malware payload (RedLineStealer)", "value": "dd9b41f3418f484ff76c134130bbcf96a8b65d75", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696986929, "uuid": "6c3c67c9-663c-4b43-9f66-2646bd652bcb", "comment": "Malware payload (RedLineStealer)", "value": "cf1931bf918aadef9dd8f24fe1f6e3cd9f2c589e5cb62c89f560515895af4dc5f9cfe591903ac418db30b5b45403cdf4", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986929, "uuid": "e8752606-7562-4bfc-9dc8-02217ddf1de4", "value": "T197549D007491C032E8B319378EF99A6D5E3DB950075665EBA3DC0DFECF22AE1BA30556", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986929, "uuid": "32eab989-29cb-4fc6-8385-f16668d4494c", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986929, "uuid": "bcfdb40c-5557-4ef5-82dd-9067566849b5", "value": "6144:caAFUNmaRzkvzJbUR3jCsQEU+/ZQhAOWfjh+Stn5:pEUYaxEJ43O6KkESr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696986929, "uuid": "52656e78-b5e2-4dff-ae61-cddad4c07312", "value": 304392, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696986929, "uuid": "e1e6043f-7fbf-4434-9a6d-c06c61a0eceb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696986929, "uuid": "0faf61a0-6917-4e5e-b367-9396d226e45d", "value": "bd94c15b15b9d866ecf30476b5bc61f0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ead042d8-688b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066064, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066064, "uuid": "6f5cd244-87d0-4a60-9f2f-7b3dfe7b7a72", "comment": "Malware payload", "value": "7695ab15d0cc101c36c795430ea30fa3", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066064, "uuid": "443d94be-71ef-4031-b78a-db7272f928d7", "comment": "Malware payload", "value": "cf91d27699c9c8ace0175f6445e078ed22ff8d2474470fa004d52ce6efa0568a", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066064, "uuid": "78fa9a55-4b3a-474a-a61b-22092f0e363d", "comment": "Malware payload", "value": "d590f1d42b3961e0767de3bb02014c41d4b0b184", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066064, "uuid": "6a48262b-250a-45fe-a4a7-06bba756a2a6", "comment": "Malware payload", "value": "5fe7f35d4997f8263b7981437b13e64ff427fa4b6ea6965ebf4753847878a0d981fcbcbd25deca339848be6c495dbcbe", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066064, "uuid": "3e240193-11a0-49a7-b49c-9551dbebd42b", "value": "T192742315C8A2CE9CC9372F71E51E9A07B1DDC3EDF14877AFBA6D4A80D1A74894322624", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066064, "uuid": "276d27d5-5f7c-47b8-aa94-cd1b68799fc2", "value": "6144:2dcjrKNpuS9olryq2wBs1UKgKAY5gcScNaOnUiK5jQUF3kN2izYHlbC/:2dkS9olF2wBs1UZGNaZiKx/FQYHlG/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066064, "uuid": "68807c96-f2f7-47b4-9e42-0ac1bc849df2", "value": 366184, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066064, "uuid": "0d592029-4d74-4400-a103-bc9a681a16bb", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066064, "uuid": "ab9963f4-837e-429f-97ce-e7024d637d04", "value": "AISZ2467_3568557.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a53b5f95-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066806, "uuid": "2376c79d-977a-4869-8813-ab0ab04f4773", "comment": "Malware payload", "value": "630588bf0303d5cbe862c599dc7b7eb2", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066806, "uuid": "927f871c-94a7-4bbd-9a67-8a7f9bc71a1b", "comment": "Malware payload", "value": "cfb457f32ac53f0170e8d5c86a3f802c3afc09e043182294ed55fa49049f6c6a", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066806, "uuid": "8e1a3d13-8c8e-4b1e-b614-0ea25654f424", "comment": "Malware payload", "value": "5c0e0cbf1f841ca75905e621da73ba3d45c495cd", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066806, "uuid": "f29dc576-c986-4d9d-9c29-30483125e752", "comment": "Malware payload", "value": "7e7607788a90c9427d8f32b2126b5fd3a4f8bf06fdded2fc0662b4ef0f1963e4c324a779fdeda09b4e0ce9cb64614b50", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066806, "uuid": "5a7fb432-e03b-4de5-a7c1-6883fb296dfd", "value": "T1B17423C7DDEB0CF5F05B0EB1E8A0A15717D1092ADABD1DE15676D7720033205EF6862A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066806, "uuid": "7253dc7f-40ad-429a-823a-f9ecb4c7e307", "value": "6144:xhJTIengPGRdWSvfuIHm7Qf4VnoCX+vyQATMyT+e4wCAyWGpiHSaCteYZJTYdAoy:ZIeUXSv204QwxXpQA5zGlpfaRYZJTYdg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066806, "uuid": "5d96f135-300a-41ce-8db6-971af7a640ed", "value": 365820, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066806, "uuid": "4a9ad3fd-b17e-4409-8d5e-2d445ee42ea3", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066806, "uuid": "a3f80883-e22e-4801-a334-8ff510e22aaf", "value": "DOQS1356_1344721.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e8740d26-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067778, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067778, "uuid": "46d63f3d-2318-4358-ac12-69438bb93626", "comment": "Malware payload", "value": "28c1cb7ed4e54c8328c0f389efe1a2fa", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067778, "uuid": "7fa9918a-31e9-495a-a572-8e637fb5555c", "comment": "Malware payload", "value": "d008dab2e37bdba363f8552c433cdc07775edb7027d83895cf09c89f906a742c", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067778, "uuid": "453d4325-84af-4af8-9d19-7a307f0c6b59", "comment": "Malware payload", "value": "ad7a3e3d243af45ff405b96365e1a2da262b5205", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067778, "uuid": "a1b24380-4f10-4528-8e4c-7030c5b347ce", "comment": "Malware payload", "value": "d61c9c44bce7582fc5873ea83b5f267e17bfe8ba4a8806469fd09c49571d703bcb1d3febf913d2bd80ca13c25c1652b6", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067778, "uuid": "8aacde5a-95b5-4ed1-82bf-9a091607fac0", "value": "T160258A3223B22F3CA678FBF600DD154B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067778, "uuid": "111c2878-abc2-462c-aba1-fe21f7724d24", "value": "6144:Uoiyz+yapuHcP561cfjcH1Ro85uiboM8xkk27mPwEtNBnAsRhKlZ718Irk2/Eg1v:e7K1bW2KY6XQIyiBF7K1dlr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067778, "uuid": "c0d63619-c953-4aa7-9096-9bf228669900", "value": 1036426, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067778, "uuid": "c7d21800-7da4-45c1-b375-ce055a525080", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067778, "uuid": "79c3fc5c-5073-4458-b6ce-f0e7f634da1f", "value": "New_working_conditions[2023.10.11_08-07]_2.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "48ef6daa-6833-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697027997, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027997, "uuid": "cdab017a-4cef-4c45-a985-efcc8a5560a2", "comment": "Malware payload", "value": "6a07f2bdd5736ddc5c29f858337b0ba9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027997, "uuid": "843dcb52-8594-4326-a8cc-eb408f86d234", "comment": "Malware payload", "value": "d07cae137ea1a94a60fd8998fd59bb868d136249c09d40a4ea934376cbc79959", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027997, "uuid": "d2242ac0-0476-47e9-a505-a7a812d0f119", "comment": "Malware payload", "value": "f2eef681e1bef16ec0aaf1a142869e2a70ae73b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027997, "uuid": "83eff46d-d314-464b-85c7-da3846381628", "comment": "Malware payload", "value": "e9e1d5822bdc32cb1ab3fcf3c91c0cdc872eba92e9fde4eac4008f963ca273086e1b6ab4fbceb858a2c8beb60ce80ebc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027997, "uuid": "2361aa46-656a-45d8-b64c-967fb4ef0a5a", "value": "T14FA63362D3690DE5EDB7943DC1C5853AEF62365A53A4C28B03F446B20F276E42C3EE61", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027997, "uuid": "b11e7287-6bef-4a15-8d98-bdb10abc226d", "value": "20d446c1cb128febd23deb17efb67cf6", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027997, "uuid": "acc35b8a-f6db-49aa-ad5b-897de1c8713c", "value": "196608:8AhTCL6XDwGcsAgectcGfcY3gtFrlnuG1PJT0kjFcJ0:XKGk3meWcGfd8b3Tvpcq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027997, "uuid": "4b2f5f3b-6813-4957-b191-9bc6cfbcade1", "value": 9560714, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027997, "uuid": "aa1b00a0-8352-48d0-a72c-f000ba6771ba", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027997, "uuid": "1e26c4db-6f29-430b-baa4-641ceb7ee03c", "value": "d0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "05f395cd-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697051077, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051077, "uuid": "fd3767b1-41cb-4827-9332-c11dc68d5b82", "comment": "Malware payload (GuLoader)", "value": "2b576aa7b1e26f531148fe97258f3078", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051077, "uuid": "ebae5cd0-e1e8-4829-86dd-7a186776873a", "comment": "Malware payload (GuLoader)", "value": "d08d3b8d22a6002e3687c741dfd97e328805cc522f2061060940b02417065e9a", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051077, "uuid": "55524c81-ef30-4c68-b095-92924bdc7ed1", "comment": "Malware payload (GuLoader)", "value": "e8239457dbdff6a98451660a01aa58d71addddbc", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051077, "uuid": "d100c6e4-681c-4b8b-9a62-c40e8ce5dd0f", "comment": "Malware payload (GuLoader)", "value": "fcb397a71896f1c116f7cfbfc96db6189a2225c981266b1dc9bdd9f7f0ae3c44a95c3d074e49656581815dbe721f1a35", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051077, "uuid": "bf037b38-3728-4e39-8ab7-48d67008377f", "value": "T1042512923541C2A9EC09ECB3154795FAAEB2BC513E45EA173380FB0D95721E08F1A77B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051077, "uuid": "facd349c-157b-418c-98c6-d676c0f14724", "value": "1f23f452093b5c1ff091a2f9fb4fa3e9", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051077, "uuid": "ae313e60-fff5-4471-bb4d-b7b5b12e8256", "value": "24576:ObaN3APZhFSEABHr/3btY58Ju/rzlsW9I/wnkqRs:J3M1SEABrOBsLYnkP", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051077, "uuid": "3fb9c026-9f57-4b64-b7eb-7102222a68dd", "value": 1052960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051077, "uuid": "8f49e9af-b2be-44d4-86ef-b0548d98fae9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051077, "uuid": "937c5aea-fb97-439b-8353-7e4e7bab6b0b", "value": "craig.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "12042ba2-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697051097, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051097, "uuid": "224f9c68-2f3f-430a-98b7-e290c6f046b8", "comment": "Malware payload (GuLoader)", "value": "5b7bc70c7f80f99d18b088e63e695d1f", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051097, "uuid": "405510a7-563d-4ab7-91f6-885c18fd97bc", "comment": "Malware payload (GuLoader)", "value": "d14fd7f28b6b02224fed34d96a94c11952a18f8cbcbd2ae7f4df483dee2cb3de", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051097, "uuid": "65a1b1da-e689-4987-b8b2-d2f10a7a38dd", "comment": "Malware payload (GuLoader)", "value": "0d2ba9af627b20c8691e815253cff174cc8f6c66", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051097, "uuid": "ffb2a1ff-7f52-45ee-abd1-4e8e5d0166f6", "comment": "Malware payload (GuLoader)", "value": "23a1967c5b1be22780967b5f106580dfe2754d4c34d7b0cad00beb628a533697a64cb334c8b18b7e7ec54a3e054e6091", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051097, "uuid": "e2f25151-5709-458e-8dc6-7a68913b1807", "value": "T12A35232171019222DC050D30557ADFD41ABBEEFF828434762F9579DEAE336819D3B3AA", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051097, "uuid": "419b54d7-8925-4697-8eef-abeb69a6c9ef", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051097, "uuid": "279abe0e-7414-48e5-b2eb-4b5896223367", "value": "24576:rSB7yFISxUyL61sOPijEuplGRQjrlPB7Lw9IOiMpEOtoYIHXZVbFmuseSN:ezMLwsbjfGRerlm9IOiWEOGnrRtNw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051097, "uuid": "062695ad-b8c5-4a02-acb9-9583881d0041", "value": 1068264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051097, "uuid": "3716c8af-db41-4ae9-b542-53115f5ad482", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051097, "uuid": "2ca5479e-247e-4eb1-981f-f19a8e0852de", "value": "000299288171.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e26cf5ea-6824-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697021812, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021812, "uuid": "35587f02-f061-4191-8beb-df7074667d58", "comment": "Malware payload (AgentTesla)", "value": "f43e853b59f49e2a7d8cadd8a3571e26", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021812, "uuid": "9f68f22a-2a08-41f5-bc85-3fc51f9feddf", "comment": "Malware payload (AgentTesla)", "value": "d184de6dec2429ce7f49260eb15b28964af899ccd0a3721269346c29dea25ee2", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021812, "uuid": "848b2c39-71fb-435b-befe-61794a592f9f", "comment": "Malware payload (AgentTesla)", "value": "8d2dad1b4c8a2909632d25abddc73006c7e073b3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021812, "uuid": "9cd8e2e8-c157-4fcd-9c8e-cb84b3031b24", "comment": "Malware payload (AgentTesla)", "value": "a3ec31d4524ee021705237999f040ac21a8d20460b5762d5ad2b71227cd0e28c0d318780320809e492d09be8eaa6b6e2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021812, "uuid": "de5f040a-ce2d-4cdc-97f5-432574a98c10", "value": "T1E9F4D09C725075DFC85BCD728AA82C24EA61B4BB430FD203A45726EDAA4D59BCF141F3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021812, "uuid": "125f441b-9f84-41c8-a552-29e4181e5923", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021812, "uuid": "46b8d24b-875f-4848-b78a-756b5decbf24", "value": "12288:E8b4ghL5p2iNNEisUH/YOhWt+MuIa9SOeNfLlvKigRSmcFwryd+6MmZ2Q2+D2I9v:PsghLf1XEWwOEt+eaxOfLlvrzFEmIo2s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697021812, "uuid": "98cc1c37-ee8d-45e0-b66f-30e06fe2be22", "value": 757760, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697021812, "uuid": "ec94d0f5-31cc-4480-9311-8071357b5d14", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021812, "uuid": "2a745555-ac71-43e6-a222-e767135558ca", "value": "d184de6dec2429ce7f49260eb15b28964af899ccd0a3721269346c29dea25ee2", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "310f2fc2-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Babadeda)", "timestamp": 1697050290, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050290, "uuid": "5d2c543a-8433-4f37-ab43-dd2ad525c2f0", "comment": "Malware payload (Babadeda)", "value": "9db53ae9e8af72f18e08c8b8955f8035", "object_relation": "md5", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050290, "uuid": "7ee15d36-8452-4eff-b924-2902ac3513f7", "comment": "Malware payload (Babadeda)", "value": "d1d32c30e132d6348bd8e8baff51d1b706e78204b7f5775874946a7019a92b89", "object_relation": "sha256", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050290, "uuid": "121c2337-22b6-4d47-b797-4c88f601d8c7", "comment": "Malware payload (Babadeda)", "value": "50ae5f80c1246733d54db98fac07380b1b2ff90d", "object_relation": "sha1", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050290, "uuid": "21c13b07-5624-41f8-8226-a3b5aae1bbee", "comment": "Malware payload (Babadeda)", "value": "3fdaac76f0442f7f631ab00aeb97cd7696d2587b4a38256ff767a8b5c76fa316907eaab903e841fcdb94ead157c5d156", "object_relation": "sha3-384", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050290, "uuid": "624e5881-e3d9-45e4-b9f0-d3d9555688d2", "value": "T166A36C41F2E241F7EAE20A3110A6712FA73677245724D8DBC34C2D429A53AD1AA7D3F9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050290, "uuid": "9aa61a91-ae2e-41ac-8de1-287196657918", "value": "5877688b4859ffd051f6be3b8e0cd533", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050290, "uuid": "a4e01c3a-49d7-4265-9815-eafcda152c6e", "value": "1536:17fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf4xZO779tx:hq6+ouCpk2mpcWJ0r+QNTBf4K", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050290, "uuid": "078bd80b-b04d-4cd8-a7a4-4b8662761d91", "value": 99666, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050290, "uuid": "75cab206-c6b8-4455-a3a7-fdc43fd784da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050290, "uuid": "cfcee239-2776-4826-b165-73ef16afd6ec", "value": "9db53ae9e8af72f18e08c8b8955f8035.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f14e593e-6801-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Babadeda)", "timestamp": 1697006804, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006804, "uuid": "a07c9eab-fb94-40a6-a924-e5c4a8dd9e9f", "comment": "Malware payload (Babadeda)", "value": "e941f93320c0aac948e1e88359a6c2d2", "object_relation": "md5", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006804, "uuid": "a3150c80-7eec-4859-9530-f71c9c8a31a7", "comment": "Malware payload (Babadeda)", "value": "d2100d23b3c2ac205d521d1d16d8413f38115d878936380cdb735e1277afd3c3", "object_relation": "sha256", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006804, "uuid": "c78d3bcb-4875-4cc3-931f-729353c6b17e", "comment": "Malware payload (Babadeda)", "value": "912bd25c638a9ab9d8b38f5625056744c1b19540", "object_relation": "sha1", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697006804, "uuid": "27d87ccb-8306-4552-8d6f-6b89f193f60c", "comment": "Malware payload (Babadeda)", "value": "ae444f7b350dfb6360ff6f3f67fb970895dfc79955d09c50f8880df0debc430ea696e6b266f85a73804d2556d52836f8", "object_relation": "sha3-384", "Tag": [ { "name": "Babadeda", "colour": "#2F44B8", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006804, "uuid": "407cc983-9577-418a-b8b0-1bbbf12e5223", "value": "T16EE3C041F3E242F7E6F1053100E6A26F9735A2289724E9EBC74C3E525903AD1A73D3E9", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006804, "uuid": "51a2e71c-a62d-42c3-9934-05cadc09d75c", "value": "2c5f2513605e48f2d8ea5440a870cb9e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006804, "uuid": "e9120c12-528e-484a-92ce-22adca50db80", "value": "3072:97DhdC6kzWypvaQ0FxyNTBfeBmhwZtplBSdDRAxK0/IK:9BlkZvaF4NTB28AlP04L", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697006804, "uuid": "4611c4d0-6c17-4cc8-8635-e661945bd9fa", "value": 146432, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697006804, "uuid": "fc4f965f-c370-4da4-9ae9-767f59d22841", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697006804, "uuid": "09a84243-c893-4589-b485-a84740a87b21", "value": "OGMode_v0.5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1ea91881-688e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067010, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067010, "uuid": "05c6cb42-cfcf-446e-bb64-e5921d963859", "comment": "Malware payload", "value": "ae4a87c0c70220bac56d9f7ab1d5324a", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067010, "uuid": "b5198c29-d768-40f0-a0c5-a26b6f3fd093", "comment": "Malware payload", "value": "d2e2fccac0aae54501d1199ad4b2945dd416fb05bbe9acf0840091bb4603a38b", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067010, "uuid": "638935b4-0668-4c32-ada5-a0612594a099", "comment": "Malware payload", "value": "e253260ef0d8ff3155da7a3f1c9c029197d385b4", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067010, "uuid": "93eacbc9-30ba-41b7-8f55-a9c6c1e3b44a", "comment": "Malware payload", "value": "1332bb9ddcaa49f6ae6c93905761291c73a5ded4bc5ecec760f688ee6c3a74793f2c290a17d979982ea2062b52c0993d", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067010, "uuid": "b960212e-bc42-4095-a0ef-fe36cb77223b", "value": "T17074237B870A0CEBF643E3B4926A346373F7571E52759CA09280FC4B6122D4DBE46A4D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067010, "uuid": "d9a2dce4-fff1-4778-8082-c7a96f0d80e1", "value": "6144:lF6Iq3dadNddibYpx2O013CBHvIBkl/dkVAlyqeuF9e5T2b+/UnR979KqlXjWHzi:lwdMN7ibk013CJvb9d1l/05T2C/UR973", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067010, "uuid": "dbf6e9b4-ce43-4c2e-a6ca-a6bd83801c32", "value": 365982, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067010, "uuid": "e2047031-02fb-4623-adc9-a728838bc208", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067010, "uuid": "8680a32f-53c2-42d5-9ed6-36a0d2e3eb44", "value": "ILQW2469_9164557.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "13f08d98-6885-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697063126, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697063126, "uuid": "41be1e77-c312-4cd9-b60e-3272ebaa66f7", "comment": "Malware payload (RedLineStealer)", "value": "644e88716e745e473fc01feb3d280318", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697063126, "uuid": "65061aa8-a9f1-472b-9255-af3815cb37bf", "comment": "Malware payload (RedLineStealer)", "value": "d2e59c6bccc7fa58336757261a7491984c630ae701ecb6e76699690ab1a236b5", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697063126, "uuid": "86e04957-e569-466a-a478-e3afe96bac60", "comment": "Malware payload (RedLineStealer)", "value": "6d8a5d60d92ccb9e9cc1c923d4dac99749e9e650", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697063126, "uuid": "dfcdd62e-da9c-4dbf-9afc-d8d3a2eb79ba", "comment": "Malware payload (RedLineStealer)", "value": "9487fcfea70519264e8e2ac0844ad7ac8e44249ac59897961c74faece1168945c9b197eb3a33609a8a954e95f8fe4d72", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697063126, "uuid": "8def80b5-29a9-4e57-acfe-f693e462f6b8", "value": "T126257D2138C08176EEF310B646ECFA3A46ADD0B0076912DF16D857EEE7106D17B3699B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697063126, "uuid": "0df403e3-b634-4eb3-a2db-081ed3a1d833", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697063126, "uuid": "53ec5116-8150-4dfe-a9aa-4b1174e69841", "value": "12288:06K6S+O6Fpsx18xz/lhUzWAMYU4dX6eGeQ/y3QZizaoByu99kuw4SnE7nI:0Cpsx18xz/lhUy3eX7GJ/PZi0uCE7nI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697063126, "uuid": "c0eb4f02-7a70-4f42-add8-c345f02579bd", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697063126, "uuid": "a61f576c-1df8-45d1-bf71-66902c35ab8a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697063126, "uuid": "26639a29-165e-41d3-b27e-3c3fedd64716", "value": "644e88716e745e473fc01feb3d280318.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6684eb1c-6845-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697035777, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035777, "uuid": "a0dd932a-b452-47ae-b3fd-66b22e193d78", "comment": "Malware payload (AgentTesla)", "value": "aae70a468ea74b0672caa9fc13ebd201", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035777, "uuid": "4f1ba808-558e-44b3-8aa2-0ec3f84ce77d", "comment": "Malware payload (AgentTesla)", "value": "d3250ddf26bb9a71c94d06f22345e5ac30959195923ed5ca12db747e6ab1e65f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035777, "uuid": "7b4f5c5c-80be-47e3-b8b4-8f8b863f42af", "comment": "Malware payload (AgentTesla)", "value": "5ec07f537e44991cc2f4d6af1868afa4dca8ca96", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035777, "uuid": "890b8764-3fbe-4d8b-8738-3392c5fc76f4", "comment": "Malware payload (AgentTesla)", "value": "735d1e8b96b9d1a915bdf64d343f6ace83db669249b8295442a4d82f5937e3a52170899e3b2d0a2c0097c5bbf5c39c16", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035777, "uuid": "06e2f4d1-bf01-4655-a6c9-a65156d54a90", "value": "T115F40125236C8B97E27E9FF652B4120213F67527357CD3989ED118CB6E70B428928B73", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035777, "uuid": "9588cdd3-6f23-4be3-9634-06a4933c2cb7", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035777, "uuid": "652a9282-7e6f-44ec-87d1-d9bbc423de16", "value": "12288:yOX9KzdVke4XMPHuttpmqXjRKjE+UDgIuKnCK+7XyX72eiTh4+BX:yOtEkP8PEpmAIjFUDRCKMXGAThfB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697035777, "uuid": "633be004-e0f9-4a54-b9e7-e0e8df6e2cb3", "value": 746496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697035777, "uuid": "06791159-024c-4161-96e5-226b07180cd9", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035777, "uuid": "8a3cbd60-8d73-425a-83c6-b3e744e1ca3f", "value": "obizx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ba102fd8-681a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697017449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017449, "uuid": "6518a2fc-9153-48c0-9f7d-efd519e37dd3", "comment": "Malware payload (Formbook)", "value": "2c8db258f04072e08997a940bedc4ea9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017449, "uuid": "17c724dc-7749-4a3e-9263-23cb35276343", "comment": "Malware payload (Formbook)", "value": "d3a569372c48f3d7e725e39cff6ac165ae330db00fe42ef3916b9db2c94c0126", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017449, "uuid": "c2084f86-3677-4e2d-862e-95e254937136", "comment": "Malware payload (Formbook)", "value": "4f89e0deb3651b61d9562e27aaf3f2d40acdda82", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017449, "uuid": "b7374b97-a427-48e7-94e1-3c7dbcb5b62c", "comment": "Malware payload (Formbook)", "value": "a80650cf85fc0ba021782aac83298c7cec4e1da2c386421ae3ef709c67ab0b6b11d5eedaa6bf8e422fa6c45b68c1f00f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017449, "uuid": "75ec130f-b1ff-4d80-ae09-4d957374f3d0", "value": "T187E4014072B64B2BEEF643F58520266447F6355F797AF3941EC2A4CBA8B1F810A51F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017449, "uuid": "6852e5d2-2ada-4f00-aa96-efaee7f170b4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017449, "uuid": "3474c9c8-f775-4cd3-bbb1-bd2c85453f0b", "value": "12288:TLdYX9KNNyTL0sJ2zUOLxMDhYPdoh4IapETtIfpua9b+5SJI9c:3KtwcL05IOLxMDKPd64Ia6E9A9c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017449, "uuid": "bbe25967-6d50-42b9-bc9b-8e89efb532ac", "value": 711168, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017449, "uuid": "670ad645-301b-4393-8d20-dd674fc1bdcd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017449, "uuid": "4e2edade-d2ae-41ef-a9fa-4014aaf7c69e", "value": "10-2023.xlsx.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9dc2bf86-6838-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697030286, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030286, "uuid": "1c937054-777a-4f5c-89d3-ba6db0ae7e76", "comment": "Malware payload (Smoke Loader)", "value": "f07f0f65d2afc32fc800812339010fbf", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030286, "uuid": "6397cfc5-3863-4e48-9e38-bef10c25db94", "comment": "Malware payload (Smoke Loader)", "value": "d3d304030d05e6faf4d08ff7cdfd7d9dac9db7c62f269e5f7732b37a7aa5c883", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030286, "uuid": "1b5408a9-cd31-4a6e-8bd1-bde6e289cbff", "comment": "Malware payload (Smoke Loader)", "value": "6ff6cf010526d9ee4fad55f423f96a7ebe4bbfa9", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030286, "uuid": "2e249c9d-ef4c-442f-b320-5de34914b62e", "comment": "Malware payload (Smoke Loader)", "value": "d1b2d9b95c1b9c1c5d477bbd9c25c4d30d6a4b34b03212c7a06d34bd9cd81522cdd8a59f171decfb6e38e72594386cc2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030286, "uuid": "21acfcb1-2dec-4419-af8d-49e7dcdcaaeb", "value": "T16F352313A7E898B3DD7037306CF627932B323CE65F7896AB3385685D58B25C42931726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030286, "uuid": "5ce1c039-b64b-48e7-bdfd-d34c6ec05603", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030286, "uuid": "90166c59-2738-4d98-a723-82d54fe9a985", "value": "24576:MyoQI8Nt2MEiOfa7zSCisWnY9rbScJsreP6nRclc0:7o7M5HzFAnWrb9WDqlc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697030286, "uuid": "2441605a-c2be-4df3-bfe5-4eb8ea262087", "value": 1086464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697030286, "uuid": "381091b3-ae17-4ba8-b5c3-00bace7f8112", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030286, "uuid": "617fff67-5119-4ecc-94a0-2749f3b4de14", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "79d9c096-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066733, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066733, "uuid": "a64ac871-e5f6-4110-a74c-14568abda48e", "comment": "Malware payload", "value": "b82a93fcbf401a2e338b1442720aad34", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066733, "uuid": "e82574db-efa0-4e62-a75c-15694c812928", "comment": "Malware payload", "value": "d51853fe125a04143401aac07bc50601db1de8b84a3298e56d3f1a50ebf1ca88", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066733, "uuid": "58bcd2ae-1d97-4f7d-9fd8-1763d1e48733", "comment": "Malware payload", "value": "1eb1dc83448b5c6128c85f62b535be3b7c47947c", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066733, "uuid": "375fc65d-f7a9-4f43-9d74-409e9ad581ab", "comment": "Malware payload", "value": "867796f263b9f5ff07ae99377cd2d84e9a63ce3867a5836cfc3af779c95fc9776e5974e56ca0ea2668d315e55786f603", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066733, "uuid": "47891460-9645-4214-bb01-a5f6889eaf17", "value": "T1CE74238879CB02C68998446B99C1FE5E984F18F0EA82EDA52F080D5D7B45FDE1357F8C", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066733, "uuid": "b4189a91-0060-4584-a219-d34000c1de65", "value": "6144:d/+4F5fDk2tf+UrTNb1uHszmLmTB7jpuDVlqIfAb7+v77TP3C:d+Grk6TrmjLmTB7klnI0PPy", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066733, "uuid": "1b8369dd-8acc-4900-9a55-28d0eae4add2", "value": 366126, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066733, "uuid": "ddabdcd0-180a-4b58-9177-748a207a2d67", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066733, "uuid": "16a9f42b-b0e3-4be0-9a25-e7a92dc8afc8", "value": "AGWX0168_6217698.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd60e28e-6874-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697056217, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056217, "uuid": "972750c7-619e-4c80-9be2-f9e80cea9be8", "comment": "Malware payload", "value": "81b71168a37befd2646587909efa050b", "object_relation": "md5", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056217, "uuid": "435bd63c-2f60-41d6-9b8e-1432c2f4ae8b", "comment": "Malware payload", "value": "d51b466d9bd852e4b463096b9a922fe9e06e75e1258d274b576103498e578c01", "object_relation": "sha256", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056217, "uuid": "69c3dc2d-5871-4a5d-8875-9ffe5210af86", "comment": "Malware payload", "value": "965a0db15b5cf77ea3c285d4f49d41b92a3d364d", "object_relation": "sha1", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697056217, "uuid": "79c283bd-9d4b-4575-9413-449aa61364d0", "comment": "Malware payload", "value": "a24846eaf68ba1f024e89fe1d825babd85e567ed543eaf52b5929ef5a0213e90f5d66ad8c77c69e3231ea1de019b07c2", "object_relation": "sha3-384", "Tag": [ { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056217, "uuid": "7edd9b24-96bb-431e-94ab-e009ea15a1b2", "value": "T18F11D043245D58D92CAA8DA562E20D10C63AE1C37AD519D2E96FF1D16C72300F27EBD6", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056217, "uuid": "0ca9a741-7285-40d0-9923-ae79b41ec17b", "value": "24:VdmSP7dCyfOzqiToVgTnqm5Oc+0z+d/O42QTDpap/ItZcwbf9lWU:n1FfOG7ExOV0zmVapahB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697056217, "uuid": "167a435b-facc-40e5-8de3-0b44f1a66df8", "value": 1097, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697056217, "uuid": "0fcb67f0-b968-45da-af19-635390a9ab86", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697056217, "uuid": "cdc67a10-220f-4b41-b181-26f8567a8868", "value": "klink24.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8ec72732-681b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697017806, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017806, "uuid": "25dbeb3a-a68b-4d9a-86da-472464a87b89", "comment": "Malware payload (AgentTesla)", "value": "8554d7eaedb8e4b74cb509dea6a1d858", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017806, "uuid": "7da4b715-262e-4fa3-80c9-c2f795c678b4", "comment": "Malware payload (AgentTesla)", "value": "d52275a861a9396629e78edca76c3b3cec55980115feadfd0e93ca9c400bbffa", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017806, "uuid": "21086354-ebab-489c-a099-9f2d3a6ec270", "comment": "Malware payload (AgentTesla)", "value": "d0264095f48c628036bd894b72e738fbb4ed45a2", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017806, "uuid": "3e7ac268-93de-431c-bdc1-3850545955cc", "comment": "Malware payload (AgentTesla)", "value": "4c83532af19f130baab6c243445fc6653290886ea9f441f1b427756dba8182d7b4ee5b52f71dcf6326ef70818f7daa0f", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017806, "uuid": "88927429-7c44-4430-a1d8-f096824e8ed0", "value": "T11ED4F12433B86F2BD5B407FE0071015457F9596A6530F3982ED2A0DE2DB1F24DBA2E9B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017806, "uuid": "8d642ab4-59a8-46fe-986a-84036b94e73e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017806, "uuid": "d5ecf13f-6428-4b6e-8377-6252816853b6", "value": "12288:aaX9Kjt/q3j4jIfFF3z36x2O+RtwBjBrOrIKh5Fv6oCzKIXq:aatCt+jJBm2lDFBCzw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017806, "uuid": "7283481d-c633-4a2f-b1d7-eec10c2d3683", "value": 644096, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017806, "uuid": "28825d25-b7ff-4588-9874-4500e6d88e20", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017806, "uuid": "f4189da2-efad-4a1d-9b17-e9a56852b962", "value": "Orden-no.Q20LS0984.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e9263e7b-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052317, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052317, "uuid": "606d9338-753f-4e8d-ad63-f423e006cd26", "comment": "Malware payload (SnakeKeylogger)", "value": "c9278e143752ed5f2e50c00779b408bd", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052317, "uuid": "2aa04e98-1ca0-464e-b032-355356fa6024", "comment": "Malware payload (SnakeKeylogger)", "value": "d5459c09b6b89527fa283686b3678062889da73e16c331b2459baf0bdfd7a601", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052317, "uuid": "a24e37db-4dd6-4b11-9016-f91b3c1c296a", "comment": "Malware payload (SnakeKeylogger)", "value": "7953d1ce0ce2353412cccdb34122cf8bc45e0e22", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052317, "uuid": "65a0be05-77bb-4e97-9603-a0871cdb8da4", "comment": "Malware payload (SnakeKeylogger)", "value": "aee322e869deadbc7d2128b873a28b92ae0c1413a271edf09438ea320e03e4c09daac1d49473cb58b98ae65a1bc2b7cb", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052317, "uuid": "04c43cce-852d-497a-af58-44a964fa33c3", "value": "T1CED4F12937F85B27E6B957FE5070015003F4191A6574F2A81ED260DF2CA1F28DF92EAB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052317, "uuid": "7e7204c7-773f-4e57-a712-6b6ec97d32ed", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052317, "uuid": "4d6ab92a-6299-408a-8977-d409473331e6", "value": "12288:dnX9KDFeYObaUsbPEeoB3zYTIY2QPWN723ZhA87O:dntcF4MjEeoO2zx23XA87O", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052317, "uuid": "e15e808e-fcbc-4994-8404-a7c7fb39753d", "value": 601088, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052317, "uuid": "98f854ec-c24c-45d6-96a8-d1ad8a160e23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052317, "uuid": "3bad7946-8251-49ab-a040-9f58586322f5", "value": "RFQ No # 1415060.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7f4db674-6831-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697027229, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027229, "uuid": "9d414f3d-0ddb-42a8-bd78-3c944a3221c8", "comment": "Malware payload (GuLoader)", "value": "c7989820f0690e7cca3ca472fe5f1ac4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027229, "uuid": "162a5c77-73bc-45a0-8cf1-7774ebfa1de9", "comment": "Malware payload (GuLoader)", "value": "d56c437e9a07ef3223c167a748fa470401cec439677e8d17b046870fb66e0fb9", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027229, "uuid": "dd229e86-1e3c-4e23-87d0-c798427af6b2", "comment": "Malware payload (GuLoader)", "value": "1c94295c08cd8e41e839a5339da8caaf8e996081", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027229, "uuid": "1fac91e0-4af8-47eb-9c4f-168a49c3cee9", "comment": "Malware payload (GuLoader)", "value": "296afce94ff795b2c2662131984a6626e212c4a03d65deb4ccf8614926a492d561a6f2ec1482ab155db3258cbfde1019", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027229, "uuid": "17e728dc-2dfe-437a-87ab-a42c7505e260", "value": "T126352321B400C322DC160D309637AED426ABAEFF96843C661FC579FE5D362859D3736A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027229, "uuid": "a25fe24b-e3dc-4fcd-85f3-ce6353d868eb", "value": "b34f154ec913d2d2c435cbd644e91687", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027229, "uuid": "56a96e33-e420-43bb-9851-760b1a93fe38", "value": "24576:ZSB7zdFCejOHLok1sOPijEuplGRQjrlPB7Lw9IOiMpEOtoYIHXZVbFmuse4:sDWLoGsbjfGRerlm9IOiWEOGnrRtN4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027229, "uuid": "69ecb3ac-5e7a-42bb-86e6-70670e448f5e", "value": 1086504, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027229, "uuid": "9c10d68a-3e11-4b2c-857c-125c72459b24", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027229, "uuid": "97068ed9-6246-4b7a-8ad5-877332432438", "value": "BR1498-23.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bf0f7be-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050819, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050819, "uuid": "81159f56-55f4-47c4-a009-e444f8d4ffe2", "comment": "Malware payload (DBatLoader)", "value": "841e4f59b4b52f98a3e33c47020e3f16", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050819, "uuid": "bf2a97d2-91be-49c4-8f36-3d6ad9c5eddc", "comment": "Malware payload (DBatLoader)", "value": "d583951dab966c1222b2b8b00f54783b0356f593eb9f051e1f94e0e3942bd447", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050819, "uuid": "13e13629-7c89-4546-9646-e9c0640759aa", "comment": "Malware payload (DBatLoader)", "value": "f755a16fccaf0ad08d6e51878f0bc94ee984799d", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050819, "uuid": "2ede50ca-fe9d-4533-8534-ab94e80eb9b5", "comment": "Malware payload (DBatLoader)", "value": "6fd6c9cc2acda3e617bb054363ac437a766ff451a5db919d740bf885de4158ad58492d03dec081895226651d59e92daa", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050819, "uuid": "9019efc4-f7de-4d6a-99c6-1aa6210733b2", "value": "T15C356B34B3B608B1F4A576B5C90AA7F41DFF27AD6908288982747D0B1CB67917F2106F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050819, "uuid": "ffa4af5c-78aa-4961-9477-e769f9db4de1", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050819, "uuid": "89c0861a-3717-4f20-a646-7dad61c705ff", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5C:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050819, "uuid": "ad9a10d7-0755-49f7-b511-de7d9b5637bd", "value": 1124864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050819, "uuid": "06378c63-99e1-4fb5-9186-a00963629182", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050819, "uuid": "3793171e-4282-400e-a5f9-c081ef27f0bd", "value": "Vzfuhvogqcqcvk.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0a7294f8-682e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697025744, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025744, "uuid": "8610d2d6-77e4-47f5-b261-f6679e933711", "comment": "Malware payload (Smoke Loader)", "value": "09a4d1cf939d82fd0ee7b180aa2ddd09", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025744, "uuid": "6bf01d5a-ef0b-4e93-b261-86cd8dd4ea56", "comment": "Malware payload (Smoke Loader)", "value": "d5faa19e3e7b36d568bbb744fe3b3e76a40a453c842b8beb9a3888d96e197d0b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025744, "uuid": "88d9600a-1424-41e6-9117-03ed044ef811", "comment": "Malware payload (Smoke Loader)", "value": "646b0f3c04b951eb79718141abfaab8e8020c830", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025744, "uuid": "b67f4d54-5e43-469c-ba44-cb5435030564", "comment": "Malware payload (Smoke Loader)", "value": "0206287b91165e9b404e26ab42c888788c06d703e5a23fb838bdaf551030a800f5b4d19a06427efbc727b8d7a47a402d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025744, "uuid": "2bcada8f-357e-43c8-8529-2ef0021ea1ce", "value": "T1E63523CB6BE88053ECF80B7458F612831A397CB05C78836B3B555D8F4DB2A94B932359", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025744, "uuid": "9aa4a867-e9b0-4dbb-beda-24e7e32667cb", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025744, "uuid": "ba9516a5-1ad4-4a05-8bb0-65a746b9a01e", "value": "24576:3yEetPSeEWyrCMvyZ+7DLlyhx44dTGAkyboikPfY:C9r1y8wHlyFTdkyK", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025744, "uuid": "f6b11194-4d26-4290-bc77-9c3cc5f7b48b", "value": 1061888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025744, "uuid": "009509da-91b2-48b9-a185-6d2a7fc4dcbd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025744, "uuid": "75a8c79a-67c6-4976-b737-92464a5f063b", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e426d116-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067771, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067771, "uuid": "44d1f291-5008-47fe-90a1-4d3f6123cff4", "comment": "Malware payload", "value": "4a387f0a0139c190077f9307a4cad43b", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067771, "uuid": "5d49dfa4-d02a-4a26-af8f-d414411761ce", "comment": "Malware payload", "value": "d757b66a6f509a6ad010c4d86828e9933b37cc84ff357f1b034ff7859b7d409e", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067771, "uuid": "8c3fb884-6ab4-4c6f-833b-801330f3ac52", "comment": "Malware payload", "value": "c16b16ff3792e95aae7f8fbd884f904170ab47ca", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067771, "uuid": "a24d7ec5-7b7c-4349-bf2c-cfe2c6239dc4", "comment": "Malware payload", "value": "0f55d773a9755be9afbcde8ca5deba8de20f148d61bce3553da2aae6b9daeee34828ef18068caeaf29e4179ac8da2536", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067771, "uuid": "27b05e59-3f01-4f60-9dbd-ae948c3c4484", "value": "T13B258A3223B22F3CA678FBF600DD154B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067771, "uuid": "af6da4e4-65dd-4c9a-848a-91988f310048", "value": "6144:tFatMuFoW3AYSxQ14yA5L6zvAe6ziyLwWG10ooarSBP1L67nM+f0qPcFGXiXLjZn:ArrKLsI7S0ooKmmpLOiFq9rVQzvcFH", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067771, "uuid": "c5ef8b77-9f42-4524-8687-e7baf8a79e54", "value": 1036905, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067771, "uuid": "3a9c8e08-3079-48b8-b4ee-918cd6fac45b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067771, "uuid": "745fee36-9266-4389-bd60-0aa870293238", "value": "New_Working_Conditions[2023.10.11_08-07]_3.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "bc8fe685-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066845, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066845, "uuid": "84dacb79-d703-48fe-9779-1d37f46788a9", "comment": "Malware payload", "value": "d352ad8b8a69d71d54c16ceca4409012", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066845, "uuid": "de1d7ce2-567f-442d-8ffd-a0b6811ca02e", "comment": "Malware payload", "value": "d814e8174325e86103a5ad687dca960b1bc3d4df65306ebc98897b49dab065b4", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066845, "uuid": "dbb2c42f-1bcc-4f24-bac1-ef5ff4518502", "comment": "Malware payload", "value": "4f85475636e65d6ab866b4531d7496f4cd749080", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066845, "uuid": "8f1d61d2-b175-4394-be4d-2b4314ed3e6a", "comment": "Malware payload", "value": "1c080107e4cb383ae910ff938476f80d1158500fed1bd59aeecb96933865090bf46ee69c3b20622b3091282b9cb14f73", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066845, "uuid": "f52d237d-dd75-4fc8-bd78-7907f9646ea7", "value": "T13D7423441AC24A34C463BFB07DEA39029BCDD303AE77770C7A58AE2C9E5097B81759E1", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066845, "uuid": "098772f0-2d9b-46fd-a0f9-e5c153a66456", "value": "6144:/XCPIDYlY54oFeqSpHI1RdL3d8Y0R2JimV+peju72HPLh6wZzSHcheo:V59FtSpHI1vqLAB6+ugLhnuHcMo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066845, "uuid": "7bc9a9f9-c99c-4c52-b856-59f923be7a79", "value": 366056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066845, "uuid": "aeb62ba5-a347-4946-ad35-57300d6c315b", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066845, "uuid": "d32afe94-4487-43cd-adf6-57f358b12be2", "value": "GKPW2345_8627218.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "69239d33-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697067564, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067564, "uuid": "deed0126-e532-407d-8445-db8a1fa024b5", "comment": "Malware payload (Mirai)", "value": "591df126520fa64daabf6d62e7ce570d", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067564, "uuid": "b93846ac-9666-4267-bc01-7880ff62cb8a", "comment": "Malware payload (Mirai)", "value": "d82413d77256895226848a4fd592ddcfa57050f1d0b0d4740eaf6548d6581b4f", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067564, "uuid": "bf023cb1-86c6-4bdf-a9db-cd91d19ba8f2", "comment": "Malware payload (Mirai)", "value": "8088eaae2ffaca9d4f3430f9fa5c076d6c3e0fbd", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067564, "uuid": "1f1cd42f-44f0-4d1d-ae4a-a80d53390aa4", "comment": "Malware payload (Mirai)", "value": "72b34777c67c98a1791318a3b4ecc22c4d25615838b561cb8faa6e81c0db12d0cb88c48f853a8b3f3f69c4210738683d", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "elf", "colour": "#CD6A22", "exportable": true, "hide_tag": false }, { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false }, { "name": "motorola", "colour": "#68384D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067564, "uuid": "e87b075b-eaa9-4635-9581-ded270196fe0", "value": "T135332A8A64112E6DE9DA5CB981764F0ADE541210B093171FB3BBFEC339333A4FE66449", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067564, "uuid": "0e777118-2b21-4ef8-9ece-b0f6a24d480b", "value": "768:0aOTrZQlDVoueg2me2nPQCHEM/ArPwqLWH02TCmhPol7gSu9+f1prN4nq0ezi1:0alDoRg2mew4ChAVLB2Y7gSyg1ppWZ1", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067564, "uuid": "23b6e7ae-b5dc-4b1c-b8e7-776a63ee634c", "value": 52820, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067564, "uuid": "ee386126-e35a-4cd8-bdc2-9bc0c85a85a5", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067564, "uuid": "cffb406f-8f48-4359-874d-60fa21ced154", "value": "591df126520fa64daabf6d62e7ce570d", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b21d57f1-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051366, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051366, "uuid": "52ee57d8-ab87-4bb5-9b87-bd8d2e85075c", "comment": "Malware payload", "value": "6274d545005d6477820c1af0d1346aa5", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051366, "uuid": "03b9cbca-b1cc-4e90-99d5-931513efb540", "comment": "Malware payload", "value": "d85c85461a513f9684f261143d7eebd78c6cd4b380a5bd4b37acc724a2bfdefd", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051366, "uuid": "d671f2fc-7101-4c1b-8ab6-8e1ddc7632a6", "comment": "Malware payload", "value": "e232d66e14882d050786ccf1cfb9a2a2379a5716", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051366, "uuid": "8cbcaa88-0fe4-46f4-a106-ba0e3264425f", "comment": "Malware payload", "value": "cb61a3aa88675633564a1cd4ded17733ad69d6ed83780d5ebdf91d2384f073e6cb3164b534853fd8b7904874fd8df904", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051366, "uuid": "13e14e02-2c4f-4d10-af27-eb6c38aa613c", "value": "T1C055E003D904DB97D00D83F87E133AA91F0E7F19E9D56ADB14627F8B3A30BA2095A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051366, "uuid": "12eca78d-03f3-4f9d-bc25-d4e4bb5f7d83", "value": "24576:WWQmmav30xsEZyPw6VV+6AzzZyUw6V1+2lnyICpbb0Q3EhMvscnKXow8x:LQmmQ30GWX6VK06VIbj3hkcnK4r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051366, "uuid": "52c24660-5f90-4138-824d-23ac25d29b1d", "value": 1294336, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051366, "uuid": "9123b6d4-0ce9-4f3e-adfd-420757fb007a", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051366, "uuid": "d75d1173-59f7-44e3-83a0-29d8591577b0", "value": "PO#SWASA2200157.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "17a3c138-6847-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697036504, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036504, "uuid": "f568e4cb-4e29-47df-806e-b8666111eb57", "comment": "Malware payload (Smoke Loader)", "value": "f690200711712caca599a9ac3dadb7d1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036504, "uuid": "4c1a80d3-bcba-4a4b-80d2-71f4f750773c", "comment": "Malware payload (Smoke Loader)", "value": "d8b98a3b130f9e76ab6b372ee23d6bec4bd4d0e2c151d7df7d4f764a9453ce0e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036504, "uuid": "c1f31ada-dd0e-4ec3-85d4-db47b90c8fac", "comment": "Malware payload (Smoke Loader)", "value": "6f85b03ad02aee8a5d8910babcf1e5e87fd00203", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697036504, "uuid": "df6e2074-63cd-4eb2-ae03-4bcd07c30634", "comment": "Malware payload (Smoke Loader)", "value": "ec71e139f9b416fd71921883e719d35d2a61ec7c839357ba68c7cd25721ed9a4e69ff6c7b72100c172bbbcbe3769e785", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036504, "uuid": "e92e9f51-47f2-41f3-b37c-5bf9aa357877", "value": "T1C434CF12B582C771C8374034B821C6F8767ABC729A495987376B3F6FBD313926FA6250", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036504, "uuid": "0fba8be6-96ba-4f5e-8a83-f9b016d0030c", "value": "987d26efaba6f21b1152f94099a2d2b2", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036504, "uuid": "e59c05fb-5f02-44f7-8b80-e028e0e4790b", "value": "3072:8X5in64LT3KlgAw3snWCjd2AVQy8Xoip5swgnuqhkRn5DN5lOITy:40T3QgAw/C5iAw+u6kx5DlDT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697036504, "uuid": "9e8ead4f-d8b4-4a43-9f80-b14e0032a3fe", "value": 230400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697036504, "uuid": "94d0b231-bde7-4146-85fa-97d812a33033", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697036504, "uuid": "42ee153d-d861-49c4-818b-1aba3ae3b5d3", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "687e9b72-6819-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697016883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016883, "uuid": "ad49c5ea-0661-424f-a13e-4513ebbe1cf1", "comment": "Malware payload (AgentTesla)", "value": "f307741979f36686e399daa231f38177", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016883, "uuid": "5fa45652-8d71-461b-837f-5c49b224cac6", "comment": "Malware payload (AgentTesla)", "value": "d90d513c0b6637bdf60e17b2dba7803699a370b816910116496ad827eb82656b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016883, "uuid": "f54ddc30-9194-46c1-8911-7e7b35c15316", "comment": "Malware payload (AgentTesla)", "value": "648f0a902271c0736d86186cf1fd3e3dc914118e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016883, "uuid": "eafaa998-7a82-4a4f-9d6a-542245647273", "comment": "Malware payload (AgentTesla)", "value": "77bb5189ba9f99fd63b57397564c34343ed8012b859fe4f9a3d07ba58d084045524b4b1f78b7dba9fbff28a8a081a578", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016883, "uuid": "ff7e1a71-2067-4a87-b467-528189abf4cd", "value": "T1C2F4012933EC4B66E23E8BFA4171025307F9752B247DE3689ED115CF1E61B828564BB3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016883, "uuid": "1cbf29b7-758d-46be-86fd-953190ad45a2", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016883, "uuid": "940e0eac-908b-4aac-af87-0b43c0a5c7fb", "value": "12288:EXX9K2gQTS6v2bW2Y4F957BOVVkkungQoo7OTfmDCpxd/El/TrgPrJ7a0tm:EXtNufYAcjkXnDo9SDubwA1W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697016883, "uuid": "328fcef1-61ce-4d22-9172-29ae921070cd", "value": 746496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697016883, "uuid": "8a7f4664-60e3-415a-af4c-567e21b251be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016883, "uuid": "34a434d3-e88c-43db-b676-7e7c4a377625", "value": "SecuriteInfo.com.Win32.KeyloggerX-gen.6605.15515", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "893633d2-6881-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697061605, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061605, "uuid": "baabc816-8f9c-4a36-8e06-4bf5c45faf13", "comment": "Malware payload (Mirai)", "value": "62ffc3b24cbc15a49381524396afde0d", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061605, "uuid": "7c1c3ee8-35ff-4fce-91bd-d59e39cec65b", "comment": "Malware payload (Mirai)", "value": "d91b5e21d5d45d94b543c43f3dc9c6efa235adabf4ef1f546a270190a010cb37", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061605, "uuid": "5b9d5be4-6035-457e-985b-0b9c33d4690a", "comment": "Malware payload (Mirai)", "value": "a5af5fa500128f186367714eecb39be12c2ff48d", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061605, "uuid": "b79a8bf3-9b22-421d-a6c4-2245d03034ae", "comment": "Malware payload (Mirai)", "value": "f7d034c0dc3307d2b9ac169d0b07d845d77460d0a98dd96f5b6b5ec9ba4604d4bb8b003a27d9fbc1ab98cd40646fb424", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061605, "uuid": "9f8478dc-1a47-4720-b56d-e9231a100d9e", "value": "T10A143B46DA418B13C0D617BABADF42493333AB64D3DB73068918AFB43F8679E0E67505", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061605, "uuid": "27f6bd7e-e50a-49d8-956b-aac77c279e27", "value": "6144:TF7W9P2wfKMw4avpvlu8lbqybWULSmo/udXOMwQPG9M/9CjmJwPHVmBS:TF7mVrw4av/u8lbqybWw6udXgzK/Ujmo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697061605, "uuid": "5558e4f6-dd79-42e4-8442-c01ee9cafc52", "value": 200210, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697061605, "uuid": "5f324ad3-9d2b-48a0-81ca-f52beb32487e", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061605, "uuid": "761242e5-32eb-4dc0-92d6-90dacfeb4066", "value": "cutie.arm7-20231011-2200", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cc60a620-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066872, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066872, "uuid": "e40239ca-f5b2-4a85-9857-6246c92a4304", "comment": "Malware payload", "value": "81e717f0e636c5553c039987d20e8143", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066872, "uuid": "b418d1cb-6b24-44d2-a253-71d3150ccb67", "comment": "Malware payload", "value": "d9ba225e9777145651b3b730fc8ef5f35315427ac6e6598d2f81cd78dedd2815", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066872, "uuid": "d9b6158e-2ee4-4002-9fc6-4d1706e08b06", "comment": "Malware payload", "value": "ced49c1deed2495c364075394005670e43c55d35", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066872, "uuid": "3ac390e0-8870-41b5-8393-ad36f350cf33", "comment": "Malware payload", "value": "485c7bc34b0cb678ed77c26d2ff57b189702e481cfe1fbb72f2f2e5b155b876a64ca47ad522ef6b3a7bc8ec9d55ea5a9", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066872, "uuid": "abb87322-44f5-4bcd-8b0a-f849c3271642", "value": "T1D474230930847DA512027F7FF8A6B02CA4EAAD4CD5B4EEB27B2154B013D6770AFEB144", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066872, "uuid": "9aae3c7f-5c45-4ce1-a06b-fe81be5b9ca7", "value": "6144:WjZXH7Y5v2FX2QUH9edMScPKtj/HraBA2mleHn+PZ3tXCLZIBnOai5DMXwit:WVH7Y5OzUQdMScmPuw0+xMNIBnT3t", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066872, "uuid": "a961824a-1d10-4cb1-990f-faca0e55ebd8", "value": 366122, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066872, "uuid": "0846cb16-7310-4260-a108-4899bf8d3a07", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066872, "uuid": "71c0d675-15d8-4391-a258-3b493cebd37c", "value": "ACDT0479_2406495.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1aef972b-6824-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkTortilla)", "timestamp": 1697021477, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021477, "uuid": "c9f298d8-9edd-4343-9f0b-2b7e3263f514", "comment": "Malware payload (DarkTortilla)", "value": "0fa4e701f5343e93e5df08ef7f51c57f", "object_relation": "md5", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021477, "uuid": "6f90cc70-5de9-406c-818c-58393ca3639b", "comment": "Malware payload (DarkTortilla)", "value": "d9c3cf6bb249021affba53ddba47644065aee3f49488dac1e66758a6f731e063", "object_relation": "sha256", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021477, "uuid": "ffc846db-37d5-47d5-9431-59b5880962a9", "comment": "Malware payload (DarkTortilla)", "value": "c3cfd507d65f9e2baadb99bb54098df81af6e714", "object_relation": "sha1", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021477, "uuid": "676c8dda-d414-4d88-8347-b8ebd35ac74e", "comment": "Malware payload (DarkTortilla)", "value": "10ba9272759b23a15e7e082ce78ce551172f810822ffbadfc6e714fcdff8f6d36530354a1cf7816c5cc5078c150c9263", "object_relation": "sha3-384", "Tag": [ { "name": "DarkTortilla", "colour": "#7A8476", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021477, "uuid": "9ef6fa14-ea02-4215-9432-da39d30a277d", "value": "T12F35D09EABC5A994D37D6E70F566127862F086CB1511D3A708C542F1FBB32AF78020F6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021477, "uuid": "88f64e74-9def-41a7-8c21-4742bd0656ca", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021477, "uuid": "5e91cde5-7af6-4218-bcf9-9f0f52b79005", "value": "12288:VL5CnB3lBZ4noPCwfUufsOrWYkqkOPuPP8OMhh/CHi+Z4+jBW59mthvf6i96hOn3:Vw2noYufsGkqyX8OQgJtjBuMttd2CRN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697021477, "uuid": "924f248d-29a7-49ee-b573-8e74f2f5e82f", "value": 1141248, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697021477, "uuid": "54b950ff-2015-4fa5-af70-49a7dc3ddbd4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021477, "uuid": "350acdf6-efa1-477f-9441-42687f008900", "value": "d9c3cf6bb249021affba53ddba47644065aee3f49488dac1e66758a6f731e063", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f5e86d95-6813-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697014543, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014543, "uuid": "e2166969-39b5-4a58-8141-843999dd644a", "comment": "Malware payload (RedLineStealer)", "value": "8f949da09d86d1441d30568e049422c4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014543, "uuid": "2c03311d-1fc5-46c3-948e-206fe5ec27be", "comment": "Malware payload (RedLineStealer)", "value": "dad8c08535425b16d5d4ad67145f09170cfb08f5b8fefff4a4769c529c33d4bd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014543, "uuid": "4b8e5172-ea2f-4e07-83e4-d50cf05ca478", "comment": "Malware payload (RedLineStealer)", "value": "0aa0823c606649aa3694c50a831f191227a8c88c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697014543, "uuid": "0c17fd5e-1fb2-4f8c-8339-4737eff7e9ec", "comment": "Malware payload (RedLineStealer)", "value": "d0baa7ea04324a1e6d0d8922e6c98bfd16a3e7f0bf56629ed2f75c409d27139006ea6b59c9b25d46de9688e23bac879f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014543, "uuid": "520cd3c8-f3c0-4708-a19f-5ab0b89f7f35", "value": "T18235232376D44563E8F21BB010FA0BD30B387DCA8CBC979B3795956A58B2510E93972F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014543, "uuid": "0f4e79bc-ac28-427b-8f67-fda74f8fba14", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014543, "uuid": "08b00bd8-7b87-49c7-ae7e-ad845c5526e7", "value": "24576:kyv1jgYmN/BWg0Ana/UFb0/ZrPA5ZOl3OA64Gym5hRCeQ+5J5:z90hgpAn7FbEJA5MlAyihseQw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697014543, "uuid": "dfe27a51-480d-428d-ac39-34f2662a7345", "value": 1075200, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697014543, "uuid": "68173d48-e4e4-4e88-8674-8690139a3996", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697014543, "uuid": "88602ff6-cd3f-4889-8c2a-7cf7e726a094", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "75de30e5-67cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696983404, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983404, "uuid": "4ba5166e-38aa-4bb7-902c-031194623ecb", "comment": "Malware payload (RedLineStealer)", "value": "7dd1eb2317b88a1d4f8fd73a8cd17925", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983404, "uuid": "d084ac67-19f5-4802-88c7-1abafe470840", "comment": "Malware payload (RedLineStealer)", "value": "dbf20a778fff0b4a5bb83a7240255ab02c2ae13c25ff0787cde543700111c5f4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983404, "uuid": "f7cda426-b934-4987-9f93-be0b14e89bbc", "comment": "Malware payload (RedLineStealer)", "value": "3493c79b002564b714438b02e783ea57af97b50b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983404, "uuid": "2c562d16-62cf-473e-95a2-2b3ca52ef237", "comment": "Malware payload (RedLineStealer)", "value": "f3400d74f13a711af20024308c8be8e09b21b888888b44e90a732514cbce8f12aa720163ab107721d61a4a394785fb45", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983404, "uuid": "7e65d99c-1fec-4630-bed0-b048b0c8e107", "value": "T1CF352343E7D88062DAF6AB700DF7A3C30D357C905A7582223295E9AE0CB35C4967677B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983404, "uuid": "2b450eab-cb02-4897-a4e6-63ace6552f8d", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983404, "uuid": "e0a8961b-99d8-47a8-bbd9-2b35517fafce", "value": "24576:tywlYFdDzmz5gGLFfr88SkTHjwVI7ttWRGR:Iwl8zbGFSI7Q", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696983404, "uuid": "17dd21ee-afdf-4cb8-a73d-e33c7c78a863", "value": 1129984, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696983404, "uuid": "acf4756e-d1ce-4222-973d-33dbe42407c7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983404, "uuid": "b0e1d8c0-76c1-431c-85d9-98e5e71860ae", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b45d96ff-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1697051370, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051370, "uuid": "578a211a-e0ac-4eb1-a7ee-1597afeb28aa", "comment": "Malware payload (Loki)", "value": "0900dd308506ce307ecc09381dba7d05", "object_relation": "md5", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051370, "uuid": "c8e57450-2616-4483-b620-936c3daaf54e", "comment": "Malware payload (Loki)", "value": "dc5bd8b3505d3668d205cc448c2b53e36de98c9308af92cfbee0e91bbe0043d3", "object_relation": "sha256", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051370, "uuid": "f4747c2a-5fbc-405c-98b1-db4ed14def7c", "comment": "Malware payload (Loki)", "value": "12d144b7c55c3d05e832632ccfb47c0a2005d65b", "object_relation": "sha1", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051370, "uuid": "c15b2228-3d35-42ee-9582-964149c8e783", "comment": "Malware payload (Loki)", "value": "63d2548d275d387309c8b6b10b79daf990e2316417c02fcc259890d0bb50246a8af701041a080f42a774edb3fbe17ece", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2018-0802", "colour": "#AB286D", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false }, { "name": "xls", "colour": "#0C8A06", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051370, "uuid": "41b46b10-77f8-4717-9222-e19a3086ea5e", "value": "T16A45EF03A804DB93D41D83F87E133AD90E0E7F29E5D579DB14A27F8B3A30BA2495A51D", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051370, "uuid": "f0d4a103-e783-4676-bec6-90431e6fc59e", "value": "24576:jWQmmav30xsEZyww6VVWmjSDZyFw6VvW3TbUNnQsoPEpV04xeP4wZo:CQmmQ30GW86V6B6VhQzPP4xeA2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051370, "uuid": "3a74273c-a3c5-4879-8983-778417fa576d", "value": 1179648, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051370, "uuid": "dd448e98-d94d-433e-a20d-191f5434e0c6", "value": "application/vnd.ms-excel", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051370, "uuid": "9890609b-1c31-4c2e-a698-c7f02812040e", "value": "Arrival Notice.xls", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b9acb6c2-681e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (GuLoader)", "timestamp": 1697019166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019166, "uuid": "ad4b7727-de24-462b-b2bc-1ff0aaa1fb40", "comment": "Malware payload (GuLoader)", "value": "0078401bb3795f37152191030bae02a9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019166, "uuid": "5da38e1f-97b7-415c-ba23-14a7cb75d765", "comment": "Malware payload (GuLoader)", "value": "dde3f6d55036b675a55771a2b9a65f306b2a7802415ee89c9d3bd35114431e65", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019166, "uuid": "dd21cf2d-9fa2-4f65-8406-f9d075becb9a", "comment": "Malware payload (GuLoader)", "value": "b65574dc6fa6fc815b85095b1a43e582876e16a1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019166, "uuid": "921d08bc-c851-4ae0-8fad-79d27fa54316", "comment": "Malware payload (GuLoader)", "value": "e115ae2dde00bd0fecd5ae7008570e38f0908060340f266bcce0f75d27b09d7acde9d6c9c00235f5797971ee9c3d43ce", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "GuLoader", "colour": "#DC91BA", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019166, "uuid": "07e5d795-71f1-42ab-a5a9-05240678c05c", "value": "T143D48D93B764DCB7F4A719F66E8FC02024B12D5C81E5960D66AEF71991F330250FBA0A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019166, "uuid": "619e8728-75cb-43dc-9122-3d279cf1c6ed", "value": "c05041e01f84e1ccca9c4451f3b6a383", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019166, "uuid": "da9aa36d-d62c-41c1-9f73-d40791cb642f", "value": "6144:SgORa6xKTuuuqjL7IMLeSI/va/3ur34Jp2np+UONwVx9InPNnrUIXoEYAVZ7p7aP:Sgm/Skv43C8gnxOOVx9QFn4CBpT5k", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697019166, "uuid": "fface58b-e002-44d4-9970-2049fab43a4f", "value": 617607, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697019166, "uuid": "ed1ccd39-fff4-43e7-ae0e-7ae1a5db7437", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019166, "uuid": "35399a94-26e5-41bd-8e2b-ac22e37852b0", "value": "dde3f6d55036b675a55771a2b9a65f306b2a7802415ee89c9d3bd35114431e65", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fd76f9d0-6807-11ee-a6f9-42010a9c0055", "comment": "Malware payload (CoinMiner)", "timestamp": 1697009402, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697009402, "uuid": "53091bd2-5db7-4a3d-bf2c-fb320275f7fe", "comment": "Malware payload (CoinMiner)", "value": "aac23ff6c2cc93769600e060ab7cfca9", "object_relation": "md5", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697009402, "uuid": "aa6cf7b1-5193-4135-9b89-ec208b35f8ef", "comment": "Malware payload (CoinMiner)", "value": "ddeda215cd74d0d7516cd2862d6ef39d1329e5d06dc59f4b38f95a36b1c69bcd", "object_relation": "sha256", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697009402, "uuid": "a29bab22-6759-4217-80a0-db3ff6219df8", "comment": "Malware payload (CoinMiner)", "value": "9d890df929936c54dd9283282135a9c0ad6f922d", "object_relation": "sha1", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697009402, "uuid": "a463aa15-965b-48d3-8432-42616e86b430", "comment": "Malware payload (CoinMiner)", "value": "51c1151f1221b603a7070fa3538fe51ac0a80ac188c645c5bc36bdcba93375ecf254b4af691c0f7d0c469715f0800c35", "object_relation": "sha3-384", "Tag": [ { "name": "CoinMiner", "colour": "#B30460", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697009402, "uuid": "ef11ff5f-f8c6-47c5-a694-2be4cd7dfc3f", "value": "T1D8848C61B351D871C96211334974DB7A25397C200BB055DFB3E8BF3EAAB32C26632766", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697009402, "uuid": "2c63d45f-7483-4cff-a29c-20005b810266", "value": "4ae233e271f9593b3373c8d875c9b855", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697009402, "uuid": "46730980-1220-4969-bd63-c5241ed3ca55", "value": "6144:BldGJUaHy3IL1kBu+11KhwAORVGBapZ1LQumfF5Iuxr1T:Bly7HAILqv1Khw3Re11T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697009402, "uuid": "2b41f815-5e2c-45e8-82d4-7fcf7d630711", "value": 404480, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697009402, "uuid": "15b9c2d7-9297-452b-8ac3-1a0cf4d6e6a4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697009402, "uuid": "9007aa77-14e8-4a56-a4e4-c4efabbc72bf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b50fa9f0-683e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Loki)", "timestamp": 1697032903, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032903, "uuid": "1d5d3d1d-1cda-49ba-84cf-68ecfc592800", "comment": "Malware payload (Loki)", "value": "2f35538047a7785c4c0a03c8c06a2ff2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032903, "uuid": "38bb903e-6dd4-4b50-b0bd-e9b23fd6d0c7", "comment": "Malware payload (Loki)", "value": "de4be318ace25eb34f49ca50f0c3517d221478ae9a5b6766705217176271610e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032903, "uuid": "76523494-fbc0-41e5-beed-b3a46d6b6c99", "comment": "Malware payload (Loki)", "value": "e42668430aee9a955998bed79a84bc0bfcca0ff1", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032903, "uuid": "bb98d23f-47f9-46d2-a6fc-76c961a72dff", "comment": "Malware payload (Loki)", "value": "1e04ab6a34f7d205fb0d19e117e20026eeecb8b66d9de5ae6174432e1df573d2644f9ce2f06d68dce3f7a2947fcf07ac", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Loki", "colour": "#D4868A", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032903, "uuid": "c287ca94-a60d-423b-ae3a-672891a3bafb", "value": "T1B6C4E12823A88BA7E23E5BFB51B4025207F9651B313AF36C9ED128CF1E61F424565773", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032903, "uuid": "c62f8af4-92bf-48dd-a245-46ba7e65f154", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032903, "uuid": "8e529557-cc6e-4b13-b5b4-3d54b96fba87", "value": "12288:oYLrX9KORpP0Ah+CsKaMjKmb6fQnnlH1Gd9jgAS:o0rtHx0AsCPaMjJufQnnlH1b", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032903, "uuid": "c6bfafff-6cf0-465b-add5-cef8eaf46466", "value": 592896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032903, "uuid": "f3dbe325-0cff-4a5f-a08f-bdce6fa3e1be", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032903, "uuid": "a22651ed-cbc4-4a1a-9347-cbab48df234f", "value": "Report.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "41437da5-683e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1697032708, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032708, "uuid": "16d6ed35-2f3f-470f-b879-b556e1830784", "comment": "Malware payload (LummaStealer)", "value": "7b90c090932257d4d273de6f1fe2c20a", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032708, "uuid": "3ff0c9a6-2922-4f4b-ae02-3d284f546753", "comment": "Malware payload (LummaStealer)", "value": "de6c4c3ddb3a3ddbcbea9124f93429bf987dcd8192e0f1b4a826505429b74560", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032708, "uuid": "ab42dd0d-a7e0-4ecb-9b09-c730e43ecacc", "comment": "Malware payload (LummaStealer)", "value": "4b660fbce6a5d91792e3514eff227d7a480ff845", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032708, "uuid": "01d9f682-58cc-49fa-8a77-5632c95b0a8d", "comment": "Malware payload (LummaStealer)", "value": "445f1638522c091f5a6a9d44e4efc1125971017a16703cb8ba334f8acb86a434b1c6dc7a47b19b5f9fb96d49bd626bbf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032708, "uuid": "1db0e0fc-742d-48f2-a47d-819b861cb4e4", "value": "T12BC4AE430B3B991AC91D307E9C7D4125D8BE7CF81525BE297CE848268D72BF939503AE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032708, "uuid": "18fafc8f-5276-4185-a1de-ce993ce21e89", "value": "1dad3e8a25605e3da6c89bdbab10b2a1", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032708, "uuid": "c0b7296e-46f5-49ee-a10d-67480705fa46", "value": "12288:qUurLilsB4eDAmK+roPD0TM5XM8/56Bhu1K:qUur+lMw+0YTAf6zuE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032708, "uuid": "98f74c4f-8a64-44d2-8282-be63a5b03e81", "value": 550400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032708, "uuid": "6e85de10-4899-4424-ba13-7bd930c2818a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032708, "uuid": "46c10995-e59c-44ad-b93f-32d1458d3ea9", "value": "de6c4c3ddb3a3ddbcbea9124f93429bf987dcd8192e0f1b4a826505429b74560", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "222d3922-6829-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697023637, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023637, "uuid": "bf940ec9-62f1-4b14-acfb-46f05c6a6497", "comment": "Malware payload (AgentTesla)", "value": "c024a4e2e6f55d364dcf366d9c77f08e", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023637, "uuid": "3b16b10b-5835-4fae-91d6-8329058787b0", "comment": "Malware payload (AgentTesla)", "value": "dec1d1854a2b0b3dd914323f076434ee14831f93672b2e8d361762886c0b2d7d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023637, "uuid": "b5e18ff7-5165-4d17-be03-b4c61dc1b8fb", "comment": "Malware payload (AgentTesla)", "value": "b101270ddc2305c0e6b9adfd879e52605320c572", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023637, "uuid": "a33349d5-f7e9-4ade-a924-1404dc88b9e7", "comment": "Malware payload (AgentTesla)", "value": "b368532112ac2d83fea2c19caa8db4b01f68e4e2b1a5dbb5f3e508e37e7dc55d2c193372647918524a0d635604da2f9b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023637, "uuid": "4167a645-e479-4ddf-8706-b8cf25dc4ff2", "value": "T1EAE4E11FF545CE02C41CA7B6E98309081B716B45B563EF8B3886175A2E233EB1D8A5DF", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023637, "uuid": "3b40bd8f-c624-4b6a-9ce0-9505be662767", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023637, "uuid": "994c0723-c6ec-44d9-856c-7ee43d4c2f77", "value": "12288:U3wMMrAkfYfWi8k1+s0EKjnUNfqDqLj48N5Nz8SOa1k78Ve+XX0gyPXw//xlNa2:UgMkAkfYLZZqDm48N5NCElVeC0vPXuls", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697023637, "uuid": "2ec1629b-46f0-484d-a91e-6bd753cf4a7e", "value": 715264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697023637, "uuid": "b7e2cae9-6d41-4e03-ab10-9ded5b49ac0b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023637, "uuid": "7436d743-a617-4cb9-afdc-a3dfb9ce719f", "value": "Scan_Docs_SKMBT Filled CompletedPDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3aeabfd1-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067916, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067916, "uuid": "e10f327f-f67b-45bb-9aab-97279da598c2", "comment": "Malware payload", "value": "46f350ec9ce87d9023042f97b29b91b9", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067916, "uuid": "8fa8690e-d908-4f3f-8279-f597d66b09bf", "comment": "Malware payload", "value": "df82ab215bf51e8ed504344bb7d2b1c50866177d07fa726cc10b1a484d6658e5", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067916, "uuid": "34d75bfc-7442-4880-9604-26b2aa1b857d", "comment": "Malware payload", "value": "676df45e5ad9000c6a6701ef27c35d0693a09132", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067916, "uuid": "0b0459d1-c79b-4576-828a-20385658ec2e", "comment": "Malware payload", "value": "09808ad8b67da699c3922a443521da8b0a6ea9cae13602c63aa86d4fab1aee54639e53f8054e12402a70d13134415815", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067916, "uuid": "03f61813-d3fb-415c-892c-a5c37e77051f", "value": "T1F8258A3223B22F3CA278FBF600DD15579E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067916, "uuid": "c50409d7-75d8-4411-8288-c63428b07408", "value": "6144:H6kjN7KwEdQ5Q7llO99mZzMNLrM7Dir6DpgFMMjbwgXvuWlac89xwdjZEziC/von:/CGsyXCpoMMXs3s5ZImsQapwf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067916, "uuid": "95bee702-95c7-401d-8b93-acb7a67a1cd8", "value": 1036811, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067916, "uuid": "13d55f19-86c8-4099-9ffe-a90f7b9ee705", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067916, "uuid": "e3845d2e-a131-4f1e-b8d4-d75a3bc62494", "value": "Document[2023.10.11_08-07]_1.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "68d99fa0-681f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697019460, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019460, "uuid": "89c279b4-038b-4356-b2ab-721a6066f041", "comment": "Malware payload (AgentTesla)", "value": "6cd7d2b2be284d2123ece641f47841a8", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019460, "uuid": "40440934-e3ba-4434-a666-c9aa6fa439aa", "comment": "Malware payload (AgentTesla)", "value": "df889dba62250399da03f307d741baddf9c3f07004e08a64fd46c9fc2b814949", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019460, "uuid": "07e9c6e1-17dc-45b9-86c5-cf053655c061", "comment": "Malware payload (AgentTesla)", "value": "a2aa0b8897af6825d4122439b6d47221c5818c82", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697019460, "uuid": "67c05cb9-684e-42c7-b617-b0c2d68c8c42", "comment": "Malware payload (AgentTesla)", "value": "d8dac33193ea89eb2d18402ab9aa7a7ea71240219fe33b5ec7c2ade866a76491e149fcc9aa34f923a3ece6ecf66f180b", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019460, "uuid": "e1047419-f332-4813-a8c1-6369406aa3f6", "value": "T130059DDE325076DFC967C4B2CA641D64E620A5BB430BE203942326EDEA8D9D7CF151F2", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019460, "uuid": "8c1c190e-91a1-45f9-9231-8ce9c8991aa6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019460, "uuid": "fecc0754-7c5e-4718-b1d8-a12eda7ca8cc", "value": "24576:1+Iif4BgpwcJKwiF3dmXvmu8tPC3T7NmAbuazX:1+IiABgpwcKd0hMCjO4X", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697019460, "uuid": "de30c9d7-65d8-4d07-8ab0-8aea632c99a0", "value": 806912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697019460, "uuid": "fac41504-a4d6-4f07-b522-e9908dfd9c97", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697019460, "uuid": "967be7a8-9499-4428-af09-f8015dbab8d8", "value": "df889dba62250399da03f307d741baddf9c3f07004e08a64fd46c9fc2b814949", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c2e94dbe-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067715, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067715, "uuid": "cbeb4b8c-06da-442a-a9d3-4b2141f81d0f", "comment": "Malware payload", "value": "e8a1edd54486363c92f4ac2497ce8664", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067715, "uuid": "ed2e995e-14cc-4a63-a9da-f65f12bfb76b", "comment": "Malware payload", "value": "e06a089ccdfa6812de93b07442ad80444f89b90a3ef6bc34d072a4f5d4c80d6c", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067715, "uuid": "247672b5-ca91-47da-aa5c-207f2d43394c", "comment": "Malware payload", "value": "53b3cb1b89fc2190a21938f38720f355ba3c78e0", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067715, "uuid": "43ead57c-6b18-4a0f-8427-65fd32c6edb2", "comment": "Malware payload", "value": "98244c15c708afeecbf0f91e688e8c34b1d740d9466ed246433ae00ae27fe3d2e8bb27f7ee6d4ee973c31de42ff0f1eb", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067715, "uuid": "2473be09-cf3e-4e34-91a6-88c3b19017e2", "value": "T1B8258A3223B22F3CA678FBF600DD15479E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067715, "uuid": "b32fe0c1-6fbd-4f67-b4bb-f117d61392b5", "value": "6144:iShN44SFeCPOGRRaENmegCCfnS7rof7S5I8dwEQtc/0tGQYrdaJpya4ZBtCOZX/R:lG5IPMHdw1w3JaUjPKOppBOq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067715, "uuid": "7f81371c-bf2b-41ee-98e4-9ad4197a73c4", "value": 1036580, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067715, "uuid": "87a7e0a8-42c8-4500-a2f0-fc77c5f5f9a0", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067715, "uuid": "a2923eb1-ae0c-415c-aa16-6d8774ebd93a", "value": "OFFER[2023.10.11_08-07]_5.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5a05db29-67ff-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697005691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697005691, "uuid": "dd02f3a9-45cc-44c4-96f2-cc0489a438e3", "comment": "Malware payload (RedLineStealer)", "value": "a05013b73c561a1ea12cd1835278b4c9", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697005691, "uuid": "3998e442-1c4b-483e-aa09-7ff38bdb7715", "comment": "Malware payload (RedLineStealer)", "value": "e074f166319a73c358eccdc9e0478314eb51d144e72de83c602823c8f72b7093", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697005691, "uuid": "3f7ac1b1-4b7e-4d80-839f-462ccaee0025", "comment": "Malware payload (RedLineStealer)", "value": "96ee6ac73e086f95b0a488bac660aa3ae8081f91", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697005691, "uuid": "9440d86f-2286-46bc-81c1-6f19e758ed0c", "comment": "Malware payload (RedLineStealer)", "value": "53e958cb2e7bb89682ca4c3d4702a74fee08a9ce9541bea748ca95a1270c4529b578926ee2266afac141a39468123350", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697005691, "uuid": "dbb5972e-2d6d-43ec-b262-d138cf1da582", "value": "T107A48EB57843C272DF2511370F94ABF3AF7FAE980D59E40B1BBE06686ED809081954DB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697005691, "uuid": "4460a9ed-3c30-4a04-a3a0-8c5777f28ae9", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697005691, "uuid": "51e9c91e-3a05-4b89-891a-6df56e0480a6", "value": "12288:7aT3GNAIQR1TWt+PtUIoWc3UOiWFKB53+TctDXKJGYITGEixrUF+XHbmOLvgA45M:7aaNdQ+IoWc3UOiWFKB53+TctDXKJGYJ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697005691, "uuid": "f9f6eb08-271b-4143-8597-f66b148b2186", "value": 457992, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697005691, "uuid": "2557bec2-22cf-4d03-828f-93146be2d1f8", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697005691, "uuid": "6bb705c0-d44f-4f77-85f9-d26a2c72b4d4", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d0266dfc-6820-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DarkGate)", "timestamp": 1697020063, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020063, "uuid": "4bd8fe89-17c4-4346-84ac-73492fa10f22", "comment": "Malware payload (DarkGate)", "value": "ca8b4396563653be9e1a727d85164cab", "object_relation": "md5", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020063, "uuid": "464f2ea5-8758-439c-b65f-b039078752cb", "comment": "Malware payload (DarkGate)", "value": "e122ce7c1e43ab9d8ea7d9f078ce588f605010009dbd9a9acea4ec26f57919e1", "object_relation": "sha256", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020063, "uuid": "ced452b3-3e9c-472b-8c88-a754191a1d50", "comment": "Malware payload (DarkGate)", "value": "6f3ea227c6c223bfdea2c6949c2291aa630be553", "object_relation": "sha1", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020063, "uuid": "c84f739c-ea3e-4d0b-a7d2-e5db5d37151f", "comment": "Malware payload (DarkGate)", "value": "defb785333368fff76910a98b314a295bccaf7f66d5eef4f506c50ad201063fefb5e891bd938df660243dd99e1db6c1e", "object_relation": "sha3-384", "Tag": [ { "name": "DarkGate", "colour": "#BD9475", "exportable": true, "hide_tag": false }, { "name": "missing-payload", "colour": "#8A1C85", "exportable": true, "hide_tag": false }, { "name": "msi", "colour": "#4F84E1", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020063, "uuid": "5ac25d59-bccd-49f2-93e0-19c03feefdd8", "value": "T130A4D0613BC9C13AD2AE063785BA8B6626367D751B30D0CBB7903D6C5E316D3E939312", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020063, "uuid": "27b58939-dda6-4aa6-beb5-e781712aa1da", "value": "12288:StvRQ+gjpjegGao8gAQHmCVAaIxUh6osx:StncpVGq9wqUM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697020063, "uuid": "321cacd2-ab92-4192-a19d-2c3a5be335c0", "value": 491520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697020063, "uuid": "7cab714e-36f7-4dbc-acb7-196147142609", "value": "application/x-msi", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020063, "uuid": "9bfaf387-4322-4c7b-9956-2d01339092d1", "value": "Report-119.msi", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d34de3fb-681a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697017491, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017491, "uuid": "9bccd865-9d87-46a8-a2d8-7f220108cdb8", "comment": "Malware payload (Formbook)", "value": "885896c57d4b67ea021b5fed43f7f53c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017491, "uuid": "4268a9e7-cd95-48e0-b198-71d7be24693b", "comment": "Malware payload (Formbook)", "value": "e12bb875c395c4575c2482f653fd3005cc564a244e027f47218c99569c22ccf2", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017491, "uuid": "1395936f-0ddf-44ce-a39c-dad70fd0334c", "comment": "Malware payload (Formbook)", "value": "4cb92a952f30d93dd2dfc95275121145a87a013f", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017491, "uuid": "86ae6d30-41bf-41b8-8703-18d978db1a57", "comment": "Malware payload (Formbook)", "value": "03cee630e92c26f2fa0364ab8943b51ddde9bf80af056891dea624e2be1112858c05bae2bc84f8ad7d85b4ff8bcd1038", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017491, "uuid": "72f1b098-de5a-4f66-ac01-aaa7ddc3866d", "value": "T136E40104B3BA5B67EEB987F24A60151047F4355F393AE3941DD1A0EFA9B2F004E51E2B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017491, "uuid": "5a1824ca-8b98-4e83-95c5-f228a38076d4", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017491, "uuid": "479d27d5-e6fa-4cc3-a0d4-e188c62aff26", "value": "12288:swYX9K1MgxDLPFMe6svQgLp7K13pKHTe0cc7sSnmZtVpZNOP:wtKDLPFZvQgdYQc7SnmZHnQ", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017491, "uuid": "03e7e442-49e9-4362-98aa-f51a587f822b", "value": 690176, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017491, "uuid": "68ea61d1-3d2c-45bb-b880-5075115b24ee", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017491, "uuid": "b96b316b-3f61-4aae-b831-0e0f5a85c8b8", "value": "23766473663532263.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c10533ce-6831-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697027339, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027339, "uuid": "5de28508-c14e-4b84-bfe7-b3c96c30d4e2", "comment": "Malware payload (RemcosRAT)", "value": "86dc181304e3ce026b6c7f1d8dd22cb3", "object_relation": "md5", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027339, "uuid": "70f0d287-1a7b-43a3-b26a-f343e3063c43", "comment": "Malware payload (RemcosRAT)", "value": "e17bb5e8ce37f3af1fdb939374b1d55464ade23a1150a3fd045f39625cbcb0c5", "object_relation": "sha256", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027339, "uuid": "6014155f-950c-4b39-9e31-d620c15c5562", "comment": "Malware payload (RemcosRAT)", "value": "8030eeb80598c57c6cf751498458d5aabd6b7400", "object_relation": "sha1", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697027339, "uuid": "8f8ef170-f42f-4d4e-836a-99203800faca", "comment": "Malware payload (RemcosRAT)", "value": "0530bb8107277325fee23beb9bb094f95e120343538fa26813d23f40e9061311654447031b033cd922308c51aedbaf84", "object_relation": "sha3-384", "Tag": [ { "name": "ace", "colour": "#72CEE0", "exportable": true, "hide_tag": false }, { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027339, "uuid": "f60830b2-066b-4d34-a450-752e334eb40b", "value": "T10F15337E9B0E2A7DE848ADE622181BCA5C1B47B6031BDD4F01B49C85C7787E7E43E950", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027339, "uuid": "6191e602-5603-4404-a94a-8e3b51d2fcde", "value": "24576:qd+uDS2/wDHcAeM6OngsMa2lBmCPIzVtPXtIOo+TseGS9o:G+SS2y2jRiHtIOo+GS9o", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697027339, "uuid": "fba7c2a8-6885-4eac-b66c-e14d17e080dd", "value": 909288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697027339, "uuid": "9f8cdd0b-93e9-46b8-9650-5e1efc5a3d50", "value": "application/octet-stream", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697027339, "uuid": "acd490c7-a34a-44bf-b720-97ae5c0da52b", "value": "ProformaXInvoiceXPDF.ace", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3e90ec17-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052461, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052461, "uuid": "63100f64-719b-42b6-b2d2-a647ea06eb18", "comment": "Malware payload", "value": "b691256181f34d2e96e9e8bd0573b655", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052461, "uuid": "08d03154-e941-447a-9cc7-b113a8621e9f", "comment": "Malware payload", "value": "e2016c65f1ecf142c0b50f91a169c21812234462a048c6e2e0d10ea735d45094", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052461, "uuid": "716a5c13-7689-4aa2-934e-f6f963d96031", "comment": "Malware payload", "value": "3e473a3e61cd3b2f5b6e70598f1d064b16f31e67", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052461, "uuid": "a0f4924a-8f54-4dcb-b88e-feeac7cf09ff", "comment": "Malware payload", "value": "2d89b956bea970a5dedce624630c71d04ebda8c2b6e7ff1b3b0ecca464276815e726f8f2692376a8524fc29a4e8ab731", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052461, "uuid": "aeaba734-2c1c-4c2c-a1a4-660e6a494565", "value": "T145C4F71833AC453ADDAEC27490515688EFF4C12592FE9BEF2681F6ECACC67D38A45053", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052461, "uuid": "ffc733ec-0e3a-4a54-ba82-1c0f5aa7d1a6", "value": "12288:9ht/vlfov3CVkHUTu+i8iwWpZo03BOeKLcdve:5vk8WpZL3ceKL8e", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052461, "uuid": "ab3ba114-5be0-478d-a51d-80ae289391fd", "value": 555520, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052461, "uuid": "f2bb0a71-23dc-4eae-a387-e807751f77e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052461, "uuid": "610fbf6a-2b86-4e25-bdec-23f8b7720813", "value": "Elocb.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b62ebc3a-684e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697039776, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039776, "uuid": "803b1610-94d9-487d-b80e-aa718694e516", "comment": "Malware payload (RedLineStealer)", "value": "a3f6ec07afbced322d6c3478afc2c7ec", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039776, "uuid": "f161311c-9abe-4563-af4f-e98514faed3d", "comment": "Malware payload (RedLineStealer)", "value": "e28312af30e68fe998aa8ecb14753ad4d4c3fb31e94ad75a1bffbb57e3fc5386", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039776, "uuid": "a047d35b-8771-4c0d-af2c-65a7d230e8f8", "comment": "Malware payload (RedLineStealer)", "value": "f529bed6e56f4171f9f9e60c5e6c44d98fad5f67", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039776, "uuid": "5aecb751-4ce4-4ed9-be56-0d16228658bd", "comment": "Malware payload (RedLineStealer)", "value": "464161fc0d8d485b4019202eb30f8b275b85298b84638d6816eb3ada301341b6c8e3f12fd061b2a9bc9a4c36e7daf4e0", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039776, "uuid": "e7d883dc-82b8-43de-99b9-60ef7a28ad94", "value": "T150449E1375D1C473C573153209E4D7B95A3EB8680BA249EF67A80B7E8F703C19B31AA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039776, "uuid": "c2c921e4-c2b8-457b-a9a2-f1aee2d9b7c9", "value": "06ede52fcc31e4900f4f1a7060fce645", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039776, "uuid": "9034ea64-202c-40f0-96b9-c9c9c7db1082", "value": "6144:XmoQqFz5kyocx5/X/3SPl5MAOcYZhLK06:XmoRzWyoWziKLT6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697039776, "uuid": "283e704f-f208-42e7-af4b-9da2eaca5768", "value": 274808, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697039776, "uuid": "546a55d4-9726-4713-a0a6-6b170eede29e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039776, "uuid": "fbb3c0a2-f8c2-4dc1-8def-2ba489b42e39", "value": "a3f6ec07afbced322d6c3478afc2c7ec.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9b364eed-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052186, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052186, "uuid": "d3b0eafe-cfc2-49b2-a2f1-1aa231443532", "comment": "Malware payload (SnakeKeylogger)", "value": "27b59a4d949be32f6febfc77d85e9644", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052186, "uuid": "edd1357d-321f-472b-9409-ec3f7daf81a7", "comment": "Malware payload (SnakeKeylogger)", "value": "e30c39079334240fccf27b7ab9bf2fb40ccba609f97bb3ae4afe0ae402db6891", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052186, "uuid": "ef25bb7a-2590-4ed9-b3fb-3c33030f4076", "comment": "Malware payload (SnakeKeylogger)", "value": "3c70d748282dab54e73298358d7e4b5d88b0c8dd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052186, "uuid": "04f883c3-05b7-4b14-8b08-af00da63eda0", "comment": "Malware payload (SnakeKeylogger)", "value": "f16878d5e4aab8f3bfa7963400065a46c8cf89792d048a1fb664788a0d0fde5c5aaac601bc96fac85264e719367f889e", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "geo", "colour": "#818969", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false }, { "name": "TUR", "colour": "#4C8BC4", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052186, "uuid": "9913cdb2-577a-485c-aaf8-03db911f1d8e", "value": "T1ECD4E12963A81B1FE57A77FA0374034003B5193E6534F2945EB260DEE9A1F14FB82E5B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052186, "uuid": "c9d824b1-4d8d-45ae-879d-6f0e29f91168", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052186, "uuid": "c6e187fa-9114-48cd-ac2b-74bd89f3bcb2", "value": "6144:Vcf2aUi8VMMxv62c+SNKZ0Rht2oVVlFpAiP362gR4jecTsqsXHRddHPdtoJnnz35:B2X9KepRQibc+shPPoJnDt4QM4e+", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052186, "uuid": "f81bc8ef-3499-4511-b1da-849469d1a484", "value": 614912, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052186, "uuid": "a85c3cd5-6b4b-4f56-9b88-04c21975e83d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052186, "uuid": "c73be6ae-c16c-488d-b102-ada8a3cd8c29", "value": "hesaphareketi-01.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e05f2e7e-67e5-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696994750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994750, "uuid": "5187bda5-5926-4b14-bac3-31896c5215eb", "comment": "Malware payload (RedLineStealer)", "value": "699272087cedde79e6977ab8c3d7b182", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994750, "uuid": "bb80a8e1-b24e-40d8-88b5-d068bc8ff698", "comment": "Malware payload (RedLineStealer)", "value": "e3853086c8cb839fdc1d206c17f84762107500aca7a466d09444254269da84b7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994750, "uuid": "89cbf656-9fe6-420e-9495-208dce37f952", "comment": "Malware payload (RedLineStealer)", "value": "e98a757262693d203c4a1d6ba157cdd13726d050", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696994750, "uuid": "828b3f63-0dc3-4918-9498-a89c996fbb40", "comment": "Malware payload (RedLineStealer)", "value": "4908ef362540c84293dfe17272a5787d91af26ad5e81e857fe8f7374142915c64826772ec8fe1f0bbd16abd341181cea", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994750, "uuid": "bcc6ad39-223b-49b2-ad32-1e8b7c703c8d", "value": "T16A352307E7F8C661E9F527B038F30A431E367D629D7083161386D9AA1DB26D45A3173B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994750, "uuid": "970cc842-d13a-4a12-9b0f-acde2f603277", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994750, "uuid": "4ed2501a-d1ab-4672-b44c-c42d9a4a5fe9", "value": "12288:lMrOy90AzbkQnQO+ooT1Ktm6vCaFErfyap9daerWe4FM4qDSHLP30x68/iqcqbeR:7ysdOT7tm6v9Wj9QerWzf00tIRPN5Vq", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696994750, "uuid": "4ef29a92-7dbe-4ef7-8a89-3fd341cbd071", "value": 1128960, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696994750, "uuid": "84ed3f12-7099-4682-83e0-32e3bf0f1db2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696994750, "uuid": "07712de7-2c9f-41cd-a68b-a994a512c808", "value": "699272087cedde79e6977ab8c3d7b182.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ac11efbd-6849-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697037612, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037612, "uuid": "a0c8b39c-9ca0-4d70-a5a8-2650e431318c", "comment": "Malware payload (AgentTesla)", "value": "fd3dec0db12c7f695e5a25e21acb7092", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037612, "uuid": "b082e27b-f591-40d5-93bd-427d25c729b5", "comment": "Malware payload (AgentTesla)", "value": "e418ac2813daadef8ed238148ab1b1037567e126271316157d7955b2ce6fa858", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037612, "uuid": "e83e9def-0ab0-4633-a858-503eb9a4856e", "comment": "Malware payload (AgentTesla)", "value": "8b17ef60cae44a17a2b91e3386b47420d5a41d04", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697037612, "uuid": "e99678ca-7087-4326-b165-7fca3c9ad2c7", "comment": "Malware payload (AgentTesla)", "value": "4a426a9fb0d8fe88ac714cc7bf95b8876a295015e04ec1384940143462232fcd844e350e71a2df9f8ee0959ca24a6dd9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037612, "uuid": "59248706-97fa-4226-80a0-de5cb031b5ed", "value": "T148D423CBCCB1C37EFEADB21AE7EDF5381296AD861D4B06420930E51A3C417714A7B861", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037612, "uuid": "47eaf490-0664-41fd-b882-aecbf6de8945", "value": "12288:qI7O+ZpSqwCuWHDV1QZ3pTfUg4ise6B6xews+vbui45JoS:qI7lZYqwC1HQNxVn6B67soJip", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697037612, "uuid": "4805f320-bc62-41b5-8caa-1ad419437443", "value": 616290, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697037612, "uuid": "23cf3bcd-a075-4e26-b942-c629813e3957", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697037612, "uuid": "f096161a-88ed-4153-96e0-0b542a9cd243", "value": "=?utf-8?Q?solicitud_de_cotizaci=C3=B3n=2Exlam?=", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2bedb7dd-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051570, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051570, "uuid": "16d2e6ed-3b85-4aba-9975-c6a351d3edf7", "comment": "Malware payload", "value": "035ad1ee5add76856e8b2616c9a72ae1", "object_relation": "md5", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051570, "uuid": "0dc1e459-dc8b-4211-a9ff-61b928b94539", "comment": "Malware payload", "value": "e4bf9cb6d69edbbe6ecf9c3c51434b30882c7d0bea9d324aa3b79f41239a3562", "object_relation": "sha256", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051570, "uuid": "631c4a24-c57a-4595-8cd3-7cbcf66f8d7f", "comment": "Malware payload", "value": "421cbbf2456ea001ad28d10efa93e7681237eed0", "object_relation": "sha1", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051570, "uuid": "b4e375e4-63d7-4770-91d9-2b20db35a979", "comment": "Malware payload", "value": "ca2832417bcc9c34b16465ed2612c9b7c49986b675fd57be6e16cdd74f1bdcc6c5cfa5977cc7c543b7611960969751b6", "object_relation": "sha3-384", "Tag": [ { "name": "js", "colour": "#F7D241", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051570, "uuid": "a7220f8f-4e4a-409c-b310-211511b0260e", "value": "T1E7F1FA580E95D435E9C9FF6520E4DA9ECE6D933D6CF90219692877FD8BB02C10DB2881", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051570, "uuid": "3f2d2de7-36e5-4f6c-8769-8dcc31f58ef1", "value": "192:JWqPggePZJfQ5ZaqH0XgVMZHADI++PuEg6tnh:JnhePfY5HNsHV+dFCh", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051570, "uuid": "919b1468-4ab4-420f-b5b8-5970f0704341", "value": 7921, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051570, "uuid": "4b58ed6a-f41c-4262-8748-734e53e744b3", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051570, "uuid": "b21cd230-2519-46a2-a833-18a7efcf4af0", "value": "Payment_Copy.pdf.js", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e72743de-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051455, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051455, "uuid": "a45d2963-b5b4-456f-89ec-2b38ce6ab7c2", "comment": "Malware payload", "value": "1b227096ca56b542f74ca82aaed92911", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051455, "uuid": "f699213b-7806-41ee-b735-a2ad1217ad36", "comment": "Malware payload", "value": "e4c2c8f842ce22820f548ebae96def1fff8f86ce6c92adc4ff801d4adf46e1c9", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051455, "uuid": "016d3d28-de48-449c-9290-0d825e0c0d89", "comment": "Malware payload", "value": "4dd314e0f738365ef4d49d264c77a9fc4139fda9", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051455, "uuid": "7c63a764-0415-4403-a9f4-f0f965e49885", "comment": "Malware payload", "value": "7ababa3ceda917afbb104f36c26b58b38b183cdcf2f6953d4f6c2cfbd1653367232006a913d958978e02c2c64de9682a", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051455, "uuid": "7d34584a-d2d9-4090-9b0b-6a63be3a75ac", "value": "T1F5945CB1EF58151A0D4B37EADC414C81C5BDC16A5927006AFEDD17CEA10B59CE3BEB0A", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051455, "uuid": "db24db50-2edf-4d44-b3cf-ea79d641a213", "value": "6144:majeo368cuS1Ahp0SOBccbQIV1zG8T2idKi0aU1ijnc20IrdV20MZ/tTt1JFJ:Lewcx1uAzVgSMVia0c1Z", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051455, "uuid": "b2eaf693-d4a1-4a12-9200-96e95096ee66", "value": 437920, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051455, "uuid": "e46f2b56-b29f-4eca-8613-d74b02794429", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051455, "uuid": "275f313b-972a-4c3c-83eb-b9a052227ffd", "value": "k8dt-vs_n203-e1_1_8_csm1050139.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "09f848c9-6824-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697021449, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021449, "uuid": "d46c11bf-f825-41e3-818d-c8eb90629b70", "comment": "Malware payload (AgentTesla)", "value": "3d1e2484723eb6dec88cd571cba268a3", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021449, "uuid": "79c6f624-cd22-4556-8949-e78bd32cb41f", "comment": "Malware payload (AgentTesla)", "value": "e579952e0a6c558c001274aa13e6ac8297a3991497f0163917e6db3a37430f83", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021449, "uuid": "2c95d4ea-074d-40f7-b4d3-310e01095b60", "comment": "Malware payload (AgentTesla)", "value": "5c71d5658ed6581a7d729882db9f78aedf1c24fb", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021449, "uuid": "f90429fb-74a6-4677-a7d9-1ec01e788458", "comment": "Malware payload (AgentTesla)", "value": "85e23dfad4675b05a592f03c002a869c72c813f29143c46f2ea60b5da27a45c536cef0dd7a359c3960717e5381896db1", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021449, "uuid": "854b7f41-8635-4749-b477-2efdfd73badd", "value": "T1BF741228226480F3FDA38936B27612916FB2E81325AC87E6176C695D3D23350DD0F793", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021449, "uuid": "92609f97-d779-4869-b861-ba63ccdf8e5c", "value": "61259b55b8912888e90f516ca08dc514", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021449, "uuid": "37895898-449d-45de-9f19-5a7a78489396", "value": "6144:/Ya6XD9MqIoYtYTQinuauAzgSMJqDBEIFHoB4zBbjMKNNgm1qfkBtN+bmCf7zAUo:/Y1ZGteua5gSMJqDBLw4NMqjw0t6mgt0", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697021449, "uuid": "c9476f71-1c05-46c8-9fc3-3bbe5fd1fd8e", "value": 365572, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697021449, "uuid": "bed42cd4-7d31-4168-81c2-ef1c25891766", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021449, "uuid": "fa12d5f5-1f36-4ed3-a94d-a1b3436f496a", "value": "e579952e0a6c558c001274aa13e6ac8297a3991497f0163917e6db3a37430f83", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "509c44b1-67cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1696983342, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983342, "uuid": "5b65f891-4852-4aee-9104-4ec720fa28b0", "comment": "Malware payload (AsyncRAT)", "value": "c11c2a5720aa7d6cfd646d9978080200", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983342, "uuid": "e2d4fd4f-9b07-47b7-9377-eb4fdfdcc8e3", "comment": "Malware payload (AsyncRAT)", "value": "e62924847c1dc2d5a03b72542f4679d0622e5d98b07bc69cdab198ad19d6a40b", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983342, "uuid": "5f68c51c-f20f-40c9-8157-868f453fefce", "comment": "Malware payload (AsyncRAT)", "value": "4cb5a4bdb4f854493ccf17cdc88391419984b997", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983342, "uuid": "876cbc81-6b80-462d-b078-21128c4bbf11", "comment": "Malware payload (AsyncRAT)", "value": "5b8be8329c8dd076d26af03ddae6ac4062edb28e723b7be13aefdd692a4b0166bb87e0586ab31e90aa92d0267979834c", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "html", "colour": "#9396B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983342, "uuid": "a0c1394a-1530-4394-83f3-9e7e999d64dc", "value": "T159734195EB693458DA821B82C9DF684052D8329F1E9DFD186FB900C37B71810D4BB9FD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983342, "uuid": "7f255482-4704-4219-b466-ca629cc493de", "value": "1536:IsssssssssssXiii8iii5iiilWKYsssssssssssXiiidsssssssssssXiii8iii7:4", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696983342, "uuid": "94901a43-84e0-4fd1-91ca-6ac0aaafe6ee", "value": 79142, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696983342, "uuid": "0f20a376-dc04-4b4c-a389-c28b5dfaae7c", "value": "text/html", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983342, "uuid": "1e1e3828-55ea-4b83-b8b1-5fc798304b19", "value": "c11c2a5720aa7d6cfd646d9978080200", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6eb29f7b-681b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697017752, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017752, "uuid": "d09cb5c8-e16c-4298-9635-5a9803532b5a", "comment": "Malware payload (AgentTesla)", "value": "064e4568377118a35f8ff35c843005b4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017752, "uuid": "d49009c1-d11a-4a0b-8926-8239146730ae", "comment": "Malware payload (AgentTesla)", "value": "e6dc643614e1ab6b1809cd46b3e820157a12222c862558b12ba77568ad1c5c92", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017752, "uuid": "d3c09505-9cd1-435c-9efc-1ddd6641aa8b", "comment": "Malware payload (AgentTesla)", "value": "e4f27abe122b6009eb2b0b76c771881537940f01", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017752, "uuid": "446214fa-26f5-4454-ac7f-a6ef886b8ff0", "comment": "Malware payload (AgentTesla)", "value": "1c5a9082d29e7109e5b9bb9aa8d5e8893cf9396df67de6402b36813cae5d194ab8a53941a817c4508d53ad3af446d7d9", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017752, "uuid": "ae501065-5404-4ffc-92a6-ef24959032a7", "value": "T160E4018073BA4F37EE7983F685202A6447B6355E7A39E2855EC160DFA8A1F404E41F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017752, "uuid": "3b28201e-10f9-4eef-9188-f68ad7a4eb68", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017752, "uuid": "25bba15c-1116-4efa-a311-b1e00c8ff683", "value": "12288:IrkYX9KxK2vkLFz0lcOU3F5MlPrOYs/CP9b2tJsWMRm7JxbkcL:g3tmK2chw85MJrOYXP9bYJsrRGdkc", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017752, "uuid": "70a2e7f9-3a82-48fd-9715-a5cbb7119f05", "value": 719360, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017752, "uuid": "50be0372-ce3a-4afb-8656-555c33be50f1", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017752, "uuid": "36e4eaa9-c924-402f-ab36-f771de2f4b6e", "value": "factura_impresora-9482hp.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d275b000-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RemcosRAT)", "timestamp": 1697051420, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051420, "uuid": "5fe74e32-9b45-4791-a7d4-75ee7c2ea306", "comment": "Malware payload (RemcosRAT)", "value": "622f9cd07356c8ba7753fecae3822eea", "object_relation": "md5", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051420, "uuid": "ec5b6d7c-2177-408e-b640-e12ce1265297", "comment": "Malware payload (RemcosRAT)", "value": "e902aa3c37bdc2c50debe45d4aeaea9a21641057402eb23d71490c68cc04c7ff", "object_relation": "sha256", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051420, "uuid": "8443c08b-608b-491b-8828-ee7ea5886448", "comment": "Malware payload (RemcosRAT)", "value": "5056f246e029b767a8fd820e54c972caf13baf3a", "object_relation": "sha1", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051420, "uuid": "e637d864-cc0f-48f0-8556-54c0fe398627", "comment": "Malware payload (RemcosRAT)", "value": "6083b9638cd287c0452f0c966739298c8a3ae5faf07ea64ee3d2b0e0c1f23e6f0694955225767e228e2f224e97714196", "object_relation": "sha3-384", "Tag": [ { "name": "RemcosRAT", "colour": "#F55CA3", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051420, "uuid": "d95983f4-b524-4ad6-ba78-27f37c212fbf", "value": "T1CC732760DAD6223D4A870BEEFF419841C9F8886E4325815DF99E077E112386CCB7FB58", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051420, "uuid": "02b81717-beea-4d67-9ebd-a956ee2163ee", "value": "1536:CPTZPAHjJ5t7gcoqiGKQoeDHj7W89C0pO1dEZcIeVGXRNXF8OG:2TZPAHjJ/7Xi1/ezjCjXE7pfXF8OG", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051420, "uuid": "6687d206-9f30-45f0-82a6-b1826effb22a", "value": 77767, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051420, "uuid": "de041abe-f642-4a11-9283-44e4eb6a78c5", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051420, "uuid": "66985bd4-2807-4f5e-b654-cfb459a4da23", "value": "Prova de pagamento.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a891f988-6861-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RiseProStealer)", "timestamp": 1697047914, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047914, "uuid": "99fad60b-fc34-46bb-94ce-bfb1f549352f", "comment": "Malware payload (RiseProStealer)", "value": "56c147c6c6f51cb02984a1f48b7cecea", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047914, "uuid": "441310f0-1ed4-40e5-ac42-30ed51169a62", "comment": "Malware payload (RiseProStealer)", "value": "e9d629796bf84169c7e2325762a46aca873025e1078543bd700397f2c9b3ef6d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047914, "uuid": "81647de5-04af-4d7d-847f-ce146ab8517a", "comment": "Malware payload (RiseProStealer)", "value": "9489e556c2b3d52d7a749be789cd73fb55c476a7", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697047914, "uuid": "c2cfd439-a108-4b4e-8b91-f77aaff45629", "comment": "Malware payload (RiseProStealer)", "value": "344f38c07db702e23f5086320c02e1f9162adb4c2e92b3179d3e1f9b340c56a3500c98b456997e653a09338fb0970de2", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RiseProStealer", "colour": "#2C729B", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047914, "uuid": "2664993c-1425-4262-a75f-07e0a69c71d4", "value": "T1FD46232363981041F0B249394533BD5876B726B687719C7C75AD2EDA3FB28D0E923B63", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047914, "uuid": "cdd01b6a-3420-4287-b5c8-bf6045e994bc", "value": "70c1f94033ff845050d4c215ee60d865", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047914, "uuid": "2446c6ec-01ae-4341-bc37-133d148f838d", "value": "98304:AErV/1KzgHzh/QtEQFvVWpaub/1HwZm6O9VOosVtjL1AvASTbhsI:fV/oEHN/QtEgvuzx/J9MosVl1DS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697047914, "uuid": "223780ee-72fc-4b1f-98db-4abe58b96dbf", "value": 5755904, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697047914, "uuid": "2e576ccc-c4cf-4a6f-96da-5252ea974c27", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697047914, "uuid": "c880ec8f-3c2b-4cb6-a098-5e0e951ff9e8", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0d63a6d5-683e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697032621, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032621, "uuid": "e99aa94a-8693-468e-bc85-83e123adae33", "comment": "Malware payload (AgentTesla)", "value": "2d4cac65667f3495c86cce79ffc5552d", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032621, "uuid": "b5bc10fc-2b94-4d89-ab29-fae16c7893d5", "comment": "Malware payload (AgentTesla)", "value": "ea33caee97ebaca6579ff4d8af3cf239512946382fc12bce85867cb3e3f91b3a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032621, "uuid": "b477bf3b-b843-4898-b95f-64c2ac023b76", "comment": "Malware payload (AgentTesla)", "value": "b9c1400b9354b6e089179ebf91816b56b4f21c86", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032621, "uuid": "6ffabbb0-04e3-44a3-a908-22608d9b3aa1", "comment": "Malware payload (AgentTesla)", "value": "439f98cc7df22acdfd3bc73b5698dc229dcb3683e229c7691bc804c90e3f250a0df5de03ef8285202858a9f75781d67c", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032621, "uuid": "52f4263a-e246-461f-a0b2-7fe1641014ad", "value": "T1E305013F9FB77E15C529AE7AC062349483F0E4832321FF261CC5C4F066EAB95AB96454", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032621, "uuid": "c7352a8a-dbd8-411a-8666-61d31a09fbab", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032621, "uuid": "66b4eb0c-55bc-42db-8376-1b30eb0f1902", "value": "12288:zxhS2LJ7W7uoWGfgGjdkCgfNu2aH4EX/XyHNw7kucuT3iRYRDCehduwYTzVJO5y8:d3JjoWWhjdkCgNa95ze9MEVYs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032621, "uuid": "f07ac12f-8738-4954-9aac-1069604ab17e", "value": 795136, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032621, "uuid": "7a93f360-3f0b-47ce-8fa1-c1dbd5b118a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032621, "uuid": "16a5cc52-6423-40b8-beed-a87f46918100", "value": "ea33caee97ebaca6579ff4d8af3cf239512946382fc12bce85867cb3e3f91b3a", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3ad42da4-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051595, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051595, "uuid": "44c3a063-76b8-4684-91d5-555aed853738", "comment": "Malware payload", "value": "03b2e8ea95c6eb925217dae8a49fdbdb", "object_relation": "md5", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051595, "uuid": "cc303653-bd71-4783-bea9-3d0a67ab41f5", "comment": "Malware payload", "value": "eab1fa279c84e50e603c4a5e59464f0e4aa0873a8b06f1ec0c507caddfebd452", "object_relation": "sha256", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051595, "uuid": "7e5b21e5-595f-4dab-81a1-33aaa6d1818d", "comment": "Malware payload", "value": "7dcda1e2398dbcc8ec4e714bca1f1b03259d12c9", "object_relation": "sha1", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051595, "uuid": "f54f6a48-eaf2-4a0d-9d67-922bc40a40d3", "comment": "Malware payload", "value": "6670de1d05943d776040626510eaf3051405c88b669acb40192bc346f4e59474fbf9f201f6822a5ad287a4f984c9cefa", "object_relation": "sha3-384", "Tag": [ { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "xlam", "colour": "#94C3F2", "exportable": true, "hide_tag": false }, { "name": "xlsx", "colour": "#683C47", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051595, "uuid": "9c4a66b7-048c-4532-a0e0-9fa8362af267", "value": "T130D433A9941F4D5CE34C59FE164AA2F0EECDD9F3221239D0D0305E7C58BAA22C356EB5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051595, "uuid": "73b5c1d4-aab5-424c-a1ec-d65d0b07ec92", "value": "12288:fdJw3b3mJ4yd3Ud8CaKN7oG+yJtvRNLCsBjbmhRr8Woz/UXsn:fPw3bWJ4e3JhooGDvRNWE3tQM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051595, "uuid": "1977893b-c904-4ff9-8dbf-ca65c6432704", "value": 614510, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051595, "uuid": "1618415f-7f80-42fe-a80f-64f15e14fab6", "value": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051595, "uuid": "ef30e308-78aa-47a8-aff4-9ae7b0846a77", "value": "FYI.xlam", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "846e299a-6839-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697030673, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030673, "uuid": "cebc8948-5e01-44a1-9a8d-863fb9a90af0", "comment": "Malware payload (AgentTesla)", "value": "9d752c6376fef20f0d16a676debc56d4", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030673, "uuid": "ee8ccad8-d2c0-4b00-9587-09d212a4a873", "comment": "Malware payload (AgentTesla)", "value": "eae8ee79f837443d3f1ca4a05375b801e6f12b5cc9b826312a59efbff650cbdb", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030673, "uuid": "0c5dc164-02b8-45ec-b9aa-a273457ae228", "comment": "Malware payload (AgentTesla)", "value": "6be48a387bcc8c5368639636990ab48844a95b8c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697030673, "uuid": "74b2d8b8-eaf2-45e5-bccc-4bf7d032aedf", "comment": "Malware payload (AgentTesla)", "value": "983fcb299157b919871cb9bf8aef0cb00c2b00b99184b37566e8147fc40ad9f1f825790d067dcbec5ccb003010635b39", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030673, "uuid": "b5f0999b-e673-4bbb-b2be-80ffd197a695", "value": "T16AF40138336C8B67E23E9BF751B4020217F5761B3179E3A8DED118CF2E61B5289546A3", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030673, "uuid": "924f59df-5c0c-45e6-b94c-15d9d9e047ba", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030673, "uuid": "05c510fc-8280-4fa9-8c84-565b513fad68", "value": "12288:B1X9KveWPZ4eTgKFzWrJ/GsR+xfy7HWWPyGqB2q+kgWQf:B1tLWPZjTgKIrVGk267H5yREq+tWQf", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697030673, "uuid": "22b44def-3ab0-41a1-a73c-ae4c887bb4e0", "value": 746496, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697030673, "uuid": "37a7f78e-5c49-4461-a0be-f47b5c4db8e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697030673, "uuid": "fad99106-58eb-4480-992b-af0c870d9e00", "value": "MT TBN - Calling for Bitumen Discharge operation - Estimated PDA and related procedure_pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "094baaca-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (MysticStealer)", "timestamp": 1697050224, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050224, "uuid": "a13c55aa-1c84-46ae-a630-cfa624fa1216", "comment": "Malware payload (MysticStealer)", "value": "094bcab45794a04974fa3cdbe91276ef", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050224, "uuid": "dd734b54-d8e6-48fd-8df0-21124de99b70", "comment": "Malware payload (MysticStealer)", "value": "eb4413d334e40798e4cf66f1c382a55d5ae18b910834fa27ec55568f11220c14", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050224, "uuid": "f0f995b4-0dd1-4153-bcb2-cecc184f9642", "comment": "Malware payload (MysticStealer)", "value": "7b5ff7515deeb4f9f8f8e0825995e010416d0239", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050224, "uuid": "a815e9b4-eb30-4c09-ab5b-d26f02eb2707", "comment": "Malware payload (MysticStealer)", "value": "93c452df5e029b66169c82bd06e63da255638f6e1129fe6e3f9689ed73cf6c76ee819cab5dc7493d5059b82afbc49b22", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "MysticStealer", "colour": "#803A9C", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050224, "uuid": "4adab806-7183-4a08-8f53-f4b9d0e22f38", "value": "T10E94B0017893C4B2C873313509E8D6BC563D7D768C5578BBA3A20B7E6F522C292635BB", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050224, "uuid": "a8089975-844e-4f80-82b6-fb94ec22f3c9", "value": "282d146a9b3d87d6152eff920eef7769", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050224, "uuid": "988da2d0-e10d-4f28-acb3-b85f24c6d3ff", "value": "6144:oOVmaznVQ/6wW2+bJiPIaNsaeRVmAAOWEBYMZmSRgirkqYNxTy1ECE1E1Fx6n5:ua7VQ/TW21q8ECMZmS0FxTUE41PM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050224, "uuid": "d400c0d3-b529-4aa2-ae41-81d17fd18098", "value": 417544, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050224, "uuid": "d005d9e3-55fd-4cee-a1f3-776815227b7b", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050224, "uuid": "d892147c-e6fe-4f09-be1e-36390f660565", "value": "094bcab45794a04974fa3cdbe91276ef.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a3c842d5-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Healer)", "timestamp": 1697052201, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052201, "uuid": "b556122b-836a-4fe9-bb14-4a89de46f085", "comment": "Malware payload (Healer)", "value": "63c1de6fbabb8dd6e2da7317d64855d6", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052201, "uuid": "a92e5d56-df7c-4541-b89d-8ae0b1d09925", "comment": "Malware payload (Healer)", "value": "eb6aade1add45ee9e6936d5ec3ad9a1cd6bbe8295b01f969465abcd3541155e4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052201, "uuid": "b633de1c-6c2a-4b87-a7f2-0236606bcae3", "comment": "Malware payload (Healer)", "value": "8aebd927ffa1e7d8dfbca09d9995147d8ab2774b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052201, "uuid": "d0f6098c-a5d6-46d3-b64b-64349c5dc5f0", "comment": "Malware payload (Healer)", "value": "3df71ec503ab0fcb68b433c6f12320b77f1f745e0b914113c987a708e6477978beef328a8cf58b6a4ef20c3993336583", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Healer", "colour": "#A586FF", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052201, "uuid": "fd46d518-401b-495d-825a-393fc44a663e", "value": "T14A65234366DA9A33D6791B305DF7174B2F78B8649B31439F34C9B65B29B3A8181B0323", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052201, "uuid": "78d61888-1c3e-453d-8b64-63159e839c10", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052201, "uuid": "ece7c65e-5547-47ef-91b6-c1c4dc357935", "value": "24576:Wyu7iQmKTDlL+uN9uCR37fKOZc77ZFiMpFhM+LTYbPKgwGhWD5VCxnJ1QLruyipg:l+0EhKQz3O17DfFqPKBGhI5ViJSfuR8W", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052201, "uuid": "45fe1d07-c64f-4f8f-97ad-11e0e32e16d2", "value": 1546752, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052201, "uuid": "ce3efc73-6043-4a2a-8bdd-af3b802888da", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052201, "uuid": "3164129a-1845-4400-9b72-a9e5c730a242", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "9f112cf3-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052193, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052193, "uuid": "f2d70ae1-acbb-4a00-b9a8-14b46998584b", "comment": "Malware payload", "value": "33ba731632633243726595686cba6f19", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052193, "uuid": "15afe612-ef5d-422d-9e6c-9a7a1ccdf73b", "comment": "Malware payload", "value": "ec241309fc78d60ecc7dcb95440d4989ee2e46b154f0144eab1891651ffbbcee", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052193, "uuid": "7a683366-9e2d-4825-b15a-8367a5f0e407", "comment": "Malware payload", "value": "4a0691d73600788c1d292e7a34cad8ded6560eef", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052193, "uuid": "02456966-9006-42bc-b902-673b3b91a217", "comment": "Malware payload", "value": "795f337885d3987b193c9253775a63aa71f6c51f60258c3a535eecb8aeecd8e16159e68c99dd4d506e79b68a2a9f5512", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052193, "uuid": "20dad491-45d3-4aae-b3bb-ad160b49db18", "value": "T1FBF4120175E0D877C47906B38C7BD6F8AEBAAD594CEA0B832355772E7CB6781B40D206", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052193, "uuid": "2313eb35-1cc4-4f60-8d2d-af6368a940a1", "value": "671f2a1f8aee14d336bab98fea93d734", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052193, "uuid": "ed5d2814-951a-4d3b-9cf9-5c39ec740011", "value": "12288:M0f2JEhxPvtbe7AhOJHXkSkfpVTLlQ5lTweXtTYVNPvwfj9HBrRYzzpTq:M0foEhxX0Uh8XkS0pVTLeH9T2PoftxGs", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052193, "uuid": "2a77fbfa-4818-46b4-9545-7338027e494b", "value": 769948, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052193, "uuid": "ab536454-0d85-42ce-ba97-7ff6beae7844", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052193, "uuid": "97de5ec7-6304-44eb-abe7-983dbc0856e7", "value": "Notificaci\u00f3n-AEAT.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "177a35a3-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067857, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067857, "uuid": "856b334c-1f99-42e9-8689-b4d427f60012", "comment": "Malware payload", "value": "a6421c93cef8bc3e31ba3bc3229459cd", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067857, "uuid": "56b7f24f-ec44-4543-87ff-b80ab9fab03b", "comment": "Malware payload", "value": "ec8156bc9973efd14c2d960d1c18f688dfbaaef522b454ae0b17550539036209", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067857, "uuid": "cdb7b238-5f7b-4075-8872-d6c9472954c1", "comment": "Malware payload", "value": "9a9984fa0b5581957d37f69689797aec8e7e14fd", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067857, "uuid": "353bd4d6-036a-47d6-b9d2-b0913ce2de64", "comment": "Malware payload", "value": "ca98615fb6d53120d50662e2655b45a12408a90d8e95233e44fa3d04dc17ae01fa8a466cb764d5cf2fd8a986e067bbdb", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067857, "uuid": "74ee78ac-f4f6-471d-8c39-976260d57f77", "value": "T15125893223B22F3CA678FBF600DD15479E797D671011A6D3AEE4C94F868EDE41A34126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067857, "uuid": "37f0f04f-fe61-41c0-87a6-159545ebf07d", "value": "6144:dAOJlc7h+Z7A6oKjJZtm6WvdJVA4t8NMosr/4UILfRsL6INN0Id86rJTxABr04nj:hLFLWxBb4UNtR7MkiX", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067857, "uuid": "6f273841-d148-40ea-b8b3-4cc7a80067c0", "value": 1037045, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067857, "uuid": "f41dc2ee-f8a0-405e-8a1a-14ab11f6e062", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067857, "uuid": "1913d8fd-14e9-4f86-ba53-5cda2e3ca367", "value": "information[2023.10.11_08-07]_2.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1d50c760-685c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697045533, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045533, "uuid": "d79e9c8c-3383-4a65-9b4d-06881c8262ae", "comment": "Malware payload (Smoke Loader)", "value": "6a795e24b50354ed7765ffadc5129b01", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045533, "uuid": "5a931536-4d01-4273-ba8a-f693b6f000c8", "comment": "Malware payload (Smoke Loader)", "value": "ecacf78ad957224fcc0afbd65118f2b5e8e2eda5daef0e072eef35e5f12a43b3", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045533, "uuid": "ee73970b-2a81-42fd-a147-c418b70216a8", "comment": "Malware payload (Smoke Loader)", "value": "dbab53fde9fcaea134d2483bca80f6bac61f5cce", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697045533, "uuid": "7e9780aa-3c8a-45f0-9aa1-623955ce3683", "comment": "Malware payload (Smoke Loader)", "value": "be21bec03bedd6274d0fdb3ff2a5cd8c5f2aff6a42f0fb78783fae04f81997ce166a657b5bf9cb5ab710ef98df2c5bdd", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045533, "uuid": "638186a4-9951-408d-868f-ebe2de97cb21", "value": "T1B834CF327982D472C446C0309C24CAF87B7EBC669A598A8737583F7F7D313A2A767254", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045533, "uuid": "b94608f1-230b-4782-968b-57b0dfd47593", "value": "8ec09d3136044a4244b7ef67b1effa25", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045533, "uuid": "b91ad4da-d882-43a2-8b46-72dd35463f2f", "value": "3072:hX5bXBGIX0ln6FoYk/OoXg5JWBDhwQgRUPr2Wd5MUTyA:FO88nQoYJowsVxiUT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697045533, "uuid": "a3ed5832-7f81-407f-b1f0-90271a002373", "value": 230400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697045533, "uuid": "fa2513d3-9124-46a5-82b2-f2fc5ede07a2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697045533, "uuid": "d6f08db0-ce9c-4954-9c3a-9563f5534efd", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b6cef586-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052662, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052662, "uuid": "41b36c32-8fd7-4e58-a1c0-664926dde9d6", "comment": "Malware payload", "value": "17fbfeb582fbf72f86679a88d8f40dd4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052662, "uuid": "f1d6dd03-fa71-4d46-9d1b-286f1c3f628d", "comment": "Malware payload", "value": "ece51219ee60a3d804fc6707d974e62689b4563fdb0a65330d3ca85abb294d16", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052662, "uuid": "6dc247d1-be96-40e7-86a7-9cd548389553", "comment": "Malware payload", "value": "3ab573b8e64fa2c0cfe7c14e3f18b71dce0f360c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052662, "uuid": "45b13530-02c2-418a-95b9-13f5ea587db1", "comment": "Malware payload", "value": "40c575aed68f208c88e2e5746a545a1fc7a52768e855537bb1efcdb75940fa0f2828f73781a2e2dcca22bd7e4adb2918", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052662, "uuid": "29cce852-498c-42f0-9f9a-da1ca10fc4bf", "value": "T12876331CCB637B79D988413DA48F1B17EB90CF880DF4C15B0BE139DD267299BA927462", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052662, "uuid": "141f5278-57e1-4ee3-bc39-9e8655ccc8da", "value": "c9a3edae9204609d90d0770c3583acd8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052662, "uuid": "94cded89-6313-4010-be7c-a54079855cb5", "value": "98304:2jTTsHU+DTwl9zOHz7t1Q5RRlWY9HJ3CChZfYQmGKd1q1pjl:ITqU4TIqY5BZdwnGO1q19l", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052662, "uuid": "27f75835-55ce-4d86-948b-6bec416c881b", "value": 7395820, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052662, "uuid": "9939fc5d-9f7e-4b37-8d3f-1debfb950819", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052662, "uuid": "61083274-bd6f-4bcd-b967-5ef79e71d5bc", "value": "17fbfeb582fbf72f86679a88d8f40dd4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "342a8919-682e-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697025814, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025814, "uuid": "eebfb46e-778e-4f55-b90a-9bc889618955", "comment": "Malware payload", "value": "a64007afee36fe568ecec10ac49ab9c2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025814, "uuid": "68fedb13-366d-4eb3-8af1-d73616d168e6", "comment": "Malware payload", "value": "eeb732224d9c113f8148efd396c2f163fdacde76937cf678e8e53f63ecc18b1d", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025814, "uuid": "e54b538b-70c1-45eb-b6b4-6f229f3f1545", "comment": "Malware payload", "value": "4a84914a1339e2fbe4b0f63f23bec4f356cc34be", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697025814, "uuid": "ffe011cd-cc70-4164-86d1-510a1f860176", "comment": "Malware payload", "value": "801db0b78c391089910c1f19144b1c3fe5370ff08b873a01caad19c002d42872fc803db141d6f22482bf99bee13e2b64", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025814, "uuid": "c8a762ff-f94f-4008-8826-8a7b7caf91e9", "value": "T1D12633FF2292452FD72A0375EEEA2591587F374F064C12DA0D99B5CACC94C366048AFE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025814, "uuid": "2ce4ec24-d0c5-40a0-8539-cd317e2ef52a", "value": "9aebf3da4677af9275c461261e5abde3", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025814, "uuid": "d032baa4-ed93-44a4-a2a9-a612140ff2c2", "value": "98304:OcrFnklkYv9buALMhkdowk08ivUTZMZrjX1fjpcnioTlly:ZelkYVTLLsZurjXBjdoTlly", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697025814, "uuid": "009c87c6-8b4a-474a-85be-964b680a8bb1", "value": 4560896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697025814, "uuid": "160849a8-31f3-4184-b184-c273eb491666", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697025814, "uuid": "e908bdf7-54e9-4185-bcd3-0cba0af898da", "value": "DefenUpdate.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "fdbe3feb-688a-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697065666, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065666, "uuid": "84a13bc0-acfc-4578-8510-3916b676652d", "comment": "Malware payload", "value": "5dac32ac4c9510885b31e39641215b47", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065666, "uuid": "697f5a06-bf61-4b81-8713-660f47196cb0", "comment": "Malware payload", "value": "ef88ad09be4e4dc5b7282e212e447f0dde1518768e4172963e5e21170f033767", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065666, "uuid": "cb4c024b-31f5-4a7e-a423-2628b3a3966a", "comment": "Malware payload", "value": "fa89e8760996ab3bd8c7160f13e757a8acd6eb2e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697065666, "uuid": "8621fc3d-954c-422d-979f-07ea1809a9d1", "comment": "Malware payload", "value": "c57e9df14185326bdd3234f301c5084db2d312a4c96e884d197216c58d7e2065e8658a182e84f54ee4ad33438efbbf78", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065666, "uuid": "84071a42-43c8-40ca-b32e-9a4f33350f8d", "value": "T1BF652302A7E92076D9F053711CF752D30B32BE735AB4D68E22566E9D0D33698AC3173A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065666, "uuid": "e6727f1a-d305-489c-bc57-5414f086c838", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065666, "uuid": "f20cf471-d0ee-4617-85be-68669ab8d606", "value": "24576:Ly1LKjTmx8bH+eNArQ7KosiaXDNaXHmO00qqvdVYwZz0kQeLMA2uqZVIhpmOQu6y:+UjTmu+4ArOKLxxomZqTxLMzZVIjP6Vd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697065666, "uuid": "225c53fc-4922-4714-b78a-7d3827b2d768", "value": 1547264, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697065666, "uuid": "b238c832-bfad-43fb-b153-9526843087aa", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697065666, "uuid": "49944b28-f2aa-449a-817b-f30fbe00a397", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a8631534-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Smoke Loader)", "timestamp": 1697052638, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052638, "uuid": "9349a180-f2ce-4288-a167-465f39833afd", "comment": "Malware payload (Smoke Loader)", "value": "a9f00edf2f2bda2e9c5c3df403cbc2a7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052638, "uuid": "e9bb7669-2cf9-4758-b3be-bc164713a629", "comment": "Malware payload (Smoke Loader)", "value": "efd2a3ddbf2b7e68a8f3359865dfcd6fd1403fb7d1dc945aa7aa4ccb50284ee7", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052638, "uuid": "18d43c49-ac02-4984-a9dc-8a084b7a9dc4", "comment": "Malware payload (Smoke Loader)", "value": "6f06fee048575ed11ef0c7f4bc55462131a1695d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052638, "uuid": "0ba549df-a8ae-47b0-af37-7a479b087244", "comment": "Malware payload (Smoke Loader)", "value": "478f873084f3944b98e726af809f72efc7ee9d2aed5d3c94583d2db85325e0628cd207296b734e4608a4ac11f889e5bf", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Smoke Loader", "colour": "#164A24", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052638, "uuid": "ee0f80fb-2803-4979-866e-bc6edd01cf3b", "value": "T1A324CF257992D4B3C44740309861CAF46A7A7C329A78B587376C3FBF6E323929767E01", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052638, "uuid": "9444af17-5844-4dba-8750-0aca7966aade", "value": "a23dfd32f2df0e0d3e764c5a7f1183d4", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052638, "uuid": "8e22263b-07b6-4268-b1e8-3c8e0af0d335", "value": "3072:ZHXDogD65oyY99krdEVnSUptI2u66I0G1QGDS2Ko3Bjy51RT9:FDnD+YLkC/C2DRQGDS2Ko3Bj0T", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052638, "uuid": "b5b94d74-a04a-4f13-8184-7a19b5daec89", "value": 210944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052638, "uuid": "c2cac59a-2bc2-439d-b653-f873af843afb", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052638, "uuid": "da534776-1da6-43ea-9a7e-6c2c366b2b33", "value": "a9f00edf2f2bda2e9c5c3df403cbc2a7.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "7e92326b-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697052138, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052138, "uuid": "d53ed050-8f4d-49fa-8035-404f7f0a7b3f", "comment": "Malware payload (AgentTesla)", "value": "2e168dde770bf4206bc0db9f47634d06", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052138, "uuid": "8f3d0be9-e859-42d8-8472-dfe48f6f547c", "comment": "Malware payload (AgentTesla)", "value": "efe1847d37281288a5717c6366547aa0a1d79a06e4847ea0517066067a8f046d", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052138, "uuid": "a5797ff9-4dd8-4281-aebe-c16bebffbfda", "comment": "Malware payload (AgentTesla)", "value": "222b78c14beb7311069c749fa8e511b9ebee880c", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052138, "uuid": "9fccda47-70b4-4012-a95d-fc295eba99f8", "comment": "Malware payload (AgentTesla)", "value": "1f71356dbc210214daabbc1d0f63296b9e57710b9387322a4dcc3ce8d85f6909cbf160e339d6593b790505f92694b433", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "DHL", "colour": "#57272F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052138, "uuid": "41300cf3-42a4-480d-926a-316217f605f8", "value": "T113F4012933AC8BA6E23E8FFA51A4125207F5B627357DE3589DE114CB6F70F518850B23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052138, "uuid": "b665756d-b469-40dc-92e6-6c5fdd8e4a32", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052138, "uuid": "7cb667e2-7714-433f-b465-a0ca168be32c", "value": "12288:NOX9KmOIkefN5ZUgVuhxJ8JznU0nqOTgIeS2jw6jGG57KizZvm/:NOtwGcKmx+HdQbjJ57KUJm/", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052138, "uuid": "98d6ede2-8864-499b-aebc-0041c0ac9083", "value": 741888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052138, "uuid": "1ecf30e0-afe0-4fd9-aa6f-992e98c4f7e2", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052138, "uuid": "fafcdf27-4084-480c-9ad3-5649767ffa41", "value": "DHL AWB & Shipping Document.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "2884e574-67f0-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Tofsee)", "timestamp": 1696999166, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696999166, "uuid": "faa33e8a-b82f-4264-a19e-4735a42b8e31", "comment": "Malware payload (Tofsee)", "value": "c6e98154d70ff945b57a34672b079f8b", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696999166, "uuid": "7218b690-b317-43dd-bebe-dc8fb9cc01a1", "comment": "Malware payload (Tofsee)", "value": "effe259551ba3d74c30cf199724bde0dfe868f151888a1db4186f09a87f03430", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696999166, "uuid": "a579c507-ba19-43ea-914f-645e21499e06", "comment": "Malware payload (Tofsee)", "value": "974ff92bf1b05ded542f78d1cacbe393e45d14ca", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696999166, "uuid": "6eddc92c-24ed-4388-bd65-cc4691c74766", "comment": "Malware payload (Tofsee)", "value": "eaefeb1238d48b89a70ed0a86c6cad192aaf6e98150a2f39aaca363d4be938c3455585584267f701ed1dce07a9e8b3e3", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "Tofsee", "colour": "#0155AD", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696999166, "uuid": "f440239f-459f-48c0-bf8d-db2b4fa1aee2", "value": "T14424CFD17982D872C8434034B824C6F4653EBC729A6D4A877BA83F7F7D313A2A776251", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696999166, "uuid": "bf5f8619-b692-48dc-81b5-2ea38f59ad23", "value": "1779cddf5976b55ff16f4e4d4c8ed385", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696999166, "uuid": "61224c1f-aea6-4047-98c8-8144cadc6d0b", "value": "3072:uXpHrHDK4ViDgeUcS9F6Yl2DcCqWl6t/CM4Q77JubohP8S5lOMIqTyh:2hDDDiN7Sz6YEDzq+j677GohP8+IqT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696999166, "uuid": "6a411779-7fe8-4d70-9bb7-1664e048379d", "value": 229888, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696999166, "uuid": "a3856796-c5d6-4265-a8d2-e28ea60b7d99", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696999166, "uuid": "b49f39f9-662e-462d-a949-bee744bc7c59", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "35da9deb-685f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697046862, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046862, "uuid": "7e798774-c647-49de-ab1f-3db18dbf496d", "comment": "Malware payload (RedLineStealer)", "value": "c1f6e255f70fc9a02e92634126e1253c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046862, "uuid": "6a42a5f7-865a-423c-94fb-fb49fdea9219", "comment": "Malware payload (RedLineStealer)", "value": "f067fb47e7f40f608f4357390d34f8c5eddce97262aa7c31dab67f1e492faf36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046862, "uuid": "a4127371-9490-44f8-b853-c28134e38de5", "comment": "Malware payload (RedLineStealer)", "value": "0a64efe0d090fb0c83e9e617fc29f864361b586c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046862, "uuid": "0bba0f81-14d6-4a02-aff1-2b00b854d46d", "comment": "Malware payload (RedLineStealer)", "value": "1c022931e0607e8d1db505fa00b5eb461da63831712f21201f8ff4b07580a557af3fd46f4c44f9f1758a7b8c38b5fe49", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046862, "uuid": "1ecb61aa-0a7e-4963-a378-b8ed85b1da67", "value": "T1C2652397ABDC483BCAF917714CBB06535A7ABC724E7C821F1348B81649B2991817237B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046862, "uuid": "8806b33e-9a68-429a-bd3d-1cba59889b9e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046862, "uuid": "097a5b24-d364-4df4-87e2-2a4e390ae5fb", "value": "24576:CywDQp4Cil9gOcG7ZtAivDVCGZZPnnFblfWES5XDLZVeYqpU:pvp4y8Z29G7nnNlfCXDLg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697046862, "uuid": "e965f258-4443-4705-8acf-0afd11a1e616", "value": 1545728, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697046862, "uuid": "0c441312-af30-431a-ab83-0f9626b0902e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046862, "uuid": "1c0992a0-bae2-43f4-b6bb-1a5d257fbf5f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "0b4fda35-681b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697017585, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017585, "uuid": "dfbe9c88-c243-4ff2-8846-98c78565128e", "comment": "Malware payload (AgentTesla)", "value": "bd41a664cce2a8c5a6187158c55923a9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017585, "uuid": "2b01da05-68b9-497c-9a29-f9fd79576309", "comment": "Malware payload (AgentTesla)", "value": "f145f36aa497658da5636aa915713d29f838120ab5755188e0e08b77b3eec90a", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017585, "uuid": "ec58c389-3338-42b1-a153-991e3e0fa116", "comment": "Malware payload (AgentTesla)", "value": "f6640d62e9d2e6ba4c2e8ad2197e55b28d3d0fd3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017585, "uuid": "d795bc33-7672-4db1-a4f9-155df08a1571", "comment": "Malware payload (AgentTesla)", "value": "fbe3dfdfb9f0aeb572923d548f74bfc73edb3be5ea612e33a9e2a9ea036f752856eb8c893163e6e168c0a0404437c741", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "bat", "colour": "#2812F5", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017585, "uuid": "df9e1caf-e9d4-4a1f-b6ff-eff95614f09c", "value": "T142252330EDB16D2D877C8A2A15B72F5F2D790FD0C405ACAFD685369B6F99B0382090B5", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017585, "uuid": "07f2bf7a-5519-4525-bfba-f1bb6c31e117", "value": "24576:LvZCKnwZzZwONzU1eXzFZdwLpZlhDUufo0yL00UY:j0bxOhs9YzY", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017585, "uuid": "b5580835-4120-43f0-a4a8-24ae50d46a0a", "value": 1038974, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017585, "uuid": "f4fbde06-0094-4a8e-a98f-11ff2d136753", "value": "text/x-msdos-batch", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017585, "uuid": "3c2f2169-c2e8-477f-9e37-dcc76bba905a", "value": "New PO NLDB-078000.bat", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "aef54eea-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052649, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052649, "uuid": "0bfd553d-81d3-478e-a93b-b91376644cb8", "comment": "Malware payload", "value": "e527ce778bb1adb4c6a6be889261f0a2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052649, "uuid": "99728be1-d511-41c9-8cef-35d978309a0c", "comment": "Malware payload", "value": "f15022d404e4fcb0e4dbe11c0f3b964a81f3a77a0e2c5d5c912eadf7c0a9392c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052649, "uuid": "ff268019-3f73-42aa-800d-91f121132910", "comment": "Malware payload", "value": "ae80564e919c3c1aaba9feffc7b3acaa53814e18", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052649, "uuid": "7adf2a8f-fc47-42db-bf86-fae091027d1c", "comment": "Malware payload", "value": "39950071e8e8a7a1a7274b4e5bdab66d27578f8179af3459b6dc645a0c5624ce61c1233945b7394d3a3ae9b9a991a526", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052649, "uuid": "e8159517-1ce9-4db5-ab4f-aa75ab608119", "value": "T1DEC53346FAEDCBB4D6259A714A2457E32BF94B297F1D48D78B901D033132294AF3A04F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052649, "uuid": "89e2b89f-53c2-45f2-ad83-8f2f5a846f49", "value": "f6baa5eaa8231d4fe8e922a2e6d240ea", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052649, "uuid": "f987a929-0a08-459c-89d9-5c4adaeb3bb4", "value": "49152:u25QmSMkkcYxal0ARDomlahIvy9Y6PTj/jpm5xmkmaC8uvY9/QXwgbYMHDl:u25QmeUxalVDoVhIq9Y6LDjpm5Wy9/Qd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052649, "uuid": "237678fd-3bd9-44d6-b2e6-c891874f5bca", "value": 2623784, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052649, "uuid": "1eb81ee9-f9ec-40c1-afd6-c1493fb150d7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052649, "uuid": "5ecf1c0e-a5a9-4eb1-906e-e54e99c53ba9", "value": "e527ce778bb1adb4c6a6be889261f0a2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "961e7f1d-6881-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Backdoor.TeamViewer)", "timestamp": 1697061627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061627, "uuid": "0d98c79c-a321-4fd5-8392-58f2392d0071", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "36ef3e2a4aa62514039526559f318fb0", "object_relation": "md5", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061627, "uuid": "e8ab3f73-9d20-42f6-943d-08ca09a8d0a9", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "f229cb277d7c162d246b31115b5b1249f1a5c5cf355849c3d62b328078ec0a66", "object_relation": "sha256", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061627, "uuid": "be949765-ced7-4546-8efc-e7c122573ee4", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "4062d1727e99a687a76ece7c8e6a11da33ed97da", "object_relation": "sha1", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061627, "uuid": "b83edbad-841a-4399-98fc-201f6d6e6977", "comment": "Malware payload (Backdoor.TeamViewer)", "value": "f0dd8905caf2dafef7289d914f407823fb868fbd1dfe6349014750ebf748d62db0c08af10a4b31c5af699c086445bc36", "object_relation": "sha3-384", "Tag": [ { "name": "Backdoor.TeamViewer", "colour": "#CDC4B5", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061627, "uuid": "9bcb4732-6850-4655-82de-e9d6ec59a6d6", "value": "T11144AE1075D2C473D433B53209E4EB766A7EB9600BA14AEF67D40F7E8F202C1D631AA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061627, "uuid": "5e060d33-9b73-44bb-b122-fa7ee884cb7f", "value": "ec52118c8f3a38f5cc07e496f7fb55f8", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061627, "uuid": "21f80ee8-f068-4309-aac7-b20de167ff71", "value": "6144:7D5fTqHz6GV3Dmsiwyf0LvfhYuJAOZruBzeQrQS:7D57QzZV36YLquJnuDrQS", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697061627, "uuid": "f2118faa-2b58-4dd4-834a-1bce16334278", "value": 277880, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697061627, "uuid": "abc857a0-4361-484f-b99b-a01dd5758a1d", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061627, "uuid": "dfdbf958-b421-43d8-b9f3-f7dc42398bdb", "value": "36EF3E2A4AA62514039526559F318FB0.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ead50232-686b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697052320, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052320, "uuid": "41298839-5b23-48ac-859a-0456f8d63b6e", "comment": "Malware payload (SnakeKeylogger)", "value": "536a5ff0f223a0ce1fa5601624a91f1c", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052320, "uuid": "ddde9a81-e83c-4d2f-be73-c1da2a64a2b1", "comment": "Malware payload (SnakeKeylogger)", "value": "f2d0ccfeeee010d03dbd6ccabf18e33fd6de842be318b5a800ad7793848ea410", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052320, "uuid": "9ba83ebb-a4e6-4307-9715-f056613bdddd", "comment": "Malware payload (SnakeKeylogger)", "value": "e785ec6acb47820681a2047388d3aa4c3f008e7d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052320, "uuid": "c3c8c8b9-1511-4a58-8b2c-4697c9f38991", "comment": "Malware payload (SnakeKeylogger)", "value": "b0888a84c35f18ffd88b5e029ceda0e1de8eca7c5b660dec1e6a6819a0beb2b6fe1331e71d73b98a9d924b9861c4926c", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052320, "uuid": "632f748f-2b0d-46bd-83c7-037946882d4e", "value": "T138D40140B3BA9B27EE7A47F58A60261487F5381F7A3AE3905DC1A0DF6865F405E41F23", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052320, "uuid": "83dd6dba-27da-49c5-aa75-f78d4e72d49a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052320, "uuid": "5a3829ce-b3c1-4276-a129-c0f483360bca", "value": "12288:fTdYX9KMtD/F3LjRULYFVbVmk8mADwrbTeLKZk7WW5Z:GtRtDd3LlULUVbVmpmIwrHd0WW5", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052320, "uuid": "b7b2b512-42fc-4da1-b4a4-ab1de7023bdf", "value": 599552, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052320, "uuid": "aa5124d5-c061-4eb9-852d-d5157dc64ffd", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052320, "uuid": "68437305-dd64-4cc2-95a0-2270546a540b", "value": "Purchase\u00a0Order\u00a00156070.PDF.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "cb18df7b-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067729, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067729, "uuid": "2f981892-d337-4674-8179-b098931224df", "comment": "Malware payload", "value": "944ee5fac202cf47b1728a82be4ee674", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067729, "uuid": "8d8bf75e-2fb2-4761-ad5b-8221faf7cf78", "comment": "Malware payload", "value": "f3100825207882bc6014c3f5b1a168e5e0328e41869b2f360a3733da2e096e41", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067729, "uuid": "f8b92370-1c77-4911-a9ca-b536932616f4", "comment": "Malware payload", "value": "39e6f60d127965177115f3aac5d77602f4193e9f", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067729, "uuid": "560a3f0c-cabe-420c-9989-b4e4a8fd7837", "comment": "Malware payload", "value": "38b1eef7c107387e8583a83737b204697677d8bd454ad5e65beb235f9a5512353e3874943af71049162fc5766f7f6cd5", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067729, "uuid": "5fbfe206-64ae-49c7-95db-4c323a673dd8", "value": "T14B258A3223B22F3DA278FBF600DD154B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067729, "uuid": "d6f33993-7e59-4b46-abf5-32751121921a", "value": "6144:a/52l5Dvrnp0rGQ8SbVpD1xkITKQLaAzu1xPNdw4xvDlz/jpX7gQRwsyL5hSTdmA:/mPhxYVnx5HZ0moFZeu+SglT", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067729, "uuid": "61268400-29bb-4a84-97cb-26d0f47fbb61", "value": 1037155, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067729, "uuid": "46145546-48fe-4512-b43b-0857f01e0bea", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067729, "uuid": "21e162d9-3a66-44c4-b7ba-69d0afee670a", "value": "Offer[2023.10.11_08-07]_3.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "baa58f8d-6867-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697050521, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050521, "uuid": "410fc3f0-987b-49da-87df-263d2daaf6a0", "comment": "Malware payload (RedLineStealer)", "value": "a99849afc667e01368b04b3c40273fe4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050521, "uuid": "b414ed43-edea-4d54-baca-5eab5d17df41", "comment": "Malware payload (RedLineStealer)", "value": "f322fbe0676ea43a8ce1b98e0b77bd49908d7e5d93b237283c381a67fe213d4c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050521, "uuid": "9bc36fc0-b6b3-4c1d-afd4-c5653105ce9e", "comment": "Malware payload (RedLineStealer)", "value": "6ef611b06995d3286067d74d76a8249477d18021", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050521, "uuid": "54405da3-980a-433b-ab55-3a3468f81d9d", "comment": "Malware payload (RedLineStealer)", "value": "a43d451f1ba1fdae8fb9fa0aa75e7139d7a2ca26f0f078275fcc1d060f48116b67ede8c68643ee9702a7cc7bd0743bec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050521, "uuid": "5375f647-0dc1-4afc-980a-4ca998455a43", "value": "T1DA852313EAE44073C6A557B01CF717871B357CB788A8C2B71318A90AA9B39D49B3974B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050521, "uuid": "e06ba4eb-8700-420b-b206-8a72d8c2dfee", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050521, "uuid": "bfb3c260-f436-474c-a22e-32468d7b81ef", "value": "49152:zBMXENLKZ3XxwvLGZEeZecCrxyPyuVI/u:G2LwwqJAcCrxyPyuVeu", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050521, "uuid": "3e141c0d-4257-44b3-8407-e6451e3ab73e", "value": 1775104, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050521, "uuid": "1ecc87e9-50b3-4566-96d7-5ee60323a567", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050521, "uuid": "60010a8a-1107-484e-b041-ee81e3fd4d4f", "value": "a99849afc667e01368b04b3c40273fe4.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b78f0a44-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052664, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052664, "uuid": "947b7d4e-2706-4ef5-8a73-2682acd8b72a", "comment": "Malware payload", "value": "2a31f0b1adaedf380035dc18c27e9438", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052664, "uuid": "a12ec4c6-da59-4517-81dd-31963811d6b0", "comment": "Malware payload", "value": "f3690441d255e923934221ee1e394f3536a11ce793d34c6466ce7a29e2577857", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052664, "uuid": "f35df45b-9403-4302-bd04-1bfa01f5e711", "comment": "Malware payload", "value": "2b879c1f5a76c40207125d7d804703576f68e70c", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052664, "uuid": "842558f3-98ab-4052-8369-cb9ebb8083bc", "comment": "Malware payload", "value": "fcab2be125c691a5e15cc1dfb4f35da7fc2f7bbf0eaa490e15a9d5560eff7a2fbcd308a441be9f2a5cafa85949f0a2b6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052664, "uuid": "a924a139-3174-482a-b222-59f5e631c984", "value": "T146547D03B3A17C67E5624B329D2DC6A4362EFDD28F18669A22547B3F4C711A1C672B13", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052664, "uuid": "4c513a30-ff86-4162-93b5-3d1c707307fa", "value": "c0a3c238d9ecfd3e9ab3d94bcbfed84e", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052664, "uuid": "41c45021-8160-4688-a19e-706a0f0dc4dc", "value": "3072:wvNXfrYz6tXkzdabVOYchPp1M297RUFKlCM54Q9CL1630:CNzYz6tXUyVe39RJlCM6Qyg", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052664, "uuid": "77cdfc88-30ac-4013-8832-8074c932c391", "value": 301568, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052664, "uuid": "4a6df22f-469b-474c-a794-da8f5ff78942", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052664, "uuid": "27235ac3-504e-4902-8271-f4cc0c442f30", "value": "2a31f0b1adaedf380035dc18c27e9438.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "4720b879-681b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (SnakeKeylogger)", "timestamp": 1697017686, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017686, "uuid": "b476215f-c7cb-4a98-af84-f0d94c311af0", "comment": "Malware payload (SnakeKeylogger)", "value": "3c37e9c7692acfbcd640098bf27b96e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017686, "uuid": "adc24289-0d44-44eb-a798-13dd4ed4f43d", "comment": "Malware payload (SnakeKeylogger)", "value": "f4126cc3a40b984f3b96ff7c372a7d97060d55c7394ea3f7fc9fae5f9ccb2554", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017686, "uuid": "2c32a529-f365-4a98-970b-37dd8a46fb3a", "comment": "Malware payload (SnakeKeylogger)", "value": "45351a864e8fc5bb40c0ded7f6cae5bb2c756d44", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017686, "uuid": "407a94a1-1a09-4b6f-80e8-a9ab26efe402", "comment": "Malware payload (SnakeKeylogger)", "value": "a2b46a40f175555f50f1eda708606022e43c9a887220088af8c9a55571301cb1baddc09be4288027dbc9b6815ebf97ec", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "SnakeKeylogger", "colour": "#5385B9", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017686, "uuid": "6d5eaaee-9dbd-488e-b6e2-5d60abbdfeba", "value": "T199D40140B2B61B17DE7697F6822029284BF5355E7A3AE3941DC2A4DFA472F014F81F27", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017686, "uuid": "ec075ef3-549e-41f6-a3fd-a481e232885b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017686, "uuid": "e0cfd380-e0fa-4819-98a4-d4fc18b4e9ae", "value": "12288:Q5YX9KrQnZEtGI0IWwtIspPgX/SSONPMDn5yX6CPnDZ:pt5EQ7IrIMZSONED5yXvD", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017686, "uuid": "31b0a93c-fbf8-4984-847f-66975b4b357e", "value": 600064, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017686, "uuid": "36383fa6-b39f-4ce1-8c2b-92093c8500f7", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017686, "uuid": "21d88f96-70ca-474a-998c-842360f4075a", "value": "Request for Quotation -E23101031.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "dfbd6be8-67fa-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697003768, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003768, "uuid": "41eeb45c-ea91-425d-b694-886d1d03292d", "comment": "Malware payload (RedLineStealer)", "value": "904b6d65e09be60c90d6e71662fc7292", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003768, "uuid": "1f6b762f-8015-4307-b06a-b4e93dcb13e9", "comment": "Malware payload (RedLineStealer)", "value": "f49343bfc25ecd817401e6c9c4773a9861f6eda31766f99a599d18b1539f5875", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003768, "uuid": "2e082104-7734-4003-bdab-8e7712d15ea3", "comment": "Malware payload (RedLineStealer)", "value": "023284f3332f9a7b11a511ca41d8a7d88c7d8dba", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697003768, "uuid": "d7ff8460-05af-4477-8946-aed8d06b4ba8", "comment": "Malware payload (RedLineStealer)", "value": "8221ed04726463e279f8176daea8ef5ba017202af171fa7c679a90c3b60f4263cb3a40a55c6af2c7a0ac6736cb55e45f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003768, "uuid": "73866d4c-42f9-45a7-808b-11dad947c4a1", "value": "T19A352323AAD840B7DC35277058FB25C31D3EFCA28ABC8B573245582E49B26D5E4B531B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003768, "uuid": "fe0bd018-02a5-4a14-a787-fbda664758e6", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003768, "uuid": "07fbb776-6e72-4c17-9963-da7fe1bcd3c9", "value": "24576:3ySwOBH0/SMI0fpBQkpY+vYp/Y3GvKxqKcpteLqLf1Iz:CSBBUzfpCAY+YdY3hx7cpte2pI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697003768, "uuid": "b3c0f26b-c607-4b50-b8a8-0d6f0180cb82", "value": 1076224, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697003768, "uuid": "621d8802-c3d4-41f2-b1a6-39948a4c04b4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697003768, "uuid": "25eba173-2ba4-4db2-9883-13e4f7e748cf", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "072082c1-6829-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697023591, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023591, "uuid": "326cdb2a-1399-4aa4-ac0e-ad0729aca769", "comment": "Malware payload (RedLineStealer)", "value": "014fd98c63c3dda34bb0a578da975137", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023591, "uuid": "8be5f8ba-a667-457c-b026-cd98a5c46df7", "comment": "Malware payload (RedLineStealer)", "value": "f4e66f09c5aaa89d70b5ad175a7990a3cc3f791755b43d93d91650f14d6e3243", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023591, "uuid": "fbef1ac9-2467-454c-94be-a5aed55bde64", "comment": "Malware payload (RedLineStealer)", "value": "840b7ce7d575e9d041a8d272f989c2df28c66509", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697023591, "uuid": "58d3251b-0573-46ac-8253-fe3242c63b13", "comment": "Malware payload (RedLineStealer)", "value": "6cae4c4629e954b0ba20ade85499d11370eb1fd02b9186798709c54d21fea83b5b9909adcdae0a49fd1892966f3f26dc", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023591, "uuid": "cd6bec94-c7e4-462f-9223-412b29ed00b6", "value": "T1D2352307A5D88472D8F12B3408FB27930B35FC724934876F7781A89E8AB3554E971B7A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023591, "uuid": "bd270f6a-aa59-4556-b893-2674f971b07f", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023591, "uuid": "12f98d32-ff74-4192-a03b-f1c45c23e01f", "value": "24576:2yzpVwaUqX/LXppBK1SI3LdvxwMxP0inDwyZiJ9rhAi/RY8j5W3:FzPNzLXpRI3/wMD8yQnrhAiJY3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697023591, "uuid": "67843df2-1115-41b0-b388-433979b9f469", "value": 1062400, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697023591, "uuid": "0d602312-3c08-41f5-ab83-54b831e71c94", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697023591, "uuid": "82f97dd4-194d-4bc8-b294-fff0eca8adb2", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d57b9fde-67fc-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697004610, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697004610, "uuid": "b041d1d0-4d0d-4b86-9dd8-2a5f34f977aa", "comment": "Malware payload (RedLineStealer)", "value": "a6d9c80447ac285b696d1622cf7d0059", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697004610, "uuid": "c3607076-7306-4a7d-943d-9581403f1570", "comment": "Malware payload (RedLineStealer)", "value": "f510b27eb8023094855d35dec346d3b78409919bda9c7fca0157a92169d7f76e", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697004610, "uuid": "b776508f-da60-4e1c-bb1e-94992724c885", "comment": "Malware payload (RedLineStealer)", "value": "84c56285e0c3c2190c56c1f6c2ff92501e038805", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697004610, "uuid": "00433efe-aac5-435c-bd62-d2994f497af4", "comment": "Malware payload (RedLineStealer)", "value": "b954bdbebad3deae2eae2481ea2bebf77813f0ef5323df0313478bb228a1faa31056aa1b4b462501663c4a61b0a866e5", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697004610, "uuid": "c1c134ac-f682-4de5-ade5-e1764296024b", "value": "T1FE3523639BE49126C4B407B059F317430E3ABCE1D86C537B2B96986B0CB25D0E572B7B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697004610, "uuid": "87426bb9-2d7c-4c9e-83be-1727c4598582", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697004610, "uuid": "f2b9b378-f60b-4ddf-82d3-1708b6dae936", "value": "24576:dy6MmzETHh5EzHHvzDJgnXsAgG2tcsg6bqpDtORcYO0jas:46Rzeh5ETvPJIlgy/d0RcYO0j", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697004610, "uuid": "596561a0-c1ce-493d-a66b-d3def472219c", "value": 1074688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697004610, "uuid": "4f6907b2-a14b-4d1b-9c44-617d7c864c23", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697004610, "uuid": "f57e13d2-501f-40ad-bad4-00c30306cfa7", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "a565dfe5-6804-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697007965, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007965, "uuid": "9deb32bf-fbc2-4529-98c6-30a35f5d417c", "comment": "Malware payload (AgentTesla)", "value": "4efcfa2947ffd17dc6eec46cce944ca8", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007965, "uuid": "40654f67-53d7-4f23-a04b-868cb1995534", "comment": "Malware payload (AgentTesla)", "value": "f558eaad4a2b231cc0d06d533dd1b425ae5791c69d057e52f8d065b1a69f9057", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007965, "uuid": "795b8ab9-da86-48c6-bee0-2754599342bc", "comment": "Malware payload (AgentTesla)", "value": "efb9d57de8b99eff620d613c49c43cbbc5fc6886", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697007965, "uuid": "ef3c1f3f-8d79-4b8d-b8bf-0abb11914bed", "comment": "Malware payload (AgentTesla)", "value": "9b982dfc35da6c8bb05c700eb4f0dea8a2de8b1a79c6373e5fc9b98c8d6d41893a91faa86e9b956630b158e68ec9e693", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "trojan", "colour": "#F7D566", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007965, "uuid": "61852598-1411-4cdd-ba18-ee547ce2200c", "value": "T196E4012963B82F27E67547FE4074029003F9562A5530F2A91ED2A0EF2CB1F25DF52E67", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007965, "uuid": "e526f5c7-0f6d-4b49-8efa-06ed7aa659d6", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007965, "uuid": "e3c450c7-ff89-4ebe-9180-1b024ee73b72", "value": "12288:LHX9KuauiYvaMrz1hCcvlaF+Q6KtiBZed0s9fOcDTYtje/rBlnWx3Vz:LHtxa/SlQSs+rle2UOcDTdTMd", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697007965, "uuid": "ab877843-6417-4273-b7ca-bb90d3af404d", "value": 717824, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697007965, "uuid": "a1afb1d1-8353-4882-955d-56d5db96297c", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697007965, "uuid": "1c0077f8-449f-439e-b1a9-7d88ba69cae3", "value": "4efcfa2947ffd17dc6eec46cce944ca8", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "c6d5eb4d-681b-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697017900, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017900, "uuid": "39c54bf1-a449-4b0c-80b1-d7cd7c14976b", "comment": "Malware payload (AgentTesla)", "value": "a92821dede6218f813696d1a058ae9dd", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017900, "uuid": "18b7bef3-7f9d-4a5e-b05b-648c0f7ca3eb", "comment": "Malware payload (AgentTesla)", "value": "f5bf96b8b4dbcaefb28de614a310a78b5abf3f61d97efdf1f446ab3acf0a373e", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017900, "uuid": "2932ce38-d988-485d-8d7d-1d5dcf38f044", "comment": "Malware payload (AgentTesla)", "value": "3714557ca1d49e729c6f8a6923fa3fd21898e7f3", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697017900, "uuid": "b1bfe5ca-7b65-491a-b214-9e4664a3f2ae", "comment": "Malware payload (AgentTesla)", "value": "3a9f52420c96b602378e521b8173d380d7ae37a801935fa3097526ed7917fa7d781b0d2651fe5bafe163d65ed1cd8373", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017900, "uuid": "aac4893d-cadc-4b9c-a029-4d679c748eea", "value": "T1F9F4F1057AA8AF53DD3583F2466454401BF63C6F1534E298AFE232DF2871F806AA5F47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017900, "uuid": "9d3a06fe-a7e9-42e2-84ec-8f10643e7f51", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017900, "uuid": "c73be22f-3d90-4ad8-a070-8986f9c38cfe", "value": "12288:95Te+X9K04x0vknAGqeRYytwBDJZ6FUbJwplZekgEyGcyhGGFgG88FPW4:9Ze+tP4x0hytSAF7/nypc9pW", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697017900, "uuid": "1e21169e-63bd-430f-bec1-2622f08dd7c4", "value": 779776, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697017900, "uuid": "2b2f3808-3b71-42e0-9db8-58a93490254f", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697017900, "uuid": "6de4fbb9-01c5-48bf-99ef-c7dd1f53c8b0", "value": "Notice of payment_SWIFT BJ23004300IU.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8a2ff895-6881-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697061607, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061607, "uuid": "684a3720-db3e-4423-aadc-1b950f25430f", "comment": "Malware payload (Mirai)", "value": "05eeb8a31e753d107668c43056f163e4", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061607, "uuid": "11a7f2e8-6c44-49ec-803c-d1e4df6c3738", "comment": "Malware payload (Mirai)", "value": "f5ec069f87a976f707f715c6de73ed04d054706d79a8237c4f305d630e42c5c4", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061607, "uuid": "202e75f2-4942-43a9-a362-e12efdddde82", "comment": "Malware payload (Mirai)", "value": "e362795764d044c8d4a7973ca3a260f46053fdcf", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061607, "uuid": "86a3340d-82ea-44e5-bcc5-fc4b5985675f", "comment": "Malware payload (Mirai)", "value": "fac73cb3d3493b482371828a56d56c79776afb7034b98f49939ef243e7afa15c5c383321f1e5fefc2f6397191495a2b9", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061607, "uuid": "90cf94b9-93c3-47d5-8ac3-bb54cfdf337a", "value": "T1F8D33A46FB818B13C4D517BABAEF41453323AB64E3DB730689285FB43F8669E0E63505", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061607, "uuid": "56680bb8-1143-4a0b-b029-805236e7a7fb", "value": "3072:e15+W2SygG7J42DcVH19JsHn80wIte2Cu1pM/9ED:05+WRygGlqV9JsHn8pIPCuDM/9ED", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697061607, "uuid": "8b902c6e-447c-42f3-9be5-52c0f1340a32", "value": 134437, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697061607, "uuid": "cc7fdcfb-5bfb-4103-a151-0eea5dda2200", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061607, "uuid": "b787164c-8e24-47a1-8734-cccbcbe154cf", "value": "jklarm7-20231011-2200", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ca2b07aa-6835-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697029072, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029072, "uuid": "941866f0-ae4f-4b77-b103-5232d4088f35", "comment": "Malware payload (RedLineStealer)", "value": "2320b216a2b1defb353d229312b1e7e7", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029072, "uuid": "ad0b457e-7c02-4a91-9c02-c297e5134c08", "comment": "Malware payload (RedLineStealer)", "value": "f60a5df567f02543e16896c85f13687b1e01c2940abb77e506b390a7fa2c06a6", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029072, "uuid": "39df70d3-5913-45a1-8603-900a56bffdbc", "comment": "Malware payload (RedLineStealer)", "value": "d695d8a01bb365f47df7ab20e081e5353cb89eaa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697029072, "uuid": "37694989-2d4f-44b9-bf39-6bd4af1eefb0", "comment": "Malware payload (RedLineStealer)", "value": "acc6b62792536d008e97d7df6b37d7b75dca3c1108782006e6d72dcf27597cf63731c8ab4ea8beb0e9b0ab143ed2224d", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029072, "uuid": "ecd9d1df-d758-46d3-bbdf-33ed0ec05aed", "value": "T1D6352253E6C88567EDB603B08CF616930F367DF10EB84B972296F0692C63991AD70726", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029072, "uuid": "ed898eb3-bfb5-46b4-bb10-7af082b7d87e", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029072, "uuid": "a74f6ea7-46dc-4598-a3aa-47895d48e331", "value": "24576:6yhxDmrXNYwdO8x7Rpri+aSZPhjN/6vK4QWt1KlHWRF30r6:BLm55dZRRISPDivK41t1KlHWv3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697029072, "uuid": "3d8f0769-bb25-4124-867d-b61abc75b18b", "value": 1090560, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697029072, "uuid": "12dfe818-4c2f-4859-944b-2da6a739e2ce", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697029072, "uuid": "ea7c51b8-245a-45b4-bbf2-c22076c9ae2f", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "54d03695-6824-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697021574, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021574, "uuid": "188b94f6-cc27-4087-8c97-9b12977c0145", "comment": "Malware payload (AgentTesla)", "value": "667cb2d162ecbe7fd55e18abcb4392e9", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021574, "uuid": "4a3b9c96-cb83-41c9-aa7d-b02e9bf16be1", "comment": "Malware payload (AgentTesla)", "value": "f677b47b1c385c7143f9f1e35ff5f1d972fc28ff87a24ee66c9f1db09e67251f", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021574, "uuid": "cdfac983-def0-4594-bc08-f2819e961f24", "comment": "Malware payload (AgentTesla)", "value": "b41798680f21130d900dbbb2503fe2ac53eaa208", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021574, "uuid": "c14a6410-7c7b-474f-87d8-922bf1723da3", "comment": "Malware payload (AgentTesla)", "value": "bd28b7b52ea32c84b53f3a6cd91a10297de7cdca5f83726c67735bb5e6b28591320556bbffa99012cf02597845eae9d2", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021574, "uuid": "e3fe7c4e-c793-4f4a-b520-8cfdf9f2388c", "value": "T1BAB47B8657510C72F2BD4AF5888D1474276AEDE2AEE19D59E84D748223B03BF10FE90F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021574, "uuid": "e7f92fab-7339-40ef-a3c6-536aa2af202a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021574, "uuid": "d14514ec-602d-4703-a1a3-0cb904847764", "value": "12288:kEvpq4slFeWLOBLOUjEbTwIM+zSpUEi3MB:dvUBlgWyBLOUjQfMjRi3MB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697021574, "uuid": "64628976-0bc2-4439-8c43-6083c6175894", "value": 520704, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697021574, "uuid": "1ad6b2ab-e628-4cba-b447-a2f8dec837e4", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021574, "uuid": "ad075535-dcbd-4d02-b11f-962b18fdc213", "value": "f677b47b1c385c7143f9f1e35ff5f1d972fc28ff87a24ee66c9f1db09e67251f", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "567e63b3-6845-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697035750, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035750, "uuid": "fb22dd3d-d3d2-418f-8e1e-d5c44d3d5675", "comment": "Malware payload (AgentTesla)", "value": "636a0d3559f741cefd1db17dc0a686be", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035750, "uuid": "a2386a11-c48e-4ef9-9f99-6e44a9c5c3d4", "comment": "Malware payload (AgentTesla)", "value": "f6f109e285bd5038b106c75d522b145caef0ec4b0ec113f7cfbd75d7475030d8", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035750, "uuid": "f3b55e64-70d1-49aa-8559-2ca64fb51162", "comment": "Malware payload (AgentTesla)", "value": "90b41df4a5908ed58e19494dd4743d1c7dfda932", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697035750, "uuid": "10432bda-57b1-4904-9ea4-b7edd0d18310", "comment": "Malware payload (AgentTesla)", "value": "7d00e9b0953f22ccdb781d34929e9f549346e172b16fc690a45f55fcf45863363983096ff2a558b30dbc9e3498bd1650", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "CVE-2017-11882", "colour": "#945F25", "exportable": true, "hide_tag": false }, { "name": "doc", "colour": "#473107", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035750, "uuid": "77520d8e-68f3-4369-9720-d6caba3a5ae3", "value": "T14853E12DD34F41A98F561376AB2B1E4542BDBA6EF38552B1302C433433EAC3DA1252BD", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035750, "uuid": "efcd4488-4f64-4cfb-b4fa-42ce0a7f38af", "value": "768:ewAbZSibMX9gRWjiGrd1wK9AKEC5RAV8n8AFtk+9s:ewAlRox1wKbEL/Ark+9s", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697035750, "uuid": "8e55f76f-7eaf-4b98-b6b5-3ba24e3a939d", "value": 61770, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697035750, "uuid": "b442f94d-275d-436f-aa8e-ecf75460c5c2", "value": "text/rtf", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697035750, "uuid": "2755d6c3-8538-4834-8f9e-d001cbc42680", "value": "Payment Advice.doc", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8f39ca83-6856-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697043147, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043147, "uuid": "ddac76aa-8776-4d4d-846d-4cbdd3e92772", "comment": "Malware payload (AgentTesla)", "value": "a7b1f0663d3c5dbdb4e5c8242981dcaf", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043147, "uuid": "f6fa8fce-ba5c-4825-883f-9545a173a79c", "comment": "Malware payload (AgentTesla)", "value": "f74c6a3def1ced2a6e4bc81fec1b4f062eba67ce271ca4a47271631986a6d1c3", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043147, "uuid": "1d6f0359-a962-4fc2-83bf-7d82e7f69022", "comment": "Malware payload (AgentTesla)", "value": "072af6ad363874ab2eb4a365ad449983b144f2ff", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697043147, "uuid": "374b3e0f-b7db-4152-9dbf-7dd689389686", "comment": "Malware payload (AgentTesla)", "value": "e75e6f00fcdcfda9ab6ea54267c4dc5bfda4bc14a78864e3ad910e32c7a96c7e0ac2db3461108126f299af1e33f03707", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043147, "uuid": "35b24765-6ac5-40ae-bcd1-22fc559a2397", "value": "T15505077C15689A8CF7A482BEB2724CFF57923C1F40B7B5F7A12CB4970EA97D24402661", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043147, "uuid": "c3d2e0d7-ac64-4744-8db0-d772c182909f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043147, "uuid": "16936154-bc86-4cb7-9558-3f4502bb6174", "value": "24576:H7tUF6iGjItxdCRnPLJZy8Tzh3GjXWpE:HBPiOQxUFPLJZyC92GpE", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697043147, "uuid": "eb1b33db-1258-4f41-ad17-c31be5cac1c4", "value": 830976, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697043147, "uuid": "7414e5b4-9dca-4cf6-8f72-859594f40a32", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697043147, "uuid": "2c577184-edd4-423b-9382-3e5762a92b70", "value": "COTIZACI\u00d3N.pdf.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b1305b65-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050935, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050935, "uuid": "95b05e04-d44e-4599-bc3f-32d769fa7c38", "comment": "Malware payload (DBatLoader)", "value": "fe7b441cbc39bed4b7025091398c0a42", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050935, "uuid": "281059fa-2575-42d6-9b10-fbbc97c1491e", "comment": "Malware payload (DBatLoader)", "value": "f75bcc250ddc6772d6aea9331879d102ee83b9e6b707e252d4771b02c5df9001", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050935, "uuid": "c049d97f-c6af-433a-bc4d-be5de79af68d", "comment": "Malware payload (DBatLoader)", "value": "f0e94d7bf89a53281a42ab8218be8a2ddccd5023", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050935, "uuid": "69e6f5ea-5538-4164-8811-6e1ded420c23", "comment": "Malware payload (DBatLoader)", "value": "325b02f0992fcb349cd2d1a395a9184fac6884c60c6371512ee4087c1430ec814743f02f0147d705407d1e42d645f6a1", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050935, "uuid": "7c73effd-22db-4fbd-b858-203567609113", "value": "T120356B34B37108B1F5A976B5D90A67F41EFF27EEA944289982743D1B1CB27813E2106F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050935, "uuid": "fc8fb7c5-2015-4f74-b88e-25dd0c9bf905", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050935, "uuid": "e97a1883-8122-482a-8383-0dfd7f54ae04", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5e:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050935, "uuid": "9ae06a4f-4ffd-4850-977a-e0dca4101952", "value": 1124352, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050935, "uuid": "f202be13-f13f-410a-992e-cb9ecf2426a3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050935, "uuid": "8acd0b22-b6c4-4d93-a706-625ff1383559", "value": "Notification from SARS.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "57d360d6-685f-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1697046919, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046919, "uuid": "76ad6be5-5bd0-482f-9c6f-8c4d7779a58d", "comment": "Malware payload (LummaStealer)", "value": "09b3cae51a1630b7d5a92b057e465bd2", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046919, "uuid": "a668d15b-8f3d-4eb4-b2c6-4ca3de982b2f", "comment": "Malware payload (LummaStealer)", "value": "f8412c9a8d210409888fb0aed2120d12b4be1cb480cf24ed66b13ccbfef6d928", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046919, "uuid": "f8565d0b-a385-4e16-a55c-fbea6c0c8a4d", "comment": "Malware payload (LummaStealer)", "value": "9cc6ac5cf29cae89e32fa926be0dd9c0a5a214dd", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697046919, "uuid": "7690f19a-66ee-4590-9c02-4235a6bb58ae", "comment": "Malware payload (LummaStealer)", "value": "04984fdf0fd263051b5320a133bf59f1983d84de92c826e5a904f8f930a35b925757cbd0e88c8e6bc89cd96121d478c6", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false }, { "name": "signed", "colour": "#FECC99", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046919, "uuid": "a9bb1c58-d310-4355-8adf-2f5708d65ae1", "value": "T175F5CF435F20DF9BF799263C32DBE8159364E57AA201FBCF1B7D21395C820788962786", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046919, "uuid": "af01ed63-a57f-49c2-a0fa-297fa04280f0", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046919, "uuid": "5898a3ae-b32a-4129-ada6-9df0f57ef708", "value": "49152:erhKXbfWNT39d9SpY/qX3RUyjOGxfY4/WI6NGsdljNJUXzHn6EeSkM/3vunsDRIO:enk5WIAHljkfkE3WnsNIlM", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697046919, "uuid": "ce8758d4-4dbd-44ef-b747-1bab2d58b284", "value": 3387944, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697046919, "uuid": "b8b368b0-8300-4517-a719-6b0a4be3f458", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697046919, "uuid": "34802d60-0b43-4728-bd1b-ecfe91700d09", "value": "09b3cae51a1630b7d5a92b057e465bd2.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6dc7e033-6891-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697068431, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068431, "uuid": "737f2243-a236-49b0-9a96-4ce28504b2b0", "comment": "Malware payload", "value": "72edfc8018c46769368a3d44afacda98", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068431, "uuid": "6574bccc-acb4-4e43-818b-21f9aac0dcfb", "comment": "Malware payload", "value": "f846f943ac950b4e9e64ad399f99c6d3a51643b9f5fe572fbb7fe90dde32e9ca", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068431, "uuid": "03c691d0-92d9-4c6a-8d76-689ce1886804", "comment": "Malware payload", "value": "db16729db5a4ffb1e01f4202e94af71c65492e3e", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068431, "uuid": "0a83bc6b-2046-449d-a223-19c506ef5ee8", "comment": "Malware payload", "value": "1b57cd010b5c76fb84686dbf283f3da0e24024a45a01e6d614c419c0ea32277f7e94f9c513821ca7c960413190314055", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068431, "uuid": "89edea1e-aa61-4bb1-a693-f8edb9072bf0", "value": "T12744F1E1DB97DD0BC974033C00E61F2D37A1DAC84AE19B63AA81FF02AD59355FC99486", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068431, "uuid": "10659dd1-b517-4690-b535-08c2fe4c4ef1", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068431, "uuid": "dffb3cc8-122e-4029-ace2-4f0594e62a24", "value": "3072:+2FNb67iM5G1rTK4GhYgYI49oxyYXSfJr6EvEF/MD0sZDeRMtdOj274X0J4a9nzB:c715yrxGh94m9CkEMFM8XI59zFr", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697068431, "uuid": "c649ebb6-4d50-4bd5-83de-b2c1d5ada8a9", "value": 272925, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697068431, "uuid": "08619e06-f1a3-4ad4-b6ce-c4616eb0ef76", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068431, "uuid": "c57ba8fd-74a3-402f-8d68-535b7b9954a4", "value": "LOIC.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d725b366-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067749, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067749, "uuid": "b4c57437-28d5-4f90-8786-4b0b14b75880", "comment": "Malware payload", "value": "1d2cff85dcacbd7e928ab62ab717346b", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067749, "uuid": "fba747e7-12ed-4e5e-9aba-28ddf918552f", "comment": "Malware payload", "value": "f88d55b9c8e1b7c93350a046afd38c8ab4dda64821e23592f51fe0f90c309399", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067749, "uuid": "20839e20-2188-41f3-a225-6988c9e33e40", "comment": "Malware payload", "value": "afcbd40fa193379fcab43600c29517c78bcd93be", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067749, "uuid": "34ad90e3-72d8-4d5a-baae-c9b767ea334c", "comment": "Malware payload", "value": "05ff254cfebb31c3d96917423d59f09b43ca4edef9680be27693978816532972415ce771632b8412928e34b3e992f77c", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067749, "uuid": "e7f06bd7-3cbd-4c90-b991-5b86f1c6c6c3", "value": "T188258A3223B22F2CA278FBF600DD155B9E797D671011A6D3BEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067749, "uuid": "20296770-1019-4251-9163-e5ff28690da8", "value": "6144:fJAaPRy/pjHcHb6xQKh4nEexG7GeDQ4Z5cO9WoZaEKE5GB2EughcM6X7nrOC/rZM:7K+OCUWoZVDETkOOXUF", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067749, "uuid": "97984852-d41a-44bb-aa1c-4b733731df50", "value": 1036909, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067749, "uuid": "e113effd-1bbc-4f71-8ec5-78f80b308aff", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067749, "uuid": "7afde896-03f2-4499-a389-23e644ad2614", "value": "offer[2023.10.11_08-07].vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ada260eb-67e1-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1696992947, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992947, "uuid": "07bd7e26-0a3c-4a0d-8989-9b17a5587e65", "comment": "Malware payload (RedLineStealer)", "value": "194ba78b826b2e451da3fa92c05740f4", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992947, "uuid": "9d06e91e-4f00-4afd-89ae-5fb33f02b47a", "comment": "Malware payload (RedLineStealer)", "value": "f8b333c710f1b62bbff3e496f0e7b710b1961c04c378f69615a4e6bb5b189048", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992947, "uuid": "cad0d9e1-0777-4c14-9dab-342dd016520c", "comment": "Malware payload (RedLineStealer)", "value": "25e3c5bcb227f1516e66cfb1bae93dbc05ad8879", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696992947, "uuid": "cab462cd-0bc2-4314-befb-cbe607604e6b", "comment": "Malware payload (RedLineStealer)", "value": "50ad62038ef8660514068d6e54518c8c8db3113651020e5390e4014529332d2d0f731fae550ae92bf51684e9ec09cd5f", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992947, "uuid": "075adbde-ea50-410a-a0fb-04735babe781", "value": "T12B35232357E5A433D8A57BF0D8FB03931A3BBC524C788B621251A85A5C732D9E8B1737", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992947, "uuid": "db1598e9-25e1-40d3-8ce6-c13de5bed6cd", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992947, "uuid": "e12e8bd5-1bd1-4dbf-add1-3632cf49c3e6", "value": "24576:SydpGRGSgnk7YjYs4NwFpjbhwvekz0fKcc2vBV4:5HG4k8dQIpXhwmkz0e2v", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696992947, "uuid": "df682b9b-81d2-440b-a6b9-66ac9d306a2b", "value": 1133056, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696992947, "uuid": "f3de93d9-2b9f-4cc7-8965-ae044df1c860", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696992947, "uuid": "0cc27eb6-8a21-4ba5-92ee-07ca01536d0d", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "024e8929-684e-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697039475, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039475, "uuid": "e9db33a2-0337-4251-907c-9a2908d38e51", "comment": "Malware payload (RedLineStealer)", "value": "a5baf705891541757bd39eb6205e39f5", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039475, "uuid": "ab59682a-80f7-4ec2-8ab1-f2ad13a41b17", "comment": "Malware payload (RedLineStealer)", "value": "f995d58bbe6383947308e35ffc36eba0fe3e357c2d4d9612dbf4bb2fa0f992b4", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039475, "uuid": "13d169ed-f213-4ee2-9f30-f6cd6f282a75", "comment": "Malware payload (RedLineStealer)", "value": "5d53c734aa5ea76ebcd57cffa2236dab0c6ee252", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697039475, "uuid": "67fb6e1b-d9c9-4206-b264-444038a554f2", "comment": "Malware payload (RedLineStealer)", "value": "544047d1ad7a203a55241163e319b8e3c486e7943202e4b3b22fb7166d255c5a4a2b07204c3234285f10aaf6d6312216", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039475, "uuid": "6c10f12a-c6fb-4d18-8680-7623cf51ec7b", "value": "T1E544AE1175E1C432D573173209E8DBBA5A3EB9610B6189DF63A41F7E8F303C19B31AA6", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039475, "uuid": "0cc07305-fe81-455a-9f0a-83b10ce14bc1", "value": "abd414d2e28dbea147f5fd75ae68918f", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039475, "uuid": "19be9ffb-1cab-43f2-a392-215b5edf62ba", "value": "3072:yOOel86+GVmYOHpIGo7QmNR3VxQIh6MlR1T2MJ4LK6laE/kVQkTseAg0Fujy9d1r:tO3Y3c+VxhflR1TmLKN3AO+1x22GOn", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697039475, "uuid": "a193ea24-3b97-4caa-b3fc-dcb021bec727", "value": 275320, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697039475, "uuid": "146a8652-d3b3-4f47-b39a-75fd31b5481a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697039475, "uuid": "abe6e85a-41e3-48b8-8f32-31499df215db", "value": "a5baf705891541757bd39eb6205e39f5.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "64a3336e-67cb-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1696983375, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983375, "uuid": "5ac04f13-f058-4151-970d-44abd6706b46", "comment": "Malware payload (AsyncRAT)", "value": "ed7def543dabbf0eac3b5e1a420347d6", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983375, "uuid": "1bfa71bb-8410-477f-8b25-516fa6bb6dbb", "comment": "Malware payload (AsyncRAT)", "value": "f9c45577cf702a937421ab375509b267ba259132b2f983daa0f2a8d0b5b18e4f", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983375, "uuid": "1f90f417-019f-426c-b591-d614808e253f", "comment": "Malware payload (AsyncRAT)", "value": "1b90c7cabbe12c6256e8ce79effaa1362b1b9a86", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696983375, "uuid": "ab3ec996-22e8-4536-ae77-6c64031e2ad3", "comment": "Malware payload (AsyncRAT)", "value": "9c7d1fec3b2cd592eafb20767c3f39bacf0e7bda2b2a951c6c965fc24c04f1cc8465eef290af0e9c4de38704f1b6147d", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "wsf", "colour": "#256B39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983375, "uuid": "6acdddf5-ba25-458d-8c41-bfd745b80f06", "value": "T19C4312CFE27E8F5846C0422314BFF5C56B886BE291DC1369D29BD8D7641ED22142E2DB", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983375, "uuid": "4b24c982-fd5e-491d-a2e0-d42a87ef673f", "value": "384:teeeeeeeeeeeGeeeeeeeeeeeLeeeeeeeeeee+1Zy2vr/ieeeeeeeeeeeDeeeeeel:ky2", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696983375, "uuid": "c51546e8-793e-4fa0-bb6d-ccd7156868e5", "value": 57564, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696983375, "uuid": "59c39d08-07ce-4337-96f6-36fb6703fbae", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696983375, "uuid": "2b4e356c-538e-43fa-b8f6-6640c98ff9df", "value": "ed7def543dabbf0eac3b5e1a420347d6", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "3875b560-6825-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697021956, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021956, "uuid": "43635f1b-853b-411b-a2e5-916694b2e79d", "comment": "Malware payload", "value": "f9bc1f2f23578098611d794f12dc7817", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021956, "uuid": "2ef908b2-2315-489f-8384-140ed0b8f86d", "comment": "Malware payload", "value": "fa97e8d15ef9ee0713020485ab4af794b68f30e53723d388e69aedb98746d44b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021956, "uuid": "c980cba2-221a-47da-b3ac-420850ef0382", "comment": "Malware payload", "value": "e73aca69da437f8c648ac57f1e21e9ec58efa89d", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697021956, "uuid": "19c72898-4cb2-4ad1-b619-481f0d7334ea", "comment": "Malware payload", "value": "d5714dbd1be6ba2a67c191a647fa1a14ae9b45cdbb3a781bbeda86125509fcb5f8b4b78bbe51e0f759a177ee4248c9d1", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021956, "uuid": "5b11779a-b5ef-441a-b40d-ec41f71e8ab7", "value": "T100643AE3BD189DA6F8697078A42E5657E7F21CF7CE93093ABCD6FE1A5030947041B10A", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021956, "uuid": "b2664f64-887c-48ef-8cdb-def28f52d8aa", "value": "ced282d9b261d1462772017fe2f6972b", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021956, "uuid": "83ddf39c-2b51-46ad-ad99-b92ab3a6bebb", "value": "3072:cf1BDZ0kVB67DumAMcY2sU9bxbH2ls6TL3XeusSHhM0pNJiLpoLlxut2iHoJb:c9X0ywY9V61r", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697021956, "uuid": "707a143b-a810-4ff5-8371-f27514784df4", "value": 306688, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697021956, "uuid": "49fb2195-709b-4236-9b07-55a6e7d48209", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697021956, "uuid": "080266bc-9486-4ff9-9e05-537a7f0d3d63", "value": "fa97e8d15ef9ee0713020485ab4af794b68f30e53723d388e69aedb98746d44b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d2bf03d7-688d-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697066883, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066883, "uuid": "1d1c8f81-2885-4d49-8228-f420fa71aceb", "comment": "Malware payload", "value": "7b9720e4c977f2ac2169f205e9c3dcfb", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066883, "uuid": "9b83123d-2433-43ac-8a6b-0bf2835a57b0", "comment": "Malware payload", "value": "fafc23483e7feb9caad51c7375b06dcdd8461fa4d8123d4abb92287bcb731c97", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066883, "uuid": "2d3bcca2-ab09-4ed8-98cd-fe52a39896cc", "comment": "Malware payload", "value": "9823085898d5bb093d3aa00cec5a1c8e742ded59", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697066883, "uuid": "11d48a07-c18f-453a-b47f-2c3f207ac860", "comment": "Malware payload", "value": "3e3eeec0fde35a49d9e53d7f83ed9bf05ad578c5e7e741ba3e7dc87ed92ace76d3a9426925bf84127c73bfe8fd8a46ae", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "p-W1289", "colour": "#29F7BD", "exportable": true, "hide_tag": false }, { "name": "pw-W1289", "colour": "#46AADA", "exportable": true, "hide_tag": false }, { "name": "zip", "colour": "#60FA63", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066883, "uuid": "0c96e6d9-8e98-4cb6-bbb9-ae2c30908ca9", "value": "T1727423AD8D9798B11D6A677E45FBBC2CDD073970C19D2F9D20236C197006E3A63CAD81", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066883, "uuid": "224df5e1-a969-43c5-aa18-b0bea15aacb3", "value": "6144:i25ePdu3AW82I2z94uu0CeQjps+MGNosoYNQmu1NGHKiWExEK4GbuaWfr3WnN/DK:iHPoFa2p4z0OpsNG2soYNQFClEKpyaav", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697066883, "uuid": "883abd2d-a108-41ab-ad9f-6c4fdeb2518d", "value": 366121, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697066883, "uuid": "47d3d411-631e-455e-be17-09c531aa5fa4", "value": "application/zip", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697066883, "uuid": "f50c4acc-24ae-4f88-b65c-3abdc1275fca", "value": "RTUY0389_6006233.zip", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b90363e2-683d-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697032480, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032480, "uuid": "436d034e-c6f6-404d-beb3-bb7771c58ed6", "comment": "Malware payload (AgentTesla)", "value": "bea32ab4dc9d62c210300c9dbc587cf5", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032480, "uuid": "3eab8981-af7c-4fd4-9591-ab379a7a9a47", "comment": "Malware payload (AgentTesla)", "value": "fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032480, "uuid": "f3f3da83-2acb-4324-afea-ba0f14f1e9e8", "comment": "Malware payload (AgentTesla)", "value": "0d5d35b6a241917f80430015f97a6e7bcb419943", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697032480, "uuid": "29d8d446-7378-4a2d-b19f-b9d5195dbace", "comment": "Malware payload (AgentTesla)", "value": "7fcf9deebb308459b4cf8efe10a90f06f39e69571917918bedfe40611b896c9dab665d897d2a9c64d3e52f2fb9043cda", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032480, "uuid": "f250db23-595a-4ffc-b541-7d1307d9e159", "value": "T1D5C4AE2531EA1656F076E7B307A7FD8487FEF6E1932FF8197C9207C682E2C409A52521", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032480, "uuid": "e1db1bf5-9b01-4550-8b4a-39f8280ba98f", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032480, "uuid": "f6c0fa24-12c4-4591-bc0a-316e4c4859e9", "value": "12288:6Ub+UwSvMMMDMMMWCUB1ysqCVTSK2k1m94SmCVN:lvMMMDMMMWCo1xlSK2kQ+6", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697032480, "uuid": "97b28538-4f59-4f1a-a445-b5d18b52942f", "value": 558592, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697032480, "uuid": "8f711053-e061-42f3-a593-87270f1d360a", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697032480, "uuid": "95ae9bd0-40fc-47a1-affd-58962b1cf973", "value": "fb3985dc3b2b92209641e36dbb7113092028845d2939ecb0dbaf8d9a64c1c54b", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "ec54276c-6863-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697048887, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048887, "uuid": "c249dfb7-9518-46fb-b291-df9617132412", "comment": "Malware payload (RedLineStealer)", "value": "d76e0f75c9bcfb06dd279c955eefab45", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048887, "uuid": "5fec922b-8c83-4fdc-88f6-dac7b4112298", "comment": "Malware payload (RedLineStealer)", "value": "fb6dea0023e6669c84f2bd9c74cdfaf326e25d02130f05097b96a2ba24cff02c", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048887, "uuid": "7699d568-275b-41b1-8fe9-fe9f310ced90", "comment": "Malware payload (RedLineStealer)", "value": "6e080613d049222200405e48df8fc2b1b9c73cb8", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697048887, "uuid": "9e9a622c-6ceb-4724-9fd1-278c29586827", "comment": "Malware payload (RedLineStealer)", "value": "152aac500bd31b9c39e2dc757f732dc0f6fed0bc89d31a333e96016e6c8a6c067db91596e9389baa2b354a3918dfcd79", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048887, "uuid": "c2273c8b-77fe-45a9-b479-d6932307287c", "value": "T11C652313E3ED9437E9F963755CF702830B367E6944348B872396385A0BB3691A9343A7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048887, "uuid": "816f69fa-2af2-4cef-b44f-e0df7967273b", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048887, "uuid": "14de4f82-33cf-4b50-b0d1-a66e63cabbd8", "value": "24576:2y4RLHpzhQfoMD5WWtCzST7XWDiPyPusP7kZniEGsilXsz20CAuEaZcgLJoqK:F4RrPQcfyXUhPu+kliEGVhsz2JhEQ9", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697048887, "uuid": "0ff53ddd-bd29-4256-af3c-b9bf95e67560", "value": 1548288, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697048887, "uuid": "d5fe4f06-b393-4cf0-b0ca-ca4b7dc1af98", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697048887, "uuid": "4a58023a-a973-471a-995a-e17bdfc89540", "value": "file", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6bd0106c-684c-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AgentTesla)", "timestamp": 1697038793, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038793, "uuid": "02666c4a-8922-49a4-9f49-f36a4071da80", "comment": "Malware payload (AgentTesla)", "value": "7b34786e1ef8c23cbc1357aa58f7268c", "object_relation": "md5", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038793, "uuid": "ae6d8200-5e2a-4e2c-a092-583eba3b7312", "comment": "Malware payload (AgentTesla)", "value": "fb88365884043fb264c0bb3d9291a58cfd5955468f35bfe77154b316981bdaa6", "object_relation": "sha256", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038793, "uuid": "93f17578-27c5-4e26-ac44-286ed9717179", "comment": "Malware payload (AgentTesla)", "value": "a5c4b4d4ff2e51229fd6b2b793301178d6a2a628", "object_relation": "sha1", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697038793, "uuid": "f6805784-8de9-4a9e-a47a-b03a53dfef16", "comment": "Malware payload (AgentTesla)", "value": "48317a5f066b1615e251ee1be8449a71a5cdff37d3de960580c82d43de2b063a9443238e60cf1e5ebec265f5d4ed0cff", "object_relation": "sha3-384", "Tag": [ { "name": "AgentTesla", "colour": "#405C97", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038793, "uuid": "3297aef7-1714-46d9-9655-41c4b46c9f84", "value": "T170F4F11076B8AF66DC39D3F60664548007F63D2B6475E288AEC236CF2D35F81AA94F47", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038793, "uuid": "b81618c3-2d1a-47e9-95bc-d4d12a82077a", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038793, "uuid": "73715905-fc2a-4acc-9503-e082af9a343b", "value": "12288:NlE6+X9KKlCo5MsZ5U3laUmImBI2KQ30GBmhEddVBPUTQ7gUeozWhL1TC5sHCnd5:Nu6+tdCo17UZmC2p300miU0IozW3dYRo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697038793, "uuid": "f36af152-e7b5-4da0-892b-61f564a238f2", "value": 774656, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697038793, "uuid": "6f572604-735e-46d5-8ce8-8edb65034398", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697038793, "uuid": "ffdfdb99-b90d-4e12-862d-3210c1c3c963", "value": "SecuriteInfo.com.Trojan.PackedNET.2443.31067.7062", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "1c22fd3e-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067865, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067865, "uuid": "f409c33e-ab9f-4daa-b1f4-b50598b12079", "comment": "Malware payload", "value": "98d503cbbdb1df422f6db2998456e462", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067865, "uuid": "94a320b6-8d91-4216-9078-bf4d13912af9", "comment": "Malware payload", "value": "fb9f13f4f0c36adf1afbffefc66ebe94a96d9f09e9b9c35e47bac5cea97abacb", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067865, "uuid": "349b1c11-e84f-4a1a-a89f-d8d029b79cf3", "comment": "Malware payload", "value": "8009e8f1b5fed3bf19c659c6f2557298a8dec80d", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067865, "uuid": "7e085363-c425-4560-b7d3-eca0f343ec04", "comment": "Malware payload", "value": "4d4bc448bbc77aa6b1e6a7bbd663b74ea45c363b26d124f1429fa3a7f5f1d2f86eec4b5181f661f8cdcefc3aaf6d12dc", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067865, "uuid": "ccf6f534-9119-4aa8-80a3-5cbafd1fcf05", "value": "T160258A3223B22F3DA278FBF600DD154B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067865, "uuid": "48be6f91-b7e3-417c-8a15-1ec379d81182", "value": "6144:zsFhHHDyDFj1XUeWLKDu8MfJTqazZdUDERE3IqlpA3QYKH7qVOeCAkFZm4sGDuJz:8M04zRkMIqlqdwRLqcnXg43yH9n", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067865, "uuid": "4bbe9ef2-0dea-44f9-a8af-38e897c02a53", "value": 1036321, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067865, "uuid": "268df697-e7a2-4a6e-b902-5aa0e38e347b", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067865, "uuid": "6a4caaa3-bd7c-48d1-91b3-8005e79b4a72", "value": "INFORMATION[2023.10.11_08-07]_1.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e7394ea8-67ee-11ee-a6f9-42010a9c0055", "comment": "Malware payload (LummaStealer)", "timestamp": 1696998627, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998627, "uuid": "e72a3550-a485-4bc9-a17b-0e2a281d2e7b", "comment": "Malware payload (LummaStealer)", "value": "42e0f6a1f7b00496f8011cee4972cb1d", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998627, "uuid": "90834469-2d34-4209-8d6c-3af6b2908fe6", "comment": "Malware payload (LummaStealer)", "value": "fbf88b129553fbacc359bac0156ba258c1ecb98e04b788bb78cda2b5bb8bebdd", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998627, "uuid": "ea010293-6bdb-4dfb-becb-2dca8042e699", "comment": "Malware payload (LummaStealer)", "value": "54ce111936a0f3281eada35f70cb8b289bb90f7b", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1696998627, "uuid": "0549b161-8184-4983-9943-85f525a4960a", "comment": "Malware payload (LummaStealer)", "value": "2d97f3d77f9c09ec8e61493106291127533c62893b757c3d3e340d1fafe47938634fff6836d8dedb7ce421299deca330", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "LummaStealer", "colour": "#4E512D", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998627, "uuid": "5d3fe73d-91a8-4c3f-ac10-b1a0a5a5a2a3", "value": "T170548E2074918032E973143B8EFD9ABD573DB950075A65EFA3D80E7ECF20AE1BA30556", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998627, "uuid": "92ad406e-c09a-4070-9a18-de8ff94e5787", "value": "42c423a9e73aea8cb92de6b991847053", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998627, "uuid": "ed69decd-476c-4153-97d1-241b05f4f243", "value": "6144:GjppL4mazrPhwxsxWQUwj0YwtQlXGAOOTu4fn5:GjLLJaPPhwxPQUwT8yhx", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1696998627, "uuid": "6ff51d39-0328-4cb6-84fd-e6d11bf6d777", "value": 301832, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1696998627, "uuid": "5f9206ea-2447-465f-b020-7f5375ec51e0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1696998627, "uuid": "0f477fb9-fc3b-44ce-be13-0f2e7edc45a0", "value": "42e0f6a1f7b00496f8011cee4972cb1d.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "5d9e3e28-6821-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Formbook)", "timestamp": 1697020300, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020300, "uuid": "ea61814c-ad6f-417b-85f6-db1940fefbe4", "comment": "Malware payload (Formbook)", "value": "fcfdf15b54cf735be2b8aa815553c782", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020300, "uuid": "f3c1b304-a05f-45d1-be8d-4037ee0fee91", "comment": "Malware payload (Formbook)", "value": "fc05ced5854b2fc5050cb3e74aae1677c7c4fd733592d4c0e8d768ce3f47bf22", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020300, "uuid": "deeeb337-4f79-45af-99e6-acb27c803d95", "comment": "Malware payload (Formbook)", "value": "5dc33c69c09975103bc322d3f4e7ec45c69e1c1e", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697020300, "uuid": "d51e9477-643a-4677-8f4c-6e4bf90d7b59", "comment": "Malware payload (Formbook)", "value": "f27f42e37f17b87ea2c6c2375d3a70df0215cc45eb9c402901223f7864c38ec2ac7d4524b100df66c1e1b2487f558340", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "FormBook", "colour": "#7E8116", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020300, "uuid": "a5c6cc76-3229-4dfd-b0d0-6dbb1da685fa", "value": "T12FC41206B75982E2C844EFBBD49B66840369DF87B5B3D34838D973B96942FD88C049C7", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020300, "uuid": "3afeb602-7233-46c3-b3e4-47eab86b579b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020300, "uuid": "a70b4b70-b76e-43f6-a408-9bdbad0cf949", "value": "12288:N2mUYMUl0Z7Kim1X+cG54fSZchnuZ+1XAPNbUR:N2mLv+7Kim1+5iqfEUw", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697020300, "uuid": "4d2e5b98-ad1a-4b32-98b5-30dd67b113d6", "value": 573440, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697020300, "uuid": "76ef4ff7-46d8-4b62-8ec8-53208cecef1e", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697020300, "uuid": "ec6f349a-e15e-4afa-bb22-c6ae71276f88", "value": "fc05ced5854b2fc5050cb3e74aae1677c7c4fd733592d4c0e8d768ce3f47bf22", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "f60ebf25-6890-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697068230, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068230, "uuid": "c36d0dd3-66db-4183-b325-1bf1f5c85029", "comment": "Malware payload (RedLineStealer)", "value": "1f65ab4da30e9b04d84b7915db39f4a1", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068230, "uuid": "5efe0672-4934-4d7a-be50-2dd32a7deb4f", "comment": "Malware payload (RedLineStealer)", "value": "fcf8b3334a4c5863aa1006ca4674c344f1f39c2ca19a010722671494c14e985b", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068230, "uuid": "5c52fe73-76e1-4ee4-99ef-3c736a57f846", "comment": "Malware payload (RedLineStealer)", "value": "f96ec434ae23935d5162ac498cc33345c1da0694", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697068230, "uuid": "56484c49-b925-4455-a05f-b0a9b5f395cd", "comment": "Malware payload (RedLineStealer)", "value": "65c963537959635e7375ef1ab170823edbda76a0dc43d5eb361d674beb2e769651dfac170a476cf5e21940b7f2567839", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068230, "uuid": "4613d6f5-2d6a-408f-854f-cf17994b09f5", "value": "T16B152317A3E48126DAFC177048FB17870B7ABDD04E74D62B2B8ABA591573B84913072F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068230, "uuid": "18528e4d-3330-4170-8165-7b407c1b7e7c", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068230, "uuid": "a69c8979-0555-4815-8f6f-f6680f314061", "value": "24576:iyxdq0OlRqWXozrUOk61DBg82gwNVuPcV:JxdElRGPUJ6fg82g/c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697068230, "uuid": "b4cdddb0-cdf2-40f6-b30b-498c217ec6f8", "value": 912896, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697068230, "uuid": "bccf3c76-4526-478d-8f35-4f58742c6569", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697068230, "uuid": "f976aea7-9a29-4470-b06e-4329ec439933", "value": "1f65ab4da30e9b04d84b7915db39f4a1.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "8b264d30-6881-11ee-a6f9-42010a9c0055", "comment": "Malware payload (Mirai)", "timestamp": 1697061608, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061608, "uuid": "7cb1c459-0d4c-4273-98a9-e8161e8aadea", "comment": "Malware payload (Mirai)", "value": "1cbd4e316ee8695c1c293971b8a4f291", "object_relation": "md5", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061608, "uuid": "b9a718fb-179b-4f0d-b13f-815bdeb6b8b5", "comment": "Malware payload (Mirai)", "value": "fd0682baffbbfc4f1883043e202427fb18c575bc55dacc9e6de90706e77aa74d", "object_relation": "sha256", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061608, "uuid": "348b135e-a526-4c85-a4c1-e4c0253974cc", "comment": "Malware payload (Mirai)", "value": "f85496f68e7dd77d3d67fdd8596e40740182dcec", "object_relation": "sha1", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697061608, "uuid": "058c840c-ee36-430e-83c7-4db8d5768c8c", "comment": "Malware payload (Mirai)", "value": "f6d79e2c829894eeaaeac79235212ad2c5cca75fc934adf8375db0614088286d5e18e034975121b541cd11b9f66c04e9", "object_relation": "sha3-384", "Tag": [ { "name": "mirai", "colour": "#19EF39", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061608, "uuid": "763d97b2-4474-424e-a3dd-759196554860", "value": "T183432798BC919A16C5E423B7FB5E018C332163BCE2EE7207DD212F15778A81F1E67691", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061608, "uuid": "829661bb-6242-4bf2-9dba-bc6852c86939", "value": "1536:aRQ6fJ3HaUcuIP2rT6nE8uPhl4t5qPk9XOfRJY3:ahJ3HKgTh/PUbr9ORJo", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697061608, "uuid": "5daee534-ed52-4169-a22a-a79c8fa5565a", "value": 59848, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697061608, "uuid": "eb98ff2a-01cf-4e5f-8be4-6ecdf34fa268", "value": "application/x-executable", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697061608, "uuid": "ae3849a8-ffd6-4dbb-990d-d414947262f7", "value": "jklarm-20231011-2200", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "e0c56bb7-6887-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697064329, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064329, "uuid": "0a00f401-25c1-4538-b445-9d2cbbb849e1", "comment": "Malware payload (RedLineStealer)", "value": "d70655d8487d601666d72b259ec36f61", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064329, "uuid": "04453929-4069-4c89-9b5f-851222de5979", "comment": "Malware payload (RedLineStealer)", "value": "fd0ba5602ca2a2ed0390c3e8fbd4d5b29e435b6b1702ae40f1f8b689b364867f", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064329, "uuid": "9992d03c-38bc-4f36-840f-f451a606ada9", "comment": "Malware payload (RedLineStealer)", "value": "dda8a7a93dee38062b6ad496174de475b73b28b4", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697064329, "uuid": "9ce47463-67f1-40ef-8738-5b24d71db17c", "comment": "Malware payload (RedLineStealer)", "value": "ee1e5feaca0d6cb92c41c1e6801471efd36737f8321f3690fd33270fa9a260f85f6fb524ec6de69a150e9cf3bb2bcb60", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064329, "uuid": "71e3a16b-d89a-43aa-9cda-f6ebccbe52e1", "value": "T136257D2138C09176EEF210B686ECFA3A46ADD0F0072912DB16D857EEE7606C17F37596", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064329, "uuid": "8206d17c-730e-4494-b100-eded8b2fbd04", "value": "66025e7bb3415added2b8177bf9bcfbe", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064329, "uuid": "fbf13c36-2280-43a5-a9ce-9293e2e54a2f", "value": "12288:riNCWAVpsx7UgJCSkZZ7gFMRfIByCZeEAQ+ni5SZYzu99Dz4RnI:u2psxIgJCSkjwwCyCse+ncSonI", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697064329, "uuid": "d00a565b-b016-4500-9b68-60e6e2e148f9", "value": 988936, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697064329, "uuid": "8e015a9b-dcba-411e-b0fb-2799c12d7bcc", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697064329, "uuid": "35f96017-9675-43a3-98e6-d52ec6e50f3c", "value": "d70655d8487d601666d72b259ec36f61.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "6433b34c-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload (AsyncRAT)", "timestamp": 1697051235, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051235, "uuid": "0e8c5b1e-f9f1-4a1e-abaa-47b2fa43e9fb", "comment": "Malware payload (AsyncRAT)", "value": "3e2647ddf841fd56db65ef710f6801f8", "object_relation": "md5", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051235, "uuid": "d7e9ed23-c4ba-4a45-8840-2624efc3043d", "comment": "Malware payload (AsyncRAT)", "value": "fd39f37e9252c859a76f65c193c869826503be3c815eab4e95cd883be307a550", "object_relation": "sha256", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051235, "uuid": "12b5161d-11b2-407d-8e59-9ce73701fb4f", "comment": "Malware payload (AsyncRAT)", "value": "b0a80e78eacae466133fd99bcb55d18c08604188", "object_relation": "sha1", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051235, "uuid": "87295734-b0ca-490d-891f-696dd95d1e09", "comment": "Malware payload (AsyncRAT)", "value": "ec51b79b7556c15a77137ce8cd40554587acf6eae4970b17d07ff0709c2909e7c61ddaa456fee5b91e96cedb2245479a", "object_relation": "sha3-384", "Tag": [ { "name": "AsyncRAT", "colour": "#64C37F", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RAT", "colour": "#C46D93", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051235, "uuid": "007951c7-fa80-44c7-88fb-e976b4b51b7f", "value": "T119235C4037A88136F2BD47B4ACF3E2418679E66B6903C6596CC814EA1F13FC596136FE", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051235, "uuid": "af27e2a9-35f3-4090-b800-c486edbd328e", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051235, "uuid": "e59be666-7ec0-4d30-9046-cd8ad7097616", "value": "768:dOEuILWCKi+DiBtelDSN+iV08YbygecKmhOvEgK/J9lZVc6KN:dOtmBtKDs4zb1DKVnkJ3ZVclN", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051235, "uuid": "40fd2e99-27d9-4d10-89c5-4c0fed57d913", "value": 48640, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051235, "uuid": "bcceb75a-4178-4b77-9174-0d09c0f441d3", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051235, "uuid": "0d28437f-3bce-4a60-96e1-771e025c3036", "value": "3e2647ddf841fd56db65ef710f6801f8.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b49238de-688f-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697067691, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067691, "uuid": "b4723294-ce14-4289-8e3f-06b8701f4f27", "comment": "Malware payload", "value": "fd617b45d28b50782541670c155b70cb", "object_relation": "md5", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067691, "uuid": "ae68f77d-772b-4ca8-918b-0d1d333888c4", "comment": "Malware payload", "value": "fd7aa74e3d8b5bc7406fd753d5b24e00575cdb99b19cc2d14ecdb4b7f65481ce", "object_relation": "sha256", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067691, "uuid": "44dba603-5d40-4a9f-b611-e32d516b0a28", "comment": "Malware payload", "value": "82bd87aa43df715dd7d0a4afe98eaf7654d0697f", "object_relation": "sha1", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697067691, "uuid": "f2658fca-7655-48a5-b34d-3eae1ae8f296", "comment": "Malware payload", "value": "b5ff03638a0cc16c1221664ff7278d3324a54215a06bb84bc307049b28d020e208f08f99434615215cab80b8d413acab", "object_relation": "sha3-384", "Tag": [ { "name": "gestionhqse-com", "colour": "#60D651", "exportable": true, "hide_tag": false }, { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067691, "uuid": "10a0f9ca-8c6f-4594-97b7-e280ae515d03", "value": "T1E225893263B22F3CA278FBF600DD154B9E797D671011A6D3AEE4C94F868EDE41634126", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067691, "uuid": "a714a6c4-5a12-4e2c-9c73-a542a3ea6eae", "value": "6144:Q+FFMSvhxiJsyBVnFzdLsg2oMh+SozApsAE2dpGaPXU8GM7FEb+IYTVlSJDUAbmu:tipJpf0yAE2WloRZrfq/4Q/oCb", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697067691, "uuid": "3844c292-6037-42a5-9c3f-0c1eb1d2ff59", "value": 1036275, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697067691, "uuid": "84c0cebd-a1c5-4aa0-b72f-3406943b97a0", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697067691, "uuid": "0b059353-de85-405b-96e1-f559a2c595ad", "value": "STATEMENT[2023.10.11_08-07]_2.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b8fc8587-6817-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697016159, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016159, "uuid": "56c47335-28d1-4228-b58f-0f7dbcb7f2c9", "comment": "Malware payload", "value": "0e85f5058fa30907be18273932a6f917", "object_relation": "md5", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016159, "uuid": "ef0b80f8-134b-448e-8886-69ecbbb76f86", "comment": "Malware payload", "value": "fe086a9260e0a437b040caa7e074fa610a428af9624cd5f68d02571ffc2009e4", "object_relation": "sha256", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016159, "uuid": "b344e068-ceac-4013-bc69-5042a27ebc08", "comment": "Malware payload", "value": "05fa7be00461d093489f8fe8384b118c2962ea8b", "object_relation": "sha1", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697016159, "uuid": "eb458de1-6380-45b8-bbc9-646f4504625d", "comment": "Malware payload", "value": "8c8424c1d20934a16c75d2c7e2e24f7d2ca764c01daeceff2b80ce9ed0861df08723130842955e444325d2d317b42087", "object_relation": "sha3-384", "Tag": [ { "name": "32", "colour": "#7B90DC", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016159, "uuid": "10f86af9-a9b4-41c4-a651-44ac00858db7", "value": "T180226B51B7C80072E8778BF09D765B99173CBAE61ACFA7DC1C8C820A3E156068993B71", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016159, "uuid": "c4e641d6-b08e-42f6-b63c-ff54b75b997b", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016159, "uuid": "79059bc4-6138-4cd1-ad8d-99fea46da637", "value": "192:KkS+M/nAPyass198Wxo0h/eBozq5vPVGN8:KH+QAPya119zdFwoe5vPk", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697016159, "uuid": "92204f5b-9deb-4ada-b6b9-c1e403e2a697", "value": 10240, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697016159, "uuid": "d45adf70-a98e-4098-b8fc-bdfa3dcdbd91", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697016159, "uuid": "76956b9e-4ff2-4b8f-93ea-69e52bbd6864", "value": "0e85f5058fa30907be18273932a6f917", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "d7b5beb3-6869-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697051429, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051429, "uuid": "0db27be3-afe8-4af5-a18c-46eb6d32e355", "comment": "Malware payload", "value": "8650a811c4475dec8974f54a112761d9", "object_relation": "md5", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051429, "uuid": "81ac7d30-c822-4298-bc1b-0176135741e8", "comment": "Malware payload", "value": "febd8601144ffe589e545c704e0734c6df24df1f9570e842c00bf3d5a7ce72d5", "object_relation": "sha256", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051429, "uuid": "998ffe20-22cc-4151-9e21-c74e1c2d594d", "comment": "Malware payload", "value": "0677961fec92491bcb04e244f282f97c1773f56f", "object_relation": "sha1", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051429, "uuid": "69c82b92-1c50-4ee1-b8e3-f98c50c61ea4", "comment": "Malware payload", "value": "e3da65bc6bd6331c9d8cf9e165dbd6055ba33f2fff668da73c141bc4d07588421113ad0e0636d1eeb937696f268b43ca", "object_relation": "sha3-384", "Tag": [ { "name": "vbs", "colour": "#05BD76", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051429, "uuid": "20b2cab5-0e28-4ef8-904e-bb9e5fbacaba", "value": "T1AC945DB1EF98151A0C4B37EADC414C81C5BDD16A5927006AFEDD17CEA10B59CA3BEB0E", "object_relation": "tlsh" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051429, "uuid": "7a6adb6e-7b6c-4a28-91a2-ce7fc3a43a32", "value": "6144:Uyjec3ULK9u1AhEnWCmRmh3UVHYGdTJFYi8Vhxbjxc2v3jnZ3eOr/tlm7FFJa:pe3KM1uSEVHqhbBeL7Na", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051429, "uuid": "f683bcc4-6e38-4137-9dd6-d0654c61d24b", "value": 437549, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051429, "uuid": "ad84df05-44a8-4ae5-ac3a-4c435f726422", "value": "text/plain", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051429, "uuid": "0044bb6d-1ac0-4071-8f9f-2290fdc3ee7b", "value": "1703368226_03601980240_79_10102023_021812.vbs", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b82c8d10-6868-11ee-a6f9-42010a9c0055", "comment": "Malware payload (DBatLoader)", "timestamp": 1697050947, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050947, "uuid": "cc107640-812e-48b1-aac2-52d43321bb18", "comment": "Malware payload (DBatLoader)", "value": "f14d9d81931041a340a284c42638bf5b", "object_relation": "md5", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050947, "uuid": "2d21a669-3ca3-48e4-b361-3659fecd377f", "comment": "Malware payload (DBatLoader)", "value": "fecb7826eb9472fa8b7a79c1029720e19f8e2deb1d2c57c8c6ebf66232ac7981", "object_relation": "sha256", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050947, "uuid": "94fd591f-1512-486d-8cd3-d35e8de60e26", "comment": "Malware payload (DBatLoader)", "value": "340d9af1ea457984aeabb6b085b975ac1620d42f", "object_relation": "sha1", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697050947, "uuid": "922fb3a9-f00b-4278-a616-f0e89f2b6ecc", "comment": "Malware payload (DBatLoader)", "value": "630842906e7497a28ef542a7b21d1b9209187bda1c09b76c4e21897b49e25336809be80a39e5a212189df00d3d2a9097", "object_relation": "sha3-384", "Tag": [ { "name": "DBatLoader", "colour": "#FA1270", "exportable": true, "hide_tag": false }, { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050947, "uuid": "e6f2241b-0441-409a-be97-4a6b65567ea7", "value": "T109355B34B3750CB1F4A976B5DD0667E41EFF27AAAA44288992783D0B1CB27917F1102F", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050947, "uuid": "8fe38231-e59e-4076-b1eb-79dae0205d38", "value": "fc431a28c58a1565c388a05232b2eadb", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050947, "uuid": "de3d5d8b-b1b1-42eb-8063-83cebbcee973", "value": "12288:qE8C9kdWdEPv8zuVEdh9a6OLqvabdpmBkt1VEmA00P85Be2fgmv1qsM8HcZG3g5G:qEPudPPOuVsaoAjlD0P83H5M8OG3", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697050947, "uuid": "5485fcbc-a47d-4100-8b86-fd01e82ab55e", "value": 1124864, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697050947, "uuid": "3a47f385-13a4-4825-b027-c3dd60f4aae0", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697050947, "uuid": "c19356a5-a34c-4bdb-a76b-b46bbaf3a35f", "value": "file.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "87d7ecad-686a-11ee-a6f9-42010a9c0055", "comment": "Malware payload (RedLineStealer)", "timestamp": 1697051724, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051724, "uuid": "5ef63bcd-d07e-4dd4-b662-6924c9cc418c", "comment": "Malware payload (RedLineStealer)", "value": "dbabc5790631220bf25551f66f02d0f3", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051724, "uuid": "443eb4d8-0205-4eef-a47a-f3e1ebe4f0be", "comment": "Malware payload (RedLineStealer)", "value": "ff3529106ae268386b681ecc0b2aa2a8dbe4e314bd63bd026d46039cf0d30f36", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051724, "uuid": "51cf5a14-a6ca-4101-a1cf-767b65b1fce9", "comment": "Malware payload (RedLineStealer)", "value": "76f436b5bf935abace40a541c71884ffee05affa", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697051724, "uuid": "1a7869fd-8af4-4cec-9772-c4e91de72caf", "comment": "Malware payload (RedLineStealer)", "value": "626722e6156778c79ee33b2d38356024f3da5cbf7bfeabe3a3265dba67a73c1726b1548255176445242875f7a2857c63", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false }, { "name": "RedLineStealer", "colour": "#0C3887", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051724, "uuid": "34a9b7ca-877a-4a01-a7d2-7c06c2ff270e", "value": "T1D3F4220397E98473E8B1377068F607932E397D911EB4464F378BBA8E1C72684987572B", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051724, "uuid": "b7ff2c0c-723c-48d2-b665-df49513b7873", "value": "646167cce332c1c252cdcb1839e0cf48", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051724, "uuid": "26ba1f1b-e0c0-4fc8-803d-8c2f90a1d5d7", "value": "12288:1MrFy90bODHVsUA2Ysaeo+fJE4OrYP37jPYji+wXvViFOguC+VBwU:8ySgmUAKfJbOr27jgji+FFO+c", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697051724, "uuid": "e7221633-6703-4f05-a205-fd6ab7afff57", "value": 766464, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697051724, "uuid": "c1d69666-398c-412e-bd4c-1f1c32f21831", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697051724, "uuid": "d0b3f66d-2e18-465f-8eb0-40f3da38c03a", "value": "dbabc5790631220bf25551f66f02d0f3.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" }, { "name": "file", "meta-category": "file", "description": "File object describing a file with meta-information", "uuid": "b5acf25d-686c-11ee-a6f9-42010a9c0055", "comment": "Malware payload", "timestamp": 1697052660, "Attribute": [ { "type": "md5", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052660, "uuid": "8e136ed8-5df7-4da1-a9d2-46349023a8d9", "comment": "Malware payload", "value": "b5b467e9309cbddb4a9ed34a82a36163", "object_relation": "md5", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha256", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052660, "uuid": "517dc39b-2f3e-4433-8466-cc4d9586cbd8", "comment": "Malware payload", "value": "ff38415bfa7f2db5ba40f26e64ede0676971c441823d2ec2755d644d8905d809", "object_relation": "sha256", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha1", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052660, "uuid": "f7a33428-bab7-4081-b540-87cbe0244567", "comment": "Malware payload", "value": "1e28242e9862c5b5b040a415e5db619d862a7224", "object_relation": "sha1", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "sha3-384", "category": "Payload delivery", "to_ids": true, "timestamp": 1697052660, "uuid": "3e975b1e-0994-4f0c-bd5e-4dd60b40cb3e", "comment": "Malware payload", "value": "e527e41b21eefdc19096d41f3b732342ea992ac133c2f185596ffa8322e696b10a347b5f2dbdb0a3520812653b37dc47", "object_relation": "sha3-384", "Tag": [ { "name": "exe", "colour": "#8F1124", "exportable": true, "hide_tag": false } ] }, { "type": "tlsh", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052660, "uuid": "342c0bb4-9833-4fd9-b647-5a29f891929d", "value": "T101A412F53EC520B0F3850CB8E6B88BFBDB895DF0BAB56A1F019C128315D9D09A6C5D09", "object_relation": "tlsh" }, { "type": "imphash", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052660, "uuid": "d50b9da2-b29b-433b-9308-bc21955e63c9", "value": "f34d5f2d4577ed6d9ceec516c1f5a744", "object_relation": "imphash" }, { "type": "ssdeep", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052660, "uuid": "f52d5521-4419-47a3-9e5d-6aec1c45b18a", "value": "12288:udcF8KWGUJib0PfIN2AyF5t/AKNxwkvJWaZjs:7F8KWGUcbaAWntTNlv0aB", "object_relation": "ssdeep" }, { "type": "size-in-bytes", "category": "Other", "to_ids": false, "timestamp": 1697052660, "uuid": "395bb42a-25bf-4292-a1be-359b3db0b6bb", "value": 473600, "object_relation": "size-in-bytes", "disable_correlation": true }, { "type": "mime-type", "category": "Artifacts dropped", "to_ids": false, "timestamp": 1697052660, "uuid": "ca6f0806-dd28-4297-bf9e-3f0d9b619081", "value": "application/x-dosexec", "object_relation": "mimetype", "disable_correlation": true }, { "type": "filename", "category": "Payload delivery", "to_ids": false, "timestamp": 1697052660, "uuid": "9f11cc5b-f2fb-4ec1-9e43-e82490d8a0aa", "value": "b5b467e9309cbddb4a9ed34a82a36163.exe", "object_relation": "filename" } ], "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "distribution": "5" } ] } }